hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-25 12:22:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,948 Commits 1,686 Branches 158 Tags
codeql-cli/v2.4.0
Commit Graph

17948 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Max Schaefer
d71faaa5f9 JavaScript: Introduce PathNode::wraps. 2019-10-29 15:19:26 +00:00
Max Schaefer
98e0932de5 JavaScript: Make Configuration::isLive nullary. 
This makes it more obvious to the evaluator that it is a good predicate to pick as a sentinel, and in practice we mostly just have one configuration in scope anyway.
 2019-10-29 15:19:26 +00:00
Tom Hvitved
edbdfdfa27 C#: Update autobuilder tests 2019-10-29 16:14:58 +01:00
Max Schaefer
6964945c74 JavaScript: Restrict edges to only contain nodes. 2019-10-29 15:03:52 +00:00
alexet
924d23f657 Cache the computation of core toString predicates. 2019-10-29 14:48:27 +00:00
Taus Brock-Nannestad
5e62da7690 Python: Do not report unreachable "catch-all" cases in elif-chains. 
This was brought up on the LGTM.com forums here:
https://discuss.lgtm.com/t/warn-when-always-failing-assert-is-reachable-rather-than-unreachable/2436

Essentially, in a complex chain of `elif` statements, like

```python
if x < 0:
    ...
elif x >= 0:
    ...
else:
    ...
```

the `else` clause is redundant, since the preceding conditions completely
exhaust the possible values for `x` (assuming `x` is an integer). Rather than
promoting the final `elif` clause to an `else` clause, it is common to instead
raise an explicit exception in the `else` clause. During execution, this
exception will never actually be raised, but its presence indicates that the
preceding conditions are intended to cover all possible cases.

I think it's a fair point. This is a clear instance where the alert, even if it
is technically correct, is not useful for the end user.

Also, I decided to make the exclusion fairly restrictive: it only applies if
the unreachable statement is an `assert False, ...` or `raise ...`, and only
if said statement is the first in the `else` block. Any other statements will
still be reported.
 2019-10-29 15:30:32 +01:00
Tom Hvitved
6a77751713 C#: Add -L flag to autobuilder curl invocation 
Turns out that `https://dot.net/v1/dotnet-install.sh` has moved to
`https://dotnet.microsoft.com/download/dotnet-core/scripts/v1/dotnet-install.sh`.
Instead of updating the URL in the code, I prefer to keep the old URL (which is
still referenced in the documentation), and let `curl` handle the redirect.
 2019-10-29 14:15:17 +01:00
Rasmus Wriedt Larsen
fc851b46c3 Python: Fix Django class-based views 2019-10-29 13:58:07 +01:00
Rasmus Wriedt Larsen
fb864b7262 Python: Consolidate tests for django 
The tests in 3/ was not Python 3 specific anymore
 2019-10-29 13:58:07 +01:00
Rasmus Wriedt Larsen
91f269ed7b Python: Remove unused django sinks 
This would find instances of `thing = MyThing.objects.get(field=userinput)`, and
what seems to be a query that wants to match on `thing = MyThing();
thing.field=userinput`. Both are not vulnerable to user-input, due to the
build-in escaping by django.

The DjangoModelFieldWrite actually matches on `MyThing.field=userinput` and not
`thing.field=userinput`. I suspect this to be a mistake.

Matching on `thing.field=userinput`, would require this CodeQL:

attr.getObject(_).pointsTo().getClass() = model
 2019-10-29 13:58:07 +01:00
Rasmus Wriedt Larsen
471318369b Python: Don't quote %s in django example 
This is vulnerable to SQL injection because of the quotes around %s -- added
some code that highlights this in test.py

Since our examples did this in the safe query, I ended up rewriting them
completely, causing a lot of trouble for myself :D
 2019-10-29 13:58:07 +01:00
Rasmus Wriedt Larsen
afe7a0536c Python: Support positional arguments in Django routes 2019-10-29 13:58:07 +01:00
Rasmus Wriedt Larsen
49dd2216a6 Python: Refactor django library 
Use General.qll for routing, like in other web libraries
 2019-10-29 13:58:07 +01:00
Shati Patel
e2b446db19 Docs: Update Python 2019-10-29 12:36:16 +00:00
Shati Patel
3337eaf0f9 Docs: Update JavaScript/TypeScript 2019-10-29 12:36:06 +00:00
Erik Krogh Kristensen
2d01e7c5ed simplify the callsArray predicate 2019-10-29 12:13:01 +01:00
Erik Krogh Kristensen
563f32193c suggestions from @max-schaefer 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-10-29 12:10:12 +01:00
Jonas Jensen
b6038f3caa C++: Remove best-bound logic from test 
This logic, in an improved form, is now part of the library itself.
 2019-10-29 11:54:32 +01:00
Jonas Jensen
311963906b C++: Only give the best delta in range analysis 
This mirrors Java's 6b85fe087a.
 2019-10-29 11:49:49 +01:00
Taus
6e6dab9ab8 Merge pull request #2178 from RasmusWL/python-minor-qldoc-fix 
Python: Fix qldoc for TaintTracking Configuration
 2019-10-29 10:40:12 +01:00
Jonas Jensen
ff62afb575 C++: Rename parameter to b to match QLDoc 2019-10-29 10:38:23 +01:00
semmle-qlci
2cddb82f10 Merge pull request #2210 from max-schaefer/js/better-destructuring-type-inference 
Approved by asger-semmle, esbena
 2019-10-29 08:08:51 +00:00
Jonas Jensen
0b2c2620cd Merge pull request #2184 from dave-bartolomeo/dave/AliasedUse 
C++/C#: Add `AliasedUse` instruction to all functions
 2019-10-29 08:37:57 +01:00
Robert Marsh
8076156cb1 Merge branch 'master' into rdmarsh/cpp/ir-callee-side-effects 2019-10-28 16:50:34 -07:00
Robert Marsh
120fa6c330 C++: alias fixes for ReturnIndirection 2019-10-28 15:09:35 -07:00
Robert Marsh
5e946cc9f3 C++: add param read side effects to IR exit blocks 2019-10-28 15:09:04 -07:00
Geoffrey White
3584c0b2e5 CPP: Speed up InitializationFunctions.qll's getTarget. 2019-10-28 19:54:10 +00:00
Geoffrey White
2d64fedeb0 CPP: Speed up VirtualDispatch.qll's getAViableTarget. 2019-10-28 19:54:10 +00:00
Geoffrey White
c40c88ec4b CPP: Add test cases for ConditionallyUninitializedVariables.ql. 2019-10-28 18:43:00 +00:00
Geoffrey White
d693eb8c20 CPP: Correct the ConditionallyUninitializedVariable examples. 2019-10-28 17:39:45 +00:00
Asger F
94dd9a1c04 JS: Block XSS flow through encodeURIComponent 2019-10-28 17:12:40 +00:00
Henning Makholm
ae554cf1e9 Make each upgrade directory a QL pack 2019-10-28 17:14:31 +01:00
Taus
04e3683035 Merge pull request #2194 from RasmusWL/python-improve-getbasetype-qldoc 
Python: Improve qldoc for ClassValue::getABaseType
 2019-10-28 17:07:19 +01:00
Anders Schack-Mulligen
d0842fc35d Java/C++/C#: Minor refactor following review comment. 2019-10-28 16:31:22 +01:00
Jonas Jensen
b13535ac7d C++: Implement DataFlow::BarrierGuard for AST+IR 
The change note is copied from the Java change note.
 2019-10-28 16:22:23 +01:00
Anders Schack-Mulligen
0ffcf9ce64 Merge pull request #2192 from JLLeitschuh/feature/JLL/http_response_splitting_netty 
Add CWE-113 check for io.netty.handler.codec.http.DefaultHttpHeaders
 2019-10-28 15:01:20 +01:00
semmle-qlci
70b114b827 Merge pull request #2208 from hvitved/csharp/codeql/no-bundled-nuget 
Approved by p0
 2019-10-28 13:47:50 +00:00
Tom Hvitved
3f5ee5138b C#: Add change notes 2019-10-28 14:22:59 +01:00
Tom Hvitved
eb990525d7 C#: Add precision tags to UnsafeDeserialization[UntrustedInput].ql 2019-10-28 14:19:40 +01:00
Tom Hvitved
b0cf7cb39a C#: Move UnsafeDeserialization.qll 2019-10-28 13:38:53 +01:00
Tom Hvitved
c3f23f542a C#: Add change note 2019-10-28 13:15:20 +01:00
Tom Hvitved
1fc786bea7 C#: Add precision tag to cs/deserialized-delegate 2019-10-28 13:11:10 +01:00
shati-patel
d94b0cab29 Update docs/language/learn-ql/java/introduce-libraries-java.rst 
Co-Authored-By: Felicity Chapman <felicitymay@github.com>
 2019-10-28 12:05:51 +00:00
semmle-qlci
30a907861b Merge pull request #2193 from max-schaefer/js/autobuilder-exclude-node_modules 
Approved by asger-semmle
 2019-10-28 11:26:51 +00:00
Tom Hvitved
8a08038ff3 C#: Use system-nuget in Autobuilder when SEMMLE_PLATFORM_TOOLS is not set 2019-10-28 10:59:26 +01:00
Geoffrey White
8839bdd688 Merge pull request #1428 from jbj/infinite-loops-visible 
C++: Make cpp/comparison-with-wider-type visible
 2019-10-28 09:49:38 +00:00
Anders Schack-Mulligen
379ef1d2f9 Java: Fix bad magic and join-order. 2019-10-28 10:40:06 +01:00
semmle-qlci
33374ee089 Merge pull request #2202 from asger-semmle/express-sendfile 
Approved by esbena
 2019-10-28 09:24:34 +00:00
Max Schaefer
b333c6a214 Merge pull request #2106 from asger-semmle/call-graph-3 
JS: Call graph changes
 2019-10-28 09:24:10 +00:00
Ziemowit Laski
1500148c76 [CPP-434] Clarify Qhelp. 2019-10-27 11:23:54 -07:00