hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-02 05:38:21 +02:00
Code Issues Packages Projects Releases Wiki Activity
48,840 Commits 1,723 Branches 164 Tags
codeql-cli/v2.12.0
Commit Graph

48840 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
422658bbdb Python: Remove unused variable in example for py/url-redirection 2020-01-21 15:45:05 +01:00
Taus Brock-Nannestad
ead687da06 Python: Add false positive test example for issue #2652. 2020-01-21 15:28:01 +01:00
Rasmus Wriedt Larsen
bbe93f43d3 Python: Only comparison with constant will clear taint 
tainted = SOURCE
    if tainted == tainted:
        SINK(tainted) # unsafe

before, in the body of the if statement, `tainted` was not tainted
 2020-01-21 15:25:57 +01:00
Rasmus Wriedt Larsen
1498145415 Python: Highlight that any comparison will clear taint 2020-01-21 15:24:56 +01:00
Anders Schack-Mulligen
9cc0d3d1f4 Java/C++/C#: Remove DataFlowLocation as it's no longer needed. 2020-01-21 15:08:39 +01:00
Calum Grant
6692e61fa2 C#: Analysis change notes 2020-01-21 13:55:32 +00:00
Calum Grant
be68b6f938 C#: Add precision to queries 2020-01-21 13:24:48 +00:00
Jonas Jensen
84811f66a2 C++: autoformat 2020-01-21 13:21:16 +01:00
Erik Krogh Kristensen
569ee8fc8d add support for subclasses of EventEmitter 2020-01-21 12:08:50 +01:00
Jonas Jensen
6d46e4d946 C++: Wire up models to DefaultTaintTracking 
This adds support for arg-to-arg and arg-to-return taint.
 2020-01-21 12:04:45 +01:00
Jonas Jensen
fa00e96ba8 C++: Test IR taint through library functions 2020-01-21 12:03:43 +01:00
Jonas Jensen
5ac56c2e3a C++: Add DataFlow::Node.asDefiningArgument in IR 2020-01-21 11:52:06 +01:00
Max Schaefer
fe56c207a3 Make ImpossibleInterfaceNilCheck more robust. 
It no longer flags alerts that may be simply caused by missing type information.
 2020-01-21 10:04:57 +00:00
Max Schaefer
d78ba06a8d Add change note. 2020-01-21 09:56:59 +00:00
Max Schaefer
baeae0f69c Add a few variants to test. 2020-01-21 09:56:59 +00:00
Max Schaefer
6671b61fd3 Model panic from out-of-bounds index expression. 2020-01-21 09:56:59 +00:00
Max Schaefer
f42a2b060c Take implicit dereferences in index and slice expressions into account as well. 2020-01-21 09:56:59 +00:00
Max Schaefer
a4f5ad7412 Refactor implementation of SliceNode. 2020-01-21 09:56:59 +00:00
Max Schaefer
44b9bcf7a1 Autoformat. 2020-01-21 09:56:59 +00:00
Max Schaefer
64049d8f3d Make taint tracking less syntactic. 2020-01-21 09:56:59 +00:00
Max Schaefer
9f897132f2 Update HTTP library. 2020-01-21 09:56:59 +00:00
Max Schaefer
a2879dc754 Model implicit dereferences in data flow. 2020-01-21 09:56:59 +00:00
Max Schaefer
ba9d2fb2eb Add IR instructions to model implicit pointer dereferences. 2020-01-21 09:56:59 +00:00
Max Schaefer
efc5f10f07 Streamline definition of UserControlledRequestField. 2020-01-21 09:56:59 +00:00
Max Schaefer
39b28a4969 Make CallNode.getReceiver() less syntactic. 2020-01-21 09:56:59 +00:00
Max Schaefer
ef964632be Remove CallExpr.getQualifier() and its single, pointless, use. 2020-01-21 09:56:59 +00:00
Max Schaefer
8fc414b93f Autoformat. 2020-01-21 09:56:59 +00:00
Geoffrey White
80997a3323 Merge pull request #2655 from Semmle/jbj-patch-1 
C++: Fix typo in MallocSizeExpr
 2020-01-21 09:44:41 +00:00
Jonas Jensen
cdcd3ed748 Merge pull request #2647 from geoffw0/modelpure 
CPP: Improve strlen model
 2020-01-21 09:42:10 +01:00
Jonas Jensen
0568ed6451 C++: Fix typo in MallocSizeExpr 
The first argument is index 0, not 1.
 2020-01-21 09:09:49 +01:00
Max Schaefer
1d33a619d9 Add failing test case. 2020-01-20 20:46:12 +00:00
Mathias Vorreiter Pedersen
c9cc459baf C++: Rename .qlhelp to .qhelp 2020-01-20 21:17:53 +01:00
Mathias Vorreiter Pedersen
fddd3660ab C++: Fix formatting in example 2020-01-20 16:05:16 +01:00
Geoffrey White
4f02183dc2 CPP: Re-layout test. 2020-01-20 15:00:09 +00:00
Geoffrey White
2133fbd155 CPP: Fix the nulltermination test. 2020-01-20 14:55:52 +00:00
Erik Krogh Kristensen
026092559c changes based on review 2020-01-20 15:53:58 +01:00
Calum Grant
86fa7e5c38 C#: Analysis change notes 2020-01-20 14:37:28 +00:00
Calum Grant
9d7c9e0ba4 C#: Default parameter values are maybe null 
C#: Update test output
 2020-01-20 14:37:20 +00:00
Geoffrey White
952b9e1581 CPP: Use hasGlobalName where appropriate. 2020-01-20 14:24:38 +00:00
Erik Krogh Kristensen
6494649125 fix a number of FPs in js/exception-xss 2020-01-20 15:11:57 +01:00
Erik Krogh Kristensen
5c6134db99 a bit of self-review and an auto-format 2020-01-20 14:55:49 +01:00
Erik Krogh Kristensen
ad813ef86c add flowsTo to the use of isAdditionalLoadStep 2020-01-20 14:16:29 +01:00
Mathias Vorreiter Pedersen
13fc8741d4 C++: Include malloc example in qlhelp 2020-01-20 13:28:00 +01:00
Geoffrey White
79811fcccd Merge pull request #2642 from jbj/TaintTracking-indirection 
C++: Indirection for security.TaintTracking impl
 2020-01-20 12:25:51 +00:00
Geoffrey White
5a20e85598 Merge pull request #2638 from jbj/ir-dispatch 
C++ IR: Support for global virtual dispatch
 2020-01-20 12:04:09 +00:00
Max Schaefer
5eb95c7895 Add support for taint-getter/setter summaries in data flow. 2020-01-20 11:29:12 +00:00
Calum Grant
631b4248b5 C#: Add a nullness test 2020-01-20 11:13:31 +00:00
Mathias Vorreiter Pedersen
a43131a987 C++: Fix formatting 2020-01-20 11:39:48 +01:00
Jonas Jensen
391b80eac4 C++: Show virtual inheritance problem in vdispatch 2020-01-20 11:17:44 +01:00
Jonas Jensen
2a0fc31b68 C++: Comment and rename getSrc -> getDispatchValue 
Better clarity was requested in the PR review.
 2020-01-20 11:03:03 +01:00