hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-01 08:42:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,948 Commits 1,673 Branches 157 Tags
codeql-cli/v2.4.0
Commit Graph

17948 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Lerchedahl Petersen
19796a4c9c Python: Improve tests and make validTest happy 2020-10-08 10:35:01 +02:00
Tom Hvitved
ce8567c64a Merge pull request #4293 from hvitved/csharp/cfg/assertions 
C#: Model assertions in the CFG
 2020-10-08 10:32:13 +02:00
Rasmus Lerchedahl Petersen
cc0661bce1 Python: More/better comments 2020-10-08 10:11:00 +02:00
Tom Hvitved
b70f5bc954 Merge pull request #4433 from hvitved/csharp/dataflow/switch-expr 
C#: Add missing data-flow for switch expressions
 2020-10-08 09:13:43 +02:00
Anders Schack-Mulligen
cb00f8bcc4 Merge pull request #4362 from tamasvajk/feature/sign-analysis-cleanup 
Sign analysis cleanup
 2020-10-08 09:10:04 +02:00
Gulshan Singh
662736eb2d Fix compiler error after removing getLOp/getROp 2020-10-07 12:45:08 -07:00
Tamás Vajk
06f1c898dc Merge pull request #4349 from tamasvajk/feature/modulus-analysis 
ModulusAnalysis shared between C# and Java
 2020-10-07 21:21:20 +02:00
Rasmus Wriedt Larsen
46ec7fbf6e Python: Make builtin compile function additional taint step 2020-10-07 21:17:39 +02:00
Rasmus Wriedt Larsen
c69a61bac5 Python: Model exec and eval calls as CodeExecution 2020-10-07 21:14:19 +02:00
Rasmus Wriedt Larsen
73971cff76 Python: Model exec statement (Python 2 only) as CodeExecution 2020-10-07 21:12:35 +02:00
Rasmus Wriedt Larsen
453c391bb0 Python: Add CodeExecution tests for stdlib 2020-10-07 21:12:31 +02:00
Dave Bartolomeo
1e455f08a3 Fix test expectations 2020-10-07 13:14:54 -04:00
Tom Hvitved
a9bb7b526c Merge pull request #4413 from hvitved/csharp/indexer-explicit-interface 
C#: Fix extraction of library indexers with explicit interface implementations
 2020-10-07 18:49:30 +02:00
Rasmus Wriedt Larsen
0af86cba50 Python: Port CodeInjection query 
and the dummy test-case we already have
 2020-10-07 18:47:23 +02:00
Rasmus Wriedt Larsen
5f6e4d47ca Python: Add CodeExecution concept 2020-10-07 18:22:45 +02:00
james
9fc6ae82d3 update template for sphinx codeql docs 2020-10-07 16:15:25 +01:00
james
b04962b5b9 small changes to conf.py 2020-10-07 16:14:58 +01:00
james
439f0a030e tidy up custom css 2020-10-07 16:14:35 +01:00
Tom Hvitved
31816af11e C#: Add missing data-flow for switch expressions 2020-10-07 17:10:29 +02:00
Tom Hvitved
9c503c1591 C#: Add more data/control-flow tests 2020-10-07 17:10:01 +02:00
Dave Bartolomeo
bf8340f102 Fix test expectations in syntax-zoo 2020-10-07 10:26:02 -04:00
Tamas Vajk
4df6a41616 ModulusAnalysis shared between C# and Java 2020-10-07 16:12:24 +02:00
Tamás Vajk
cec6bbea57 Merge pull request #4418 from tamasvajk/feature/reenable-test 
C#: Reenable disabled test on OSX
 2020-10-07 16:03:27 +02:00
Rasmus Lerchedahl Petersen
8196cfd21a Python: Attempt at clearer naming of parameters 2020-10-07 15:56:35 +02:00
yoff
35b0b6b472 Update python/ql/src/experimental/dataflow/internal/DataFlowPrivate.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-10-07 15:48:44 +02:00
Rasmus Lerchedahl Petersen
27a75c0bd1 Merge branch 'main' of github.com:github/codeql into SharedDataflow_ArgumentPassing 2020-10-07 15:43:31 +02:00
james
239ea80975 add new css styles 2020-10-07 14:37:35 +01:00
Tom Hvitved
af36718dc6 C#: QL doc adjustments 2020-10-07 15:15:18 +02:00
yoff
7e6f0b0bc3 Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-10-07 15:11:15 +02:00
Tom Hvitved
68014fd3bf C#: Fix extraction of library indexers with explicit interface implementations 2020-10-07 15:02:55 +02:00
Rasmus Wriedt Larsen
bec33b745e Python: Use range instead of self for ::Range pattern 
Following the suggestions from https://github.com/github/codeql/pull/4357
 2020-10-07 14:54:51 +02:00
Tom Hvitved
a4ce9417bc C#: Add test for missing accessors 2020-10-07 14:53:51 +02:00
Tom Hvitved
88575799e9 Merge pull request #4417 from hvitved/csharp/named-tuple-tests 
C#: Add test for named tuple types
 2020-10-07 13:26:49 +02:00
Rasmus Wriedt Larsen
c09695af7d Python: Properly handle invoke.task decorator 2020-10-07 12:29:19 +02:00
Rasmus Wriedt Larsen
67c5c590d2 Python: Expose getParameter on ParameterNode 2020-10-07 12:28:35 +02:00
Rasmus Wriedt Larsen
6d7f4a048b Python: Attempt to model invoke.task decorator 2020-10-07 12:26:49 +02:00
Rasmus Wriedt Larsen
c9219b3744 Clean module imports 2020-10-07 12:21:30 +02:00
Rasmus Wriedt Larsen
ebff1794fc Python: Model invoke.context.Context 2020-10-07 12:16:53 +02:00
Rasmus Wriedt Larsen
4ef5202382 Python: Add simple model for invoke.run and invoke.sudo 
and I sorted the list in Frameworks.qll, that kinda makes sense :)
 2020-10-07 12:13:59 +02:00
Rasmus Wriedt Larsen
300a8cdf7d Python: Add tests for the 'invoke' package 2020-10-07 11:55:26 +02:00
Tamas Vajk
d2d8d009eb Sync Bound between C# and Java 2020-10-07 11:43:30 +02:00
Tamas Vajk
40a7f5aa1f Java: Minor fix to modulus analysis to handle constant expressions and not only compile time constants 2020-10-07 11:42:42 +02:00
Tamas Vajk
5688210249 Java: add test for modulus analysis 2020-10-07 11:41:55 +02:00
Rasmus Wriedt Larsen
7721db206e Python: Don't double report paths for platform.popen and popen2.* 
I was a bit surprised that we hadn't double reported for popen2, but it turns
out that the implementation (at least on unix) looks like:

```
def popen2(cmd, bufsize=-1, mode='t'):
    ... = Popen3(cmd, False, bufsize)
    ...
```

but since the modeling I did only considers calls to `Popen3` only if it has
been imported from the `popen2` module, we don't consider that call as a sink.
 2020-10-07 10:57:31 +02:00
Tamas Vajk
94dc11c45a Revert getNonIntegerValue unification 2020-10-07 10:56:01 +02:00
Rasmus Wriedt Larsen
36812af2c2 Python: Add test for Python2 specific command injection 2020-10-07 10:54:03 +02:00
Rasmus Wriedt Larsen
737b2b896f Python: Fix QLDoc for popen2 module 2020-10-07 10:49:22 +02:00
Rasmus Wriedt Larsen
d8a9eacd02 Python: Remove TODO comment for popen2 module 2020-10-07 10:47:28 +02:00
Gulshan Singh
7233ffa50f Address review comments 2020-10-07 00:21:06 -07:00
Dave Bartolomeo
22638fdfc7 Merge remote-tracking branch 'upstream/main' into work 2020-10-06 18:33:14 -04:00