hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-15 06:23:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,418 Commits 1,690 Branches 160 Tags
codeql-cli/v2.10.2
Commit Graph

41418 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Max Schaefer
d6f3005e0e Merge branch '235-head' 2020-02-07 20:12:47 +00:00
Asger Feldthaus
e4844bfad2 JS: Fix deprecated API usage 2020-02-07 17:17:48 +00:00
Asger Feldthaus
ad10414604 JS: Update expected output of existing test 2020-02-07 16:57:57 +00:00
Max Schaefer
5571f1eac7 Rename Comparison to ComparisonExpr. 2020-02-07 16:24:42 +00:00
Max Schaefer
ad7dfa258c Rename ParenExpr.getExpression() to getExpr() for consistency with similar predicates in other classes. 2020-02-07 16:24:42 +00:00
Agustin Gianni
033eeab41e cpp: Adds a member predicate to get a FunctionAccess from a Function 
- Adds a member predicate to get a FunctionAccess from a Function
- Adds QLDoc to getACallToThisFunction.
 2020-02-07 16:45:14 +01:00
Erik Krogh Kristensen
06e13cb3a1 Merge branch 'master' of git.semmle.com:Semmle/ql into FalsySanitizer 2020-02-07 16:13:02 +01:00
Erik Krogh Kristensen
c6668da02e expand how indirectCommandArguments are found 2020-02-07 15:00:05 +01:00
Asger Feldthaus
254af4f3a8 JS: Rewrite LodashUnderscore::AnalyzedThisInBoundCallback 2020-02-07 13:58:07 +00:00
Erik Krogh Kristensen
dd9e3d2fec expose TaintTracking::arrayFunctionTaintStep and add a step for "concat" 2020-02-07 14:57:32 +01:00
Asger Feldthaus
fea5a4331d JS: Rewrite React::AnalyzedThisInBoundCallback 2020-02-07 13:55:42 +00:00
Asger Feldthaus
3b28bdbeed JS: Rewrite AnalyzedThisInArrayIterationFunction 2020-02-07 13:55:36 +00:00
Asger Feldthaus
f942e69482 JS: Improve flow through partial invokes 2020-02-07 13:54:14 +00:00
Anders Schack-Mulligen
85adc3be10 Java: Add String.join as default taint step. 2020-02-07 14:43:31 +01:00
Esben Sparre Andreasen
dcdaa96570 JS: remove unused imports 2020-02-07 14:10:50 +01:00
Esben Sparre Andreasen
cb30329b3d JS: make DynamicPropertyAccess.qll from PrototypePollutionUtility.ql 2020-02-07 13:57:52 +01:00
Calum Grant
3c8aeb946a Merge pull request #2729 from hvitved/csharp/assignment-dataflow-node 
C#: Add new class `AssignableDefinitionNode` to the data-flow library
 2020-02-07 12:53:55 +00:00
Anders Schack-Mulligen
ee3af0a247 Java: Add String.format as default taint step. 2020-02-07 13:43:35 +01:00
Erik Krogh Kristensen
1ece6b9afe update expected output of tests 2020-02-07 12:57:51 +01:00
semmle-qlci
125c6a071c Merge pull request #2787 from asger-semmle/js/lazy-cache-test-case 
Approved by esbena
 2020-02-07 11:53:04 +00:00
Arthur Baars
c91815f44d Remove trailing ; in QL language spec 2020-02-07 12:47:14 +01:00
Arthur Baars
c431d47481 Fix typos in QL language spec 2020-02-07 12:46:41 +01:00
Esben Sparre Andreasen
736ccb98c2 JS: model the send library for js/path-injection 2020-02-07 12:45:32 +01:00
Shati Patel
4cbf7d2a6d Merge pull request #2789 from jf205/codeql-178 
QL language handbook: add link to information about module resolution in QL spec
 2020-02-07 12:27:02 +01:00
Sauyon Lee
1a21c14f2f Remove build ignore from HardcodedCredentials example 2020-02-07 03:13:14 -08:00
Sauyon Lee
e4d228fa0f Fix CleartextStorage tests 2020-02-07 03:13:13 -08:00
Sauyon Lee
6300fdf85e Remove accidentally added CleartextStorage tests 2020-02-07 03:13:12 -08:00
Sauyon Lee
559ac8f0d2 Fix squirrel test build 2020-02-07 03:12:19 -08:00
Max Schaefer
72de4728a2 Suppress unhelpful magic. 2020-02-07 11:09:33 +00:00
Tom Hvitved
f30a42ce26 Data flow: Fix bad join-order in TPathNodeSink 
Avoids a Cartesian product on nodes:

```
[2020-02-07 11:01:22] (432s) Tuple counts for dom#DataFlowImpl::TPathNodeSink#ff:
                      0          ~0%      {2} r1 = JOIN DataFlowImpl::Configuration::isSource_dispred#ff AS L WITH DataFlowImpl::Configuration::isSink_dispred#ff AS R ON FIRST 2 OUTPUT R.<1>, R.<0>
                      101611     ~0%      {2} r2 = SCAN DataFlowImpl::PathNodeMid#class#ffffff AS I OUTPUT I.<5>, I.<0>
                      3534537047 ~3%      {3} r3 = JOIN r2 WITH DataFlowImpl::Configuration::isSink_dispred#ff AS R ON FIRST 1 OUTPUT r2.<1>, R.<1>, R.<0>
                      251        ~41%     {3} r4 = JOIN r3 WITH project#DataFlowImpl::pathStep#fffff AS R ON FIRST 2 OUTPUT R.<2>, r3.<2>, r3.<1>
                      251        ~50%     {2} r5 = JOIN r4 WITH DataFlowImpl::TNil#ff_1#join_rhs AS R ON FIRST 1 OUTPUT r4.<2>, r4.<1>
                      251        ~50%     {2} r6 = r1 \/ r5
                      323        ~67%     {3} r7 = JOIN r6 WITH DataFlowImpl::flow#ff AS R ON FIRST 1 OUTPUT r6.<1>, r6.<0>, R.<1>
                      288        ~58%     {3} r8 = SELECT r7 ON r7.<2> >= r7.<0>
                      251        ~53%     {3} r9 = SELECT r8 ON r8.<2> <= r8.<0>
                      251        ~50%     {2} r10 = SCAN r9 OUTPUT r9.<1>, r9.<0>
```
 2020-02-07 12:08:31 +01:00
Max Schaefer
69edfe08df Make regular expression for format strings more precise. 2020-02-07 11:05:44 +00:00
Max Schaefer
8b0d271717 Locally resolve calls to function expressions. 2020-02-07 11:05:44 +00:00
Max Schaefer
f6305f019d Minor refactoring. 2020-02-07 11:05:44 +00:00
Max Schaefer
46a8f8c8ed Remove Function.getACallExpr. 2020-02-07 11:05:44 +00:00
Max Schaefer
39b7272241 Teach Function.getACall to take virtual dispatch into account. 2020-02-07 11:05:44 +00:00
Max Schaefer
84002f585e Remove CallExpr.getACallee(). 2020-02-07 11:05:44 +00:00
Max Schaefer
cf0e38b22c Move virtual dispatch resolution from CallExpr to CallNode and generalise it very slightly. 2020-02-07 11:05:44 +00:00
Max Schaefer
253a394ae0 Make CallNode.getCalleeName() more robust to missing type information. 2020-02-07 11:05:44 +00:00
Max Schaefer
93a84684a5 Remove predicate CallExpr.calls. 
This sort of reasoning should be done at the data-flow level.
 2020-02-07 11:05:44 +00:00
Max Schaefer
9400442bea Add call graph test. 
This test uses annotations to encode the expected output directly into the source, hence the `.expected` files are trivial.
 2020-02-07 11:05:41 +00:00
Calum Grant
389e6266d9 Merge pull request #2773 from hvitved/csharp/useless-assignment-to-local-default 
C#: Remove false positives for `cs/useless-assignment-to-local`
 2020-02-07 10:37:19 +00:00
james
f2320bbe56 docs: add link to module resolution in ql spec 2020-02-07 10:26:31 +00:00
Sauyon Lee
5dbebe44f5 Package tests: also select raw database path 2020-02-07 02:25:26 -08:00
Sauyon Lee
2cb61911c3 Package tests: Limit to specific packages 2020-02-07 02:23:28 -08:00
Sauyon Lee
9a9561bb12 Remove vendored path prefix of vendored packages 2020-02-07 02:17:54 -08:00
Erik Krogh Kristensen
8ea6070120 add indirect command injection sink for a concatenated array 2020-02-07 11:04:34 +01:00
Asger Feldthaus
a2fa6bb41f JS: Add test case for lazy-cache 2020-02-07 09:50:37 +00:00
Jonas Jensen
19286bd82a Merge pull request #2765 from MathiasVP/ir-gvn-ast-wrapper-fixup 
C++: Make AST GVN a wrapper for IR-based GVN
 2020-02-07 08:49:15 +01:00
semmle-qlci
e05dd352ad Merge pull request #2768 from asger-semmle/js/protopol-packages 
Approved by esbena
 2020-02-07 07:21:04 +00:00
yo-h
9c3fed7550 Merge pull request #2734 from aschackmull/java/taint-postupdate 
Java: Improve taint step modeling to use postupdate nodes.
 2020-02-06 21:17:55 -05:00