hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-22 01:43:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,418 Commits 1,692 Branches 161 Tags
codeql-cli/v2.10.2
Commit Graph

41418 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Lerchedahl Petersen
f3e879a5ab Python: small test of local flow 2020-06-16 14:31:22 +02:00
Owen Mansel-Chan
336eba1be4 Add Hash.Write and similar as sanitizers 2020-06-16 12:48:43 +01:00
Erik Krogh Kristensen
696879653a add qhelp to js/biased-cryptographic-random 2020-06-16 11:10:09 +02:00
lcartey@github.com
2978af34cd Java: Add RestTemplate as flow source. 2020-06-16 09:50:37 +01:00
lcartey@github.com
f2edc53144 Java: Add Spring RestTemplate return values to untrusted data types 
- Also improve unwrapping of lists/arrays/maps etc.
 2020-06-16 09:50:37 +01:00
lcartey@github.com
9625e82afd Java: Model Spring WebClients/RestTemplates. 2020-06-16 09:50:37 +01:00
lcartey@github.com
cd6339f5cd Java: Add Spring flow out of HttpEntity and HttpHeader 2020-06-16 09:50:36 +01:00
lcartey@github.com
93c28d4c03 Java: Add taint step to flow through Spring tainted user data class 
getters.
 2020-06-16 09:50:36 +01:00
lcartey@github.com
8678d5fc6f Java: Model untrusted user data types 
Model the datatypes that may be populated on demand from request
parameters.
 2020-06-16 09:50:36 +01:00
lcartey@github.com
8bd5f748b4 Java: SpringController - handle non-string literal produces values. 2020-06-16 09:50:36 +01:00
lcartey@github.com
0db7cead31 Java: Model taint flow through ResponseEntity. 2020-06-16 09:50:35 +01:00
lcartey@github.com
f6b2accabd Java: Model ResponseEntity.BodyBuilder 2020-06-16 09:50:35 +01:00
lcartey@github.com
e2cec582be Java: XSS - ignore Spring sinks when content-type is safe. 
Methods annotated with a produces field which indicates a safe
content-type should not be considered XSS sinks. For example:

@RequestMapping(..., produces = "application/json")
 2020-06-16 09:50:35 +01:00
lcartey@github.com
f6a99cb42e Java: Model produces parameter to RequestMapping attribute. 2020-06-16 09:50:34 +01:00
lcartey@github.com
8057dff368 Java: Add Spring XSS sinks 
Look for Spring request methods which return a String value which may be
coerced into a text/html output.
 2020-06-16 09:50:34 +01:00
lcartey@github.com
c59042f9c3 Java: Taint tracking through String.replace(all)? 2020-06-16 09:50:34 +01:00
lcartey@github.com
7d555a7467 Java: Track flow through HttpEntity and ResponseEntity 
- Only track if the body is a String type, as that is the only type at
   risk of XSS.
 2020-06-16 09:50:33 +01:00
lcartey@github.com
1d1234093f Java: Model Spring @ResponseBody methods. 2020-06-16 09:50:33 +01:00
lcartey@github.com
fd2cd6025d Java: Modelling of the Spring HTTP classes. 2020-06-16 09:50:33 +01:00
lcartey@github.com
bfcc06dd0b Java: Improve Spring controller modelling 
- Identify ModelMaps correctly
 - Add extra not tainted param types (Pageable)
 - Identify ModelAttributes
 2020-06-16 09:50:33 +01:00
lcartey@github.com
7c4251deac Java: Add flow out of Map and List 2020-06-16 09:50:32 +01:00
lcartey@github.com
6de2b93f3a Java: Add SpringWebRequest to RemoteTaintedMethod 2020-06-16 09:50:32 +01:00
lcartey@github.com
4300bc8088 Java: Update RemoteFlowSource to use improve Spring request parameter 
mapping.
 2020-06-16 09:50:31 +01:00
lcartey@github.com
f5dc0337ed Java: Improve modelling of Spring request methods 
- Recognise @<httpverb>Mapping as well as @RequestMapping.
 - Identify tainted/not tainted parameters of RequestMapping methods.
 2020-06-16 09:50:31 +01:00
Mathias Vorreiter Pedersen
c30d1a618e C++: Add charpred to partial definition node classes in qltest 2020-06-16 09:55:37 +02:00
Sauyon Lee
1853e990a3 ReflectedXss: Allow regexp to match newlines 2020-06-16 00:43:12 -07:00
Jonas Jensen
d80a033bed Merge pull request #3719 from dbartol/github/codeql-c-analysis-team/69-consistency 
C++/C#: Fix a couple new consistency failures, and improve consistency messages
 2020-06-16 08:48:35 +02:00
Rasmus Lerchedahl Petersen
0abba238cc Python: bit more local flow and fix ql docs 2020-06-16 08:21:32 +02:00
Rasmus Lerchedahl Petersen
ad04ec554a Python: group related predicates 
also restore accidentally removed comment
 2020-06-16 07:30:44 +02:00
Jonathan Leitschuh
c2052ed152 Add .gitignore for VS Code Generated maven project files 
When VS Code detects a Maven project, it automatically generates
a bunch of Eclipse files to describe the project.

These are now ignored in order to not pollute the repository
 2020-06-15 22:29:30 -04:00
Erik Krogh Kristensen
5e060fa6a8 Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2020-06-15 23:47:40 +02:00
Erik Krogh Kristensen
315faaffee small corrections in documentation 
Co-authored-by: Asger F <asgerf@github.com>
 2020-06-15 23:40:27 +02:00
Asger Feldthaus
23d28967a7 JS: Autoformat 2020-06-15 20:40:17 +01:00
Owen Mansel-Chan
f27ecdabb8 Set precision to high 2020-06-15 17:42:19 +01:00
Owen Mansel-Chan
4f6ce61de2 Move EmailInjection query out of experimental 2020-06-15 17:42:19 +01:00
Asger Feldthaus
3242f5ed94 JS: Include qhelp example in test suite 2020-06-15 17:37:26 +01:00
Asger Feldthaus
824054ba62 JS: Change note and updated help 2020-06-15 17:34:36 +01:00
Asger Feldthaus
7091a9f704 JS: Special-case alert message for type annotations 2020-06-15 17:17:47 +01:00
Asger Feldthaus
c8ab69af11 JS: Avoid duplicate alerts 2020-06-15 16:57:54 +01:00
Asger Feldthaus
f380898126 JS: Add test showing duplicate alerts 2020-06-15 16:40:37 +01:00
Aditya Sharad
d7d00bddf6 Merge pull request #3718 from adityasharad/cpp/formatting-function-doc 
C++: Fix QLDoc on `FormattingFunction` library
 2020-06-15 08:39:16 -07:00
Asger Feldthaus
51d143d6f1 JS: Add test with destructuring pattern that looks like type annotations 2020-06-15 16:35:36 +01:00
Dave Bartolomeo
881b3c8e33 C#: Fix IR consistency errors 
We were creating a `TranslatedFunction` even for functions that were not from source code, but then telling the IR package that those functions didn't have IR. This resulted in having prologue/epilogue instructions (e.g. `EnterFunction`, `ExitFunction`) with no enclosing `IRFunction`.
 2020-06-15 11:33:00 -04:00
Owen Mansel-Chan
f9db197e17 Merge pull request #3683 from owen-mc/improve-ast-class-reference-for-java 
Improve ast class reference for java
 2020-06-15 16:25:25 +01:00
Erik Krogh Kristensen
23223fc5fb change-note 2020-06-15 17:22:11 +02:00
Erik Krogh Kristensen
3ef5dc74a1 add backtracking to find division that end up being rounded 2020-06-15 17:10:10 +02:00
Erik Krogh Kristensen
e8db624e74 add .jar and .war to the list of sensitive files for js/insecure-download 2020-06-15 16:48:07 +02:00
Dave Bartolomeo
fecffab8e7 C++: Fix consistency error 
`TTranslatedAllocationSideEffects` wasn't limiting itself to functions that actually have IR, so it was getting used even in template definitions.
 2020-06-15 10:47:00 -04:00
Dave Bartolomeo
8cbc7e8654 C++/C#: Improve consistency failure result messages 
Some of our IR consistency failure query predicates already produced results in the schema as an `@kind problem` query, including `$@` replacements for the enclosing `IRFunction` to make it easier to figure out which function to dump when debugging. This change moves the rest of the query predicates in `IRConsistency.qll` to do the same. In addition, it wraps each call to `getEnclosingIRFunction()` to return an `OptionalIRFunction`, which can be either a real `IRFunction` or a placeholder in case `getEnclosingIRFunction()` returned no results. This exposes a couple new consistency failures in `syntax-zoo`, which will be fixed in a subsequent commit.

This change also deals with consistency failures when the enclosing `IRFunction` has more than one `Function` or `Location`. For multiple `Function`s, we concatenate the function names. For multiple `Location`s, we pick the first one in lexicographical order. This changes the number of results produced in the existing tests, but does't change the actual number of problems.
 2020-06-15 10:46:46 -04:00
semmle-qlci
3728e1afd3 Merge pull request #3715 from asger-semmle/js/returned-functions 
Approved by erik-krogh, esbena
 2020-06-15 15:32:54 +01:00