hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-31 16:16:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,948 Commits 1,673 Branches 157 Tags
codeql-cli/v2.4.0
Commit Graph

17948 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
212b49f3dc Merge pull request #4416 from hvitved/csharp/dataflow/tuples 
C#: Add flow summaries for `System.[Value]Tuple`
 2020-10-26 13:48:24 +01:00
Cornelius Riemenschneider
0e5c44e5c4 C++: Add new test for conversions. 2020-10-26 13:25:17 +01:00
CodeQL CI
e825af2791 Merge pull request #4548 from asgerf/js/handle-empty-package-json 
Approved by erik-krogh
 2020-10-26 11:51:12 +00:00
Chris Smowton
68876b02fe Merge pull request #4519 from smowton/smowton/cleanup/loggertype-dead-code 
C#: Remove dead LoggerType class
 2020-10-26 11:19:27 +00:00
Mathias Vorreiter Pedersen
02bcb6d971 Apply suggestions from code review 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2020-10-26 11:39:54 +01:00
Joe Farebrother
2050f82553 Merge pull request #4383 from joefarebrother/guava-strings 
Java: Add modelling for Guava
 2020-10-26 10:16:55 +00:00
Asger Feldthaus
c353f61091 JS: Add test case 2020-10-26 09:58:37 +00:00
Asger Feldthaus
f6c0972523 JS: Guard other uses of Gson.fromJson 2020-10-26 09:54:55 +00:00
Asger Feldthaus
fc12b0bb5e JS: Do not crash on empty package.json file 2020-10-26 09:54:51 +00:00
Tom Hvitved
492b1141ef Merge pull request #4445 from hvitved/csharp/sign-analysis-cfg 
C#: Use CFG nodes instead of AST nodes in sign/modulus analysis
 2020-10-26 09:45:38 +01:00
Cornelius Riemenschneider
07452c0159 C++: Add comment, explaining where this query is used. 2020-10-26 09:28:24 +01:00
Cornelius Riemenschneider
fca141146b C++: Address review. 2020-10-26 09:27:29 +01:00
luchua-bc
07830aae05 Fix typo 2020-10-25 22:34:15 +00:00
Erik Krogh Kristensen
0b41a59dbf add support for imports into "outDir" from tsconfig.json 2020-10-25 22:51:21 +01:00
luchua-bc
d9c140dc6c Enhance the query to use sanitizer and null/empty array flow 2020-10-25 15:33:09 +00:00
luchua-bc
9ae5689af6 Use AndroidIntentInput source 2020-10-24 11:55:00 +00:00
Rasmus Lerchedahl Petersen
d89e985246 Python: Test showing chaining FP 2020-10-24 09:20:30 +02:00
Rasmus Lerchedahl Petersen
022cf0b2cc Python: Add test from tracking issue 
All tests pass, but there are spurious paths
due to configuration chaining.
 2020-10-24 09:07:43 +02:00
Dave Bartolomeo
3fce971f2d Fix taint propagation to qualifier objects and update test expectations 2020-10-23 17:48:37 -04:00
Dave Bartolomeo
86668058dc Avoid ODR violation in test code 2020-10-23 17:45:01 -04:00
Dave Bartolomeo
4d2f658ece Don't treat allocator argument as a string input 2020-10-23 17:44:07 -04:00
Robert Marsh
aab9797c2f Merge branch 'main' into rdmarsh2/cpp/output-iterators-2 
Resolve merge conflict in tests
 2020-10-23 13:50:15 -07:00
Dave Bartolomeo
1e96404ee0 Revert bad changes to basic_string 2020-10-23 13:46:27 -04:00
Dave Bartolomeo
35abcae5d3 Fix formatting 2020-10-23 13:43:29 -04:00
Dave Bartolomeo
bace0dca6d Handle more cases that require synthesizing temporary objects 
- Parens around qualifier expressions
- Inheritance conversions involving class prvalues
 2020-10-23 12:04:09 -04:00
Rasmus Lerchedahl Petersen
c4d1affaf8 Python: Suggestions from reviewer 2020-10-23 16:57:11 +02:00
yoff
15167753c6 Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2020-10-23 16:52:13 +02:00
Rasmus Lerchedahl Petersen
d6e9b351e5 Python: Add qldocs 2020-10-23 16:39:38 +02:00
Rasmus Lerchedahl Petersen
821b0c918a Python: Additional taintstep for normpath 
Is it ok to have this in general?
 2020-10-23 16:35:10 +02:00
CodeQL CI
6218a48e88 Merge pull request #4545 from RasmusWL/python-model-django-v1 
Approved by tausbn
 2020-10-23 15:27:42 +01:00
Rasmus Lerchedahl Petersen
6317db1622 Python: Reword explanation (slightly) 2020-10-23 15:54:52 +02:00
Rasmus Wriedt Larsen
aa9f15af76 Python: Fix typo 
Co-authored-by: Taus <tausbn@github.com>
 2020-10-23 15:39:38 +02:00
Cornelius Riemenschneider
a82cf74161 C++: Improve performance of definitions.qll. 2020-10-23 15:16:53 +02:00
Rasmus Lerchedahl Petersen
9eda84debb Python: PathCheck -> Path::SafeAccessCheck 2020-10-23 15:01:43 +02:00
Rasmus Lerchedahl Petersen
cf8462fa58 Python: Simplify chained configs 2020-10-23 14:52:47 +02:00
Rasmus Lerchedahl Petersen
f87845b1ec Python: Copy old test 2020-10-23 14:52:07 +02:00
Rasmus Wriedt Larsen
7993a83750 Merge pull request #4544 from tausbn/python-fix-bad-join-in-use-use-ssa 
Python: Fix bad join order in `adjacentUseUseSameVar`
 2020-10-23 14:37:27 +02:00
Rasmus Wriedt Larsen
d295c64ccd Python: Add example of flask response .set_data 2020-10-23 14:31:36 +02:00
Rasmus Wriedt Larsen
eb545204ec Python: Show that reflected XSS works now 
Also did autoformatting, but the important part is the change to the .expected file
 2020-10-23 14:31:35 +02:00
Rasmus Wriedt Larsen
d2cfa91155 Python: Add some tricky tests of return in flask route handler 
In these cases the `return` might end up creating a new HTTP response, so they
need to be modeled as such.

Initially I created a very naive solution that didn't handle either
tricky_return1 or tricky_return2.

The interaction in tricky_return2/helper highlighted for me that to handle this
properly, due to the fact that the flow is across functions, we either need to
use a global dataflow/taint-tracking configuration, or some clever use of
type-trackers.

In the end, this extra effort for not modeling all returns in a flask route
handler as a creation of a HTTP response doesn't really seem to be worth it (at
least not right now). Sicne we use it with taint-tracking for the Reflected XSS
query, and use a HTTP response _creation_ as the sink (without propagating taint
to the HTTP response), we won't get into trouble where we report a path to BOTH
`make_response(...)` and the `return`

```
resp = make_response(...)
return resp
```

If we change this setup in the future, we will probably need to do something to
avoid this double-path reporting.
 2020-10-23 14:31:35 +02:00
Rasmus Wriedt Larsen
d60221b168 Python: Model return from flask handler as HTTP response 
When dealing with

```
resp = make_response(...)
return resp
```

ideally we don't want to mark the return as a creation of a HTTP response. I'll
deal with this in a second commit, to show off how annoying it looks in the
tests right now :D
 2020-10-23 14:31:34 +02:00
Rasmus Wriedt Larsen
44ba3469db Python: Model response_class attribute of Flask class 2020-10-23 14:31:34 +02:00
Rasmus Wriedt Larsen
082e35c2c7 Python: Model mimetype instead of content-type for HTTP Response 
Since that's really what we're after (at least for now)
 2020-10-23 14:31:33 +02:00
Rasmus Wriedt Larsen
81a42b73a8 Python: Model flask.Response 
I think I'll rework how we model content-type, since what we _actually_ want to
know is the mimetype
 2020-10-23 14:31:32 +02:00
Rasmus Wriedt Larsen
1f99bbf744 Python: Model flask.Response 
I kept `Response::instance()` predicate even though we don't need it for
anything right now, I thought it could be nice to keep for the future.
 2020-10-23 14:31:32 +02:00
Rasmus Wriedt Larsen
7894d01248 Python: Add test for mimetype/headers priority 2020-10-23 14:31:31 +02:00
Rasmus Wriedt Larsen
35334cf630 Python: Remove status code modeling 
I'm not even trying to model it properly right now, and don't have a specific
use-case for it RIGHT NOW. I think we could want this in the future, but I think
it's probably better to model it when we know what we want to use it for.
 2020-10-23 14:31:31 +02:00
Rasmus Wriedt Larsen
19dc04de3c Python: Handle make_response on flask app 2020-10-23 14:31:30 +02:00
Rasmus Wriedt Larsen
e38ac18e46 Python: Add (only) basic $HttpResponse tag to other tests files 
This seems really nice to me, but you might disagree
 2020-10-23 14:31:30 +02:00
Rasmus Wriedt Larsen
8b0b87ae62 Python: Model flask.make_response 2020-10-23 14:31:29 +02:00