hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-22 02:44:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,948 Commits 1,685 Branches 158 Tags
codeql-cli/v2.4.0
Commit Graph

17948 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger Feldthaus
c185cededf JS: More pruning and more data flow 2020-02-04 15:06:42 +00:00
Tom Hvitved
6e14ba4e56 C++: Follow-up changes 2020-02-04 14:09:12 +01:00
Tom Hvitved
15ee1e37b9 Java: Follow-up changes 2020-02-04 14:09:12 +01:00
Tom Hvitved
c591719df2 Data flow: Sync files 2020-02-04 14:09:12 +01:00
Tom Hvitved
7678cb0349 C#: Remove Public wrapper module from DataFlowImplCommon.qll 2020-02-04 14:09:12 +01:00
Tom Hvitved
fed6dd5324 C#: Generalize data-flow flow-through summaries 
The predicate

```
argumentValueFlowsThrough(ArgumentNode arg, OutNode out, CallContext cc)
```

has been generalized to

```
argumentValueFlowsThrough(
  DataFlowCall call, ArgumentNode arg, Node out, ContentOption contentIn,
  ContentOption contentOut
)
```

This enables us to summarize normal flow-through (as before), getters, setters,
as well as getter-setters.
 2020-02-04 14:09:12 +01:00
semmle-qlci
4b89eee683 Merge pull request #2757 from max-schaefer/js/resolveMainModule-extensions 
Approved by asgerf
 2020-02-04 13:07:08 +00:00
Erik Krogh Kristensen
15e26666cd add declaration for private field in syntax error test 2020-02-04 14:05:09 +01:00
Rasmus Wriedt Larsen
de63eb1450 Merge pull request #2592 from tausbn/python-remove-manual-tc-in-ssashortcut 
Python: Remove manual TC from `ssaShortCut`.
 2020-02-04 14:04:25 +01:00
Anders Schack-Mulligen
2b1723dd88 Java: Move some taint tests. 2020-02-04 13:21:31 +01:00
Tom Hvitved
00fdc70155 Merge pull request #2710 from calumgrant/cs/short-circuit-out 
C#: Remove false positive in cs/non-short-circuit
 2020-02-04 12:09:17 +01:00
Mathias Vorreiter Pedersen
0276c97b9c Merge pull request #2755 from jbj/BarrierGuard-SSA 
C++: Don't use GVN in AST DataFlow BarrierNode
 2020-02-04 12:00:12 +01:00
Rasmus Wriedt Larsen
c1d073a54d Python: Add test-cases for py/hardcoded-credentials 2020-02-04 11:42:11 +01:00
Rasmus Wriedt Larsen
2837f987c5 Python: Show how pointsTo handles 0+0 == 0 (2/2) 2020-02-04 11:42:11 +01:00
Rasmus Wriedt Larsen
4231bb1bcf Python: Show how pointsTo handles 0+0 == 0 (1/2) 2020-02-04 11:42:11 +01:00
Rasmus Wriedt Larsen
6b5b28aded Python: Add Value.getABooleanValue and Value.getDefiniteBooleanValue 
Replacing `Value.booleanValue`. We wanted to match `Object.booleanValue` that
only gives a result if it is either `true` or `false`, but also wanted to keep
the flexibility to see if the Value _could_ be `true`/`false`. We don't have a
motivating usecase, so let's see if we ever need it :P

+ fix modernisation regression on py/jinja2/autoescape-false
 2020-02-04 11:42:11 +01:00
Rasmus Wriedt Larsen
bd1f21fb7a Python: Fix modernisation regression on py/weak-crypto-key 
also fixes test code to use the right argument name
 2020-02-04 11:42:11 +01:00
Rasmus Wriedt Larsen
e5abfd0196 Python: Modernise Security/ queries 2020-02-04 11:42:11 +01:00
Rasmus Wriedt Larsen
2802ac2e72 Python: Add NumericValue 
Since `IntObjectInternal` extends `TInt`, and `TInt` is defined for all
instances of `Builtin.intValue`, and `Builtin.intValue` includes both `int` and
`long`, we don't need to handles Longs in a special manner, as we did in NumericObject.
 2020-02-04 11:39:16 +01:00
Asger Feldthaus
bf2c944b4f JS: Model concat() calls as string concatenation 2020-02-04 10:20:37 +00:00
Esben Sparre Andreasen
1ec8fa24b3 JS: reformulate optimization 2020-02-04 10:52:38 +01:00
Esben Sparre Andreasen
8a2c81b41c JS: address review comments about duplicated logic 2020-02-04 10:49:23 +01:00
Max Schaefer
43e4ed1e18 JavaScript: Teach resolveMainModule to try adding extensions. 2020-02-04 09:39:04 +00:00
Max Schaefer
e21c24c60e JavaScript: Add failing test case. 2020-02-04 09:39:04 +00:00
Esben Sparre Andreasen
e1180495f5 JS: optimize a prefix-check 2020-02-04 09:48:56 +01:00
semmle-qlci
bd51ef35b7 Merge pull request #2731 from erik-krogh/CVE527 
Approved by esbena
 2020-02-04 08:38:26 +00:00
Jonas Jensen
b4385c6e60 C++: Don't use GVN in AST DataFlow BarrierNode 
It turns out that the evaluator will evaluate the GVN stage even when no
predicate from it is needed after optimization of the subsequent stages.
The GVN library is expensive to evaluate, and it'll become even more
expensive when we switch its implementation to IR.

This PR disables the use of GVN in `DataFlow::BarrierNode` for the AST
data-flow library, which should improve performance when evaluating a
single data-flow query on a snapshot with no cache. Precision decreases
slightly, leading to a new FP in the qltests.

There is no corresponding change for the IR data-flow library since IR
GVN is not very expensive.
 2020-02-04 08:40:36 +01:00
Robert Marsh
eafd7b6045 C++: accept test output 2020-02-03 15:27:34 -08:00
Robert Marsh
677f0f090a Merge branch 'master' into rdmarsh/cpp/ir-flow-through-outparams 2020-02-03 13:06:35 -08:00
Robert Marsh
931c0e982e Merge pull request #2748 from MathiasVP/value-numbering-indirection 
C++: Indirection for ValueNumbering
 2020-02-03 14:41:58 -05:00
Robert Marsh
f51841ac37 Merge pull request #2736 from jbj/buffer-type-size 
C++: Workaround for problem with memcpy flow
 2020-02-03 14:31:28 -05:00
Robert Marsh
3bfcf0bf46 Merge branch 'master' into connect-ir-dataflow-models 2020-02-03 11:06:45 -08:00
Cornelius Riemenschneider
36479d3fd6 Support to keep bounds derived on implicit integer casts. 2020-02-03 17:33:06 +01:00
Cornelius Riemenschneider
cf8efbb5a0 Add testcase. 2020-02-03 17:23:24 +01:00
Robert Marsh
2b10cd6228 Merge pull request #2737 from jbj/DefaultTaintTracking-indirect-parameters 
C++: Interprocedural indirections in DefaultTaintTracking.qll
 2020-02-03 11:12:38 -05:00
Esben Sparre Andreasen
bbd60f52ba JS: add additional flow steps to js/path-injection 2020-02-03 16:36:25 +01:00
Mathias Vorreiter Pedersen
8aae2990d0 C++: Formatting 2020-02-03 16:15:49 +01:00
Mathias Vorreiter Pedersen
a8b3bcb87d C++: Indirection for value numbering 2020-02-03 16:13:32 +01:00
Erik Krogh Kristensen
e3189aaa47 raise syntax error on declaration of private method, and add syntax tests for private fields 2020-02-03 16:00:25 +01:00
semmle-qlci
3a7845e7fc Merge pull request #2653 from erik-krogh/exceptionFPs 
Approved by esbena
 2020-02-03 14:15:24 +00:00
Rasmus Wriedt Larsen
d30e6d2b69 Python: Value::forString and friends returns StringValue 2020-02-03 14:35:09 +01:00
Rasmus Wriedt Larsen
27a7d09c94 Python: Fix minor problems in security examples 2020-02-03 14:35:09 +01:00
Rasmus Wriedt Larsen
5bc592514a Python: Consistenly use "a user-provided value" 
ReflectedXss was the only query that used it with the "a"
 2020-02-03 14:35:09 +01:00
Erik Krogh Kristensen
183dd68d6a add qldoc to isPrivateField 2020-02-03 14:23:27 +01:00
Cornelius Riemenschneider
1b68f86d5b Fix bug in CPP range analysis. 2020-02-03 14:16:48 +01:00
Rasmus Wriedt Larsen
cc73352bf6 Merge pull request #2549 from tausbn/python-fix-several-bad-join-orders 
Python: Fix several bad join orders.
 2020-02-03 13:54:36 +01:00
Calum Grant
be374816c4 C#: Distinguish between local variables extracted in different compilations. 2020-02-03 12:22:49 +00:00
Erik Krogh Kristensen
99d8b48da0 Merge pull request #2712 from asger-semmle/typescript-resolve-imports 
TS: Resolve imports using TypeScript
 2020-02-03 12:42:17 +01:00
Asger Feldthaus
3c1cbcefa5 TS: Pass virtual source root explicitly to Node.js process 2020-02-03 10:36:36 +00:00
Asger Feldthaus
513854a608 TS: Add upgrade script 2020-02-03 09:32:56 +00:00