hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-14 15:04:56 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,948 Commits 1,680 Branches 158 Tags
codeql-cli/v2.4.0
Commit Graph

17948 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Remco Vermeulen
7428a8cd95 Add missing java import 2020-07-09 15:06:26 +02:00
Remco Vermeulen
d3db4fa5b2 Add missing java import 2020-07-09 15:04:16 +02:00
Remco Vermeulen
54d6c8b5f4 Mark ServletUrlRedirectSink private 2020-07-09 15:03:51 +02:00
Remco Vermeulen
782573ed43 Add and format qldocs according to the style guide. 2020-07-09 14:58:53 +02:00
Remco Vermeulen
4ad6357cd7 Add missing Java import 2020-07-09 14:54:46 +02:00
Remco Vermeulen
7435dac3d2 Move source and sink into importable library 2020-07-09 14:53:59 +02:00
Arthur Baars
e183171fea Java: model Object.clone 2020-07-09 14:50:29 +02:00
intrigus
641c5df79f Centralize and model additional path creations. 2020-07-09 14:48:47 +02:00
Remco Vermeulen
b66f391c31 Extend source and sink from DataFlow::Node instead of DataFlow::exprNode 2020-07-09 14:39:08 +02:00
Remco Vermeulen
fed506a12f Rename TrustedSource to SafeHeaderSplittingSource 2020-07-09 14:36:23 +02:00
Henry Mercer
3d711b8cd1 C#: Fix broken link to ECMA-335 2020-07-09 13:15:22 +01:00
Remco Vermeulen
1212feab28 Add file-level qldoc 2020-07-09 14:11:59 +02:00
Remco Vermeulen
99228d8bc2 Optimize imports 2020-07-09 14:09:39 +02:00
Remco Vermeulen
ba9f3e2a1e Join ServletUrlRedirectSink with UrlRedirectSink 2020-07-09 14:08:43 +02:00
Remco Vermeulen
88f4b224c3 Extend UrlRedirectSink from DataFlow::Node 2020-07-09 14:05:54 +02:00
Remco Vermeulen
f8078f1125 Remove superfluous imports 2020-07-09 13:43:10 +02:00
Arthur Baars
d3d58795f1 Java: ContainerFlow add comments 
Some method variants are captured by a super class. Added some comments
to indicate where this happens to make review of missing methods easier
in the future.
 2020-07-09 12:46:57 +02:00
semmle-qlci
e167b87150 Merge pull request #3932 from max-schaefer/portals-additions 
Approved by esbena
 2020-07-09 11:43:45 +01:00
Remco Vermeulen
9a84abf259 Generalize QueryInjectionSink 
Extends from the more general DataFlow::Node instead of
DataFlow::ExprNode
 2020-07-09 12:32:17 +02:00
Arthur Baars
24c6e506aa Java: ContainerFlow: RValue -> Expr 
While most flow for a qualifierToArgumentStep goes through a variable use
this is not always the case. Therefore it is best to remove the restriction
to RValue to allow taint steps to use postupdate nodes.

See also: ba86dea657
 2020-07-09 12:20:48 +02:00
Arthur Baars
0bd103ac05 Java: add tests for Container taint steps 2020-07-09 12:15:38 +02:00
Mathias Vorreiter Pedersen
834263f72a C++: Alternate instruction -> operand flow 2020-07-09 11:36:54 +02:00
Philippe Antoine
5eff8d3165 Performance improvements suggested 2020-07-09 11:31:47 +02:00
Rasmus Wriedt Larsen
e7c89dc24b Python: Fix grammar 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2020-07-09 10:39:58 +02:00
Remco Vermeulen
c01844a39e Add file-level qldoc 2020-07-09 10:30:31 +02:00
Max Schaefer
7a1410e0d5 JavaScript: Update and expand tests. 2020-07-09 09:25:52 +01:00
Remco Vermeulen
42e261ac02 Move SqlInjectionSink and PersistenceQueryInjectionSink 
Join SqlInjectionSink and PersistenceQueryInjectionSink with
QueryInjectionSink to make its definition more transparent.
 2020-07-09 10:21:24 +02:00
Remco Vermeulen
d07d21c9e2 Fix import 2020-07-09 10:20:53 +02:00
Anders Schack-Mulligen
777dc6305c Merge pull request #3893 from aibaars/set-map-list-copy-of 
Java: model some new Set,List,Map methods
 2020-07-09 10:18:12 +02:00
Max Schaefer
1c47260bde JavaScript: Add support for global variables to portals. 2020-07-09 09:12:56 +01:00
Max Schaefer
c40ef0556a JavaScript: Broaden scope of imports considered relevant to portals. 
Previously, we only considered an import relevant to portals if the path it imported was declared as a dependency. This falls down for deep imports where a specific module inside the package is imported rather than the default entry point, for imports of built-in modules like `fs`, and in cases where a developer simply forgets to declare a dependency.

So instead we now consider all imports relevant whose path does not start with a dot or a slash.
 2020-07-09 09:09:44 +01:00
Max Schaefer
8b4b5781e6 JavaScript: Add utility predicate getBasePortal(i). 
This iterates the existing `getBasePortal()` predicate `i` times.
 2020-07-09 09:08:18 +01:00
Robert Marsh
0e66d0892b Merge pull request #3785 from MathiasVP/dataflow-operand-nodes 
C++: Operands as dataflow nodes
 2020-07-08 14:50:54 -07:00
Arthur Baars
6367eb9ee8 Address review comments 2020-07-08 22:08:27 +02:00
lcartey@github.com
0638b512bc C++: Support custom range expression modeling for variable accesses 2020-07-08 17:56:31 +01:00
dilanbhalla
6e6921b11e implemented pr fixes 2020-07-08 09:23:52 -07:00
dilanbhalla
05a4798b5e working on implementing pr fixes 2020-07-08 09:19:46 -07:00
Ian Lynagh
71b70b4bd0 C++: Give static_assert's an enclosing element 2020-07-08 17:10:43 +01:00
Remco Vermeulen
5f560e0465 Extract HeaderSplittingSink and WhitelistedSource 
- Extract `HeaderSplittingSink` and `WhitelistedSource` into an
importable library.
- Rename the existing `HeaderSplittingSink` implementation to
`ServletHeaderSplittingSink`.
 2020-07-08 17:17:24 +02:00
lcartey@github.com
b4929dbb97 C++: Adopt range analysis interface in the SimpleRangeAnalysis library 2020-07-08 16:00:44 +01:00
lcartey@github.com
5c1275ec5d C++: Add an interface for exprs that can contribute to range analysis 2020-07-08 16:00:07 +01:00
Remco Vermeulen
170be9ffe8 Move UrlRedirectSink into importable library 
- The `UrlRedirect` class is renamed to `ServletUrlRedirect`.
- Abstract class `UrlRedirectSink` is defined that can be imported and
used to customise CWE-601 via Customizations.qll
 2020-07-08 16:47:51 +02:00
Jonas Jensen
0bbbfe58cf Merge pull request #3916 from geoffw0/cc_followup2 
C++: Add missing constructor taint test
 2020-07-08 16:35:47 +02:00
Remco Vermeulen
06517c6f82 Move QueryInjectionSink into importable library 
This enables defining of new sinks to customise the CWE-089 queries.
 2020-07-08 16:24:06 +02:00
Arthur Baars
e8f216c761 Merge remote-tracking branch 'upstream/master' into set-map-list-copy-of 2020-07-08 15:11:13 +02:00
Anders Schack-Mulligen
bf5c5297d3 Merge pull request #3897 from aibaars/util-objects 
Java: data flow for `java.util.Objects`
 2020-07-08 15:07:50 +02:00
Anders Schack-Mulligen
528f250af3 Merge pull request #3653 from lcartey/java/improve-spring-support 
Java: Improve modelling of Spring requests, flow steps and XSS sinks
 2020-07-08 15:00:14 +02:00
Luke Cartey
443c13d516 Merge pull request #2 from aschackmull/java/spring-3653-2 
Java: Fix qltests for https://github.com/github/codeql/pull/3653
 2020-07-08 13:19:45 +01:00
Anders Schack-Mulligen
b88ebd69c1 Java: Fix OgnlInjection qltest 2020-07-08 14:12:27 +02:00
Anders Schack-Mulligen
a4fe4f41b9 Java: Fix JndiInjection qltest 2020-07-08 14:09:08 +02:00