hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-20 18:04:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
49,367 Commits 1,683 Branches 158 Tags
codeql-cli/v2.12.1
Commit Graph

49367 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jami Cogswell
af812cf407 fix code scanning bot warnings 2022-10-04 12:33:23 +02:00
Jami Cogswell
47fcbdd4b4 resolve merge conflict 2022-10-04 12:33:23 +02:00
Jami Cogswell
d07babe3c5 add initial framework for service and receiver test cases 2022-10-04 12:33:23 +02:00
Jami Cogswell
6cf3898101 add experimental global flow config, and clean-up some code 2022-10-04 12:33:23 +02:00
Jami Cogswell
9947b32446 resolve merge conflict 2022-10-04 12:33:23 +02:00
Jami Cogswell
11ce910c38 resolved merge conflict in FlowSources 2022-10-04 12:33:23 +02:00
Jami Cogswell
7576047214 create simple query and initial experimentation 2022-10-04 12:33:23 +02:00
Nick Rolfe
dd1b302fce Ruby: revert making inActionViewContext private 2022-10-04 11:29:09 +01:00
Tony Torralba
9db65eae7f Address review comments 2022-10-04 12:27:01 +02:00
Tony Torralba
b8fa9433be Fix duplicated test 2022-10-04 12:27:01 +02:00
Tony Torralba
264d6db9d7 Rename AllowListGuard to AllowedPrefixGuard 2022-10-04 12:27:01 +02:00
Tony Torralba
90020b6aab Make block lists work with substring matching too 
A block list approach doesn't need to restrict itself to prefix matching
 2022-10-04 12:27:01 +02:00
Tony Torralba
69d1895175 Update java/ql/lib/semmle/code/java/security/PathSanitizer.qll 2022-10-04 12:27:01 +02:00
Tony Torralba
6fcaae20e7 Add tests and fix bugs highlighted by them 2022-10-04 12:27:01 +02:00
Tony Torralba
f19eb783be Generalize file/path taint steps 
This is needed by PathSanitizer but also helps simplify ZipSlip.ql
 2022-10-04 12:27:01 +02:00
Tony Torralba
4e29c39c78 Merge ZipSlip sanitization logic into PathSanitizer.qll 
Apply code review suggestions regarding weak sanitizers
 2022-10-04 12:27:01 +02:00
Tony Torralba
89d905cc03 Add change note 2022-10-04 12:27:01 +02:00
Tony Torralba
08c67fb174 Use PathInjectionSanitizer in relevant queries 2022-10-04 12:27:01 +02:00
Tony Torralba
dff878e531 Apply TaintedPath recent changes to TaintedPathLocal 2022-10-04 12:26:59 +02:00
Tony Torralba
5706e8b377 Improve PathSanitizer 
Rename PathTraversalSanitizer to PathInjectionSanitizer
 2022-10-04 12:26:17 +02:00
Tony Torralba
50ad234694 Move PathSanitizer to the main library 2022-10-04 12:26:17 +02:00
Tony Torralba
d5478a01ab Merge pull request #10671 from github/revert-10640-atorralba/fix-cartesian-product 
Java: Revert #10489 and #10640
 2022-10-04 12:25:46 +02:00
Chris Smowton
e29be411ef Merge pull request #9811 from smowton/smowton/feature/kotlin-jvmoverloads-annotation 
Kotlin: Implement JvmOverloads annotation
 2022-10-04 11:21:44 +01:00
Nick Rolfe
a738f1d5cf Ruby: remove public abstract classes for Action{View,Controller} 2022-10-04 10:53:41 +01:00
Asger F
948594043d Ruby: share type-tracking test with array test 2022-10-04 11:15:13 +02:00
Asger F
28f4dff1d3 Python: sync 2022-10-04 11:15:11 +02:00
Asger F
b6231e82ec Ruby: do not treat WithoutElement[0..!] as a type filter 2022-10-04 11:14:31 +02:00
Asger F
3ccc3a2058 Ruby: move special treatment of Hash.[] into Hash.qll 2022-10-04 11:14:31 +02:00
Asger F
94d41b9fa4 Ruby: add hook for adding type-tracking steps 
fixup docs

fixup docs

fixup TypeTrackingStep
 2022-10-04 11:14:31 +02:00
Asger F
96711b2810 Ruby: improve join order in trackInstanceRec 2022-10-04 11:14:31 +02:00
Asger F
6e7aea85ef Ruby: update benign test output 
API graph tests only report the shortest path, and a new shortest path has appeared, but the old path is still there, so this is not a regression.
 2022-10-04 11:14:31 +02:00
Asger F
c220f4e103 Ruby: prune unusable summaries earlier 
Ruby: prune more aggressively
 2022-10-04 11:14:30 +02:00
Asger F
ff4ce4a151 Ruby: use Element[n..] tokens in inject and reduce 2022-10-04 11:14:30 +02:00
Asger F
fd9c1e4507 Ruby: filter out obvious module 'prepend' calls 2022-10-04 11:14:30 +02:00
Asger F
00e52ad109 Ruby: add type-tracking variant of hash-flow test 
Ruby: fixup type-tracking hash flow test

Fixup! type-tracking hash flow test result
 2022-10-04 11:14:30 +02:00
Asger F
9302271c15 Ruby: Hack special-casing of hash literals 2022-10-04 11:14:30 +02:00
Asger F
bd11946aec Ruby: support WithoutContent steps in restricted cases 
fixup ContentFilter

fixup basicWith(out)contentstep
 2022-10-04 11:14:28 +02:00
Asger F
323abf45ca Ruby: Speed up evaluateSummaryComponentStackLocal 2022-10-04 11:12:09 +02:00
Asger F
a7d764d2a7 Ruby: Improve join order when generating edges 2022-10-04 11:12:09 +02:00
Asger F
8c43ab627f Ruby: go to local source in load-store steps 2022-10-04 11:11:50 +02:00
Tony Torralba
2deb3e5625 Reapply "Java: Fix cartesian product" 
This reverts commit c1654ce7cc.
 2022-10-04 11:11:44 +02:00
Asger F
8b389fe5f9 Ruby: use getACallSimple in more Hash methods 2022-10-04 11:08:46 +02:00
Asger F
74c3886167 Ruby: use getACallSimple in more Array methods 2022-10-04 11:08:46 +02:00
Asger F
c06743afb5 Ruby: update benign test updates 2022-10-04 11:08:46 +02:00
Asger F
f75f27d30e Ruby: update test 2022-10-04 11:08:46 +02:00
Asger F
5b2d8b0894 Ruby: make Array.each a simple summary 2022-10-04 11:08:46 +02:00
Asger F
fbab0f50f2 Ruby: Evaluate longer summary component stacks 2022-10-04 11:08:46 +02:00
Asger F
0000a7d429 Ruby: Summarize load-store steps in type-tracking 
fixup to LoadStore
 2022-10-04 11:08:44 +02:00
Asger F
a4d4e406c6 Ruby: Summarize level steps in type tracking 2022-10-04 11:06:44 +02:00
Asger F
1c484d80aa Ruby: add some calls to .each in call graph test 2022-10-04 11:06:44 +02:00