hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-31 04:38:18 +02:00
Code Issues Packages Projects Releases Wiki Activity
48,840 Commits 1,723 Branches 164 Tags
codeql-cli/v2.12.0
Commit Graph

48840 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jonas Jensen
0436caecdc C++: Always use the old library for the diff test 
This change ensures that the diff test will show the difference between
the old and the new library even after we switch the default
implementation of `security.TaintTracking` to be the new one.
 2020-01-29 16:03:35 +01:00
Jonas Jensen
4a77f2b53c Merge remote-tracking branch 'upstream/master' into ir-crement-load 
Update test output to fix semantic merge conflict.
 2020-01-29 15:56:05 +01:00
Jonas Jensen
9b651ea92c C++: Fix mapping of sources from Expr to Node 
The code contained the remains of how `isUserInput` in `Security.qll`
used to be ported to IR. It's wrong to use that port since many queries
call `userInput` directly to get the "cause" string.
 2020-01-29 15:50:08 +01:00
Jonas Jensen
7bed6ad63b C++: Add taint from gets through memcpy 2020-01-29 15:42:43 +01:00
Esben Sparre Andreasen
a6d3afd817 JS: support additional Koa request sources 2020-01-29 14:49:01 +01:00
Esben Sparre Andreasen
d4d910b681 JS: add koa test 2020-01-29 14:41:23 +01:00
Jonas Jensen
d7e8ea7cc5 Merge pull request #2641 from marcrepo/master 
Documentation update for Issue #2623
 2020-01-29 13:37:00 +01:00
Jonas Jensen
386e8e87d1 Merge pull request #2645 from geoffw0/typo 
CPP: Fix typo.
 2020-01-29 13:35:55 +01:00
Anders Schack-Mulligen
743b612d0d Javascript/Python: Sync XML.qll 2020-01-29 13:31:25 +01:00
Anders Schack-Mulligen
0d4b2e4bf7 C#/C++: Autoformat post rebase. 2020-01-29 13:16:46 +01:00
Anders Schack-Mulligen
726a873c3e C#: Autoformat. 2020-01-29 13:15:00 +01:00
Anders Schack-Mulligen
96e4a57edd C++: Autoformat. 2020-01-29 13:11:50 +01:00
Erik Krogh Kristensen
b8834ffcad add support for private fields in classes 2020-01-29 13:10:45 +01:00
Jonas Jensen
02cb8e9cc7 Merge remote-tracking branch 'upstream/master' into dataflow-partial-chi 
Conflicts:
	cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
	cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/tainted.expected
 2020-01-29 13:03:40 +01:00
Calum Grant
c0379cc3f1 C#: Address review comment: an SQL 2020-01-29 11:46:28 +00:00
Calum Grant
aff0a7534c Update change-notes/1.24/analysis-csharp.md 
Fix indentation

Co-Authored-By: James Fletcher <42464962+jf205@users.noreply.github.com>
 2020-01-29 11:44:17 +00:00
Anders Schack-Mulligen
9b7a728609 Java: Autoformat. 2020-01-29 12:16:25 +01:00
semmle-qlci
fb90c2ba52 Merge pull request #2681 from asger-semmle/csrf-only-session-cookie-access 
Approved by erik-krogh, max-schaefer
 2020-01-29 10:46:48 +00:00
Anders Schack-Mulligen
9391058363 Java: Add unit test for ldap injection. 2020-01-29 11:37:33 +01:00
Max Schaefer
8bb769b4f9 Merge pull request #228 from sauyon/codeql-test 
Makefile: Make extractor-common extractor target
 2020-01-29 09:23:53 +00:00
Max Schaefer
be183596c8 Merge pull request #211 from sauyon/open-redirect-fps 
OpenUrlRedirect: resolve some FPs
 2020-01-29 09:18:07 +00:00
Jonas Jensen
27b5902258 Merge pull request #2707 from geoffw0/taint-format 
C++: Add TaintFunction model to FormattingFunction
 2020-01-29 08:20:34 +01:00
Sauyon Lee
7676a56af6 Makefile: Make extractor-common extractor target 2020-01-28 14:38:15 -08:00
Grzegorz Golawski
bbcfbd7a28 Apply suggestion from code review 2020-01-28 22:34:01 +01:00
Sauyon Lee
41d04f3d96 Revert "Add DataFlow2" 
This reverts commit 6a0203f33303847d9e7006ca67b1dba31428748b.
 2020-01-28 13:01:37 -08:00
Sauyon Lee
478f906d7a HTTP: Use Field.getQualifiedName in UserControlledRequestField 
Also autoformat.
 2020-01-28 13:01:36 -08:00
Sauyon Lee
d2e5322b94 Apply review comments 2020-01-28 13:01:35 -08:00
Sauyon Lee
3eee780fdd TaintTracking: minor functionNodeStep call improvement 
Co-Authored-By: Max Schaefer <max@semmle.com>
 2020-01-28 13:01:34 -08:00
Sauyon Lee
9af436566f OpenUrlRedirect: Use a data-flow configuration to track whole URLs 2020-01-28 13:01:33 -08:00
Sauyon Lee
a2b5bb85ab OpenUrlRedirect: Fix test compilation 2020-01-28 13:01:19 -08:00
Sauyon Lee
e17f548780 Add DataFlow2 2020-01-28 12:59:47 -08:00
Sauyon Lee
30d2fb0b7f TaintTracking: Make functionModelStep take a FunctionModel 
This makes using only some function models easier.
 2020-01-28 12:59:46 -08:00
Sauyon Lee
260b33be7e OpenUrlRedirect: Add untrusted methods 
Also use more up-to-date data-flow APIs
 2020-01-28 12:59:45 -08:00
Sauyon Lee
abfdd7ee1e OpenUrlRedirect: make functions like isValidRedirect barrier guards 2020-01-28 12:59:44 -08:00
Sauyon Lee
82635a46ad OpenUrlRedirect: only make some parts of the URL untrusted 2020-01-28 12:59:43 -08:00
Max Schaefer
2b92cd5ba5 Merge pull request #209 from sauyon/bad-redirect-sanitiser 
Bad redirect sanitiser
 2020-01-28 20:11:46 +00:00
Robert Marsh
9504da54d1 Merge pull request #2713 from MathiasVP/dynamic-cast-taint-propagation 
C++: Taint propagation through dynamic_cast
 2020-01-28 15:09:49 -05:00
Dave Bartolomeo
60a0eff4d7 Merge remote-tracking branch 'upstream/master' into dbartol/Indirections 2020-01-28 12:06:43 -07:00
yo-h
97069a7988 Merge pull request #2683 from aschackmull/java/lshift32 
Java: Add new query for large left shifts and bugfix ConstantExpAppearsNonConstant.
 2020-01-28 13:30:26 -05:00
Dave Bartolomeo
542579de7f C++: Accept dataflow test changes due to new alias analysis 2020-01-28 10:58:27 -07:00
Dave Bartolomeo
dda32359fa C++: Accept IR dump test results changes due to new alias analysis 2020-01-28 10:58:05 -07:00
Dave Bartolomeo
7013bc6bf4 C++: Update escape analysis tests to new API 2020-01-28 10:57:07 -07:00
Dave Bartolomeo
bb9485d548 C++: Update points_to tests to use new framework 2020-01-28 10:56:49 -07:00
Dave Bartolomeo
af9d90cf46 C++: New test framework that allows expected results as comments in source code 2020-01-28 10:56:13 -07:00
Dave Bartolomeo
d12b140921 C++/C#: Update shared file list 2020-01-28 10:55:38 -07:00
Dave Bartolomeo
976b564b68 C++: Update AliasedSSA to use Allocation instead of IRVariable 
This introduces a new type of `MemoryLocation`: `EntireAllocationMemoryLocation`, representing an entire contiguous allocation whose size is not known. This is used to model the memory accesses on `InitializeIndirection` and `ReturnIndirection`.
 2020-01-28 10:55:24 -07:00
Dave Bartolomeo
165a45d9b5 C++/C#: Update SimpleSSA to use Allocation instead of IRVariable 2020-01-28 10:53:18 -07:00
Dave Bartolomeo
1bbc875442 C++/C#: Parameterize alias analysis based on AliasConfiguration 
Instead of tracking `IRVariable`s directly, alias analysis now tracks instances of the `Allocation` type provided by its `Configuration` parameter. For unaliased SSA, an `Allocation` is just an `IRAutomaticVariable`. For aliased SSA, an `Allocation` is either an `IRVariable` or the memory pointed to by an indirect parameter.
 2020-01-28 10:51:21 -07:00
Dave Bartolomeo
b15dd82732 C++/C#: Share alias analysis between C++ and C# 2020-01-28 10:47:37 -07:00
Dave Bartolomeo
1b1fded535 C++/C#: Add new MemoryAccessKind to represent entire allocation 2020-01-28 10:41:53 -07:00