hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-29 23:26:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,087 Commits 1,673 Branches 157 Tags
codeql-cli/v2.4.2
Commit Graph

19087 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
6c8937c5a9 Python: Add StringConstCompare to new data-flow queries 
In the future, I could imagine we would have something like this, but for now,
I'm just keeping it simple.

```codeql
  /**
   * A collection of common guards that ensure the checked value cannot have arbitrary
   * values.
   *
   * Currently only supports comparison with constant string value, but could also
   * include checking whether all characters are alphanumeric, or whether a regex is
   * matched against the value.
   *
   * Such guards will be useful for many taint-tracking queries, but not necessarily
   * all, which is why you need to opt into these manually.
   */
  class CommonNonArbitraryGuard extends BarrierGuard {
    CommonNonArbitraryGuard() {
      this instanceof StringConstCompare
    }

    override predicate checks(ControlFlowNode node, boolean branch) {
      this.(StringConstCompare).checks(node, branch)
    }
  }
```
 2020-11-20 10:44:50 +01:00
Rasmus Wriedt Larsen
12b36b2245 Python: Highlight that safe or also_safe doesn't clear taint :( 2020-11-20 10:43:46 +01:00
Rasmus Wriedt Larsen
1a52f17da3 Python: Add StringConstCompare BarrierGuard 2020-11-20 10:40:04 +01:00
Rasmus Wriedt Larsen
a82936c904 Python: Enable test for sanitizer-guard and logic expressions 
`not` is not working properly, but otherwise pretty good
 2020-11-20 10:06:25 +01:00
Cornelius Riemenschneider
eeece5937d C++: One more speedup, address review. 2020-11-20 09:56:08 +01:00
Tamás Vajk
056b0c2627 Merge pull request #4626 from tamasvajk/feature/stats 
C#: Add stats file from the jenkins job
 2020-11-20 09:16:56 +01:00
Mathias Vorreiter Pedersen
490bba5c9f C++: Fix bad join order in AliasedSSA::getResultMemoryLocation. 2020-11-19 17:40:41 +01:00
Rasmus Wriedt Larsen
b3d3d6e142 Python: Move logical test of sanitizers 
Don't know why it would ever have been under default sanitizers :D
 2020-11-19 16:46:07 +01:00
Rasmus Lerchedahl Petersen
7cbbf3bbf7 Python: slightly nicer test 2020-11-19 16:20:57 +01:00
Rasmus Wriedt Larsen
4c7c940273 Python: Add example of Code Injection FP 2020-11-19 15:05:51 +01:00
Rasmus Wriedt Larsen
7e407d43d2 Python: Change (single) test to match codeql database create 2020-11-19 14:56:18 +01:00
Rasmus Wriedt Larsen
8ffcff0824 Python: Add example of top-level module shadowing stdlib 
Although this test is added under the `wrong` folder, the current results from
this CodeQL test is actually correct (compared with the Python
interpreter). However, they don't match what the extractor does when invoked
with `codeql database create`.

Since I deemed it "more than an easy fix" to change the extractor behavior for
`codeql database create` to match the real python behavior, and it turned out to
be quite a challenge to change the extractor behavior for all tests, I'm just
going to make THIS ONE test-case behave like the extractor will with `codeql
database create`...

This is a first commit, to show how the extractor works with qltest by default.

Inspired by the debugging in https://github.com/github/codeql/issues/4640
 2020-11-19 14:56:17 +01:00
Asger Feldthaus
f737f34dcd JS: Add UntrustedDataToExternalApi query 2020-11-19 13:42:25 +00:00
luchua-bc
a311462791 Move to query-test folder and update qldoc 2020-11-19 13:12:42 +00:00
Mathias Vorreiter Pedersen
2e6a3cd33b Merge branch 'main' into unsafe-use-of-this-query 2020-11-19 13:03:29 +01:00
Jonas Jensen
cd20163f6e Merge pull request #4676 from MathiasVP/untrusted-dataflow-to-external-api-query 
C++: Untrusted data used in external APIs
 2020-11-19 12:56:08 +01:00
Rasmus Lerchedahl Petersen
6cc8e5acf1 Python: support psycopg 2020-11-19 12:13:20 +01:00
Mathias Vorreiter Pedersen
072adaa279 C++: Require that no override of the called pure virtual function exists in any base class. This removes the false positive in the testcase. Based on the results on LGTM we have agreed to set the @precision to very-high. 2020-11-19 12:10:57 +01:00
Rasmus Lerchedahl Petersen
39f134c1c1 Python: reorganized and added to tests 2020-11-19 12:06:58 +01:00
Erik Krogh Kristensen
a3b21ad43b Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2020-11-19 11:42:12 +01:00
james
f2b177413a change warnings to errors to avoid creating empty query help 2020-11-19 09:45:20 +00:00
james
13c72d243a run script for lgtm suites 2020-11-19 09:45:20 +00:00
james
bc7264cd5d update query help script 2020-11-19 09:45:20 +00:00
james
4a9b61274a improve docs 2020-11-19 09:45:20 +00:00
james
e5d2edd911 run script over all languages 2020-11-19 09:45:20 +00:00
james
8414c22f67 print error if generate query help fails 2020-11-19 09:45:20 +00:00
james
78fc15174f debug java query help errors 2020-11-19 09:45:20 +00:00
james
d6e9f4d6f2 remove unnecessary steps from work flow 2020-11-19 09:45:20 +00:00
james
4b07f395d0 run script for all languges 2020-11-19 09:45:19 +00:00
james
d70240c786 update conf.py for query help 2020-11-19 09:45:19 +00:00
james
cb962a9ce0 tests 2020-11-19 09:45:19 +00:00
james
0fe0d067e9 copy more sphinx files 2020-11-19 09:45:19 +00:00
james
27f52851ca add sphinx step 2020-11-19 09:45:19 +00:00
james
2383960e0d copy folder correctly 2020-11-19 09:45:19 +00:00
james
e9b2d771c2 add test steps 2020-11-19 09:45:19 +00:00
james
bb1c0a184a fix path 2020-11-19 09:45:19 +00:00
james
1a60f961e6 add set up step 2020-11-19 09:45:19 +00:00
james
fc848e553e fix working directory 2020-11-19 09:45:19 +00:00
james
fe5979d92a add working-directory 2020-11-19 09:45:19 +00:00
james
d25a0ef7e6 another test 2020-11-19 09:45:19 +00:00
james
c775a27a22 test2 2020-11-19 09:45:19 +00:00
james
2d93b3a45a test 2020-11-19 09:45:19 +00:00
james
8504724dbb add generate-query-help workflow 2020-11-19 09:45:18 +00:00
james
47483a8e84 auto format script 2020-11-19 09:45:18 +00:00
james
6667b58b2c make new sphinx project for query help 2020-11-19 09:45:18 +00:00
james
710e675b17 add script to generate query help 2020-11-19 09:45:18 +00:00
Tom Hvitved
02ec325380 C#: Fix bad join-orders following stats update 2020-11-19 10:42:35 +01:00
Tamas Vajk
866c98bbd9 C#: Add stats file from the jenkins job 2020-11-19 10:42:34 +01:00
Rasmus Wriedt Larsen
2945eada9e Merge pull request #4689 from github/hmakholm/pr/no-dup-code-tests 
Remove unit tests for duplicate-code detection
 2020-11-19 10:07:04 +01:00
Dave Bartolomeo
08efd7fbd9 Merge pull request #4558 from rdmarsh2/rdmarsh2/cpp/remove-initialize-nonlocal 
Remove InitializeNonlocalInstruction
 2020-11-18 20:23:08 -05:00