hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-23 03:12:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,948 Commits 1,685 Branches 158 Tags
codeql-cli/v2.4.0
Commit Graph

17948 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
d8b25ef5a2 add data-flow steps for resolved promises using pseudo-properties 2020-01-21 15:52:50 +01:00
Erik Krogh Kristensen
6648e2751f remove use of .getAlocalSource() i custom load/store test 2020-01-21 15:49:42 +01:00
Rasmus Wriedt Larsen
422658bbdb Python: Remove unused variable in example for py/url-redirection 2020-01-21 15:45:05 +01:00
Rasmus Wriedt Larsen
bbe93f43d3 Python: Only comparison with constant will clear taint 
tainted = SOURCE
    if tainted == tainted:
        SINK(tainted) # unsafe

before, in the body of the if statement, `tainted` was not tainted
 2020-01-21 15:25:57 +01:00
Rasmus Wriedt Larsen
1498145415 Python: Highlight that any comparison will clear taint 2020-01-21 15:24:56 +01:00
Anders Schack-Mulligen
9cc0d3d1f4 Java/C++/C#: Remove DataFlowLocation as it's no longer needed. 2020-01-21 15:08:39 +01:00
Calum Grant
6692e61fa2 C#: Analysis change notes 2020-01-21 13:55:32 +00:00
Calum Grant
be68b6f938 C#: Add precision to queries 2020-01-21 13:24:48 +00:00
Jonas Jensen
84811f66a2 C++: autoformat 2020-01-21 13:21:16 +01:00
Erik Krogh Kristensen
569ee8fc8d add support for subclasses of EventEmitter 2020-01-21 12:08:50 +01:00
Jonas Jensen
6d46e4d946 C++: Wire up models to DefaultTaintTracking 
This adds support for arg-to-arg and arg-to-return taint.
 2020-01-21 12:04:45 +01:00
Jonas Jensen
fa00e96ba8 C++: Test IR taint through library functions 2020-01-21 12:03:43 +01:00
Jonas Jensen
5ac56c2e3a C++: Add DataFlow::Node.asDefiningArgument in IR 2020-01-21 11:52:06 +01:00
Geoffrey White
80997a3323 Merge pull request #2655 from Semmle/jbj-patch-1 
C++: Fix typo in MallocSizeExpr
 2020-01-21 09:44:41 +00:00
Jonas Jensen
cdcd3ed748 Merge pull request #2647 from geoffw0/modelpure 
CPP: Improve strlen model
 2020-01-21 09:42:10 +01:00
Jonas Jensen
0568ed6451 C++: Fix typo in MallocSizeExpr 
The first argument is index 0, not 1.
 2020-01-21 09:09:49 +01:00
Mathias Vorreiter Pedersen
c9cc459baf C++: Rename .qlhelp to .qhelp 2020-01-20 21:17:53 +01:00
Mathias Vorreiter Pedersen
fddd3660ab C++: Fix formatting in example 2020-01-20 16:05:16 +01:00
Geoffrey White
4f02183dc2 CPP: Re-layout test. 2020-01-20 15:00:09 +00:00
Geoffrey White
2133fbd155 CPP: Fix the nulltermination test. 2020-01-20 14:55:52 +00:00
Erik Krogh Kristensen
026092559c changes based on review 2020-01-20 15:53:58 +01:00
Calum Grant
86fa7e5c38 C#: Analysis change notes 2020-01-20 14:37:28 +00:00
Calum Grant
9d7c9e0ba4 C#: Default parameter values are maybe null 
C#: Update test output
 2020-01-20 14:37:20 +00:00
Geoffrey White
952b9e1581 CPP: Use hasGlobalName where appropriate. 2020-01-20 14:24:38 +00:00
Erik Krogh Kristensen
6494649125 fix a number of FPs in js/exception-xss 2020-01-20 15:11:57 +01:00
Erik Krogh Kristensen
5c6134db99 a bit of self-review and an auto-format 2020-01-20 14:55:49 +01:00
Erik Krogh Kristensen
ad813ef86c add flowsTo to the use of isAdditionalLoadStep 2020-01-20 14:16:29 +01:00
Mathias Vorreiter Pedersen
13fc8741d4 C++: Include malloc example in qlhelp 2020-01-20 13:28:00 +01:00
Geoffrey White
79811fcccd Merge pull request #2642 from jbj/TaintTracking-indirection 
C++: Indirection for security.TaintTracking impl
 2020-01-20 12:25:51 +00:00
Geoffrey White
5a20e85598 Merge pull request #2638 from jbj/ir-dispatch 
C++ IR: Support for global virtual dispatch
 2020-01-20 12:04:09 +00:00
Calum Grant
631b4248b5 C#: Add a nullness test 2020-01-20 11:13:31 +00:00
Mathias Vorreiter Pedersen
a43131a987 C++: Fix formatting 2020-01-20 11:39:48 +01:00
Jonas Jensen
391b80eac4 C++: Show virtual inheritance problem in vdispatch 2020-01-20 11:17:44 +01:00
Jonas Jensen
2a0fc31b68 C++: Comment and rename getSrc -> getDispatchValue 
Better clarity was requested in the PR review.
 2020-01-20 11:03:03 +01:00
Erik Krogh Kristensen
ffbd0f6632 update expected test output 2020-01-20 09:56:40 +01:00
Erik Krogh Kristensen
b3b132c66d Merge remote-tracking branch 'upstream/master' into ExceptionalPromise 2020-01-20 09:20:09 +01:00
Jonas Jensen
742bd1c6ad Merge pull request #2648 from rdmarsh2/getMemoryOperandDefinition-perf 
C++: Performance fix for getMemoryOperandDefinition
 2020-01-20 08:49:55 +01:00
Grzegorz Golawski
00ee3d2549 Query to detect LDAP injections in Java 
Cleanup
 2020-01-18 20:21:38 +01:00
Grzegorz Golawski
95723b08e1 Query to detect LDAP injections in Java 
Add help
 2020-01-18 19:01:35 +01:00
Grzegorz Golawski
8cec46342f Query to detect LDAP injections in Java 
Refactoring
 2020-01-18 17:14:22 +01:00
Jonas Jensen
d3a1856793 Merge pull request #2646 from geoffw0/modelinet 
CPP: Fix a mistake in Inet.qll.
 2020-01-17 22:53:43 +01:00
Geoffrey White
97c346285e CPP: Change note. 2020-01-17 18:56:21 +00:00
Geoffrey White
fcea3693f9 CPP: Remove now redundant special cases. 2020-01-17 18:56:21 +00:00
Geoffrey White
200545d88c CPP: Add detail to the model. 2020-01-17 18:56:21 +00:00
Geoffrey White
77a3778eef CPP: Add some strlen variants to the PureStrFunction model. 2020-01-17 18:56:21 +00:00
Jonas Jensen
3632d51abc Merge pull request #2635 from geoffw0/modelstrdup 
CPP: Model strdup
 2020-01-17 19:26:26 +01:00
Geoffrey White
803da339a1 CPP: Fix a mistake in Inet.qll. 2020-01-17 17:44:42 +00:00
Geoffrey White
e4139fe427 Apply suggestions from code review 
Additional corrections.

Co-Authored-By: Dave Bartolomeo <dbartol@github.com>
 2020-01-17 17:20:37 +00:00
Geoffrey White
7dbda22a29 CPP: Update change note. 2020-01-17 16:19:39 +00:00
Geoffrey White
839fd8f848 CPP: Fix typo. 2020-01-17 16:10:41 +00:00