hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-12 22:14:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,948 Commits 1,681 Branches 158 Tags
codeql-cli/v2.4.0
Commit Graph

17948 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
6c40e22f45 C++: Support further reverse taint flows on things that return *this. 2020-09-04 09:45:10 +01:00
Geoffrey White
018b0a5abf C++: Model std::string front, back and push_back. 2020-09-04 09:45:07 +01:00
Geoffrey White
6e734a894f C++: Additional test cases for std::string. 2020-09-04 09:44:58 +01:00
Tamas Vajk
e2c205deb4 C#: Add stable order for generated accessors in printed AST 2020-09-04 10:39:01 +02:00
Erik Krogh Kristensen
fd05156298 clarifying comment on the last jQuery inconsistency 2020-09-04 10:30:42 +02:00
Erik Krogh Kristensen
b18f51806c regain the lost property presence result 2020-09-04 10:30:38 +02:00
Asger F
0704be4d41 Update javascript/ql/src/semmle/javascript/TypeScript.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-09-04 08:55:31 +01:00
Max Schaefer
252902d245 JavaScript: Restructure API-graph tests. 
With the old test runner we cannot have `VerifyAssertions.qlref`s for each individual test that reference a shared `VerifyAssertions.ql` in the parent directory, since it doesn't like nested tests.

Instead, we have to turn `VerifyAssertions.ql` into `VerifyAssertions.qll`, and each `VerifyAsssertions.qlref` into a `VerifyAssertions.ql` that imports it.

But then that doesn't work with our old directory structure, since the import path would have to contain the invalid identifier `library-tests`. As a workaround, I have moved the API graph tests into a directory without dashes in its path.
 2020-09-04 08:43:15 +01:00
Erik Krogh Kristensen
6fccf5aa70 use isLikelyIntentionalHtmlSink in the sink instead of in the where clause 2020-09-04 09:26:03 +02:00
CodeQL CI
58f51899c9 Merge pull request #4173 from erik-krogh/targetBlankFP 
Approved by esbena
 2020-09-04 08:21:22 +01:00
Tom Hvitved
7f18c3377e Merge pull request #4017 from hvitved/csharp/unqualify-trap-ids3 
C#: Remove assembly prefixes from TRAP labels
 2020-09-04 09:20:39 +02:00
Jonas Jensen
fbe42fb64c C++: Support != constant in range analysis 2020-09-04 09:20:23 +02:00
Jonas Jensen
d061b09fe0 C++: Test showing no support for != and ! 2020-09-04 09:02:42 +02:00
Max Schaefer
cb433a0c0f JavaScript: Add test for custom API-graph entry points. 2020-09-03 22:28:09 +01:00
Max Schaefer
58702e4c52 JavaScript: Rename EntryPoint.getADef to getARhs. 2020-09-03 22:28:09 +01:00
Max Schaefer
f3173ca968 JavaScript: Add a few unit tests for API graphs. 2020-09-03 22:28:09 +01:00
Max Schaefer
985399f4cf JavaScript: Move ApiGraphs library to semmle.javascript and import it from javascript.qll. 2020-09-03 22:28:09 +01:00
Max Schaefer
aaa70e4ad3 JavaScript: Make API-graph edge labels accessible outside ApiGraphs.qll. 2020-09-03 22:28:09 +01:00
Max Schaefer
7239f1fb6f JavaScript: Distinguish more carefully between def and use nodes in API graphs. 
In particular, we now have two different kinds of module features: module definitions and module uses.

For the most part, `API::Definition`s correspond to right-hand sides in the data-flow graph, and `API::Use`s correspond to references. However, module definitions can have references (via the CommonJS `module` variable), and so can their exports (via `module.exports` or `exports`). Note that this is different from references to uses of the module, which are simply imports.
 2020-09-03 22:28:09 +01:00
Mathias Vorreiter Pedersen
b7774b2a82 Merge pull request #4201 from geoffw0/insert 
C++: Model iterator versions of string and vector methods
 2020-09-03 21:45:36 +02:00
Geoffrey White
1d04c89927 C++: Autoformat. 2020-09-03 18:54:36 +01:00
Geoffrey White
5124660831 C++: Change note. 2020-09-03 18:54:27 +01:00
Geoffrey White
2d7552358b C++: Put in a better fix. 2020-09-03 18:51:57 +01:00
Geoffrey White
a1c7fd8fec C++: Remove the workaround for CPP-331. 2020-09-03 18:51:21 +01:00
Geoffrey White
5150bf30e7 C++: Add another test case inspired by CPP-331. 2020-09-03 18:50:11 +01:00
Geoffrey White
1483306c4c C++: Add more tests. 2020-09-03 18:39:50 +01:00
CodeQL CI
f180497554 Merge pull request #4192 from max-schaefer/js/ssa__implicitinit 
Approved by asgerf
 2020-09-03 16:46:56 +01:00
Max Schaefer
d8fbf60cbf JavaScript: Weaken a few types to stay under BDD node limit. 
`SourceNode` in cached layers seems particularly problematic.
 2020-09-03 14:29:04 +01:00
Max Schaefer
e77948103f JavaScript: Remove AdditionalFeature from ApiGraphs. 
I ended up not using it for flow summaries, so at this point it is purely speculative generality. We can reintroduce it later if we need to.
 2020-09-03 14:29:04 +01:00
Max Schaefer
924ef6ae5d Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-09-03 14:04:23 +01:00
Rasmus Wriedt Larsen
29bf98ad26 Python: Fix CUSTOM_SOURCE dataflow regression test 2020-09-03 15:03:53 +02:00
Asger Feldthaus
c05f5c1bc2 JS: Change note 2020-09-03 14:02:08 +01:00
Asger Feldthaus
393db73d0a JS: Update test 2020-09-03 14:01:40 +01:00
Asger Feldthaus
bfcc434a61 JS: Use both local and global names in hasQualifiedName 2020-09-03 14:01:13 +01:00
Asger Feldthaus
f7552a77c3 JS: Add metric for number of types with qualified names 2020-09-03 14:01:13 +01:00
Rasmus Wriedt Larsen
febbe1229a Merge branch 'main' into python-more-complete-dataflow-tests 2020-09-03 14:58:20 +02:00
CodeQL CI
c8ffde20f4 Merge pull request #4195 from RasmusWL/python-taint-default-sanitizer 
Approved by tausbn
 2020-09-03 13:55:32 +01:00
Erik Krogh Kristensen
ed54fdcb06 Merge pull request #4118 from dellalibera/js/ldap 
[javascript] CodeQL to detect LDAP Injection
 2020-09-03 14:50:03 +02:00
Erik Krogh Kristensen
d56ea22018 Merge pull request #4200 from erik-krogh/typeaheadInconsistencyComment 
JS: adjust comment about inconsistency for XSS in typeahead
 2020-09-03 13:56:40 +02:00
Erik Krogh Kristensen
d946a61d6e update expected output 2020-09-03 13:32:54 +02:00
Nick Rolfe
b8ae87470d Merge pull request #4182 from github/igfoo/cfg 
C++: Remove some remnants of the extractor CFG
 2020-09-03 12:22:04 +01:00
Geoffrey White
50d9a85143 C++: Update change note. 2020-09-03 10:52:27 +01:00
Geoffrey White
d4cbb25e09 C++: Model std::string constructors and container constructors that use iterators. 2020-09-03 10:52:27 +01:00
Geoffrey White
1ac0aa169d C++: Add a few more test cases. 2020-09-03 10:52:26 +01:00
Geoffrey White
1ad404c605 C++: Extend model to include std::forward_list::insert_after. 2020-09-03 10:52:26 +01:00
Geoffrey White
fcacb22cad C++: Use [] in std::string begin model. 2020-09-03 10:52:26 +01:00
Geoffrey White
95ca4b674d C++: Add model for std::vector::insert. 2020-09-03 10:52:25 +01:00
Geoffrey White
f61c7ffc1a C++: Add support for iterator parameters to std::vector::assign. 2020-09-03 10:52:25 +01:00
Geoffrey White
8e9faac363 C++: Add support for std::vector begin and end. 2020-09-03 10:52:24 +01:00
Geoffrey White
4d47eaa08d C++: Add support for iterator parameters to std::string::assign. 2020-09-03 10:52:24 +01:00