hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-04 14:48:20 +02:00
Code Issues Packages Projects Releases Wiki Activity
85,907 Commits 1,732 Branches 164 Tags
codeql-cli/v2.24.2
Commit Graph

85907 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Chris Smowton
5d17b27770 Note that fmt.Errorf returns non-nil 
This enables recognising more guarding functions that return nil/non-nil conditional on a barrier guard.
 2020-11-30 19:10:58 +00:00
Geoffrey White
9c277b3cb1 C++: Fix a small bug in the ArrayFunction model for FormattingFunction. 2020-11-30 17:55:25 +00:00
Geoffrey White
510bce36f1 C++: Change note. 2020-11-30 17:55:24 +00:00
Geoffrey White
b52ddbfc42 C++: Implement isOutputStream, isOutputString for UserDefinedFormattingFunction as well. 2020-11-30 17:55:24 +00:00
Geoffrey White
c3b16a5fd2 C++: Implement FormattingFunction isOutputStream, isOutputString so that subclasses don't need to be accessed for this information, and can be private. 2020-11-30 17:55:23 +00:00
Rasmus Wriedt Larsen
a08e1db601 Python: Remove leftover note to self in qhelp file 2020-11-30 17:44:18 +01:00
Cornelius Riemenschneider
659e3d46e3 C++: Add vscode snippets for Inline Expectations test. 2020-11-30 17:34:02 +01:00
Cornelius Riemenschneider
0d0fa1b341 C++: Delete difference tests. 2020-11-30 17:33:27 +01:00
Cornelius Riemenschneider
b632ca40b4 C++: Port dataflow/taint-tests to inline expectations test. 2020-11-30 17:32:54 +01:00
Max Schaefer
978d2db252 JavaScript: Add models for more Mongoose methods. 2020-11-30 16:32:13 +00:00
Geoffrey White
99b01e7d36 C++: Additional test case for FormattingFunction. 2020-11-30 15:25:51 +00:00
Rasmus Lerchedahl Petersen
289b9e62f9 Python: Add read step for unpacking assignment 2020-11-30 15:30:14 +01:00
James Fletcher
4d8983830e Merge pull request #4734 from github/sd-263 
[Docs] Add missing introduction text and improve sidebar toc
 2020-11-30 14:06:21 +00:00
Anders Schack-Mulligen
8f2094f0bf Autoformat. 2020-11-30 14:42:38 +01:00
Nick Rolfe
baf29ae56b Add qldoc comment and isOptional predicate to KeywordParameter 2020-11-30 13:42:02 +00:00
Rasmus Wriedt Larsen
94e90aac39 Python: Only one Unit implementation 
Conflict arose since the Unit in DataFlowPrivate was added in a merged PR.

The behavior from this PR will make it match what java does (931322e4c5/java/ql/src/semmle/code/Unit.qll)
 2020-11-30 14:41:47 +01:00
Rasmus Wriedt Larsen
1eac1995a9 Merge branch 'main' into python-untrusted-flow 2020-11-30 14:38:52 +01:00
Rasmus Lerchedahl Petersen
f345e55951 Python: Adjust test expectations 2020-11-30 14:21:30 +01:00
Rasmus Lerchedahl Petersen
673ff901fb Python: Test for unpacking assignment 2020-11-30 14:18:22 +01:00
Anders Schack-Mulligen
88e0759365 Java: Change RemoteUserInput to private instead of removing. 2020-11-30 13:40:53 +01:00
Rasmus Wriedt Larsen
8b2c34e267 Merge pull request #4747 from yoff/python-path-injection-doc 
Python: Fix documentation for path injection.
 2020-11-30 13:17:59 +01:00
James Fletcher
509d153b61 Apply suggestions from code review 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2020-11-30 12:12:10 +00:00
Rasmus Lerchedahl Petersen
fd8c696b67 Python: Fix documentation for path injection. 2020-11-30 12:24:35 +01:00
Anders Schack-Mulligen
5a66d6ab93 Java: Improve performance of SSA. 2020-11-30 11:26:03 +01:00
Rasmus Wriedt Larsen
4ab3fff973 Python: Fix untrusted data to external API example 
The hmac.digest function was only added in python 3.7, so obviously doesn't work
on Python 2
 2020-11-30 10:42:30 +01:00
Anders Schack-Mulligen
931322e4c5 Merge pull request #4668 from aschackmull/dataflow/refactor-pruning 
Dataflow: Refactor pruning stages.
 2020-11-30 09:37:04 +01:00
Pavel Avgustinov
74af41c76d Merge pull request #4357 from RasmusWL/design-patterns 
Add docs on CodeQL Design Patterns
 2020-11-30 08:19:15 +00:00
yo-h
7e8bc4a61b Merge commit '2fa9037' into yo-h/java15-merge 2020-11-29 18:42:20 -05:00
Erik Krogh Kristensen
33b2701551 refine isFork to remove false positive when a state has epsilon transition to itself 2020-11-29 21:42:50 +01:00
Tom Hvitved
c0dd89122c Handle parameters with overlapping names 2020-11-28 19:23:08 +01:00
ihsinme
d088d5b0f3 CPP: Add query for CWE-191 
into experimental this reveals a dangerous comparison
 2020-11-28 15:52:00 +03:00
Erik Krogh Kristensen
d7b22e3b1b update expected output for PolynomialBackTracking 2020-11-27 20:15:27 +01:00
Erik Krogh Kristensen
729073fb43 detect ReDoS when the choices are "match some string" or "match Epsilon" 2020-11-27 20:15:23 +01:00
Geoffrey White
905b04a6fb C++: Model classes in StdString.qll. 2020-11-27 19:12:01 +00:00
Chris Smowton
3338a0b10d Merge pull request #402 from smowton/smowton/feature/zipslip-more-generous-sanitisers 
ZipSlip: redefine sources closer to their origin, and make sanitizers more generous
 2020-11-27 18:25:07 +00:00
Rasmus Wriedt Larsen
cbfcfdf883 Python: Fix UntrustedDataToExternalAPI.qhelp 2020-11-27 17:54:22 +01:00
Owen Mansel-Chan
bfbf102408 Remove restriction on void and boolean-returning methods 
When the taint was in the receiver, we were excluding methods which
return nothing or a boolean.
 2020-11-27 16:51:24 +00:00
luchua-bc
ad0ac5b874 Change kind to problem 2020-11-27 16:43:57 +00:00
Rasmus Wriedt Larsen
faa5c220c5 Design Patterns: Add advice on abstract classes 2020-11-27 17:38:56 +01:00
Rasmus Wriedt Larsen
452417509f Design Patterns: Reword advice on imports of subclasses 
I had totally overlooked the fact that this doesn't only apply to abstract
classes.
 2020-11-27 17:38:40 +01:00
Owen Mansel-Chan
7730d66d76 Apply suggestions from code review 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2020-11-27 16:17:54 +00:00
Tom Hvitved
58baa33a3f Various changes to user-facing library 
- Remove `abstract` classes from public API.
- Align `Variable.qll` with rest of library.
- Introduce `Callable` class.
- Make `Pattern` class cover everything that can be on the LHS of an assignment
  and in a pattern (except special parameters such as `**param`).
 2020-11-27 17:07:03 +01:00
Chris Smowton
70015b2c32 Add tests for zipslip using a utility function to check that the archive header is safe 
Note this currently contains some cases that are safe but are still flagged, because of weaknesses in the guardingFunction predicate.
 2020-11-27 15:11:57 +00:00
Cornelius Riemenschneider
644a0fac98 C++: Port dataflow/dataflow-tests to inline expectations test library. 2020-11-27 16:03:15 +01:00
Rasmus Wriedt Larsen
a0c7365ae6 Python: Proper models of json.loads and json.dumps 2020-11-27 15:57:56 +01:00
Sauyon Lee
627241aaa5 Merge pull request #401 from sauyon/stored-command 
Add stored command query
 2020-11-27 06:37:02 -08:00
Tom Hvitved
d4ee8cdd18 C#: Always create basic blocks for nodes with a conditional predecessor 2020-11-27 15:08:33 +01:00
Chris Smowton
1eb8fff7e1 ZipSlip: redefine sources closer to their origin, and make sanitizers more generous. 
Previously we considered certain fields of `tar` or `zip` file headers to be sources, but this meant subsequent references to the same field were not considered sanitized. For example, at least some real-world projects used a pattern like `if isIllegalPathTraversal(hdr.Name) { return nil; } ... /* other code using hdr.Name */`. By associating a source with the field-read `.Name` rather than the header itself, we were unable to see that the subsequent read was guarded by the sanitizer function.

Relatedly, it is common to use some intermediary taint-propagating function, as in `clean(s string) { if strings.HasPrefix("..", filepath.Clean(filepath.Join(target, s))) ...`, in the implementation of a sanitizer. We now follow the taint propagation (locally) backwards towards the function parameter, marking the predecessor functions and ultimately the parameter `s` as sanitized in addition to the direct argument to `strings.HasPrefix`. Existing sanitizing-function logic can then sometimes lift this out into the caller too.
 2020-11-27 13:57:25 +00:00
Rasmus Wriedt Larsen
014fbfa86b Python: Add regex FP with + for flags 
Notice that there is no new results for line 54

I also added a test for the short-named version of a flag, just since I didn't
see any of those already. That just works out of the box (due to points-to).
 2020-11-27 14:57:11 +01:00
Chris Smowton
f775adf306 Merge pull request #404 from smowton/smowton/feature/improved-guarding-function 
Recognise many more guarding functions
 2020-11-27 13:56:31 +00:00