hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-22 10:52:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,948 Commits 1,685 Branches 158 Tags
codeql-cli/v2.4.0
Commit Graph

17948 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
781024d679 Python: Recognize taint for iterable unpacking 2020-01-27 14:43:07 +01:00
Rasmus Wriedt Larsen
a3f1f4cb87 Python: Add iterable unpacking tests 2020-01-27 14:43:07 +01:00
Rasmus Wriedt Larsen
fa48fb04f5 Python: Recognize nested tuple/list assignment 
Now we recognize `[(x,y)] = [(1,2)]` -- in itself not a widely used idiom, but
more of a warmup excersize for me
 2020-01-27 14:42:54 +01:00
Rasmus Wriedt Larsen
9763ec71fe Python: Add tests for nested assignment 2020-01-27 14:39:34 +01:00
Jonas Jensen
0e3ed2dfa6 C++: Remove test for unrelated issue 
The issue for that test is being tested and fixed on PR #2686. Adding a
test here will cause a semantic merge conflict.
 2020-01-27 14:25:28 +01:00
Rasmus Wriedt Larsen
9502756874 Python: Autoformat dataflow files 2020-01-27 13:07:01 +01:00
Asger Feldthaus
3d567eb889 JS: Close an unterminated code block 2020-01-27 12:03:58 +00:00
Chris Gavin
484333b192 Java: Update help and description of java/suspicious-date-format. 2020-01-27 11:57:59 +00:00
Chris Gavin
0e8d435ca1 Java: Add a test for java/suspicious-date-format. 2020-01-27 11:57:59 +00:00
Chris Gavin
708890add3 Java: Add a change note for java/suspicious-date-format. 2020-01-27 11:57:56 +00:00
Chris Gavin
88146295f9 Java: Add a query for suspicious date format patterns. 2020-01-27 11:57:18 +00:00
Anders Schack-Mulligen
efe8981129 Java: Add change note for java/spring-disabled-csrf-protection. 2020-01-27 11:33:31 +01:00
Anders Schack-Mulligen
816a8d1f9e Merge pull request #2586 from ggolawski/spring_disable_csrf 
Add check for disabled CSRF protection in Spring
 2020-01-27 11:32:39 +01:00
Geoffrey White
2c7e2c4506 CPP: Not in std namespace. 2020-01-27 10:20:56 +00:00
Rasmus Wriedt Larsen
1ce77ff600 Merge pull request #2507 from tausbn/python-fix-infinite-tuple-tostring 
Python: Fix divergence in tuple `toString`.
 2020-01-27 11:14:44 +01:00
semmle-qlci
8a6de11268 Merge pull request #2689 from erik-krogh/LastEventEmitters 
Approved by esbena
 2020-01-27 08:55:33 +00:00
semmle-qlci
7d9956e3f3 Merge pull request #2675 from erik-krogh/WebSocket 
Approved by esbena
 2020-01-27 08:40:37 +00:00
Dave Bartolomeo
6988241b09 Merge from master 2020-01-26 16:38:48 -07:00
Dave Bartolomeo
708e83546f C++: Remove acceidentally added tests 2020-01-26 16:20:27 -07:00
Robert Marsh
959ce3b355 C++: add diff tests for DefaultTaintTracking 2020-01-24 13:46:11 -08:00
Jonas Jensen
fb6ad5274f C++: Accept test changes 2020-01-24 22:28:20 +01:00
Robert Marsh
0180672dc0 Merge pull request #2687 from jbj/DefaultTaintTracking-asExpr 
C++: Use asExpr, not getConvertedResultExpression
 2020-01-24 15:42:58 -05:00
Taus Brock-Nannestad
3cebffe820 Python: Fix divergence in tuple toString. 
Our definition of `toString` for the internal tuple objects we create during the
points-to analysis may have been a _tad_ too ambitious. In particular, it can
easily lead to non-termination, e.g. using the following piece of code:

```python
x = ()
while True:
    x = (x, x)
```

This commit cuts off the infinite recursion by replacing _nested_ tuples with
the string "...". In particular this means even non-recursive tuples will be cut
off at that point, so that the following tuples

```python
(1, "2")
((3, 4), [5, 6])
(1, 2, 3, 4, 5)
```

Get the following string representations.

```
"(int 1, '2', )"
"(..., List, )"
"(int 1, int 2, int 3, 2 more...)"
```
 2020-01-24 17:08:56 +01:00
Mathias Vorreiter Pedersen
d26cf12c3a Merge pull request #2688 from geoffw0/move-taint-test 
C++: Add the security taint test (previously internal).
 2020-01-24 15:58:20 +01:00
Jonas Jensen
b290c7b47a C++: Model that string functions read their buffer 2020-01-24 15:53:38 +01:00
semmle-qlci
b3eada829a Merge pull request #2690 from erik-krogh/MoreEvents2 
Approved by asgerf
 2020-01-24 14:47:04 +00:00
Taus
5a2dfd40af Merge pull request #2639 from RasmusWL/python-improve-dict-taint 
Python: Improve tests for tainted collections
 2020-01-24 15:06:01 +01:00
Erik Krogh Kristensen
8492f6031f reuse existing type-tracking for classes 2020-01-24 13:36:32 +01:00
Anders Schack-Mulligen
98d527c44c Merge pull request #2685 from esbena/java/sharpen-maven-non-ssl 
java: sharpen java/maven/non-https-url to allow localhost URLs
 2020-01-24 13:19:26 +01:00
Erik Krogh Kristensen
0b55aed626 use the EventEmitter registration methods instead of just "on" 2020-01-24 13:06:00 +01:00
Erik Krogh Kristensen
148ec9aad0 fix typos 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-01-24 12:36:03 +01:00
Geoffrey White
af903fc30c C++: Add the security taint test (previously internal). 2020-01-24 11:28:51 +00:00
Jonas Jensen
ee0648bb57 Merge pull request #2684 from geoffw0/rearrange-tests 
CPP: Test cleanup
 2020-01-24 11:57:58 +01:00
Asger Feldthaus
7fa0fea253 TS: Address comments in guessMainFile 2020-01-24 10:11:53 +00:00
Asger Feldthaus
1f647223e0 TS: Move definition of mainStr 2020-01-24 10:02:06 +00:00
Esben Sparre Andreasen
8deefd60a7 java: fixup whitespace/tabs in test 2020-01-24 11:01:38 +01:00
Asger Feldthaus
9ed77585a7 Merge branch 'ts-monorepo-deps' of github.com:asger-semmle/ql into ts-monorepo-deps 2020-01-24 09:58:35 +00:00
Asger F
5448bffede Update javascript/extractor/lib/typescript/src/main.ts 
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-01-24 09:58:27 +00:00
Asger Feldthaus
3ca5a3dbe4 TS: Document nodeModulesRex 2020-01-24 09:57:40 +00:00
Asger Feldthaus
804aef507f TS: Remove unneeded alias PackageLocationMap 2020-01-24 09:51:03 +00:00
Asger Feldthaus
542ce816dc TS: Simplify string equality check 2020-01-24 09:49:11 +00:00
Asger Feldthaus
fc04e06456 TS: Allow .js extensions in cross package imports 2020-01-24 09:48:43 +00:00
Jonas Jensen
6606b2e18a C++: autoformat fixup 2020-01-24 10:48:03 +01:00
Asger Feldthaus
b98db62e82 JS: Recognize req.user a cookie access 2020-01-24 09:44:20 +00:00
Geoffrey White
912260b3aa C++: Autoformat tests. 2020-01-24 09:43:58 +00:00
Rasmus Wriedt Larsen
5778764a48 Python: Stop using deprecated getName in collections taint test 2020-01-24 10:32:17 +01:00
Rasmus Wriedt Larsen
3db551d6bc Python: Use variables in collection-taint test 
They are not tainted in assignment, only in use.

I also adopted an attempt at a better test-setup, where it's easy to see if
everything is the way you hoped for, instead of browsing through 100 of lines of
taint-step output :P
 2020-01-24 10:32:17 +01:00
Erik Krogh Kristensen
c0af3780c4 adjust the ReceiveNode docstrings 2020-01-24 10:06:28 +01:00
Jonas Jensen
5eeb5c6e67 C++: Use asExpr, not getConvertedResultExpression 
We designed the IR's `DataFlow::Node.asExpr` very carefully so that it's
suitable for taint tracking, but then we didn't use it in
`DefaultTaintTracking.qll`. This meant that the sources in
`ArithmeticWithExtremeValues.ql` didn't get associated with any
`Instruction` and thus didn't propagate anywhere.

With this commit, the mapping of `Expr`-based sources to IR data-flow
nodes uses `asExpr`.
 2020-01-24 09:42:26 +01:00
Tom Hvitved
cfbdf21d1b Merge pull request #2682 from calumgrant/cs/format-trap-floats 
C#: Fix outputting floats to the trap file
 2020-01-24 09:13:18 +01:00