hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-22 10:52:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,948 Commits 1,685 Branches 158 Tags
codeql-cli/v2.4.0
Commit Graph

17948 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
c25782d6da Python: For web tests, use more precise name HttpResponseSinks 
Since there are also HttpRedirectTaintSink, using HttpSink is confusing
 2020-01-28 13:06:48 +01:00
Rasmus Wriedt Larsen
46f4b74134 Python: Fix tornado lib: a redirect is not a http response 2020-01-28 13:06:48 +01:00
Rasmus Wriedt Larsen
ee382bb2ea Python: Fix typo (reques => request) 2020-01-28 13:06:48 +01:00
Rasmus Wriedt Larsen
9bc72450a0 Python: Temporarily disable falcon HttpSinks test 
I will fix this in an other PR
 2020-01-28 13:06:48 +01:00
Rasmus Wriedt Larsen
9b2ca0c9c7 Python: Update web libraries to use HttpSources and HttpSinks 2020-01-28 13:06:48 +01:00
Rasmus Wriedt Larsen
2cdbae08b6 Python: Don't make duplicate sink for Tornado handler 
`self.write(...)` would be treated as *both* TornadoConnectionWrite and
TornadoHttpRequestHandlerWrite
 2020-01-28 13:06:48 +01:00
Rasmus Wriedt Larsen
effa4548ab Python: Add toString to TurboGears HttpResponseTaintSinks 
Naming these were a bit hard, but better than generic "Taint Sink"
 2020-01-28 13:06:48 +01:00
Rasmus Wriedt Larsen
6b87458c2e Python: Add explicit tests for HttpSources and HttpSinks 
Some of the tests currently fail, since they can't reproduce the old tests
results (since the sinks/sources defined in the library code are not
HttpResponseTaintSink/HttpRequestTaintSource)
 2020-01-28 13:06:48 +01:00
Rasmus Wriedt Larsen
b36a6aa5b5 Python: Remove unused variable from exists expression 2020-01-28 13:05:25 +01:00
Rasmus Wriedt Larsen
0a1c91fbb8 Python: Autoformat web tests QL files 2020-01-28 13:05:25 +01:00
Calum Grant
f23438ea65 C#: Add test showing false positive 2020-01-28 11:48:59 +00:00
semmle-qlci
5ab6457370 Merge pull request #2699 from asger-semmle/js/callback-doc-typo 
Approved by max-schaefer
 2020-01-28 11:00:49 +00:00
Jonas Jensen
23030aa324 Merge pull request #2706 from MathiasVP/ql-tests-taint-tracking 
Ql tests for virtual dispatch taint tracking
 2020-01-28 11:56:10 +01:00
Asger Feldthaus
b306571d52 JS: Type-track react component factories 2020-01-28 10:22:04 +00:00
Mathias Vorreiter Pedersen
611d9553dd C++: Fix formatting 2020-01-28 10:22:33 +01:00
Anders Schack-Mulligen
0b3c90b526 Java: Fix whitespace query. 2020-01-28 10:15:48 +01:00
Anders Schack-Mulligen
34e6679afd Java: Add upgrade script. 2020-01-28 10:15:48 +01:00
Anders Schack-Mulligen
f8805ebb24 Java: Update 2 queries. 2020-01-28 10:15:48 +01:00
Anders Schack-Mulligen
4bd332ddca Java: Add Expr.isParenthesized, adjust VarAccess.toString, and fix tests. 2020-01-28 10:15:48 +01:00
Anders Schack-Mulligen
597d8e7d94 Java: Update dbscheme for ParExpr removal. 2020-01-28 10:15:48 +01:00
Anders Schack-Mulligen
dc7e8ad2ff Java: Reword help according to review comment. 2020-01-28 10:13:35 +01:00
Anders Schack-Mulligen
a99a6f79cd Apply suggestions from code review 
Co-Authored-By: Felicity Chapman <felicitymay@github.com>
 2020-01-28 10:13:35 +01:00
Anders Schack-Mulligen
4cb28d9b1d Java: Add new query for large left shifts and bugfix ConstantExpAppearsNonConstant. 2020-01-28 10:13:34 +01:00
Mathias Vorreiter Pedersen
130911ad44 C++: Accept new output in already existing test 2020-01-28 10:00:52 +01:00
Mathias Vorreiter Pedersen
fd79e7991d C++: Add tests demonstrating differences between AST virtual dispatch analysis and IR virtual dispatch analysis 2020-01-28 10:00:21 +01:00
Geoffrey White
1ddabee1b8 C++: Change note. 2020-01-28 08:46:46 +00:00
Geoffrey White
30580e97dc C++: Add a TaintFunction model to FormattingFunction. 2020-01-28 08:46:46 +00:00
Geoffrey White
1d46971bb7 C++: Add an ArrayFunction model to FormattingFunction. 2020-01-28 08:46:46 +00:00
Geoffrey White
06f5720cd5 C++: Add taint tests of formatting functions. 2020-01-28 08:46:46 +00:00
Erik Krogh Kristensen
082967a629 add EventEmitter models for net.createServer() and respjs. 2020-01-28 09:38:38 +01:00
Erik Krogh Kristensen
a2e54b1477 add support for this references in classes that extend EventEmitter 2020-01-28 09:37:54 +01:00
yo-h
8c00671f24 Merge pull request #2698 from aschackmull/java/changenote-csrf-query 
Java: Add change note for java/spring-disabled-csrf-protection.
 2020-01-27 21:09:15 -05:00
Robert Marsh
1b9e375341 C++: Move getACallArgumentOrIndirection 2020-01-27 16:44:41 -08:00
Robert Marsh
fd807d46d6 C++: IR dataflow through modeled functions 2020-01-27 16:38:07 -08:00
Robert Marsh
a9bcc1dcc6 Merge pull request #2667 from dbartol/dbartol/NoEscape 
C++/C#: Make escape analysis unsound by default
 2020-01-27 19:17:33 -05:00
Robert Marsh
c7975e83a7 Merge pull request #2657 from jbj/DefaultTaintTracking-models 
C++: wire up models library to DefaultTaintTracking
 2020-01-27 17:41:54 -05:00
Grzegorz Golawski
7b2192d2e3 Apply suggestion from code review 2020-01-27 22:34:15 +01:00
ggolawski
408c49a61c Apply suggestions from code review 
Co-Authored-By: Felicity Chapman <felicitymay@github.com>
 2020-01-27 22:31:51 +01:00
Dave Bartolomeo
7df3cf4c23 C++: Accept more test output after merge 2020-01-27 13:48:43 -07:00
Dave Bartolomeo
3b3502060b Merge remote-tracking branch 'upstream/master' into dbartol/NoEscape 2020-01-27 13:29:18 -07:00
Robert Marsh
79a72a3496 Merge pull request #2680 from geoffw0/modelstrndup 
CPP: Model strndup.
 2020-01-27 15:19:52 -05:00
Dave Bartolomeo
40952f85a9 C++: Accept test diffs 2020-01-27 10:31:18 -07:00
Robert Marsh
4d743d2bce Merge pull request #2692 from jbj/pure-string-read 
C++: Model that string functions read their buffer
 2020-01-27 11:40:03 -05:00
Anders Schack-Mulligen
3745388069 Merge pull request #2602 from chrisgavin/suspicious-date-format 
Java: Add a query for suspicious date format patterns.
 2020-01-27 16:29:48 +01:00
Rasmus Wriedt Larsen
d67577e66c Python: Modernise import related queries 
Except for Metrics/Dependencies/ExternalDependenciesSourceLinks.ql, since it is
rather tricky :D
 2020-01-27 16:01:25 +01:00
Rasmus Wriedt Larsen
647b9cdcb0 Python: Autoformat query 2020-01-27 16:01:24 +01:00
Rasmus Wriedt Larsen
081d66eaa3 Python: Recognize taint for extended iterable unpacking 2020-01-27 15:28:53 +01:00
Rasmus Wriedt Larsen
1b670354b2 Python: Add tests for extended iterable unpacking 2020-01-27 15:24:55 +01:00
Geoffrey White
4778914154 CPP: Repair flow. 2020-01-27 14:08:03 +00:00
Geoffrey White
d9f6895602 CPP: 'sometimes copying' is considered data flow. 2020-01-27 14:07:39 +00:00