hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-22 07:26:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
48,840 Commits 1,712 Branches 163 Tags
codeql-cli/v2.12.0
Commit Graph

48840 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
483bd0e863 Python: Fix shared taint tracking tests 
Since there was a .ql file, qltest tried to run a test in
test/experimental/dataflow/taintracking/ which failed since there was no code.
 2020-08-25 11:15:11 +02:00
yoff
3140b43db2 Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2020-08-25 10:48:01 +02:00
Sauyon Lee
0de8ac3b87 Merge pull request #305 from max-schaefer/consistency-queries 
Enable consistency queries in tests
 2020-08-25 01:01:11 -07:00
Max Schaefer
76f3bd63ac Merge pull request #306 from max-schaefer/fix-stringops-magic 
Prevent misoptimisation in `StringOps`.
 2020-08-25 08:45:54 +01:00
Max Schaefer
b72c4f958c Fix tests for ExprHasNoEffect on non-Linux systems. 2020-08-25 08:05:19 +01:00
Tamás Vajk
dc62cd166c C#: Enable nullability checks in Semmle.Extraction.Tests (#4112) 2020-08-25 08:40:30 +02:00
Max Schaefer
4c82ad6064 Apply suggestions from code review 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2020-08-25 07:37:11 +01:00
Robert Marsh
9aa3735165 C++: add tests for non-std:: iterators 2020-08-24 14:19:34 -07:00
Tamas Vajk
66e3739e72 Fix failing PrintAst test 2020-08-24 22:41:08 +02:00
Erik Krogh Kristensen
b0d4e79653 split out trap tests to avoid "package.json" naming conflict in trap test 2020-08-24 21:36:34 +02:00
Max Schaefer
bdcb1f233c Prevent misoptimisation in StringOps. 2020-08-24 20:11:23 +01:00
Max Schaefer
ab19d40f4b Merge pull request #304 from max-schaefer/fix-frontend-errors 
Fix frontend errors in tests
 2020-08-24 18:44:32 +01:00
Geoffrey White
adbfad21ef C++: Correct the localFlow test. 2020-08-24 18:05:30 +01:00
ubuntu
22f5ae4ad4 Format code 2020-08-24 18:53:37 +02:00
Max Schaefer
57180c24c7 Simplify consistency query. 
Unlike the old ODASA consistency queries, new consistency queries can have expected results, so there is no need to have special handling of files with expected errors.
 2020-08-24 17:39:28 +01:00
Max Schaefer
d7cfcf46a5 Run tests with consistency queries. 2020-08-24 17:39:28 +01:00
Max Schaefer
181438b827 Bump CodeQL version for CI to 2.2.5. 2020-08-24 17:39:28 +01:00
Geoffrey White
c0aaed2fac Merge branch 'main' into oparray2 2020-08-24 17:36:18 +01:00
Geoffrey White
ae807f7f33 C++: Autoformat. 2020-08-24 17:36:07 +01:00
Max Schaefer
42c1116ac7 Merge pull request #303 from github/rc/1.25 
Merge rc/1.25 into main
 2020-08-24 17:22:56 +01:00
Max Schaefer
c06531d9c0 Fix tests for InsecureHostKeyCallback. 2020-08-24 17:18:28 +01:00
Max Schaefer
4d4129313a Fix tests for Gorestful. 2020-08-24 17:18:06 +01:00
Max Schaefer
aad9ce0c97 Fix tests for OpenUrlRedirect. 2020-08-24 17:06:26 +01:00
Max Schaefer
4e202666dc Fix tests for InsecureHostKeyCallback. 2020-08-24 17:06:01 +01:00
Max Schaefer
368227fff5 Fix tests for NegativeLengthCheck. 2020-08-24 17:04:55 +01:00
Max Schaefer
149ceda636 Fix tests for Gorestful. 2020-08-24 17:04:31 +01:00
Max Schaefer
a0a8a584a4 Fix error in ellipsis.go. 2020-08-24 17:01:16 +01:00
Sauyon Lee
402b239520 Merge pull request #300 from srt32/patch-1 
Update bad / good message for CWE 079
 2020-08-24 08:57:26 -07:00
Rasmus Wriedt Larsen
13148b42d3 Python: Handle taint of f-strings 2020-08-24 17:23:10 +02:00
Rasmus Wriedt Larsen
2f090df6d3 Python: Transform comments to QLDoc for security.strings.Basic 2020-08-24 17:20:04 +02:00
Owen Mansel-Chan
a669fa4aa1 Do not flow taint through remainder expressions 
If the tainted operand is the first operand then it is being bounded above
by the remainder expression. If it is the second operand then
 2020-08-24 16:18:08 +01:00
Owen Mansel-Chan
aed3ef4cde Improve performance of new barrier guard 
Some projects on lgtm were taking >1 hour, and with this commit they take
<10 minutes
 2020-08-24 16:18:08 +01:00
Rasmus Lerchedahl Petersen
2608509fa7 Merge branch 'main' of github.com:github/codeql into SharedDataflow_SequenceFlow 2020-08-24 17:16:33 +02:00
Rasmus Lerchedahl Petersen
e91581e9fa Python: Experiments with nested comprhensions 2020-08-24 17:15:31 +02:00
Rasmus Wriedt Larsen
be2acc00db Python: Add test for tainted f-string 2020-08-24 17:14:51 +02:00
Simon Taranto
bd9100eb4e Update other file too 2020-08-24 09:00:26 -06:00
CodeQL CI
e2c6a01c00 Merge pull request #4097 from erik-krogh/createRequire 
Approved by esbena
 2020-08-24 15:57:10 +01:00
Rasmus Wriedt Larsen
d96ef73033 Python: Handle taint for f-strings 
Which we seem to not handle in the current taint tracking :O

f-strings needs to be Python 3 only, so enabled that test setup. I really liked
the idea for having the version specific tests right next to the normal tests,
so you don't have to look in
test/experimental/3/dataflow/i/will/forget/to/look/here.
 2020-08-24 16:46:00 +02:00
Tamas Vajk
3dea6b3218 C#: Change implicitly sized array test input 2020-08-24 16:14:00 +02:00
Tamas Vajk
7516825b5f C#: Fix computed sizes for implicitly sized array creation 2020-08-24 16:14:00 +02:00
Geoffrey White
1c38a4d5d6 Update cpp/ql/src/semmle/code/cpp/dataflow/internal/TaintTrackingUtil.qll 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2020-08-24 14:33:51 +01:00
Tamas Vajk
699cafa890 C#: Add implicitly sized array creations to tests 2020-08-24 15:27:35 +02:00
Geoffrey White
d3c8ffb995 C++: Clean up, comment, and restrict the new flow to the post-update node of the returned reference. 2020-08-24 14:07:06 +01:00
Geoffrey White
f2caa8a2b0 C++: Reverse taint through function models returning a reference. 2020-08-24 14:05:04 +01:00
Geoffrey White
f25ef26c37 C++: Permit taint flow to the left side of an assignment. 2020-08-24 14:01:49 +01:00
Geoffrey White
1da78ada14 C++: Model 'operator[]' and 'at' for std::string, std::vector and other containers. 2020-08-24 13:58:43 +01:00
Rasmus Wriedt Larsen
cb4b4e91ab Python: Taint for string multiplication 2020-08-24 14:54:06 +02:00
Rasmus Wriedt Larsen
b688fe68d6 Python: Add options file to shared dataflow tests 
Since there isn't one in top-level of experimental, making a single import made
tests go really slow :|
 2020-08-24 14:54:05 +02:00
Rasmus Wriedt Larsen
5125c7a55c Python: Add taint tests for encode/decode functions 2020-08-24 14:54:04 +02:00
Geoffrey White
f6770c5b88 C++: Add tests for std::string 'operator[]' and 'at()'. 2020-08-24 13:49:39 +01:00