Commit Graph

41418 Commits

Author SHA1 Message Date
Calum Grant
6e3609696a C#: Address review comments. 2020-06-25 09:59:59 +01:00
Taus Brock-Nannestad
9f06e13313 Python: Fix incomplete renaming in Thrift.qll. 2020-06-25 10:48:26 +02:00
Rasmus Lerchedahl Petersen
415e0c4aac Python: add suggestion for test cases 2020-06-25 10:46:33 +02:00
Erik Krogh Kristensen
2d7feb794f Refactor Promises.qll to use PreCallGraphStep 2020-06-25 10:41:08 +02:00
Rasmus Lerchedahl Petersen
5973fe8411 Python: scaffold for testing data flow coverage 2020-06-25 10:32:10 +02:00
Max Schaefer
a89e4971ac Merge pull request #221 from gagliardetto/bad-tls
Add CWE-327 (unsafe TLS)
2020-06-25 09:18:42 +01:00
Tom Hvitved
b8ae4b7f64 C#: Move async data-flow tests from local to global 2020-06-25 10:04:18 +02:00
Tom Hvitved
3f91aa3b55 C#: More data-flow collection tests 2020-06-25 09:48:52 +02:00
Sauyon Lee
380060c7e4 extractor: Refactor regexp compilation for the relative directory check 2020-06-24 23:29:55 -07:00
Sauyon Lee
9e8d386f3c Clarify change note 2020-06-24 23:29:55 -07:00
Sauyon Lee
fa391b1516 extractor: Factor out common bits for running go list 2020-06-24 23:29:54 -07:00
Sauyon Lee
ebdd724b75 Simplify logic for deciding whether to extract a package 2020-06-24 23:29:53 -07:00
Sauyon Lee
e25b882e42 Clarify some comments
As suggested in code review

Co-authored-by: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
2020-06-24 23:29:52 -07:00
Sauyon Lee
9bd1f87d66 Address review comments 2020-06-24 23:29:51 -07:00
Sauyon Lee
de2f407c69 Add change note for more dependency AST extraction 2020-06-24 23:29:50 -07:00
Sauyon Lee
7863bb656e Use the -mod argument from the build when calling go list 2020-06-24 23:29:49 -07:00
Sauyon Lee
296d2d5fd3 extractor: modify FileExists to check that the path isn't a directory 2020-06-24 23:29:48 -07:00
Sauyon Lee
3513c352e6 extractor: Factor out FileExists utility function 2020-06-24 23:29:48 -07:00
Sauyon Lee
f197975c6e Extract packages more intelligently
We now extract packages that have the same module root as the specified packages, as determined by
the `go list` command.
2020-06-24 23:29:47 -07:00
Dave Bartolomeo
06a5242d76 Merge pull request #3793 from rdmarsh2/rdmarsh/cpp/ir-range-analysis-experimental
C++: move IR range analysis to experimental
2020-06-24 20:51:07 -04:00
Dave Bartolomeo
2685aa4b8b C++: Use fewer words 2020-06-24 20:42:02 -04:00
Dave Bartolomeo
8b02f121d6 C++: QLDoc for all of Instruction.qll
I think I've now documented every class and public predicate in `Instruction.qll` I've tried to include detailed semantics of each instruction where appropriate.
2020-06-24 20:29:31 -04:00
Robert Marsh
362fbd12dc C++: QLDoc for PrintAST.qll 2020-06-24 16:45:20 -07:00
Robert Marsh
39aaccc1ac C++: Add QLDoc for AST range analysis libraries 2020-06-24 16:29:20 -07:00
Robert Marsh
3e6a19843d Merge pull request #3727 from jbj/tainted-format-string-high
C++: Raise cpp/tainted-format-string* precisions to high
2020-06-24 15:06:13 -07:00
Calum Grant
d32199cccc C#: QLdoc for CIL instructions. 2020-06-24 22:01:33 +01:00
Calum Grant
262a20cea0 C#: Add qldocs for Concurrency.qll, Documentation.qll, cil.qll and dotnet.qll. 2020-06-24 22:01:33 +01:00
Taus Brock-Nannestad
02363d76c1 Python: Document Comment.qll.
I didn't do the `toString` methods in this commit. I'm thinking
they're better to do in a separate commit. (There are 48 undocumented
instances!)
2020-06-24 22:43:59 +02:00
Taus Brock-Nannestad
fe78e68fd0 Python: Document a bunch of hasLocationInfo methods.
If only we had been _somewhat consistent in how we named the
parameters for these...
2020-06-24 22:38:03 +02:00
Rasmus Wriedt Larsen
155bbbdec9 Python: Add annotated call-graph tests
See the added README for in-depth details
2020-06-24 22:15:39 +02:00
Taus Brock-Nannestad
682e1b6040 Python: Document Comparisons.qll. 2020-06-24 22:13:46 +02:00
Asger F
090a685d86 Merge pull request #3751 from toufik-airane/master
[javascript] CWE-347: JWT Missing Secret Or Public Key Verification
2020-06-24 21:09:41 +01:00
Taus Brock-Nannestad
b8e744eade Python: Document Class.qll. 2020-06-24 22:07:47 +02:00
Taus Brock-Nannestad
25122c9fb5 Python: Document (parts of) ExternalArtifact.qll.
I don't think there's any need to document the parts specific to
metrics or defects, as I don't believe these are used anywhere.
2020-06-24 21:53:37 +02:00
Robert Marsh
fb6e578618 C++: move IR range analysis to experimental 2020-06-24 12:50:14 -07:00
Mathias Vorreiter Pedersen
8c6753a3cc C++: Accept consistency tests. 2020-06-24 21:13:38 +02:00
dilanbhalla
0552f9b0cc memory unsafe scan functions 2020-06-24 11:47:34 -07:00
Slavomir
95b76dceca Remove check 2020-06-24 21:39:23 +03:00
Geoffrey White
7af79abdbc C++: Use the ArrayFunction model in Dereferenced.qll. 2020-06-24 19:06:05 +01:00
Geoffrey White
d258aaff26 C++: Extend the memcpy model to include 'bcopy'. 2020-06-24 19:05:38 +01:00
Geoffrey White
d259e8e8df C++: Correct StrCpy.hasTaintFlow. 2020-06-24 18:34:02 +01:00
Geoffrey White
c3d275d0e7 C++: Clean up SprintfBW and comment Sprintf. 2020-06-24 18:34:02 +01:00
Geoffrey White
c681e6999d C++: Refine the strcat and strcpy models, have BufferWrite depend on them so that information isn't duplicated. 2020-06-24 18:34:02 +01:00
ubuntu
d9a0dc0982 Remove check for console().getAMethodCall 2020-06-24 19:31:23 +02:00
Robert Marsh
38067b5b34 Merge pull request #3777 from rdmarsh2/rdmarsh/csharp/autobuilder-lang-name
C#/C++: Use CODEQL_EXTRACTOR_<LANG>_* in autobuilder
2020-06-24 10:18:26 -07:00
ubuntu
65eba0272d Merge remote-tracking branch 'upstream/master' into loginjection 2020-06-24 19:15:27 +02:00
Mathias Vorreiter Pedersen
5190c26635 C++: Accept tests. 2020-06-24 18:28:41 +02:00
Mathias Vorreiter Pedersen
7530dc2132 C++: Hide operand nodes from path explanations to make the review diff smaller. 2020-06-24 18:28:23 +02:00
Mathias Vorreiter Pedersen
5aa1b13136 C++: Make the pre update node for ExplicitFieldStoreQualifierNode an operand node. This fixes the IR dataflow consistency errors. 2020-06-24 18:27:53 +02:00
Mathias Vorreiter Pedersen
470ee0059d C++: Alternate dataflow between operands and instructions 2020-06-24 18:27:12 +02:00