hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-15 20:16:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
85,368 Commits 1,708 Branches 162 Tags
codeql-cli/v2.24.0
Commit Graph

85368 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Arthur Baars
f37b4aebc2 Only extract function bodies for local crates, 
unless the -Oextract_dependencies=true flag is supplied
 2024-09-10 16:49:13 +02:00
Arthur Baars
43e54fb0ae Use custom target folder 2024-09-10 16:49:12 +02:00
Geoffrey White
8213bbb14a Rust: Add a README.md 2024-09-10 15:47:40 +01:00
Rasmus Wriedt Larsen
e35c2b243a Docs: Include 'Threat models' for Python 2024-09-10 16:44:03 +02:00
Michael Nebel
0abc08c773 C#: Add some synthetic field content based examples. 2024-09-10 15:24:00 +02:00
Michael Nebel
b94940b6d9 C#: Adjust existing model generator tests and update expected output. 2024-09-10 15:23:57 +02:00
Michael Nebel
da012a7a44 C#: Add the capture content summary models query. 2024-09-10 15:23:54 +02:00
Michael Nebel
e94890280a C#: Sync changes and make language specific parts. 2024-09-10 15:23:51 +02:00
Michael Nebel
0fbeca14ad Java: Add content based example with multiple paths. 2024-09-10 15:23:44 +02:00
Michael Nebel
9149a17d79 Java: Only keep the best generated model in terms of taint/value. 2024-09-10 15:23:38 +02:00
Michael Nebel
d7e61d07d1 Java: Update some model generator test cases. 2024-09-10 15:23:34 +02:00
Michael Nebel
d2c98c86dc Java: Improve content based model generation. 2024-09-10 15:23:20 +02:00
Michael Nebel
7c0101ad06 Shared: Add some helper predicates to the AccessPath class in content flow. 2024-09-10 15:23:08 +02:00
Arthur Baars
1e830dad1a Add ra_ap_paths dependency 2024-09-10 15:14:36 +02:00
Chuan-kai Lin
ba5218dfc0 Merge pull request #17420 from github/cklin/upgrade-properties-fix 
C#: Fix trivial upgrade.properties errors
 2024-09-10 06:11:23 -07:00
Paolo Tranquilli
26b9de3d63 Merge branch 'main' into rust-experiment 2024-09-10 15:00:20 +02:00
Rasmus Wriedt Larsen
038bc832a7 Go/Java/C#: Rename to ActiveThreatModelSource 
As part of adding support for threat-models to Python/JS (see
https://github.com/github/codeql/pull/17203), we ran into some trouble
with name clashes.

Naming in existing languages supporting threat-models:
- `SourceNode` (for QL only modeling)
- `ThreatModelFlowSource` (for active sources from QL or data-extensions)

However, since we use `LocalSourceNode` in Python, and `SourceNode` in
JS (for local source nodes), it seems a bit confusing to follow the same
naming convention as other languages, and we had to come up with new names.

Initially I used `ThreatModelSource` for the "QL only modeling", but
that meant that we needed a new name to represent the active sources
coming from either QL or data-extensions... for this I came up with
`ActiveThreatModelSource`, and I really liked it. To me, it's much
clearer that this class only contains the currently active threat
model sources.

So to align languages, I got approval from @michaelnebel to rename the
existing classes.
 2024-09-10 14:46:15 +02:00
Asger F
87454a4f11 JS: Remove unused predicate 2024-09-10 14:44:49 +02:00
Rasmus Wriedt Larsen
5ff7b6557f Python: Add links to threat-model docs 2024-09-10 14:32:39 +02:00
Rasmus Wriedt Larsen
cbebf7b392 Python: Additional threatModelSource annotations 2024-09-10 14:32:39 +02:00
Rasmus Wriedt Larsen
333367c07d Python: Add threat-modeling of raw_input 2024-09-10 14:32:39 +02:00
Rasmus Wriedt Larsen
7d3793e718 Docs: Update threat-model list to include Python 2024-09-10 14:32:38 +02:00
Rasmus Wriedt Larsen
0ccb5b198a Python: Add change-note 2024-09-10 14:32:38 +02:00
Rasmus Wriedt Larsen
a0b24d6194 Python: Add e2e threat-model test 2024-09-10 14:32:38 +02:00
Rasmus Wriedt Larsen
8d8cd05b94 Python: Add basic support for database threat-model 2024-09-10 14:32:37 +02:00
Rasmus Wriedt Larsen
7483075b7e Python: Fixup modeling of os.open 2024-09-10 14:32:37 +02:00
Rasmus Wriedt Larsen
d245db54a1 Python: Model file threat-model 2024-09-10 14:32:37 +02:00
Rasmus Wriedt Larsen
66f389a4b6 Python: Model stdin thread-model 2024-09-10 14:32:36 +02:00
Rasmus Wriedt Larsen
e1801f3a29 Python: Proper threat-model handling for argparse 2024-09-10 14:32:36 +02:00
Rasmus Wriedt Larsen
56c85ffe54 Python: Fixup threat-models for os.environ.get() 
Since using `.DictionaryElementAny` doesn't actually do a store on the
source, (so we can later follow any dict read-steps).

I added the ensure_tainted steps to highlight that the result of the
WHOLE expression ends up "tainted", and that we don't just mark
`os.environ` as the source without further flow.
 2024-09-10 14:32:36 +02:00
Rasmus Wriedt Larsen
b9239d7101 Python: Add basic support for environment/commandargs threat-models 2024-09-10 14:32:36 +02:00
Rasmus Wriedt Larsen
528f08fb83 Python: Make queries use ActiveThreatModelSource 2024-09-10 14:32:35 +02:00
Jeroen Ketema
5f4fee0780 C++: Address review comments 2024-09-10 14:23:10 +02:00
Arthur Baars
a5d1d9e167 Make implementation more complete 
Use Unimplemented to mark AstNodes  that need implementing
 2024-09-10 14:13:05 +02:00
Alvaro Muñoz
321e5504bc Bump qlpack versions 2024-09-10 13:59:04 +02:00
Alvaro Muñoz
25a210734b Update tests 2024-09-10 13:58:36 +02:00
Alvaro Muñoz
ef41db3ce5 Extract simple reference expression from ORed disjuncts 2024-09-10 13:58:24 +02:00
Asger F
0ddb1c87f5 JS: Test update indicating a problem with .split() 2024-09-10 13:14:37 +02:00
Asger F
e0ca1b0482 JS: Benign test updates 2024-09-10 13:07:24 +02:00
Jeroen Ketema
500a2a0738 C++: Fix IR inconsistency due to throwing __except block 
The fix consists of three parts:
* Ensure that an `Unwind` instruction is generated for functions that contain
  a Microsoft `__try` statement, or a function that must throw.
* Do not manually introduce `Unwind` instructions for `__except` blocks, but
  depend on the `Unwind` that we now insert in the function.
* Add missing `getExceptionSuccessorInstruction` predicate to
  `TranslatedMicrosoftTryExceptHandler`
 2024-09-10 12:41:43 +02:00
Arthur Baars
2ae725784c Don't use _ to ignore things so rustc will show warnings for all the gaps in the implementation 2024-09-10 12:26:56 +02:00
Arthur Baars
b2451c6667 Improve schema 2024-09-10 12:26:54 +02:00
Arthur Baars
46bfefc99a Address comments 2024-09-10 12:26:53 +02:00
Paolo Tranquilli
ef06b555c1 Rust: accept test changes 2024-09-10 11:29:54 +02:00
Jeroen Ketema
90f7b30997 Merge pull request #17418 from jketema/throw-inconsistent 
C++: Add IR inconsistency test
 2024-09-10 11:07:16 +02:00
Paolo Tranquilli
437b671035 Merge branch 'rust-experiment' into aibaars/rust-experiment 
Also fixed conflicts and applied linting (can be done via
`rust/lint.py` or `pre-commit` configuration).
 2024-09-10 10:24:49 +02:00
Paolo Tranquilli
38c25f96e5 Rust: add linting pre-commit hook 2024-09-10 10:22:45 +02:00
Paolo Tranquilli
37afad2f70 Merge pull request #17410 from github/redsun82/rust-ci 
Rust: set up `codeql` CI
 2024-09-10 10:04:24 +02:00
Alvaro Muñoz
a9a297ab78 Update tests 2024-09-10 09:52:21 +02:00
Alvaro Muñoz
147da50cb9 Use Taint Tracking to track PR refs to checkout's ref argument 2024-09-10 09:52:09 +02:00