hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-03 22:28:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
85,907 Commits 1,732 Branches 164 Tags
codeql-cli/v2.24.2
Commit Graph

85907 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
c3c29b8dd0 C++: Add qldoc to new library files. 2020-11-17 12:27:53 +01:00
Mathias Vorreiter Pedersen
5c9b8f1cff C++: Update sync-identical-files. 2020-11-17 12:27:53 +01:00
Mathias Vorreiter Pedersen
5ad18eb748 C++: Add ExternalAPI query files (for AST and IR). 2020-11-17 12:27:40 +01:00
Nick Rolfe
12d4224e8e Merge pull request #40 from github/refactor 
Move all naming decisions to shared library
 2020-11-17 11:19:18 +00:00
Chris Smowton
1d850873f3 Add data-flow edge from -> to in the context to, ok := from.(*Type) 2020-11-17 10:59:59 +00:00
Jonas Jensen
10de931b92 C++: Decrease largeVariable cut-off to 100k 
This 10x lower cut-off has on at least one snapshot made it possible to
compute AST data flow where it was infeasible before.

Also fix an integer overflow that happened in practice on at least one
snapshot and prevented the cut-off from being applied.
 2020-11-17 09:48:32 +01:00
Jonas Jensen
55a38803cb Merge pull request #4673 from MathiasVP/ir-post-dominance 
C++: IR post dominance
 2020-11-17 09:35:51 +01:00
Tamás Vajk
f2259de5f1 Merge pull request #4666 from tamasvajk/feature/roslyn-3.8.0 
C#: Upgrade Roslyn dependencies to 3.8.0
 2020-11-17 08:59:55 +01:00
Rasmus Lerchedahl Petersen
71830abda0 Python: remaining c# tests, except lambdas 
both via nonlocal and via dict
 2020-11-17 08:28:11 +01:00
Robert Marsh
db8766ca69 Merge branch 'main' into rdmarsh/cpp/use-taint-configuration-dtt 2020-11-16 17:46:20 -08:00
Mathias Vorreiter Pedersen
057bb14eee C++: Add ExternalAPI library files (for AST and IR). 2020-11-16 22:59:54 +01:00
Nick Rolfe
1a9663ff7d Replace single-branch match with if let 2020-11-16 18:43:54 +00:00
Nick Rolfe
68c97a2d13 Use .. to ignore fields 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2020-11-16 18:41:18 +00:00
Nick Rolfe
ad61f7a0a6 Use references instead of owned strings in generator 2020-11-16 17:54:16 +00:00
Nick Rolfe
bbe7c70d34 more refactoring of names 2020-11-16 17:54:16 +00:00
Nick Rolfe
83a0e5fea6 Refactor to move naming decisions to shared library 2020-11-16 17:54:14 +00:00
luchua-bc
0bd6255c41 Query for cleartext storage using Android SharedPreferences 2020-11-16 17:23:01 +00:00
Robert Marsh
a94826dc81 C++: common superclass for Remote/LocalFlowSource 2020-11-16 18:05:17 +01:00
Robert Marsh
31d3e94cec C++: Grammar/style fixes from code review 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2020-11-16 18:03:44 +01:00
Robert Marsh
74e05c111e C++: add local flow sources 2020-11-16 18:02:19 +01:00
Rasmus Lerchedahl Petersen
27b4c67b9f Python: Start of tests for captured variables 2020-11-16 17:25:39 +01:00
Tamas Vajk
8bef5f417e C#: Upgrade Roslyn dependencies to 3.8.0 2020-11-16 16:44:14 +01:00
Mathias Vorreiter Pedersen
4a7f9100e4 C++: Respond to review comments. 2020-11-16 15:30:42 +01:00
Nick Rolfe
505d5c04d8 Merge pull request #31 from github/aibaars/drop-classes 
Simplify generated QL classes
 2020-11-16 14:16:02 +00:00
Mathias Vorreiter Pedersen
27aab4062a C++/C#: Sync identical files. 2020-11-16 15:05:59 +01:00
Mathias Vorreiter Pedersen
088d5863fc C++: Implement IR post-dominance predicates. 2020-11-16 15:04:40 +01:00
Mathias Vorreiter Pedersen
10a9f7ba13 Update cpp/change-notes/2020-11-12-unsafe-use-of-this.md 
Co-authored-by: hubwriter <hubwriter@github.com>
 2020-11-16 12:28:57 +01:00
Anders Schack-Mulligen
4be731d2ab Java: Adjust reference to static method and add test. 2020-11-16 11:47:58 +01:00
Anders Schack-Mulligen
80ee92ae97 Java: Add support for FastJson in unsafe deserialization. 2020-11-16 11:47:58 +01:00
Mathias Vorreiter Pedersen
020af1c88c C++: Add qhelp. 2020-11-16 11:21:18 +01:00
Geoffrey White
4b8f338139 C++: Autoformat. 2020-11-16 10:19:06 +00:00
Chris Smowton
79c010a601 Move unsafe-unzip-symlink query into qll file and give it customization points. 2020-11-16 09:57:26 +00:00
Chris Smowton
500d78dafa Include os.Readlink as a probable sanitiser. 
A couple of projects seem to walk links one unit at a time, rather than just throwing `EvalSymlinks` at the whole potentially suspect path.
 2020-11-16 09:57:26 +00:00
Chris Smowton
2193642c6e Expand query to notice Symlink and archive iterator calls that do not directly share a loop 
We look across function-call boundaries to check there is some common enclosing loop, but false-positives are more likely if in practice there is no control-flow path from the archive iterator to the Symlink call and back.
 2020-11-16 09:57:26 +00:00
Chris Smowton
1a2c209259 Add query checking for unpacking of symlinks without using EvalSymlinks to spot existing ones. 
This is usually dangerous because (if the archive is untrusted) the intent is usually to permit within-archive symlinks, e.g. dest/a/parent -> .. -> dest/a is an acceptable link to unpack. However if EvalSymlinks is not used to take already-unpacked symlinks into account, it becomes possible to sneak tricks like dest/escapes -> dest/a/parent/.. through, which create links leading out of the archive for later abuse.
 2020-11-16 09:57:26 +00:00
CodeQL CI
09cfb24afa Merge pull request #4648 from erik-krogh/regexpParse 
Approved by asgerf
 2020-11-16 08:20:40 +00:00
CodeQL CI
13edc3713d Merge pull request #4638 from erik-krogh/jwt 
Approved by asgerf
 2020-11-16 08:19:58 +00:00
Anders Schack-Mulligen
3dbd48063c Dataflow: Add Unit type for all languages. 2020-11-16 09:02:44 +01:00
james
45a3024440 Merge branch 'codeql-docs-reorg-2' of github.com:github/codeql into codeql-docs-reorg-2 2020-11-15 08:35:51 +00:00
james
8262435d4b further changes following review 2020-11-15 08:33:52 +00:00
James Fletcher
a4a47bf88d Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2020-11-15 08:31:40 +00:00
Robert Marsh
525aeb6551 C++: autoformat 2020-11-13 16:14:07 -08:00
Robert Marsh
29eacbd28b Merge branch 'main' into rdmarsh/cpp/use-taint-configuration-dtt 
Update for submodule bump
 2020-11-13 12:22:41 -08:00
Erik Krogh Kristensen
a49b99b18c autoformat 2020-11-13 20:06:17 +01:00
Erik Krogh Kristensen
affb11b0e3 changes based on review 2020-11-13 19:46:37 +01:00
Erik Krogh Kristensen
2f4fcc2f5e Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2020-11-13 18:03:07 +01:00
james
52d6503fe0 fix link to cli manual 2020-11-13 16:54:05 +00:00
Chris Smowton
43f9351094 Merge pull request #405 from igfoo/igfoo/portability 
Use more portable syntax in codeql-tools/autobuild.sh
 2020-11-13 14:59:54 +00:00
Mathias Vorreiter Pedersen
0a6a22562b C++: Respond to more review comments. 
- Remove post-dominance requirement. It was really just hiding good
  results.
- Fix test annotations. Turns out Clang and GCC's 'undefined behavior'
  warning didn't align with the C++ standard.
 2020-11-13 15:44:33 +01:00
Geoffrey White
dfcb0ae7c2 C++: Autoformat. 2020-11-13 14:39:33 +00:00