hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-17 00:14:51 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,948 Commits 1,679 Branches 158 Tags
codeql-cli/v2.4.0
Commit Graph

17948 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
b8ba31aaa0 autoformat 2020-05-18 21:06:19 +02:00
Erik Krogh Kristensen
0758413cc7 revert change to import 2020-05-18 21:06:19 +02:00
Erik Krogh Kristensen
742abf8751 refactor package export into a library, and add tests for the library 2020-05-18 21:06:14 +02:00
Erik Krogh Kristensen
d7b852f408 use count aggregate to count 2020-05-18 21:03:26 +02:00
semmle-qlci
192bf918c3 Merge pull request #3488 from asger-semmle/js/sql-type-tracking 
Approved by erik-krogh
 2020-05-18 19:57:32 +01:00
Erik Krogh Kristensen
202b8a56b7 apply the unique aggregate where trivially applicable 2020-05-18 20:37:38 +02:00
Rasmus Wriedt Larsen
3774310985 Python: Reduce FPs in Django due to bad XSS taint-sinks 
Fixes https://github.com/github/codeql-python-team/issues/38
 2020-05-18 19:14:43 +02:00
Rasmus Wriedt Larsen
fa08676a1d Python: Proper redirect taint sinks for Django 
Also a major restructuring of the code. A bit controversial since it
renames/moves classes that are already public.

Fixes https://github.com/github/codeql/issues/3466
 2020-05-18 19:14:29 +02:00
Asger F
96d6115452 Merge branch 'master' into js/sql-type-tracking 2020-05-18 15:58:42 +01:00
Rasmus Wriedt Larsen
72ea4ff0dc Python: Add more tests of django responses 
They clearly shouldn't all be XSS sinks
 2020-05-18 16:56:47 +02:00
Dave Bartolomeo
35868d4e5b C++/C#: Change dump of unmodeled use to m? 
This is kind of inconsequential on its own, but will make the test diffs easier to understand once the next commit removes `UnmodeledDefinition`.
 2020-05-18 10:47:43 -04:00
Jonas Jensen
76e194c8be C++: Fix struct field conflation in IR data flow 
The virtual-dispatch code for globals was missing any relationship
between the union field access and the global variable, which meant it
propagated function-pointer flow between any two fields of a global
struct. This resulted in false positives from
`cpp/tainted-format-string` on projects using SDL, such as
WohlSoft/PGE-Project.

In addition to fixing that bug, this commit also brings the code up to
date with the new style of modeling flow through global variables:
`DataFlow::Node.asVariable()`.
 2020-05-18 16:24:22 +02:00
Erik Krogh Kristensen
70a28f60e3 Merge branch 'master' of https://github.com/github/codeql into pr/erik-krogh/3478 2020-05-18 14:05:37 +00:00
Bt2018
69f2525e62 Remove the ending blank lines for auto-format check 2020-05-18 10:02:37 -04:00
Bt2018
08ab7b0eb2 Remove the ending blank line for auto-format check 2020-05-18 10:00:12 -04:00
Jonas Jensen
f2402c5abb C++: Test virtual dispatch field conflation 
This test demonstrates that IR data flow conflates unrelated fields of a
global struct-typed variable and that this bug is not present in the old
AST-based implementation of `semmle.code.cpp.security.TaintTracking`.
 2020-05-18 15:37:22 +02:00
semmle-qlci
0da1e68462 Merge pull request #3498 from max-schaefer/js/remote-exec 
Approved by esbena
 2020-05-18 14:17:20 +01:00
Rasmus Wriedt Larsen
8fc803fb9f Merge branch 'master' into python-keyword-only-args 2020-05-18 14:44:31 +02:00
Rasmus Lerchedahl Petersen
b56545b236 Python: Regexp: Handle repetions {n} (with no ,) 2020-05-18 14:44:11 +02:00
Asger F
a9983fdb49 Update javascript/ql/src/semmle/javascript/frameworks/SQL.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-18 13:23:22 +01:00
Bt2018
7a9381f1fb Add declaring type to the res.getString(R.string.key) call 2020-05-18 07:59:38 -04:00
Anders Schack-Mulligen
37c8917813 Java: Add test. 2020-05-18 13:19:19 +02:00
Max Schaefer
bdd778f989 JavaScript: Add change note. 2020-05-18 12:08:36 +01:00
Max Schaefer
6797fec1a3 JavaScript: Add more models of packages that execute commands over SSH. 2020-05-18 12:08:14 +01:00
Esben Sparre Andreasen
a9ba6ac659 JS: make LocalObjects::isEscape aware of yield 2020-05-18 12:43:46 +02:00
Erik Krogh Kristensen
0f82370f4e rename getHighLight() -> getAlertLocation() 2020-05-18 12:28:28 +02:00
Erik Krogh Kristensen
2b1724291b adjust qhelp to focus on user-controlled data 2020-05-18 12:27:20 +02:00
Erik Krogh Kristensen
d18808698a adjust qhelp to focus on the execFile API 2020-05-18 12:22:46 +02:00
Esben Sparre Andreasen
aa87008775 JS: typo fixups 2020-05-18 12:19:46 +02:00
Erik Krogh Kristensen
9c294513c7 Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2020-05-18 12:18:20 +02:00
semmle-qlci
14664be467 Merge pull request #3468 from p0/imp/nodejs-vm-sinks 
Approved by esbena
 2020-05-18 11:10:13 +01:00
Esben Sparre Andreasen
b3691cd0e9 JS: change MembershipTest to MembershipCandidate 2020-05-18 11:51:00 +02:00
Erik Krogh Kristensen
c6276ddd1c update expected output after restricting precise array tracking to Promise.all 2020-05-18 11:49:07 +02:00
James Fletcher
bd6d2d899d Merge pull request #3495 from jf205/java-article-fix 
CodeQL docs: remove stray GH variable
 2020-05-18 10:23:22 +01:00
james
06f465bae7 docs: remove gh variable 2020-05-18 10:12:40 +01:00
Jonas Jensen
cc00f0f584 C++: Move identical declarations to shared.h file 
This cleans up the test results, which were confusing because functions
like `sink` had multiple locations.

There are some additional results now involving casts to `const char *`
because previously it varied whether `sink` used `const`, and now it
always does.
 2020-05-18 10:42:52 +02:00
Asger Feldthaus
a18e0b37cf JS: simplify sequelize model 2020-05-18 09:34:17 +01:00
Asger F
f52c827966 Apply suggestions from code review 
Base type of EscapingSanitizer

Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-18 09:31:09 +01:00
Asger F
ffb22c061a Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-05-18 09:28:22 +01:00
Erik Krogh Kristensen
bd3c4d4077 Merge branch 'master' of https://github.com/github/codeql into pr/erik-krogh/3478 2020-05-18 07:51:19 +00:00
Esben Sparre Andreasen
ddb545c182 JS: introduce MembershipTests.qll and use in two locations 2020-05-18 09:50:00 +02:00
Anders Schack-Mulligen
bd114db862 Java: Add cfg edges for instanceof-pattern. 2020-05-18 09:49:32 +02:00
semmle-qlci
6041d52936 Merge pull request #3424 from asger-semmle/js/express-param-handler 
Approved by esbena
 2020-05-18 08:48:24 +01:00
semmle-qlci
135eae9895 Merge pull request #3483 from esbena/js/fix-qhelp-FNs 
Approved by asgerf
 2020-05-18 08:47:05 +01:00
semmle-qlci
0230b79efc Merge pull request #3391 from erik-krogh/SplitFPs 
Approved by esbena
 2020-05-18 08:46:26 +01:00
Erik Krogh Kristensen
8717f7bd0d restrict precise array elements to Promise.all() 2020-05-17 15:58:59 +02:00
Erik Krogh Kristensen
2d6e3a5784 support outdir in tsconfig.json 2020-05-17 10:32:27 +02:00
Erik Krogh Kristensen
dfdecf1450 add change note 2020-05-17 10:32:27 +02:00
Erik Krogh Kristensen
c8cf958c8a add test cases for js/shell-command-constructed-from-input 2020-05-17 10:32:27 +02:00
Erik Krogh Kristensen
59001bbdf4 add qhelp for js/shell-command-constructed-from-input 2020-05-17 10:32:27 +02:00