hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-21 09:23:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,418 Commits 1,693 Branches 161 Tags
codeql-cli/v2.10.2
Commit Graph

41418 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
luchua-bc
3d4a5a337d Add check for J2EE server directory listing 2020-05-30 10:58:16 +00:00
Erik Krogh Kristensen
3b4e57ab8d autoformat 2020-05-30 12:45:51 +02:00
Robert Marsh
e17adf14dc C++: autoformat 2020-05-29 16:13:40 -07:00
Robert Marsh
f8b6e07391 C++: Added QLDoc for Element.qll-Include.qll 2020-05-29 16:09:19 -07:00
Robert Marsh
1c20714c62 C++: file QLDoc for AutogeneratedFile-Diagnostics 2020-05-29 14:58:01 -07:00
Robert Marsh
45e555cff0 C++: accept inconsistency with unreachable exit block 2020-05-29 14:43:48 -07:00
Robert Marsh
5ee37bcd5a Merge branch 'master' into ir-this-parameter-2 
Bring in fix for duplicate virtual variables for parameter indirections
 2020-05-29 14:40:45 -07:00
Jonas Jensen
91da0d5567 Merge pull request #3592 from geoffw0/strlen 
CPP: Don't taint the return value of strlen
 2020-05-29 19:23:47 +02:00
Robert Marsh
f8cfcef9c9 C++/C#: document isThisIndirection and sync files 2020-05-29 09:52:03 -07:00
Robert Marsh
6c9051ae6f C++: accept consistency fixes 2020-05-29 09:49:28 -07:00
Max Schaefer
b37bdec66c Merge pull request #157 from owen-mc/isresult-consistency 
Make FunctionOutput.isResult(0) and CallNode.getResult(0) match single results
 2020-05-29 17:13:21 +01:00
Geoffrey White
9ee75aaca1 C++: Change note. 2020-05-29 16:22:42 +01:00
Max Schaefer
2f7ff6b56c Merge pull request #162 from max-schaefer/open-url-redirect-formvalue 
Consider `Request.FormValue(...)` as a source for URL redirects.
 2020-05-29 15:56:50 +01:00
Max Schaefer
8f0592a079 Consider Request.FormValue(...) as a source for URL redirects. 
Despite its name, this method doesn't just handle form values but also query parameters.
 2020-05-29 15:03:05 +01:00
Sauyon Lee
b1db53e733 Merge pull request #161 from max-schaefer/more-mutable-types 
Broaden definition of mutable types for taint tracking
 2020-05-29 06:55:16 -07:00
Mathias Vorreiter Pedersen
3adc10fdb4 C++: Accept tests 2020-05-29 15:33:55 +02:00
Geoffrey White
f534f09784 C++: Autoformat. 2020-05-29 14:05:08 +01:00
Geoffrey White
19c33ab41c C++: Refine StrLenFunction, including removal of taint flow. 2020-05-29 14:04:27 +01:00
Geoffrey White
705529cdf7 C++: Split StrLenFunction from PureStrFunction (without changes). 2020-05-29 14:04:27 +01:00
Geoffrey White
59cb5f9b1e C++: Remove a special case for strlen in DefaultTaintTracking. 2020-05-29 14:04:26 +01:00
Geoffrey White
408e38a4d4 C++: Clarify which taint tracking libraries should be used somewhat. 2020-05-29 14:04:26 +01:00
Geoffrey White
d77092c931 C++: Add taint tests for strlen. 2020-05-29 13:39:40 +01:00
Rasmus Wriedt Larsen
551420401a Python: Fix typo 
Co-authored-by: Taus <tausbn@gmail.com>
 2020-05-29 14:27:07 +02:00
semmle-qlci
f291749243 Merge pull request #3585 from asger-semmle/js/use-newer-yarn 
Approved by erik-krogh
 2020-05-29 13:02:20 +01:00
Mathias Vorreiter Pedersen
a0603692cb C++: Add LoadChain and StoreChain nodes to handle reverse reads in dataflow 2020-05-29 13:53:53 +02:00
Rasmus Wriedt Larsen
59548a523e Python: Add change-note about UntrustedStringKind imports 2020-05-29 13:45:10 +02:00
Philip Ginsbach
2d47537f11 Slightly modified version of Henning's suggestion 2020-05-29 12:41:58 +01:00
Erik Krogh Kristensen
f7ad210331 use SSA instead of internal AccessPath API 2020-05-29 13:08:19 +02:00
Erik Krogh Kristensen
05bfba4f99 use getImmediatePredecessor instead of getALocalSource() 2020-05-29 13:01:09 +02:00
Jonas Jensen
453de6bf4e Merge pull request #3583 from MathiasVP/qldoc-for-unix-constants 
C++: QLDoc for Constants
 2020-05-29 12:27:59 +02:00
Mathias Vorreiter Pedersen
335baaef73 C++: Add testcases for partial definitions with long access paths 2020-05-29 12:15:39 +02:00
Rasmus Wriedt Larsen
48be57c8fd Python: Improve QLDoc for ExternalStringDictKind 2020-05-29 12:06:57 +02:00
Rasmus Wriedt Larsen
b083c01520 Python: Deprecate StringDictKind 
This QL

```codeql
import python
import semmle.python.dataflow.TaintTracking
import semmle.python.security.strings.Untrusted

from CollectionKind ck
where
    ck.(DictKind).getMember() instanceof StringKind
    or
    ck.getMember().(DictKind).getMember() instanceof StringKind
select ck, ck.getAQlClass(), ck.getMember().getAQlClass()
```

generates these 6 results.

```
1	{externally controlled string}          ExternalStringDictKind	UntrustedStringKind
2	{externally controlled string}	        StringDictKind	        UntrustedStringKind
3	[{externally controlled string}]	SequenceKind	        ExternalStringDictKind
4	[{externally controlled string}]	SequenceKind	        StringDictKind
5	{{externally controlled string}}	DictKind	        ExternalStringDictKind
6	{{externally controlled string}}	DictKind	        StringDictKind
```

StringDictKind was only used in *one* place in our library code. As illustrated
above, it pollutes our set of TaintKinds. Effectively, every time we make a
flow-step for dictionaries with tainted strings as values, we do it TWICE --
once for ExternalStringDictKind, and once for StringDictKind... that is just a
waste.
 2020-05-29 12:06:57 +02:00
Rasmus Wriedt Larsen
87bc8ae28d Python: Don't use UntrustedStringKind in web lib 
If I wanted to use my own TaintKind and not have any interaction with
`UntrustedStringKind` that wouldn't be possible today since these standard http
libraries import it directly. (also, I wouldn't get any sources of my custom
TaintKind from turbogears or bottle). I changed them to use the same pattern of
`ExternalStringKind` as everything else does.
 2020-05-29 12:06:57 +02:00
Mathias Vorreiter Pedersen
ae4f6edc6a Merge pull request #3204 from jbj/Expr-location-workaround 
C++: Move Expr location workaround to Expr.qll
 2020-05-29 11:58:50 +02:00
Philip Ginsbach
bb9e800241 remove "experimental syntax" box for type unions 2020-05-29 10:24:42 +01:00
Philip Ginsbach
299d87aa8e better explanation of the purpose of type unions 
Co-authored-by: Pavel Avgustinov <54942558+p0@users.noreply.github.com>
 2020-05-29 10:22:57 +01:00
Philip Ginsbach
0562b4a2dd restricted _subsets_ of algebraic datatypes 
Co-authored-by: Pavel Avgustinov <54942558+p0@users.noreply.github.com>
 2020-05-29 10:21:58 +01:00
Asger Feldthaus
f3a08375b4 JS: Use newer yarn.lock format 2020-05-29 09:45:50 +01:00
Jonas Jensen
7d4d435f25 Merge remote-tracking branch 'upstream/master' into Expr-location-workaround 
Conflicts:
	cpp/ql/test/library-tests/dataflow/fields/dataflow-ir-consistency.expected
 2020-05-29 10:04:12 +02:00
Mathias Vorreiter Pedersen
a305d39111 Merge pull request #3577 from dbartol/github/codeql-c-analysis-team/69 
C++: Fix `MemoryLocation` with multiple `VirtualVariables`
 2020-05-29 09:40:58 +02:00
Mathias Vorreiter Pedersen
0467995f4f C++: Make explicit that O_CREAT and O_EXCL are Linux-specific 2020-05-29 09:36:08 +02:00
Jonas Jensen
9813258a3e Merge remote-tracking branch 'upstream/master' into Expr-location-workaround 
Conflicts and semantic conflicts in `library-tests/dataflow/fields` and
`library-tests/ir/ir`.
 2020-05-29 08:44:37 +02:00
Max Schaefer
64c60f6153 Merge pull request #160 from sauyon/readme 
Add links to the CodeQL CLI and LGTM.com
 2020-05-29 07:13:20 +01:00
Jonas Jensen
87ad519541 Merge pull request #3569 from geoffw0/strftime 
C++: Taint flow consistency change for strftime
 2020-05-29 08:05:25 +02:00
Sauyon Lee
51026a7142 Add links to the CodeQL CLI and LGTM.com 2020-05-28 22:38:23 -07:00
yo-h
1fea545160 Merge pull request #3573 from aschackmull/java/private-interface-methods 
Java: Fix for private interface methods.
 2020-05-28 20:31:55 -04:00
yo-h
c2de08ca51 Merge pull request #3499 from aschackmull/java/instanceof-pattern-cfg 
Java: Add CFG edges for Java 14 pattern-matching instanceof.
 2020-05-28 20:24:39 -04:00
Robert Marsh
a638a08bc5 C++: autoformat 2020-05-28 17:06:14 -07:00
Robert Marsh
f82c97b84a C++: fix IR control flow for cast in placement new 2020-05-28 16:53:21 -07:00