hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-24 02:43:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,418 Commits 1,693 Branches 161 Tags
codeql-cli/v2.10.2
Commit Graph

41418 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Anders Schack-Mulligen
777dc6305c Merge pull request #3893 from aibaars/set-map-list-copy-of 
Java: model some new Set,List,Map methods
 2020-07-09 10:18:12 +02:00
Max Schaefer
1c47260bde JavaScript: Add support for global variables to portals. 2020-07-09 09:12:56 +01:00
Max Schaefer
c40ef0556a JavaScript: Broaden scope of imports considered relevant to portals. 
Previously, we only considered an import relevant to portals if the path it imported was declared as a dependency. This falls down for deep imports where a specific module inside the package is imported rather than the default entry point, for imports of built-in modules like `fs`, and in cases where a developer simply forgets to declare a dependency.

So instead we now consider all imports relevant whose path does not start with a dot or a slash.
 2020-07-09 09:09:44 +01:00
Max Schaefer
8b4b5781e6 JavaScript: Add utility predicate getBasePortal(i). 
This iterates the existing `getBasePortal()` predicate `i` times.
 2020-07-09 09:08:18 +01:00
Robert Marsh
0e66d0892b Merge pull request #3785 from MathiasVP/dataflow-operand-nodes 
C++: Operands as dataflow nodes
 2020-07-08 14:50:54 -07:00
Arthur Baars
6367eb9ee8 Address review comments 2020-07-08 22:08:27 +02:00
Max Schaefer
02920abc62 Merge pull request #249 from smowton/smowton/feature/comment-group-ast-node-parents 
Make CommentGroups AST-children of Files
 2020-07-08 19:58:13 +01:00
lcartey@github.com
0638b512bc C++: Support custom range expression modeling for variable accesses 2020-07-08 17:56:31 +01:00
Chris Smowton
6bf3802b3f Make CommentGroups AST-children of Files 
Previously they were roots, with children hanging off them. Now they are children of Files, and both CommentGroups and Comments can be discovered using AstNode.getAChild.

The PrintAst pass is also adapted to account for their new position.
 2020-07-08 17:49:47 +01:00
Max Schaefer
650cb5e626 Merge pull request #253 from smowton/smowton/admin/gofmt-in-ci 
Add Go autoformatting to the 'autoformat' make target and to CI
 2020-07-08 17:37:17 +01:00
dilanbhalla
6e6921b11e implemented pr fixes 2020-07-08 09:23:52 -07:00
dilanbhalla
05a4798b5e working on implementing pr fixes 2020-07-08 09:19:46 -07:00
Ian Lynagh
71b70b4bd0 C++: Give static_assert's an enclosing element 2020-07-08 17:10:43 +01:00
Remco Vermeulen
5f560e0465 Extract HeaderSplittingSink and WhitelistedSource 
- Extract `HeaderSplittingSink` and `WhitelistedSource` into an
importable library.
- Rename the existing `HeaderSplittingSink` implementation to
`ServletHeaderSplittingSink`.
 2020-07-08 17:17:24 +02:00
lcartey@github.com
b4929dbb97 C++: Adopt range analysis interface in the SimpleRangeAnalysis library 2020-07-08 16:00:44 +01:00
lcartey@github.com
5c1275ec5d C++: Add an interface for exprs that can contribute to range analysis 2020-07-08 16:00:07 +01:00
Remco Vermeulen
170be9ffe8 Move UrlRedirectSink into importable library 
- The `UrlRedirect` class is renamed to `ServletUrlRedirect`.
- Abstract class `UrlRedirectSink` is defined that can be imported and
used to customise CWE-601 via Customizations.qll
 2020-07-08 16:47:51 +02:00
Jonas Jensen
0bbbfe58cf Merge pull request #3916 from geoffw0/cc_followup2 
C++: Add missing constructor taint test
 2020-07-08 16:35:47 +02:00
Remco Vermeulen
06517c6f82 Move QueryInjectionSink into importable library 
This enables defining of new sinks to customise the CWE-089 queries.
 2020-07-08 16:24:06 +02:00
Chris Smowton
ce94c68e0a Add Go autoformatting to the 'autoformat' make target and to CI 
Existing gofmt complaints are fixed, and files that specifically test queries that relate to badly formatting code are tagged as such.
 2020-07-08 14:20:19 +01:00
Arthur Baars
e8f216c761 Merge remote-tracking branch 'upstream/master' into set-map-list-copy-of 2020-07-08 15:11:13 +02:00
Anders Schack-Mulligen
bf5c5297d3 Merge pull request #3897 from aibaars/util-objects 
Java: data flow for `java.util.Objects`
 2020-07-08 15:07:50 +02:00
Anders Schack-Mulligen
528f250af3 Merge pull request #3653 from lcartey/java/improve-spring-support 
Java: Improve modelling of Spring requests, flow steps and XSS sinks
 2020-07-08 15:00:14 +02:00
Luke Cartey
443c13d516 Merge pull request #2 from aschackmull/java/spring-3653-2 
Java: Fix qltests for https://github.com/github/codeql/pull/3653
 2020-07-08 13:19:45 +01:00
Anders Schack-Mulligen
b88ebd69c1 Java: Fix OgnlInjection qltest 2020-07-08 14:12:27 +02:00
Anders Schack-Mulligen
a4fe4f41b9 Java: Fix JndiInjection qltest 2020-07-08 14:09:08 +02:00
Anders Schack-Mulligen
581d496167 Java: Fix LdapInjection qltest 2020-07-08 14:04:01 +02:00
Arthur Baars
72a24972e7 Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2020-07-08 13:30:24 +02:00
Rasmus Wriedt Larsen
32219e58c0 Python: Add basic call-graph metric queries 
For use with dist-compare
 2020-07-08 13:29:54 +02:00
Anders Schack-Mulligen
48e4759632 Merge branch 'master' into java/spring-3653-2 2020-07-08 13:06:51 +02:00
semmle-qlci
6ef7288848 Merge pull request #3922 from aschackmull/java/stub-cleanup 
Approved by aibaars
 2020-07-08 12:04:39 +01:00
Max Schaefer
26eeb3c658 Merge pull request #252 from gagliardetto/patch-3 
taint-tracking: String() must return a string type
 2020-07-08 12:01:20 +01:00
Geoffrey White
61dfebceb9 C++: Add getFullyConverted() as suggested. 2020-07-08 11:28:39 +01:00
Slavomir
59071732a8 taint-tracking: String() must return a string type 
Make sure that the taint-tracking class for the `String()` method checks that the result type is a string.
 2020-07-08 12:34:13 +03:00
Erik Krogh Kristensen
022cafebd3 make sure the consisntecy-checking library does not mix configurations 2020-07-08 10:28:41 +02:00
Anders Schack-Mulligen
b38839e84e Merge pull request #3920 from Marcono1234/patch-3 
Improve VariableAssign.getSource documentation
 2020-07-08 10:25:13 +02:00
Erik Krogh Kristensen
ec38df69b3 update consistency comments for CWE-918 2020-07-08 10:24:55 +02:00
Erik Krogh Kristensen
c5285f7418 update inconsistency comment for CWE-843 2020-07-08 10:16:43 +02:00
Erik Krogh Kristensen
45b6906a0d move comments to match alert location for CWE-834 2020-07-08 10:16:04 +02:00
Erik Krogh Kristensen
71a3d49d2b update comments to match alert location for CWE-807 2020-07-08 10:15:26 +02:00
Erik Krogh Kristensen
d814e73023 update comment position to match alert location for CWE-798 2020-07-08 10:12:12 +02:00
Erik Krogh Kristensen
bcffc97de7 update comment position to match alert location for CWE-776 2020-07-08 10:10:31 +02:00
Erik Krogh Kristensen
2235634347 update consistency comments for CWE-754 2020-07-08 10:08:51 +02:00
Anders Schack-Mulligen
6eac8e82a3 Java: Consolidate spring-ldap-2.3.2 stubs. 2020-07-08 10:08:44 +02:00
Erik Krogh Kristensen
0d64a0f2c8 update consistency comment for CWE-730 2020-07-08 10:07:34 +02:00
Erik Krogh Kristensen
5a87628478 update consistency comments for CWE-611 2020-07-08 10:03:03 +02:00
Erik Krogh Kristensen
1f1c09af02 update consistency comments for CWE-601 2020-07-08 10:02:29 +02:00
Erik Krogh Kristensen
ce6a211340 update inconsistency comment for CWE-506 2020-07-08 10:01:40 +02:00
Erik Krogh Kristensen
bf36137834 update inconsistency comment for CWE-346 2020-07-08 10:01:04 +02:00
Erik Krogh Kristensen
16b0427dc4 update inconsistency comment for CWE-338 2020-07-08 10:00:19 +02:00