hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-03 00:31:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,418 Commits 1,687 Branches 159 Tags
codeql-cli/v2.10.2
Commit Graph

41418 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mark Shannon
ce9d0f1a06 Python points-to: Add support for some more ESSA definitions. 2019-04-26 16:21:45 +01:00
Mark Shannon
ec151e9b02 Python points-to: Convert two pairs of predicates to methods on booleans. 2019-04-26 16:21:45 +01:00
Mark Shannon
39b9723054 Python: Add support for bound-methods. 2019-04-26 16:21:45 +01:00
Mark Shannon
bf692f4aad Python: Add better class support, including inheritance. 2019-04-26 16:21:45 +01:00
Mark Shannon
5a46df2132 Python: Add ADTs for ints and strings. Add some global data-flow. 2019-04-26 16:21:45 +01:00
Mark Shannon
051683fadf Python: Break-up internal object modules. 2019-04-26 16:21:45 +01:00
Mark Shannon
c48d63f2ec Python: First draft of ADT based objects and attendant points-to. 2019-04-26 16:21:45 +01:00
Taus
7d2c17f27c Merge pull request #1271 from markshannon/python-fix-fp-http-prefix 
Python: Fix false positive in 'Incomplete URL substring sanitization' query
 2019-04-26 15:23:04 +02:00
Max Schaefer
e2666a9203 Update javascript/ql/src/semmle/javascript/frameworks/SocketIO.qll 
Co-Authored-By: esben-semmle <42067045+esben-semmle@users.noreply.github.com>
 2019-04-26 11:58:40 +02:00
Esben Sparre Andreasen
27f88c38ac JS: help the optimizer with NPMPackage/File relations 2019-04-26 11:49:07 +02:00
Jonas Jensen
bdb678a318 Merge pull request #1267 from rdmarsh2/rdmarsh/cpp/def-by-ref-taint 
C++: add taint edges to DefinitionByReferenceNode
 2019-04-26 08:50:20 +02:00
Robert Marsh
f5c57b77e6 C++: fix whitespace 2019-04-25 16:16:27 -07:00
Mark Shannon
2db06f9881 Merge pull request #1282 from taus-semmle/python-various-dist-compare-fixes 
Python: Add missing `override` annotations.
 2019-04-25 18:39:01 +01:00
Mark Shannon
28799441af Python: Fix false positive in 'Incomplete URL substring sanitization' query. 2019-04-25 18:11:01 +01:00
Geoffrey White
63b6942d0d CPP: Improve performance of RedundantNullCheckSimple.ql. 2019-04-25 15:56:49 +01:00
Taus Brock-Nannestad
c8cbae37d9 Python: Add missing override annotations. 2019-04-25 16:48:47 +02:00
Felicity Chapman
156c826f86 Update supported versions for C# 2019-04-25 15:36:01 +01:00
Jonas Jensen
48a3385809 C++: Work around extractor issue CPP-383 
This fixes `PointlessComparison.ql` on https://github.com/an-tao/drogon.
The QL is a bit obfuscated because it looks for a pattern that's
impossible according to the dbscheme. There is no accompanying test
because we haven't been able to boil this problem down to a simple test
case. If we could, we'd fix it directly in the extractor instead.
 2019-04-25 15:05:27 +02:00
semmle-qlci
3231b60e6b Merge pull request #1272 from asger-semmle/access-path-capture 
Approved by xiemaisi
 2019-04-25 11:32:54 +01:00
Asger F
47ba7d3004 Merge pull request #1278 from xiemaisi/js/symbolic-constants 
JavaScript: Generalise `ConstantComparison` sanitisers.
 2019-04-25 11:17:22 +01:00
Max Schaefer
a8470a984a JavaScript: Generalise ConstantComparison sanitisers. 
In addition to treating comparisons with literals as sanitisers, we now
also treat comparisons with variables that have a single assignment as
sanitisers.

Proving that such a variable is actually a constant is not easy, but for
this use case a simple approximation works fine.
 2019-04-25 07:38:31 +01:00
Ziemowit Laski
ac58bdfc58 [CPP-340] For MistypedFunctionArguments.ql, add support for pointers to pointers and pointers to arrays. 2019-04-24 14:54:01 -07:00
semmle-qlci
a504ad4261 Merge pull request #1270 from xiemaisi/odasa/7904 
Approved by esben-semmle
 2019-04-24 21:50:07 +01:00
semmle-qlci
3fbfb79c5b Merge pull request #1276 from adityasharad/js/node-runtime-env-var 
Approved by asger-semmle
 2019-04-24 16:55:14 +01:00
Taus
0917936100 Merge pull request #1273 from markshannon/python-fix-odasa-7890 
Add test confirming correct handling of zope.interface.Interface in query.
 2019-04-24 11:59:35 +02:00
Asger F
a16753c125 JS: Add documentation 2019-04-24 10:12:55 +01:00
Jonas Jensen
1dcfd21a5c Merge pull request #1264 from geoffw0/redundantnullperf 
CPP: Add qhelp for RedundantNullCheckSimple.ql.
 2019-04-24 10:25:23 +02:00
Aditya Sharad
4121e7245b TS extractor: Allow the Node.js runtime to be configured via environment variables. 
`SEMMLE_TYPESCRIPT_NODE_RUNTIME` can be used to provide the path to the Node.js runtime executable.
If this is omitted, the extractor defaults to the current behaviour of looking for `node` on the PATH.

`SEMMLE_TYPESCRIPT_NODE_RUNTIME_EXTRA_ARGS` can be used to provide additional arguments to the
Node.js runtime. These are passed first, before the arguments supplied by the extractor.

These changes are designed to allow TypeScript extraction in controlled customer environments where
we cannot control the PATH, or must use custom Node.js executables with certain arguments set.
 2019-04-23 15:04:14 -07:00
Robert Marsh
919f5c616f C++: comment and test for taint flow via memcpy 2019-04-23 11:17:18 -07:00
semmle-qlci
060aa8cb6c Merge pull request #1274 from asger-semmle/ts-export-equals 
Approved by xiemaisi
 2019-04-23 17:07:52 +01:00
Geoffrey White
6234b26496 CPP: Make some repairs manually. 2019-04-23 14:45:27 +01:00
Geoffrey White
e395f5215f CPP: Autoformat 'Critical'. 2019-04-23 14:45:27 +01:00
Max Schaefer
7faa4fd938 JavaScript: Add test case exposing two bugs in data flow library. 
This test case exposes two bugs in our data flow library (fixed by the
two previous commits):

  - the charpreds of `SourcePathNode` and `SinkPathNode` only ensured
    that they were on a path from a source to a sink, not that they
    actually were the source/sink themselves;
  - function summarization would allow for non-level paths; in the
    test case, this meant that one of the summaries for `source`
    represented the path returning from `source` on line 13 and then
    flowing back into the call on line 15, in the process transforming
    the parity of the flow label and hence causing a spurious flow.
 2019-04-23 13:16:30 +01:00
Max Schaefer
465be47574 JavaScript: Only follow level flow steps when summarising functions. 
It is not only wasteful to consider paths with unmatched calls/returns,
but also wrong; see test case in next commit.
 2019-04-23 13:16:30 +01:00
Max Schaefer
455dbccd05 JavaScript: Fix definitions of SourcePathNode and SinkPathNode. 
Their charpreds previously only ensured that they were on a path from a
source to a sink, not that they actually were the source and sink,
respectively. See two commits further for a test case.
 2019-04-23 13:15:47 +01:00
Asger F
08bc29cddb TS: fix analysis of export= statements 2019-04-23 13:09:40 +01:00
Mark Shannon
6a9bb5c5c9 Add test confirming correct handling of zope.interface.Interface in query. 2019-04-23 12:52:50 +01:00
Esben Sparre Andreasen
f064ba0c55 JS: change notes for newline whitelist in js/incomplete-sanitization 2019-04-23 08:38:26 +02:00
Esben Sparre Andreasen
ac0913c878 JS: add newline removal whitelist for js/incomplete-sanitization 2019-04-23 08:38:23 +02:00
Esben Sparre Andreasen
bdbd00e046 JS: add newline removal tests for js/incomplete-sanitization 2019-04-23 08:37:39 +02:00
Robert Marsh
34f8653979 C++: change note for taint def-by-ref 2019-04-22 10:46:36 -07:00
Robert Marsh
262f724235 C++: add taint edges to DefinitionByReferenceNode 2019-04-22 10:39:02 -07:00
Robert Marsh
45a35a8572 Merge pull request #1265 from rdmarsh2/rdmarsh/cpp/gvn-string-pooling 
C++: string pooling in IR value numbering
 2019-04-22 09:29:44 -07:00
Ziemowit Laski
36b2c14f88 [CPP-340] Minor formatting tweaks 2019-04-19 11:46:54 -07:00
Robert Marsh
e7ca6c8bd9 C++: test for value number string pooling 2019-04-19 10:50:52 -07:00
Ziemowit Laski
62b030d27f [CPP-340] Add a fourth query, ArgumentsToImplicit.ql, to deal strictly with implicitly declared 
functions.  TooManyArguments.ql will now deal with explicitly declared/prototyped functions.
 2019-04-18 17:56:41 -07:00
Robert Marsh
3907ef98a3 C++: value number string constants 2019-04-18 16:14:54 -07:00
yh-semmle
04954f77de Merge pull request #1262 from sb-semmle/more-spring-sources 
Parameters annotated with Spring's @RequestBody and @PathVariable are remote input sources.
 2019-04-18 18:08:44 -04:00
Sebastian Bauersfeld
734fe542ab Update change notes. 2019-04-18 16:37:08 -04:00
Robert Marsh
c6f01265be Merge pull request #1263 from geoffw0/bufferoverflowqueries 
CPP: Resolve overlap between OverflowCalculated.ql and NoSpaceForZeroTerminator.ql
 2019-04-18 13:21:57 -04:00