hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-16 04:26:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
48,840 Commits 1,713 Branches 162 Tags
codeql-cli/v2.12.0
Commit Graph

48840 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Lerchedahl Petersen
f345e55951 Python: Adjust test expectations 2020-11-30 14:21:30 +01:00
Rasmus Lerchedahl Petersen
673ff901fb Python: Test for unpacking assignment 2020-11-30 14:18:22 +01:00
Anders Schack-Mulligen
88e0759365 Java: Change RemoteUserInput to private instead of removing. 2020-11-30 13:40:53 +01:00
Rasmus Wriedt Larsen
8b2c34e267 Merge pull request #4747 from yoff/python-path-injection-doc 
Python: Fix documentation for path injection.
 2020-11-30 13:17:59 +01:00
James Fletcher
509d153b61 Apply suggestions from code review 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2020-11-30 12:12:10 +00:00
Rasmus Lerchedahl Petersen
fd8c696b67 Python: Fix documentation for path injection. 2020-11-30 12:24:35 +01:00
Anders Schack-Mulligen
5a66d6ab93 Java: Improve performance of SSA. 2020-11-30 11:26:03 +01:00
Rasmus Wriedt Larsen
4ab3fff973 Python: Fix untrusted data to external API example 
The hmac.digest function was only added in python 3.7, so obviously doesn't work
on Python 2
 2020-11-30 10:42:30 +01:00
Anders Schack-Mulligen
931322e4c5 Merge pull request #4668 from aschackmull/dataflow/refactor-pruning 
Dataflow: Refactor pruning stages.
 2020-11-30 09:37:04 +01:00
Pavel Avgustinov
74af41c76d Merge pull request #4357 from RasmusWL/design-patterns 
Add docs on CodeQL Design Patterns
 2020-11-30 08:19:15 +00:00
yo-h
7e8bc4a61b Merge commit '2fa9037' into yo-h/java15-merge 2020-11-29 18:42:20 -05:00
Erik Krogh Kristensen
33b2701551 refine isFork to remove false positive when a state has epsilon transition to itself 2020-11-29 21:42:50 +01:00
Tom Hvitved
c0dd89122c Handle parameters with overlapping names 2020-11-28 19:23:08 +01:00
ihsinme
d088d5b0f3 CPP: Add query for CWE-191 
into experimental this reveals a dangerous comparison
 2020-11-28 15:52:00 +03:00
Erik Krogh Kristensen
d7b22e3b1b update expected output for PolynomialBackTracking 2020-11-27 20:15:27 +01:00
Erik Krogh Kristensen
729073fb43 detect ReDoS when the choices are "match some string" or "match Epsilon" 2020-11-27 20:15:23 +01:00
Geoffrey White
905b04a6fb C++: Model classes in StdString.qll. 2020-11-27 19:12:01 +00:00
Chris Smowton
3338a0b10d Merge pull request #402 from smowton/smowton/feature/zipslip-more-generous-sanitisers 
ZipSlip: redefine sources closer to their origin, and make sanitizers more generous
 2020-11-27 18:25:07 +00:00
Rasmus Wriedt Larsen
cbfcfdf883 Python: Fix UntrustedDataToExternalAPI.qhelp 2020-11-27 17:54:22 +01:00
Owen Mansel-Chan
bfbf102408 Remove restriction on void and boolean-returning methods 
When the taint was in the receiver, we were excluding methods which
return nothing or a boolean.
 2020-11-27 16:51:24 +00:00
luchua-bc
ad0ac5b874 Change kind to problem 2020-11-27 16:43:57 +00:00
Rasmus Wriedt Larsen
faa5c220c5 Design Patterns: Add advice on abstract classes 2020-11-27 17:38:56 +01:00
Rasmus Wriedt Larsen
452417509f Design Patterns: Reword advice on imports of subclasses 
I had totally overlooked the fact that this doesn't only apply to abstract
classes.
 2020-11-27 17:38:40 +01:00
Owen Mansel-Chan
7730d66d76 Apply suggestions from code review 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2020-11-27 16:17:54 +00:00
Tom Hvitved
58baa33a3f Various changes to user-facing library 
- Remove `abstract` classes from public API.
- Align `Variable.qll` with rest of library.
- Introduce `Callable` class.
- Make `Pattern` class cover everything that can be on the LHS of an assignment
  and in a pattern (except special parameters such as `**param`).
 2020-11-27 17:07:03 +01:00
Chris Smowton
70015b2c32 Add tests for zipslip using a utility function to check that the archive header is safe 
Note this currently contains some cases that are safe but are still flagged, because of weaknesses in the guardingFunction predicate.
 2020-11-27 15:11:57 +00:00
Cornelius Riemenschneider
644a0fac98 C++: Port dataflow/dataflow-tests to inline expectations test library. 2020-11-27 16:03:15 +01:00
Rasmus Wriedt Larsen
a0c7365ae6 Python: Proper models of json.loads and json.dumps 2020-11-27 15:57:56 +01:00
Sauyon Lee
627241aaa5 Merge pull request #401 from sauyon/stored-command 
Add stored command query
 2020-11-27 06:37:02 -08:00
Tom Hvitved
d4ee8cdd18 C#: Always create basic blocks for nodes with a conditional predecessor 2020-11-27 15:08:33 +01:00
Chris Smowton
1eb8fff7e1 ZipSlip: redefine sources closer to their origin, and make sanitizers more generous. 
Previously we considered certain fields of `tar` or `zip` file headers to be sources, but this meant subsequent references to the same field were not considered sanitized. For example, at least some real-world projects used a pattern like `if isIllegalPathTraversal(hdr.Name) { return nil; } ... /* other code using hdr.Name */`. By associating a source with the field-read `.Name` rather than the header itself, we were unable to see that the subsequent read was guarded by the sanitizer function.

Relatedly, it is common to use some intermediary taint-propagating function, as in `clean(s string) { if strings.HasPrefix("..", filepath.Clean(filepath.Join(target, s))) ...`, in the implementation of a sanitizer. We now follow the taint propagation (locally) backwards towards the function parameter, marking the predecessor functions and ultimately the parameter `s` as sanitized in addition to the direct argument to `strings.HasPrefix`. Existing sanitizing-function logic can then sometimes lift this out into the caller too.
 2020-11-27 13:57:25 +00:00
Rasmus Wriedt Larsen
014fbfa86b Python: Add regex FP with + for flags 
Notice that there is no new results for line 54

I also added a test for the short-named version of a flag, just since I didn't
see any of those already. That just works out of the box (due to points-to).
 2020-11-27 14:57:11 +01:00
Chris Smowton
f775adf306 Merge pull request #404 from smowton/smowton/feature/improved-guarding-function 
Recognise many more guarding functions
 2020-11-27 13:56:31 +00:00
yoff
346a007bf6 Merge pull request #4720 from RasmusWL/python-better-open-models 
Python: better models of `open` function
 2020-11-27 14:47:10 +01:00
Tom Hvitved
59d45de118 Move AST files into ast folder 2020-11-27 14:45:15 +01:00
Tom Hvitved
00f3daabfe Rename Variables.qll to Variable.qll 2020-11-27 14:39:20 +01:00
Anders Schack-Mulligen
028a72bcdd Merge pull request #4610 from luchua-bc/java-nfe-local-android-dos 
Java: Query to detect Local Android DoS caused by NFE
 2020-11-27 14:20:23 +01:00
Erik Krogh Kristensen
46ca56458a introduce a printable state class 2020-11-27 13:45:41 +01:00
Erik Krogh Kristensen
8a3e87fe42 remove unnecessary one-step inline 2020-11-27 13:45:41 +01:00
Erik Krogh Kristensen
36b9f0254e performance improvements for suffix check in js/redos 2020-11-27 13:45:41 +01:00
Erik Krogh Kristensen
e177d46c0a add two test cases that demonstrate the limits of the suffix construction 2020-11-27 13:45:34 +01:00
Rasmus Wriedt Larsen
e6319e5d84 Python: Rewrite StringConstCompare to use IterableNode 2020-11-27 13:37:03 +01:00
Rasmus Wriedt Larsen
098f8c4f21 Python: Add IterableNode 
I'm specifically not using an abstract class, since that is an anti-pattern:
https://github.com/github/codeql/pull/4357#discussion_r520526275 (I'm still
trying to wrap my head fully aroudn this)
 2020-11-27 13:36:55 +01:00
Tamás Vajk
2fa9037934 Merge pull request #4738 from tamasvajk/feature/revert-relational-pattern 
C#: Revert "Merge pull request #4653 from tamasvajk/feature/csharp9-relational-pattern"
 2020-11-27 13:30:33 +01:00
Rasmus Wriedt Larsen
33e46e168f Python: Add QLDoc for SetNode 2020-11-27 13:29:16 +01:00
james
4cea019cee add/improve intro text and add links to example queries 2020-11-27 12:26:42 +00:00
Tamas Vajk
998e2de2c6 Revert "Merge pull request #4653 from tamasvajk/feature/csharp9-relational-pattern" 
This reverts commit 5e75a4109c, reversing
changes made to c751c516bf.
 2020-11-27 12:23:38 +01:00
Anders Schack-Mulligen
fec9758252 Dataflow: Sync. 2020-11-27 12:16:43 +01:00
Anders Schack-Mulligen
8f4fce185b Dataflow: Review fixes. 2020-11-27 12:16:28 +01:00
Rasmus Wriedt Larsen
cc9a7fe4fe Python: Move BarrierGuards to own file 2020-11-27 12:09:57 +01:00