hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-12 10:34:02 +02:00
Code Issues Packages Projects Releases Wiki Activity
51,797 Commits 1,740 Branches 164 Tags
codeql-cli/v2.12.5
Commit Graph

51797 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Porcupiney Hairs
4f07733b06 remove U+200B 2020-08-30 04:54:02 +05:30
ubuntu
104c9b5dac Move sinks into separate classes 2020-08-29 11:24:58 +02:00
Alessio Della Libera
8f98723822 Update javascript/ql/src/experimental/Security/CWE-090/LdapInjectionCustomizations.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-08-29 11:18:41 +02:00
Sauyon Lee
976151c08f Merge pull request #315 from max-schaefer/fix-frontend-errors 
Fix frontend errors in test.
 2020-08-28 12:40:11 -07:00
Taus Brock-Nannestad
7108d28395 Python: Remove failing non-inline test 
It is subsumed by `tracked.ql` anyway.
 2020-08-28 21:21:29 +02:00
Taus Brock-Nannestad
5d853e840a Merge branch 'main' into python-add-typetracker 2020-08-28 19:59:58 +02:00
Taus Brock-Nannestad
8b78b6b1dc Python: Add inline tests 
Nodes to which we track type tracking flow from the source (any
identifier named `tracked`) are indicated with a `$tracked` tag, and
`$tracked=attr_name` if the attribute is for the specified attribute
of the given node.

For nodes that do have flow from `tracked`, I indicate this in one of
two ways:

- If it's expected due to the design of type tracking, I omit the
  `$tracked tag.
- If it's flow that _ought_ to be there, I indicate it as a false
  negative: `$f-:tracked`

Currently, only an instance of global flow is in the latter category.
 2020-08-28 19:55:52 +02:00
Taus Brock-Nannestad
fbe8b64dd4 Python: Add support for attribute reads and writes 2020-08-28 19:55:14 +02:00
Jonas Jensen
023f2e97c1 C++: Really accept test results this time 2020-08-28 16:50:23 +02:00
Tom Hvitved
b205702853 C#: Fix bug in guards logic for foreach loops 2020-08-28 15:19:11 +02:00
Tom Hvitved
ddb33c914b C#: Add test that demonstrates issue with guards logic for foreach statements 2020-08-28 15:13:18 +02:00
Asger F
813d14791d Merge pull request #4043 from erik-krogh/ts4 
JS: Add support for TypeScript 4
 2020-08-28 14:02:08 +01:00
Rasmus Lerchedahl Petersen
750735c70c Dataflow: Update test expectations 2020-08-28 15:00:01 +02:00
Jonas Jensen
2c613a72b9 C++: Autoformat 2020-08-28 14:56:19 +02:00
Jonas Jensen
a25cc2d9c7 C++: Accept range-analysis test results 2020-08-28 14:54:44 +02:00
lcartey@github.com
a4cb774932 C++: Support dereferenced variables in simple range analysis 
- Support inference of guards on reference variables
 - Support type bounds for reference variables
 - Support reference variables when widening
 - Support reference variables when determining arithmetic assignment
 2020-08-28 14:52:36 +02:00
Jonas Jensen
027f22d8e7 C++: Test that range analysis ignores references 2020-08-28 14:41:57 +02:00
Jonas Jensen
a3a3423db2 C++: Treat reference parameters as non-references 2020-08-28 14:33:01 +02:00
Max Schaefer
2fe8fb9d83 Fix frontend errors in test. 2020-08-28 12:01:33 +01:00
Rasmus Lerchedahl Petersen
6b8d9f2a77 Merge branch 'main' of github.com:github/codeql into SharedDataflow_PostUpdateNodes 2020-08-28 13:01:14 +02:00
Rasmus Lerchedahl Petersen
9503c5d8bb Python: Add post-update nodes 2020-08-28 12:59:11 +02:00
Erik Krogh Kristensen
f4060723bb add stats for new properties 2020-08-28 12:43:26 +02:00
Calum Grant
93e0bd9d85 Merge pull request #4126 from tamasvajk/feature/array-index 
C#: Fix computed sizes for implicitly sized array creation
 2020-08-28 11:21:39 +01:00
Tom Hvitved
6eca97bc32 Merge pull request #4113 from tamasvajk/feature/nullability-extraction-cil 
Enable nullability checks on Semmle.Extraction.CIL
 2020-08-28 12:06:54 +02:00
Tom Hvitved
647ed03a2b Merge pull request #4136 from tamasvajk/feature/qldocs 
C#: Add missing QlDocs
 2020-08-28 12:03:03 +02:00
Taus
8caaf8f17c Merge pull request #4158 from RasmusWL/python-reformualte-js-team-comment 
Python: Reformualte explanation of experience from JS
 2020-08-28 11:33:00 +02:00
Rasmus Wriedt Larsen
2d2b036b8c Python: Fix expected output for moved taint tests 2020-08-28 11:25:46 +02:00
Rasmus Wriedt Larsen
7213da195c Python: Use standard naming scheme for taint flow tests 
We got into problems since using `string.py` would shadow the string module from
the standard library. By some reason I adopted a pattern of `_` as suffix, but
let us just use the standard pattern of `test_` prefix like a normal testing
framework like pytest does.
 2020-08-28 11:22:42 +02:00
Rasmus Wriedt Larsen
621e3f6c3c Python: Add dataflow test of deep call graph 2020-08-28 11:17:23 +02:00
Rasmus Wriedt Larsen
45ab723423 Python: Add dataflow test for a,b = b,a 
Also enables a single test to output more than one OK
 2020-08-28 11:12:25 +02:00
Rasmus Wriedt Larsen
496d856c48 Python: Reformualte explanation of experience from JS 2020-08-28 10:49:33 +02:00
Erik Krogh Kristensen
038cca814a Merge branch 'main' into ts4 2020-08-28 10:27:49 +02:00
Taus
afe234dade Merge pull request #4156 from RasmusWL/python-fix-changenote-fstring-taint 
Python: fstring taint change note should be for 1.26
 2020-08-28 10:23:06 +02:00
Jonas Jensen
55d7ac88f9 Merge pull request #4148 from geoffw0/vecextra 
C++: Improvements to string and vector models.
 2020-08-28 10:05:42 +02:00
CodeQL CI
80cb8be405 Merge pull request #4155 from asger-semmle/js/lower-duplicate-element-id-precision 
Approved by esbena
 2020-08-28 08:52:58 +01:00
Rasmus Wriedt Larsen
7e6ebfd636 Enable labeler action again 
This time using `pull_request_target`, so it will work properly with forks. See
https://docs.github.com/en/actions/reference/events-that-trigger-workflows#pull_request_target

This reverts commit d5d6093e75.
 2020-08-28 09:31:46 +02:00
CodeQL CI
ac94869978 Merge pull request #3978 from dellalibera/js/insecure-cookies 
Approved by esbena
 2020-08-28 08:31:38 +01:00
Rasmus Wriedt Larsen
deff36e9af Python: fstring taint change note should be for 1.26 
This fixes problem introduced in https://github.com/github/codeql/pull/4127
 2020-08-28 09:00:07 +02:00
Max Schaefer
031a48ecd3 Merge pull request #296 from owen-mc/allocation-size-overflow-improve-sanitizers-easy 
Add new sanitizer guard to Allocation size overflow query
 2020-08-28 07:44:45 +01:00
Tamas Vajk
29eaacdeaf Fix typos and comment styling 2020-08-28 08:41:46 +02:00
Mathias Vorreiter Pedersen
ceddc2497a Merge pull request #4151 from geoffw0/reftaint 
C++: Taint tests for array and reference assignments.
 2020-08-27 20:00:13 +02:00
Robert Marsh
2a6c624407 C++: fix up some iterator taint flows 2020-08-27 10:27:53 -07:00
Taus
1206ff5889 Merge pull request #4150 from RasmusWL/python-dataflow-private-import 
Python: Make import of python private in shared dataflow
 2020-08-27 18:05:55 +02:00
Geoffrey White
9b3da1f6c7 C++: Autoformat. 2020-08-27 16:55:45 +01:00
Geoffrey White
208cd4c888 C++: Fix assign in the test stl.h. 2020-08-27 16:52:22 +01:00
Rasmus Wriedt Larsen
f12d29de07 Python: Add taint test of more colleciton methods 2020-08-27 17:36:10 +02:00
Taus Brock-Nannestad
7112aa2e9a Merge branch 'main' into python-add-typetracker 2020-08-27 17:05:26 +02:00
Asger Feldthaus
e7a0bc6be6 JS: Lower precision of ambiguous HTML ID attribute 2020-08-27 15:51:34 +01:00
Geoffrey White
927a4faa58 C++: Remove the non-reference case that we shouldn't need. 2020-08-27 15:42:40 +01:00
Rasmus Wriedt Larsen
654c4f39ac Python: Add missing module.py to consistency/regression tests 2020-08-27 16:32:26 +02:00