hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-04 01:01:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,812 Commits 1,689 Branches 159 Tags
codeql-cli/v2.10.3
Commit Graph

41812 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Nebel
c973693bee C#: Introduce buildless extractor option. 2022-03-02 14:25:06 +01:00
Rasmus Wriedt Larsen
500e0aced6 Python: Rewrite sax XML tests 
The tests for type-trackers were not that interesting, since they did
not have XML input in both cases, which is the problem we were trying
hard to solve.

I did keep the test-case of not-user-supplied url alive as well though
👍

I added OK/NOT OK annotations.

Notice that we report all 4 kinds of vulnerabilities on line 93
 2022-03-02 14:24:46 +01:00
Michael Nebel
fff42501fc Merge pull request #8167 from michaelnebel/csharp/extractor-option-compress 
C# Extractor Option for specifying compression.
 2022-03-02 14:22:52 +01:00
Michael Nebel
23fbfbc3b7 C#: Performance optimization of the GVN implementation. 2022-03-02 13:48:33 +01:00
Michael Nebel
a0a2cde6fa C#: Update relase note to include example fragment on, how to invoke the extractor with the optional parameter. 2022-03-02 13:17:20 +01:00
Rasmus Lerchedahl Petersen
143e9ee954 Merge branch 'main' of github.com:github/codeql into python/promote-xpath-injection 2022-03-02 13:14:08 +01:00
Rasmus Lerchedahl Petersen
ee45e79948 python: Create XML modulein Concepts 
to prepare for XXE and other XML related modelling
 2022-03-02 13:10:23 +01:00
Rasmus Lerchedahl Petersen
80be767a7a python: implement stdlib xpath support 2022-03-02 12:59:34 +01:00
Rasmus Lerchedahl Petersen
06e0f140c5 python: add tests for stdlib xpath 2022-03-02 12:58:37 +01:00
Erik Krogh Kristensen
62f2614f72 move hasDominatingWrite to the TypeTracking stage 2022-03-02 11:30:05 +01:00
Erik Krogh Kristensen
1db6a644a5 only block flow for dominated reads when the property name is known 2022-03-02 11:30:05 +01:00
Erik Krogh Kristensen
a9062cc047 merge hasDominatingWrite and hasDominatingAssignment 2022-03-02 11:30:05 +01:00
Mathias Vorreiter Pedersen
3681a1b736 Merge pull request #7933 from geoffw0/cwe497 
C++: Improve cpp/system-data-exposure
 2022-03-02 10:18:01 +00:00
Mathias Vorreiter Pedersen
71cd507f89 Merge pull request #8298 from MathiasVP/filter-bad-conversions-in-cpp-gvn 
C++: Fix `GVN` performance on more invalid IR
 2022-03-02 10:14:19 +00:00
Michael Nebel
53b2eac8c5 C#: Remove (symmetric) duplicates from the test output. 2022-03-02 09:44:51 +01:00
Michael Nebel
38f04e5585 C#: Flatten the the Gvn type. 2022-03-02 09:44:51 +01:00
Michael Nebel
6b4dea780f C#: Introduce caching of the Gvn related types and the toGvn predicate. 2022-03-02 09:44:51 +01:00
Michael Nebel
796a18043b C#: Add testcase for GVN printing. 2022-03-02 09:44:51 +01:00
Michael Nebel
7e25b141ca C#: Add test cases for finding structurally equivalent control flow elements. 2022-03-02 09:44:51 +01:00
Michael Nebel
52952e98bf C#: Example source code with structurally same expressions and statements. 2022-03-02 09:44:51 +01:00
Michael Nebel
4499551ca4 C#: Add a verbatim copy of the structural comparison for internal use only. 2022-03-02 09:44:51 +01:00
Michael Nebel
16270cf57f C#: Add configuration class to allow defining a candidate pairs of control flow predicates, where we want to look for structural equality. 2022-03-02 09:44:51 +01:00
Michael Nebel
87cb92a434 C#: Add predicates for restricting the Gvn type and the relation between control flow elements and global value numbers. 2022-03-02 09:44:51 +01:00
Michael Nebel
8bd12b23e2 C#: Add type(s) for representing global value numbers. 2022-03-02 09:44:51 +01:00
Michael Nebel
cc5d56547c C#: Add type Global value number kinds for control flow elements. 2022-03-02 09:44:51 +01:00
Michael Nebel
8179e247bf C#: Delete the existing structural comparison implementation. 2022-03-02 09:44:51 +01:00
ihsinme
9e76260f1d Update DangerousUseOfTransformationAfterOperation.ql 2022-03-02 10:38:57 +03:00
ihsinme
f5267ba8c6 Update DangerousUseOfTransformationAfterOperation.qhelp 2022-03-02 10:24:40 +03:00
Harry Maclean
37dac186a8 Ruby: String.try_convert isn't value-preserving 
`String.try_convert` can convert arbitrary objects to strings, which
obviously isn't value-preserving.
 2022-03-02 13:31:59 +13:00
Arthur Baars
169f65526e Merge pull request #8292 from aibaars/api-graphs-private 
Ruby: ApiGraphs: use private imports
 2022-03-02 00:35:46 +01:00
Taus
8460ab4f31 Merge pull request #7549 from hvitved/python/points-to-perf 2022-03-01 23:05:10 +01:00
Mathias Vorreiter Pedersen
155502cfdb C#/C++: Sync identical files. 2022-03-01 16:56:49 +00:00
Mathias Vorreiter Pedersen
4acae4a2d1 C++: Remove redundant conjunct. 2022-03-01 16:56:25 +00:00
Geoffrey White
2962b125af Merge branch 'main' into cwe497 2022-03-01 16:19:28 +00:00
Paolo Tranquilli
c81f2661a3 Merge pull request #8300 from redsun82/check-qhelp 
check-qhelp: call super init in IncludeHandler
 2022-03-01 17:07:28 +01:00
Paolo Tranquilli
ef4d1de9c3 check-qhelp: call super init in IncludeHandler 
`xml.sax.ContentHandler` has a non-trivial `__init__`. While this is
probably harmless, it does not hurt to fix this.
 2022-03-01 16:50:55 +01:00
Rasmus Wriedt Larsen
518e2aeebf Merge branch 'main' into jorgectf/python/deserialization 2022-03-01 16:47:13 +01:00
Rasmus Wriedt Larsen
2309f67e9b Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2022-03-01 15:50:21 +01:00
Rasmus Wriedt Larsen
27d5349a74 Python: ORM: Remove imports from test code 
These are no longer needed, as data-flow now has this import by default
 2022-03-01 15:39:52 +01:00
Rasmus Wriedt Larsen
a1c7ec8c6d Python: Accept .exepcted changes from importing frameworks from data-flow 
Since `python.qll` has `private import
semmle.python.dataflow.new.DataFlow`, that means that all tests now
implicitly imports the frameworks modeling, and therefore any python
class is part of the DjangoViewClassHelper ql class.

de8ecb214f/python/ql/lib/python.qll (L44)
 2022-03-01 15:37:16 +01:00
Rasmus Lerchedahl Petersen
f55d7d627e python: model XPathEvaluator 2022-03-01 14:40:13 +01:00
Rasmus Lerchedahl Petersen
3bb17be389 python: add concept and library tests 2022-03-01 14:39:28 +01:00
ihsinme
a6654fce4a Update ImproperCheckReturnValueScanf.ql 2022-03-01 16:37:29 +03:00
ihsinme
e9fefab9b1 Update test.cpp 2022-03-01 16:36:24 +03:00
ihsinme
bfec3c5e6e Update ImproperCheckReturnValueScanf.expected 2022-03-01 16:35:31 +03:00
Tom Hvitved
92fa0071bd Update python/ql/lib/semmle/python/pointsto/MRO.qll 
Co-authored-by: Taus <tausbn@github.com>
 2022-03-01 14:16:49 +01:00
Asger Feldthaus
df379809df Ruby: support CSV rows of form ;any;Method[foo] 2022-03-01 14:08:21 +01:00
Asger Feldthaus
05ea33033b Ruby: add test for API::EntryPoint 2022-03-01 14:08:21 +01:00
Asger Feldthaus
bf83400bd2 Ruby: port API::EntryPoint from JS 2022-03-01 14:08:21 +01:00
Asger Feldthaus
e10e3b9466 Ruby: convert ActiveStorage::Filename model to MaD 2022-03-01 14:08:21 +01:00