hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-04 14:46:48 +01:00
Code Issues Packages Projects Releases Wiki Activity
51,797 Commits 1,699 Branches 161 Tags
codeql-cli/v2.12.5
Commit Graph

51797 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
ihsinme
151c93f502 Update DangerousUseOfExceptionBlocks.cpp 2022-03-21 09:52:14 +03:00
ihsinme
22cf3f7b20 Update test.cpp 2022-03-21 09:50:30 +03:00
Harry Maclean
5a6da827d0 Ruby: Avoid FP in TaintedFormatString query 
Kernel#printf supports two call signatures:

    printf(String, *args)
    printf(IO, String, *args)

We want to identify the String argument, which is the format string.
Previously we would return the 0th and 1st arguments, which gives some
FPs when the 1st arg is not a format string.

We now try to rule out the trivial case by checking if arg 0 has a
string value, and then assuming it is the format string. Otherwise we
fall back to returning both arguments.

This still has some false positive potential, but less than previously.
 2022-03-21 12:51:47 +13:00
Harry Maclean
5dcf0ad759 Ruby: Make IOPrintfCall more sensitive 
It will now identify cases like this:

    file = File.open "foo.txt", "a"
    file.printf(params[:format], arg)
 2022-03-21 12:51:47 +13:00
Harry Maclean
c253bddbe0 Ruby: Make getFormatArgument 0-indexed 2022-03-21 12:51:47 +13:00
Harry Maclean
c73dc8ad0c Ruby: Add change note for rb/tainted-format-string 2022-03-21 12:51:47 +13:00
Harry Maclean
10a411e5cc Ruby: Remove duplicate CWE reference 2022-03-21 12:51:47 +13:00
Harry Maclean
d79a6ddcb2 Ruby: Improve qhelp for rb/tainted-format-string 2022-03-21 12:51:47 +13:00
Harry Maclean
0cfe37dff4 Share TaintedFormatString between Ruby and JS 2022-03-21 12:51:46 +13:00
Harry Maclean
4249e30824 Ruby: Test tainted interpolated format arg 2022-03-21 12:51:18 +13:00
Harry Maclean
63199024a2 Add missing QLDoc 2022-03-21 12:51:18 +13:00
Harry Maclean
f6215d4c7e Ruby: Add rb/tainted-format-string query 2022-03-21 12:51:18 +13:00
Alex Ford
b79bb72153 Ruby: split up CipherInstantiation charpred 2022-03-20 18:32:47 +00:00
Jonathan Leitschuh
1d0275344d [Java]: Add precondition support for testing library asserts 2022-03-18 20:39:24 -04:00
Jeroen Ketema
f8198c3123 C++: Use flow states in cpp/command-line-injection 2022-03-18 20:06:45 +01:00
Robert Marsh
4bf35ad188 Merge pull request #8483 from jketema/command-line-injection-test-cases-with-calls 
C++: Add additional command line injection tests
 2022-03-18 15:05:12 -04:00
Arthur Baars
beef8e29bc Merge pull request #8332 from hvitved/ruby/regexp-taint-flow 
Ruby: Use taint tracking instead of type tracking to define `regExpSource`
 2022-03-18 18:24:02 +01:00
Arthur Baars
9412b331db Revert "Revert "Python: switch to shared implementation of IncompleteHostnameRegExp.ql"" 
This reverts commit 6d24591416.
 2022-03-18 16:31:22 +01:00
Jeroen Ketema
d37ef1b5ca C++: Add command line injection test that currently results in a false positive 2022-03-18 16:12:09 +01:00
Arthur Baars
bf888f0f0b Merge remote-tracking branch 'upstream/main' into incomplete-url-string-sanitization 
Conflicts:
	config/identical-files.json
	javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.ql
	javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.qll
	ruby/ql/src/queries/security/cwe-020/IncompleteUrlSubstringSanitization.qll
 2022-03-18 16:09:20 +01:00
Arthur Baars
117fb5be7d Merge pull request #7917 from aibaars/incomplete-hostname 
Ruby: IncompleteHostnameRegExp.ql
 2022-03-18 16:00:09 +01:00
Alex Ford
2bd25da8e3 Ruby: Tidy an exists 2022-03-18 14:43:45 +00:00
Alex Ford
62bc0357ea Ruby: Improve Cryptography module qldoc 2022-03-18 14:38:14 +00:00
Tom Hvitved
1437aefe9d Ruby: Use taint tracking instead of type tracking to define regExpSource 2022-03-18 14:48:12 +01:00
Tom Hvitved
d97eaba070 Ruby: Add dataflow/taintracking copies for use in libraries 2022-03-18 14:48:12 +01:00
Arthur Baars
4a27928728 Ruby/JS add missing ^ in qhelp 2022-03-18 14:00:10 +01:00
Jeroen Ketema
459870ac1e C++: Add additional command line injection tests 2022-03-18 13:42:27 +01:00
Arthur Baars
431b60506e Merge remote-tracking branch 'upstream/main' into incomplete-hostname 2022-03-18 13:05:34 +01:00
Arthur Baars
6d24591416 Revert "Python: switch to shared implementation of IncompleteHostnameRegExp.ql" 
This reverts commit ce50f35dda.
 2022-03-18 13:02:55 +01:00
Chris Smowton
767453520e Merge pull request #8032 from JLLeitschuh/feat/JLL/check_os 
Java: Add Guard Classes for checking OS & unify System Property Access
 2022-03-18 11:20:36 +00:00
Asger Feldthaus
26b7edccd4 JS: Change note 2022-03-18 11:59:36 +01:00
Erik Krogh Kristensen
693c77f3df add test for string replacement chains of URL schemes 2022-03-18 11:05:59 +01:00
Asger F
929419abba Merge pull request #8254 from asgerf/ruby/mad-prototype 
Ruby: initial prototype of models-as-data
 2022-03-18 10:48:33 +01:00
Erik Krogh Kristensen
235aa9c24e recognize string replacement chains as scheme checks in js/incomplete-url-scheme-check 2022-03-18 10:37:20 +01:00
Mathias Vorreiter Pedersen
8bf172913e Merge pull request #8474 from hvitved/flow-state-changing-steps-should-be-in-path-explanation-alternative 
Dataflow: Flow-state changing steps should always be in path explanations
 2022-03-18 09:08:36 +00:00
Asger Feldthaus
8753632193 JS: Fix bug in reachableFromStoreBase 2022-03-17 17:30:46 +01:00
Asger Feldthaus
8c6ca6582e JS: Add test showing missing flow 2022-03-17 17:30:46 +01:00
Geoffrey White
ff3bedcab9 C++: Fix expensive getWideCharType(). 2022-03-17 14:41:57 +00:00
Mathias Vorreiter Pedersen
abe30457ee Python: Accept test changes. 2022-03-17 14:03:58 +01:00
Tom Hvitved
79ea2a3a9c Data flow: Sync files 2022-03-17 14:03:58 +01:00
Tom Hvitved
4df12dc6e6 Data flow: State-changing taint steps should not be stepped over by the big step relation 2022-03-17 14:03:58 +01:00
Rasmus Wriedt Larsen
2b9408b0c3 Concepts: Add some architecture documentation 2022-03-17 13:49:10 +01:00
Harry Maclean
36c421346b Introduce ConceptsShared.qll 2022-03-17 13:49:10 +01:00
Erik Krogh Kristensen
870521bd1e Merge pull request #8473 from erik-krogh/redundantAnyCast 
QL: expand redundant-inline-cast, and rename to redundant-cast
 2022-03-17 10:41:50 +01:00
Erik Krogh Kristensen
fe94421d32 rename redundant-inline-cast to redundant-cast 2022-03-17 10:25:40 +01:00
Erik Krogh Kristensen
f3ca6bbc2e PY: update expected output after fixing bug in flask model 2022-03-17 09:42:30 +01:00
Erik Krogh Kristensen
879680057e fix all ql/unused-field warnings 2022-03-17 09:41:42 +01:00
Erik Krogh Kristensen
d5fd0d6724 add ql/unused-field query 2022-03-17 09:40:16 +01:00
Erik Krogh Kristensen
86398a8c65 Merge pull request #8304 from erik-krogh/xssUrl 
JS: Refactor the XSS / Client-side-url queries
 2022-03-17 09:13:09 +01:00
4B5F5F4B
d4c7314484 Delete cve-2016-6480.ql 
commit by mistake
 2022-03-17 09:49:28 +08:00