hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-13 02:54:01 +02:00
Code Issues Packages Projects Releases Wiki Activity
54,887 Commits 1,740 Branches 164 Tags
codeql-cli/v2.13.3
Commit Graph

54887 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jonas Jensen
7bed6ad63b C++: Add taint from gets through memcpy 2020-01-29 15:42:43 +01:00
Esben Sparre Andreasen
a6d3afd817 JS: support additional Koa request sources 2020-01-29 14:49:01 +01:00
Esben Sparre Andreasen
d4d910b681 JS: add koa test 2020-01-29 14:41:23 +01:00
Jonas Jensen
d7e8ea7cc5 Merge pull request #2641 from marcrepo/master 
Documentation update for Issue #2623
 2020-01-29 13:37:00 +01:00
Jonas Jensen
386e8e87d1 Merge pull request #2645 from geoffw0/typo 
CPP: Fix typo.
 2020-01-29 13:35:55 +01:00
Anders Schack-Mulligen
743b612d0d Javascript/Python: Sync XML.qll 2020-01-29 13:31:25 +01:00
Anders Schack-Mulligen
0d4b2e4bf7 C#/C++: Autoformat post rebase. 2020-01-29 13:16:46 +01:00
Anders Schack-Mulligen
726a873c3e C#: Autoformat. 2020-01-29 13:15:00 +01:00
Anders Schack-Mulligen
96e4a57edd C++: Autoformat. 2020-01-29 13:11:50 +01:00
Erik Krogh Kristensen
b8834ffcad add support for private fields in classes 2020-01-29 13:10:45 +01:00
Jonas Jensen
02cb8e9cc7 Merge remote-tracking branch 'upstream/master' into dataflow-partial-chi 
Conflicts:
	cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
	cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/tainted.expected
 2020-01-29 13:03:40 +01:00
Calum Grant
c0379cc3f1 C#: Address review comment: an SQL 2020-01-29 11:46:28 +00:00
Calum Grant
aff0a7534c Update change-notes/1.24/analysis-csharp.md 
Fix indentation

Co-Authored-By: James Fletcher <42464962+jf205@users.noreply.github.com>
 2020-01-29 11:44:17 +00:00
Anders Schack-Mulligen
9b7a728609 Java: Autoformat. 2020-01-29 12:16:25 +01:00
semmle-qlci
fb90c2ba52 Merge pull request #2681 from asger-semmle/csrf-only-session-cookie-access 
Approved by erik-krogh, max-schaefer
 2020-01-29 10:46:48 +00:00
Anders Schack-Mulligen
9391058363 Java: Add unit test for ldap injection. 2020-01-29 11:37:33 +01:00
Max Schaefer
8bb769b4f9 Merge pull request #228 from sauyon/codeql-test 
Makefile: Make extractor-common extractor target
 2020-01-29 09:23:53 +00:00
Max Schaefer
be183596c8 Merge pull request #211 from sauyon/open-redirect-fps 
OpenUrlRedirect: resolve some FPs
 2020-01-29 09:18:07 +00:00
Jonas Jensen
27b5902258 Merge pull request #2707 from geoffw0/taint-format 
C++: Add TaintFunction model to FormattingFunction
 2020-01-29 08:20:34 +01:00
Sauyon Lee
7676a56af6 Makefile: Make extractor-common extractor target 2020-01-28 14:38:15 -08:00
Grzegorz Golawski
bbcfbd7a28 Apply suggestion from code review 2020-01-28 22:34:01 +01:00
Sauyon Lee
41d04f3d96 Revert "Add DataFlow2" 
This reverts commit 6a0203f33303847d9e7006ca67b1dba31428748b.
 2020-01-28 13:01:37 -08:00
Sauyon Lee
478f906d7a HTTP: Use Field.getQualifiedName in UserControlledRequestField 
Also autoformat.
 2020-01-28 13:01:36 -08:00
Sauyon Lee
d2e5322b94 Apply review comments 2020-01-28 13:01:35 -08:00
Sauyon Lee
3eee780fdd TaintTracking: minor functionNodeStep call improvement 
Co-Authored-By: Max Schaefer <max@semmle.com>
 2020-01-28 13:01:34 -08:00
Sauyon Lee
9af436566f OpenUrlRedirect: Use a data-flow configuration to track whole URLs 2020-01-28 13:01:33 -08:00
Sauyon Lee
a2b5bb85ab OpenUrlRedirect: Fix test compilation 2020-01-28 13:01:19 -08:00
Sauyon Lee
e17f548780 Add DataFlow2 2020-01-28 12:59:47 -08:00
Sauyon Lee
30d2fb0b7f TaintTracking: Make functionModelStep take a FunctionModel 
This makes using only some function models easier.
 2020-01-28 12:59:46 -08:00
Sauyon Lee
260b33be7e OpenUrlRedirect: Add untrusted methods 
Also use more up-to-date data-flow APIs
 2020-01-28 12:59:45 -08:00
Sauyon Lee
abfdd7ee1e OpenUrlRedirect: make functions like isValidRedirect barrier guards 2020-01-28 12:59:44 -08:00
Sauyon Lee
82635a46ad OpenUrlRedirect: only make some parts of the URL untrusted 2020-01-28 12:59:43 -08:00
Max Schaefer
2b92cd5ba5 Merge pull request #209 from sauyon/bad-redirect-sanitiser 
Bad redirect sanitiser
 2020-01-28 20:11:46 +00:00
Robert Marsh
9504da54d1 Merge pull request #2713 from MathiasVP/dynamic-cast-taint-propagation 
C++: Taint propagation through dynamic_cast
 2020-01-28 15:09:49 -05:00
Dave Bartolomeo
60a0eff4d7 Merge remote-tracking branch 'upstream/master' into dbartol/Indirections 2020-01-28 12:06:43 -07:00
yo-h
97069a7988 Merge pull request #2683 from aschackmull/java/lshift32 
Java: Add new query for large left shifts and bugfix ConstantExpAppearsNonConstant.
 2020-01-28 13:30:26 -05:00
Dave Bartolomeo
542579de7f C++: Accept dataflow test changes due to new alias analysis 2020-01-28 10:58:27 -07:00
Dave Bartolomeo
dda32359fa C++: Accept IR dump test results changes due to new alias analysis 2020-01-28 10:58:05 -07:00
Dave Bartolomeo
7013bc6bf4 C++: Update escape analysis tests to new API 2020-01-28 10:57:07 -07:00
Dave Bartolomeo
bb9485d548 C++: Update points_to tests to use new framework 2020-01-28 10:56:49 -07:00
Dave Bartolomeo
af9d90cf46 C++: New test framework that allows expected results as comments in source code 2020-01-28 10:56:13 -07:00
Dave Bartolomeo
d12b140921 C++/C#: Update shared file list 2020-01-28 10:55:38 -07:00
Dave Bartolomeo
976b564b68 C++: Update AliasedSSA to use Allocation instead of IRVariable 
This introduces a new type of `MemoryLocation`: `EntireAllocationMemoryLocation`, representing an entire contiguous allocation whose size is not known. This is used to model the memory accesses on `InitializeIndirection` and `ReturnIndirection`.
 2020-01-28 10:55:24 -07:00
Dave Bartolomeo
165a45d9b5 C++/C#: Update SimpleSSA to use Allocation instead of IRVariable 2020-01-28 10:53:18 -07:00
Dave Bartolomeo
1bbc875442 C++/C#: Parameterize alias analysis based on AliasConfiguration 
Instead of tracking `IRVariable`s directly, alias analysis now tracks instances of the `Allocation` type provided by its `Configuration` parameter. For unaliased SSA, an `Allocation` is just an `IRAutomaticVariable`. For aliased SSA, an `Allocation` is either an `IRVariable` or the memory pointed to by an indirect parameter.
 2020-01-28 10:51:21 -07:00
Dave Bartolomeo
b15dd82732 C++/C#: Share alias analysis between C++ and C# 2020-01-28 10:47:37 -07:00
Dave Bartolomeo
1b1fded535 C++/C#: Add new MemoryAccessKind to represent entire allocation 2020-01-28 10:41:53 -07:00
Mathias Vorreiter Pedersen
67d29e31cc C#: Sync identical files 2020-01-28 17:52:45 +01:00
Mathias Vorreiter Pedersen
c1091a03d0 C++: Accept output 2020-01-28 17:38:35 +01:00
Mathias Vorreiter Pedersen
46ce228bce C++: Add instruction for CheckedConvertOrNull and handle it in alias analysis and data flow 2020-01-28 17:36:17 +01:00