hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 06:42:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,948 Commits 1,684 Branches 159 Tags
codeql-cli/v2.4.0
Commit Graph

17948 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Max Schaefer
a8470a984a JavaScript: Generalise ConstantComparison sanitisers. 
In addition to treating comparisons with literals as sanitisers, we now
also treat comparisons with variables that have a single assignment as
sanitisers.

Proving that such a variable is actually a constant is not easy, but for
this use case a simple approximation works fine.
 2019-04-25 07:38:31 +01:00
Ziemowit Laski
ac58bdfc58 [CPP-340] For MistypedFunctionArguments.ql, add support for pointers to pointers and pointers to arrays. 2019-04-24 14:54:01 -07:00
semmle-qlci
a504ad4261 Merge pull request #1270 from xiemaisi/odasa/7904 
Approved by esben-semmle
 2019-04-24 21:50:07 +01:00
semmle-qlci
3fbfb79c5b Merge pull request #1276 from adityasharad/js/node-runtime-env-var 
Approved by asger-semmle
 2019-04-24 16:55:14 +01:00
Taus
0917936100 Merge pull request #1273 from markshannon/python-fix-odasa-7890 
Add test confirming correct handling of zope.interface.Interface in query.
 2019-04-24 11:59:35 +02:00
Asger F
a16753c125 JS: Add documentation 2019-04-24 10:12:55 +01:00
Jonas Jensen
1dcfd21a5c Merge pull request #1264 from geoffw0/redundantnullperf 
CPP: Add qhelp for RedundantNullCheckSimple.ql.
 2019-04-24 10:25:23 +02:00
Aditya Sharad
4121e7245b TS extractor: Allow the Node.js runtime to be configured via environment variables. 
`SEMMLE_TYPESCRIPT_NODE_RUNTIME` can be used to provide the path to the Node.js runtime executable.
If this is omitted, the extractor defaults to the current behaviour of looking for `node` on the PATH.

`SEMMLE_TYPESCRIPT_NODE_RUNTIME_EXTRA_ARGS` can be used to provide additional arguments to the
Node.js runtime. These are passed first, before the arguments supplied by the extractor.

These changes are designed to allow TypeScript extraction in controlled customer environments where
we cannot control the PATH, or must use custom Node.js executables with certain arguments set.
 2019-04-23 15:04:14 -07:00
Robert Marsh
919f5c616f C++: comment and test for taint flow via memcpy 2019-04-23 11:17:18 -07:00
semmle-qlci
060aa8cb6c Merge pull request #1274 from asger-semmle/ts-export-equals 
Approved by xiemaisi
 2019-04-23 17:07:52 +01:00
Geoffrey White
6234b26496 CPP: Make some repairs manually. 2019-04-23 14:45:27 +01:00
Geoffrey White
e395f5215f CPP: Autoformat 'Critical'. 2019-04-23 14:45:27 +01:00
Max Schaefer
7faa4fd938 JavaScript: Add test case exposing two bugs in data flow library. 
This test case exposes two bugs in our data flow library (fixed by the
two previous commits):

  - the charpreds of `SourcePathNode` and `SinkPathNode` only ensured
    that they were on a path from a source to a sink, not that they
    actually were the source/sink themselves;
  - function summarization would allow for non-level paths; in the
    test case, this meant that one of the summaries for `source`
    represented the path returning from `source` on line 13 and then
    flowing back into the call on line 15, in the process transforming
    the parity of the flow label and hence causing a spurious flow.
 2019-04-23 13:16:30 +01:00
Max Schaefer
465be47574 JavaScript: Only follow level flow steps when summarising functions. 
It is not only wasteful to consider paths with unmatched calls/returns,
but also wrong; see test case in next commit.
 2019-04-23 13:16:30 +01:00
Max Schaefer
455dbccd05 JavaScript: Fix definitions of SourcePathNode and SinkPathNode. 
Their charpreds previously only ensured that they were on a path from a
source to a sink, not that they actually were the source and sink,
respectively. See two commits further for a test case.
 2019-04-23 13:15:47 +01:00
Asger F
08bc29cddb TS: fix analysis of export= statements 2019-04-23 13:09:40 +01:00
Mark Shannon
6a9bb5c5c9 Add test confirming correct handling of zope.interface.Interface in query. 2019-04-23 12:52:50 +01:00
Esben Sparre Andreasen
f064ba0c55 JS: change notes for newline whitelist in js/incomplete-sanitization 2019-04-23 08:38:26 +02:00
Esben Sparre Andreasen
ac0913c878 JS: add newline removal whitelist for js/incomplete-sanitization 2019-04-23 08:38:23 +02:00
Esben Sparre Andreasen
bdbd00e046 JS: add newline removal tests for js/incomplete-sanitization 2019-04-23 08:37:39 +02:00
Robert Marsh
34f8653979 C++: change note for taint def-by-ref 2019-04-22 10:46:36 -07:00
Robert Marsh
262f724235 C++: add taint edges to DefinitionByReferenceNode 2019-04-22 10:39:02 -07:00
Robert Marsh
45a35a8572 Merge pull request #1265 from rdmarsh2/rdmarsh/cpp/gvn-string-pooling 
C++: string pooling in IR value numbering
 2019-04-22 09:29:44 -07:00
Ziemowit Laski
36b2c14f88 [CPP-340] Minor formatting tweaks 2019-04-19 11:46:54 -07:00
Robert Marsh
e7ca6c8bd9 C++: test for value number string pooling 2019-04-19 10:50:52 -07:00
Ziemowit Laski
62b030d27f [CPP-340] Add a fourth query, ArgumentsToImplicit.ql, to deal strictly with implicitly declared 
functions.  TooManyArguments.ql will now deal with explicitly declared/prototyped functions.
 2019-04-18 17:56:41 -07:00
Robert Marsh
3907ef98a3 C++: value number string constants 2019-04-18 16:14:54 -07:00
yh-semmle
04954f77de Merge pull request #1262 from sb-semmle/more-spring-sources 
Parameters annotated with Spring's @RequestBody and @PathVariable are remote input sources.
 2019-04-18 18:08:44 -04:00
Sebastian Bauersfeld
734fe542ab Update change notes. 2019-04-18 16:37:08 -04:00
Robert Marsh
c6f01265be Merge pull request #1263 from geoffw0/bufferoverflowqueries 
CPP: Resolve overlap between OverflowCalculated.ql and NoSpaceForZeroTerminator.ql
 2019-04-18 13:21:57 -04:00
Geoffrey White
eaed0004a3 CPP: Add qhelp for RedundantNullCheckSimple.ql. 2019-04-18 12:47:07 +01:00
Asger F
f3c80c738e JS: Unify access paths for captured variables 2019-04-18 11:27:15 +01:00
Asger F
e543097c45 JS: Add test 2019-04-18 11:26:39 +01:00
Geoffrey White
56e0adf152 CPP: Change note. 2019-04-18 10:34:20 +01:00
Geoffrey White
57a4e52b47 CPP: Remove the overlap between these two queries. 2019-04-18 10:33:33 +01:00
Geoffrey White
ca6ba36d87 CPP: Unify and improve the MallocCall classes. 2019-04-18 10:30:18 +01:00
Geoffrey White
1ba8364c3b CPP: Add more test cases. 2019-04-18 10:28:34 +01:00
Geoffrey White
8856442f7f CPP: Add NoSpaceForZeroTerminator to the OverflowCalculated test. 2019-04-18 09:19:44 +01:00
Geoffrey White
12650f85c5 CPP: Rename a test file. 2019-04-18 09:16:55 +01:00
Max Schaefer
76e01f0055 JavaScript: Update TypeTracker to align with TypeBackTracker. 
It now also has `step` and `smallstep` predicates. In the usual case,
however, I think I prefer the `SourceNode::track` API, so I left the
recommended style in the qldoc alone (and adjusted the one for
`TypeBackTracker` to match).
 2019-04-18 09:08:09 +01:00
Sebastian Bauersfeld
2f200d7517 Parameters annotated with Spring's @RequestBody and @PathVariable are remote input sources. 2019-04-17 18:02:00 -04:00
Geoffrey White
c674f54129 Merge pull request #1259 from xiemaisi/cpp/typo-fix 
CPP: Fix two doc comments.
 2019-04-17 16:48:23 +01:00
ian-semmle
ff574e56be Merge pull request #1260 from nickrolfe/qltest_verbosity 
C++: update expected extractor arguments to match qltest runner changes
 2019-04-17 15:56:22 +01:00
Max Schaefer
a61ca489f1 Merge pull request #1258 from asger-semmle/prototype-pollution 
JS: prototype pollution query template
 2019-04-17 12:58:05 +01:00
Nick Rolfe
bf204ecdf8 C++: update expected extractor arguments to match qltest runner changes 2019-04-17 12:30:04 +01:00
Max Schaefer
599185e125 CPP: Fix two doc comments. 2019-04-17 10:49:38 +01:00
Geoffrey White
f33b24c917 Merge pull request #1239 from jbj/qlformat-1 
C++: Autoformat QL code in Architecture and Best Practices
 2019-04-17 09:56:29 +01:00
semmle-qlci
f36eafce3f Merge pull request #1246 from xiemaisi/js/hardcoded-password 
Approved by asger-semmle
 2019-04-17 08:54:09 +01:00
Ziemowit Laski
65130c40ab [CPP-340] Add white list (for false positive suppression) to TooManyArguments.ql 2019-04-16 14:02:34 -07:00
Robert Marsh
09d0548c81 Merge pull request #1237 from geoffw0/commentedoutcode2 
CPP: Fix FPs from detecting commented out preprocessor logic
 2019-04-16 10:31:42 -07:00