hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-15 15:34:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,948 Commits 1,680 Branches 158 Tags
codeql-cli/v2.4.0
Commit Graph

17948 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
69888f90c6 add dot after bullet-point 2020-06-17 17:15:39 +02:00
Anders Schack-Mulligen
cedfaf6aaf Dataflow: autoformat 2020-06-17 17:09:55 +02:00
Anders Schack-Mulligen
543ab71dfe Dataflow: minor review fixes. 2020-06-17 17:03:22 +02:00
Rasmus Lerchedahl Petersen
25d624d64b Python: Implement parameter nodes 2020-06-17 16:59:19 +02:00
Geoffrey White
33fab08975 C++: Autoformat. 2020-06-17 15:53:05 +01:00
Dave Bartolomeo
687d6d2643 C++: Replace TRawInstruction() calls 
Replace most direct calls to `TRawInstruction()` with calls to `getInstructionTranslatedElement()` and `getInstructionTag()`, matching existing practice. One tiny RA diff in an inconsequential join order in `getInstructionVariable`.
 2020-06-17 10:52:32 -04:00
Geoffrey White
833f5b0cf3 C++: Add flow through assignment operators. 2020-06-17 15:47:37 +01:00
Geoffrey White
b9a65581ce C++: Some constructors should have dataflow instead of taint. 2020-06-17 15:47:37 +01:00
Geoffrey White
031c9b98f1 C++: General taint flow through constructors. 2020-06-17 15:47:37 +01:00
Geoffrey White
30151c99d7 C++: Remove the std::string Constructor model. 2020-06-17 15:43:58 +01:00
Rasmus Lerchedahl Petersen
8e51b2fed8 Python: refactor test for global flow 2020-06-17 16:43:11 +02:00
Geoffrey White
d565cfc58e C++: Add a test of default constructors etc. 2020-06-17 15:41:36 +01:00
Geoffrey White
c196ea24b2 C++: Add taint tests of class constructors and assignment. 2020-06-17 15:41:00 +01:00
Geoffrey White
ea9e9a7a26 C++: Add taint tests of std::string constructors and assignment. 2020-06-17 15:41:00 +01:00
Dave Bartolomeo
c1016743a5 C++: Remove instructionOrigin() 
This noopt predicate is no longer necessary. It's equivalent to `instruction = TRawInstruction(element, tag)`, which is already materialized and has a more favorable column order anyway.
 2020-06-17 10:25:59 -04:00
Rasmus Lerchedahl Petersen
71f364eef3 Python: Implement OutNode 
Also, fix test for local flow
 2020-06-17 16:24:44 +02:00
Dave Bartolomeo
e85cc0b0c6 C++: Stop caching raw IR construction predicates 
These predicates are only used within the new single IR stage, so there's no need to cache them beyond that. RA diffs are trivial. Where previously many of the predicate on `Instruction` were inline wrappers around cached predicates from `IRConstruction`, now the predicates from `IRConstruction` get inlined into the `Instruction` predicates, and the `Instruction` predicates get materialized. The net amount of work is the same, but now it's not getting cached unnecessarily.
 2020-06-17 09:47:48 -04:00
Anders Schack-Mulligen
d28b5ace63 Dataflow: Sync. 2020-06-17 15:40:48 +02:00
Anders Schack-Mulligen
10b64fc47a Dataflow: Record content type for stores. 2020-06-17 15:40:42 +02:00
Mathias Vorreiter Pedersen
01abaf373a Merge pull request #3728 from geoffw0/memberfunctions 
C++: Split MemberFunction.qll from Function.qll.
 2020-06-17 14:54:33 +02:00
Jonas Jensen
a87ff80ac0 Merge pull request #3587 from rdmarsh2/ir-this-parameter-2 
C++: IR return indirections for `this`
 2020-06-17 13:27:35 +02:00
Geoffrey White
7edaade175 C++: Improve QLDoc. 2020-06-17 12:11:42 +01:00
Erik Krogh Kristensen
cd111fe350 Merge pull request #3721 from asger-semmle/js/non-linear-pattern-msg 
JS: Improve alert message in js/non-linear-pattern
 2020-06-17 13:10:56 +02:00
Geoffrey White
0a9ec70c31 C++: Autoformat. 2020-06-17 11:54:50 +01:00
Erik Krogh Kristensen
b0be0eb805 fix qhelp links 2020-06-17 11:50:44 +02:00
Erik Krogh Kristensen
fa0a8c3423 add documentation examples as tests 2020-06-17 11:37:32 +02:00
Erik Krogh Kristensen
b42824640d add qhelp for js/exposure-of-private-files 2020-06-17 11:29:24 +02:00
Geoffrey White
f3e24963cb C++: Update QLDoc. 2020-06-17 10:27:34 +01:00
ubuntu
22cb45beab Merge remote-tracking branch 'upstream/master' 2020-06-17 11:13:13 +02:00
Erik Krogh Kristensen
345283fe34 add change note 2020-06-17 10:48:27 +02:00
Erik Krogh Kristensen
639907967f add home/rootdir as leaking folders 2020-06-17 10:46:42 +02:00
Erik Krogh Kristensen
6675ddae12 add more libraries that serve static files to js/exposure-of-private-files 2020-06-17 10:00:59 +02:00
Jonas Jensen
e0ba23d2c7 C++: @precision high for tainted-format-string* 
I think these queries have excellent results on lgtm.com. Many of the
results come from projects that use `sprintf` like it's a templating
engine, trusting that values from `argv` or `getenv` contain the correct
number of `%s`. I think we want to flag that.

The structure of the change note is modeled after 91af51cf46.
 2020-06-17 09:03:13 +02:00
Rasmus Lerchedahl Petersen
52898f16f5 Python: update paths after move 2020-06-17 08:34:45 +02:00
Rasmus Lerchedahl Petersen
47f5b04e87 Python: fix identical-files.json after move 
also more grouping
 2020-06-17 07:08:46 +02:00
Rasmus Lerchedahl Petersen
e192b66116 Python: move shared dataflow to experimental 2020-06-17 06:46:46 +02:00
luchua-bc
f40e27a3c5 Hardcoded AWS credentials 2020-06-17 02:46:02 +00:00
Erik Krogh Kristensen
fb5e13b456 Apply suggestions from doc review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2020-06-16 23:45:45 +02:00
Erik Krogh Kristensen
d811518a2e fixed from doc review, and add fixed example for js/biased-cryptographic-random using a secure library 2020-06-16 23:26:54 +02:00
Dave Bartolomeo
8e977dc6bf C++/C#: Move overrides of IRType::getByteSize() into leaf classes 
See https://github.com/github/codeql/pull/2272. I've added code comments in all of the places that future me will be tempted to hoist these overrides.
 2020-06-16 16:48:42 -04:00
Dave Bartolomeo
24c3110989 Merge from master 2020-06-16 16:37:38 -04:00
Erik Krogh Kristensen
210e71cd93 update expected output 2020-06-16 21:52:59 +02:00
Robert Marsh
ef940e815f C++: Add comment for false positives in swap tests 2020-06-16 11:46:14 -07:00
Robert Marsh
0c99b3644c C++: remove false negative comments in swap tests 2020-06-16 11:33:26 -07:00
Robert Marsh
1c9b6f0a48 Merge branch 'master' into ir-this-parameter-2 
Accept test changes - dataflow changes are all positive
 2020-06-16 11:28:49 -07:00
Geoffrey White
3d75d287a9 C++: Split MemberFunction.qll from Function.qll. 2020-06-16 17:40:46 +01:00
ubuntu
3104f8a37b Remove Fields in PostMessageEvent 2020-06-16 18:30:00 +02:00
Alessio Della Libera
68b2a6c848 Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-16 18:27:21 +02:00
Alessio Della Libera
8843522d14 Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-16 18:26:42 +02:00
Alessio Della Libera
72dc6510b2 Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-16 18:22:55 +02:00