hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-13 06:24:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,948 Commits 1,681 Branches 158 Tags
codeql-cli/v2.4.0
Commit Graph

17948 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Lerchedahl Petersen
09025c2198 Python: Fix test, update results and annotations 2020-08-27 08:40:13 +02:00
Esben Sparre Andreasen
67278d9c93 Merge pull request #4141 from esbena/js/clarify-sanitization 
JS: make sanitization a "common" technique rather than "important"
 2020-08-27 08:08:17 +02:00
ubuntu
736f76b685 Simplify getQueryCall 2020-08-27 02:12:17 +02:00
ubuntu
30e7f958a8 Highlight API call 2020-08-27 01:42:16 +02:00
Robert Marsh
c0edc08315 C++: Simplify non-member iterator operator models 2020-08-26 16:19:03 -07:00
Robert Marsh
994e845ab0 C++: use set literals in iterator models 2020-08-26 16:08:39 -07:00
ubuntu
7eeec0d765 Correct typo example 2020-08-27 01:07:13 +02:00
ubuntu
cbe879ae73 Correct typo examples 2020-08-27 01:05:49 +02:00
Robert Marsh
6f0cc16979 C++: remove non-existent operators from model 2020-08-26 15:52:53 -07:00
ubuntu
68ff480892 Update .qhelp 2020-08-27 00:51:08 +02:00
ubuntu
13f443d2c3 Update getLdapjsClientDNMethodName 2020-08-27 00:48:29 +02:00
Alessio Della Libera
616113aeff Update javascript/ql/src/experimental/Security/CWE-090/Ldapjs.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-08-27 00:47:29 +02:00
ubuntu
94bd9c6d3e Rename LdapjsDN to LdapjsDNArgument and add it as Sink 2020-08-27 00:43:38 +02:00
ubuntu
7d36b3b4d2 Correct typo 2020-08-27 00:26:54 +02:00
ubuntu
2305a642eb Correct typo 2020-08-27 00:24:50 +02:00
Alessio Della Libera
23287aacee Update javascript/ql/src/experimental/Security/CWE-090/Ldapjs.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-08-27 00:17:55 +02:00
Alessio Della Libera
f12ac8ca60 Update javascript/ql/src/experimental/Security/CWE-090/Ldapjs.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-08-27 00:17:33 +02:00
ubuntu
cd1d50b637 Update expected output 2020-08-26 23:50:15 +02:00
Alessio Della Libera
dcf51c75e9 Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.ql 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-08-26 23:33:52 +02:00
Porcupiney Hairs
3f6eef8437 Java: add websocket reads as remote flow source. 
Currently, JAX-WS reads are considered as untrusted. However, `java.net.http.WebSocket` reads are not marked as such.

This PR adds support for the same.
 2020-08-27 02:45:59 +05:30
Rasmus Wriedt Larsen
bd21fc5601 Python: Autoformat 2020-08-26 20:37:48 +02:00
Rasmus Wriedt Larsen
c24e3452f5 Python: Add more expected collection taint steps 2020-08-26 20:28:33 +02:00
Rasmus Wriedt Larsen
423139bc22 Python: Add additional taint steps for iterable-unpacking 2020-08-26 20:21:15 +02:00
Esben Sparre Andreasen
d27442e846 Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2020-08-26 20:18:54 +02:00
Rasmus Wriedt Larsen
afb160fbbb Python: Add additional taint steps for for-iteration 2020-08-26 20:18:31 +02:00
Rasmus Wriedt Larsen
e2a89aa296 Python: Add additional taint steps for copy 
deepcopy was already handled somehow, don't really know how :D
 2020-08-26 19:39:38 +02:00
Rasmus Wriedt Larsen
b974dadca1 Python: Add additional taint steps for containers 2020-08-26 19:39:37 +02:00
Rasmus Wriedt Larsen
b6049765a8 Python: Add a few more collection taint tests 2020-08-26 19:39:36 +02:00
Rasmus Wriedt Larsen
32f9d30136 Python: Add syntactic taint steps for json methods 2020-08-26 19:39:36 +02:00
Rasmus Wriedt Larsen
41e24ae93f Python: Add non-syntactical test for taint of json methods 2020-08-26 19:39:35 +02:00
Rasmus Wriedt Larsen
5f9aa4c3b9 Python: Restructure defaultAdditionalTaintStep tests 
This makes it easier to add a new test-case, and makes it easier to work with
the existing files. It does have a downside on making it a bit more annoying
looking at TestTaint.expected, and possible longer runtime, but I think it's
still worth it.
 2020-08-26 19:39:33 +02:00
Rasmus Wriedt Larsen
a1ada62596 Python: Remodel taint tests for shared lib 
I took the bits from ql/test/library-tests/taint/ that seemed easy to port. I
left out namedtuple for now, but it is part of internal tracking ticket, so
won't be forgotten.
 2020-08-26 19:39:32 +02:00
Mathias Vorreiter Pedersen
1221165792 Merge branch 'main' into mathiasvp/read-step-without-memory-operands 2020-08-26 19:13:54 +02:00
Dave Bartolomeo
01a61469d3 Merge pull request #4137 from tausbn/python-cpp-make-inline-test-libs-language-agnostic 
CPP: Make inline expectation test library language agnostic.
 2020-08-26 13:00:19 -04:00
Mathias Vorreiter Pedersen
d900a70738 C++: Accept test changes in query tests 2020-08-26 18:10:21 +02:00
Rasmus Lerchedahl Petersen
dcabd37974 Python: Update test expectations 2020-08-26 17:58:35 +02:00
Rasmus Lerchedahl Petersen
bf6211f639 Merge branch 'main' of github.com:github/codeql into SharedDataflow_ParsimoniousFlowNodes 2020-08-26 17:50:17 +02:00
Rasmus Lerchedahl Petersen
6c173047e6 Merge branch 'MagicMethods' of github.com:yoff/codeql into MagicMethods 2020-08-26 17:43:27 +02:00
Rasmus Lerchedahl Petersen
47e35c530d Merge branch 'main' of github.com:github/codeql into MagicMethods 2020-08-26 17:42:44 +02:00
Taus Brock-Nannestad
0f221ccfa2 Merge branch 'main' into python-cpp-make-inline-test-libs-language-agnostic 2020-08-26 17:23:25 +02:00
Mathias Vorreiter Pedersen
dd8984dfc5 C++: Keep ExplicitFieldStoreQualifierNode private 2020-08-26 16:14:58 +02:00
Taus Brock-Nannestad
e193e12b3f Python: Add support for inline test expectations library 2020-08-26 16:10:04 +02:00
Taus
b1946c60dd Merge pull request #4127 from RasmusWL/python-tainttracking-fstring 
Python: Handle f-strings in (current) taint tracking
 2020-08-26 16:06:01 +02:00
Taus Brock-Nannestad
a824d75e4f C++: Add documentation for the LineComment class 2020-08-26 16:02:26 +02:00
Tamas Vajk
18c65e9f73 Fix typo in change notes 2020-08-26 15:57:41 +02:00
Mathias Vorreiter Pedersen
e4807c0181 C++: Accept test changes 2020-08-26 15:51:09 +02:00
Mathias Vorreiter Pedersen
9d9c78c9f6 C++: Use the information provided by the IR alias analysis to detect dataflow read and store steps. 2020-08-26 15:51:03 +02:00
Mathias Vorreiter Pedersen
2a8ee90828 C++: Demonstrate lack of flow when taking the address of a field and loading it afterwards 2020-08-26 15:50:57 +02:00
Esben Sparre Andreasen
89305865d0 JS: make sanitization a "common" technique rather than "important" 2020-08-26 15:41:54 +02:00
Tamas Vajk
3f54e5d310 Add change note 2020-08-26 15:12:11 +02:00