hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-01 00:27:24 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,087 Commits 1,673 Branches 157 Tags
codeql-cli/v2.4.3
Commit Graph

19087 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Joe Farebrother
ff6c5c219c Java: Start TaintTrackingUtils refactor 2020-10-12 15:48:43 +01:00
Joe Farebrother
551d86c6ea Java: Define classes for taint propagation methods 2020-10-12 15:48:43 +01:00
Arthur Baars
fc4a3426ac Merge pull request #4457 from daniel-beck/file-taint 
Java: Track taint through java.io.File constructor and #toURI; URI#toURL
 2020-10-12 16:42:11 +02:00
Taus Brock-Nannestad
3288cf1a75 Python: Hopefully final changes to documentation. 2020-10-12 16:38:21 +02:00
Max Schaefer
cd33d358aa JavaScript: Add a test showing a false positive from UnsafeShellCommandConstruction due to infeasible paths. 
The path from the API entry point to the sink contains a "return" step. A client of the library cannot match that step, resulting in an infeasible path.
 2020-10-12 14:50:47 +01:00
Jonas Jensen
24da4cc344 Merge pull request #4421 from jbj/SimpleRangeAnalysis-guard-overflow 
C++: Demonstrate overflowing guard bounds
 2020-10-12 15:38:13 +02:00
yoff
433a36225b Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-10-12 15:26:53 +02:00
Jonas Jensen
0459248b9f Merge remote-tracking branch 'upstream/main' into SimpleRangeAnalysis-guard-overflow 2020-10-12 14:32:29 +02:00
CodeQL CI
8eb84b2599 Merge pull request #4391 from max-schaefer/js/api-graph-reexport 
Approved by asgerf
 2020-10-12 05:26:53 -07:00
CodeQL CI
6d1634ef8f Merge pull request #4329 from erik-krogh/DVSA 
Approved by esbena
 2020-10-12 05:23:29 -07:00
Taus Brock-Nannestad
b07c7abacc Python: Clear up attribute name access QLDoc 2020-10-12 13:49:08 +02:00
Tom Hvitved
35985a9189 Merge pull request #4452 from hvitved/csharp/ssa/overlapping-captured-defs 
C#: Avoid overlapping SSA definitions for `ref`/`out` captured variables
 2020-10-12 13:01:39 +02:00
Geoffrey White
6440db786d Merge pull request #4420 from jbj/SimpleRangeAnalysis-widen-Expr 
C++: SimpleRangeAnalysis: widen recursive *, +, -
 2020-10-12 11:20:09 +01:00
Geoffrey White
58727cb8ad C++: Update change note. 2020-10-12 11:01:09 +01:00
Geoffrey White
4363f08b45 C++: Model std::set::emplace and emplace_hint. 2020-10-12 11:01:09 +01:00
Jonas Jensen
30b9d13a45 C++: Correct annotation in test 2020-10-12 11:25:38 +02:00
Geoffrey White
5d87117dc7 C++: Model std::set::lower_bound, upper_bound, equal_range. 2020-10-12 10:10:40 +01:00
Jonas Jensen
9b12ceae8d C++: SimpleRangeAnalysis: widen recursive *, +, - 
The number of candidate bounds during the main `SimpleRangeAnalysis`
recursion was in principle always exponential in the size of the
program, but in practice it did not get out of hand when only `+` and
`-` operations were supported. Now that `*` is also supported, the range
analysis started timing out on the SinaMostafanejad/OpenRDM project. The
problematic expressions in that project are of the form

    a*x*x*x + b*x*x + c*x + d

where most of the variables involved are recursive definitions and are
therefore likely to have a large number of candidate bounds.

The fix here is to identify those few binary operations that are most
likely to cause an explosion in the number of bounds and apply widening
to them. Previously, widening was only applied at definitions.
 2020-10-12 11:09:01 +02:00
Jonas Jensen
bbeea452e1 C++: Add test with widening of binary Expr 2020-10-12 11:08:41 +02:00
Geoffrey White
fc19bba0bd C++: Model std::set::merge and correct test annotations. 2020-10-12 10:01:57 +01:00
Tom Hvitved
9d1f64d35d C#: Avoid overlapping SSA definitions for ref/out captured variables 2020-10-12 10:52:40 +02:00
Anders Schack-Mulligen
725194a3b8 Merge pull request #4447 from aschackmull/dataflow/postupdate-flow-consistency 
Dataflow: Introduce consistency check for flow targeting PostUpdateNodes
 2020-10-12 08:56:19 +02:00
Daniel Beck
0c70be145f Track taint through java.io.File constructor and #toURI; URI#toURL 2020-10-10 20:54:55 +02:00
Geoffrey White
c63f7cb409 C++: Taint through emplace from qualifier to return value. 2020-10-09 17:41:24 +01:00
Geoffrey White
270517d379 C++: Revise model of emplace and emplace_hint. Note that 2 of the 3 taint regressions we shouldn't be getting because we don't yet do taint through keys. 2020-10-09 17:27:18 +01:00
Geoffrey White
49c121d370 C++: More test cases covering other std::pair constructors. 2020-10-09 17:22:29 +01:00
Anders Schack-Mulligen
091e3a2931 Dataflow: Adjust test output. 2020-10-09 16:25:14 +02:00
Rasmus Lerchedahl Petersen
4bd56fdbe4 Python: Implement framework sinks 2020-10-09 16:13:47 +02:00
Rasmus Lerchedahl Petersen
0d8bd01e10 Python: Port query and add test 2020-10-09 16:11:37 +02:00
Tom Hvitved
723699a584 C#: Add SSA test for overlapping captured variable definitions 2020-10-09 16:01:19 +02:00
James Fletcher
c8cacb9fee Merge pull request #4451 from github/jf205-patch-2 
Fix typo in CodeQL docs template
 2020-10-09 14:47:39 +01:00
Geoffrey White
61a78e28ac C++: Fix map::merge. 2020-10-09 14:46:23 +01:00
James Fletcher
42ee136306 Update layout.html 2020-10-09 14:33:45 +01:00
Erik Krogh Kristensen
a0cbeb6093 add change note 2020-10-09 14:54:34 +02:00
Erik Krogh Kristensen
2fb19f0b11 refactor into a single regular expression with two capture groups 2020-10-09 14:50:16 +02:00
Erik Krogh Kristensen
f6f8bbd1d8 Update javascript/ql/src/semmle/javascript/frameworks/ServerLess.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-10-09 14:46:31 +02:00
Anders Schack-Mulligen
1c043447e8 Dataflow: Introduce consistency check for flow targeting PostUpdateNodes. 2020-10-09 14:29:52 +02:00
Tom Hvitved
29fb23e6a4 C#: Add flow summaries for System.[Value]Tuple 2020-10-09 13:38:30 +02:00
Jonas Jensen
4c9ffcec27 Merge pull request #4396 from geoffw0/stringsets 
C++: Use [, ...] syntax more widely.
 2020-10-09 13:30:05 +02:00
James Fletcher
2436c56258 Merge pull request #4444 from github/codeql-style-updates 
[CodeQL docs] First pass at style updates for docs microsite
 2020-10-09 11:40:47 +01:00
Alexander Eyers-Taylor
b0d01cfe8d Merge pull request #4370 from jbj/range-analysis-mega-change-note 
C++: Change note for several range-analysis PRs
 2020-10-09 10:45:11 +01:00
james
6d78c7b46e fix path to primer.css in template 2020-10-09 10:04:39 +01:00
Geoffrey White
1f1be3bf9a C++: Block try_emplace arg 0. 2020-10-09 10:04:22 +01:00
james
de42906785 hide header text on small screens and fix body width 2020-10-09 10:03:13 +01:00
james
2fe986eb79 add local primer.css 2020-10-09 10:03:13 +01:00
Geoffrey White
8786fe1ab8 C++: Add test missing test case involving tainted key. 2020-10-09 10:00:22 +01:00
Tom Hvitved
412524103c Merge pull request #4437 from hvitved/csharp/cfg/compiler-generated-array-lengths 
C#: Include compiler-generated array lengths in the CFG
 2020-10-09 10:54:56 +02:00
CodeQL CI
3894ecf779 Merge pull request #4441 from max-schaefer/js/add-negative-api-graphs-test 
Approved by erik-krogh
 2020-10-09 00:37:38 -07:00
Erik Krogh Kristensen
3b328baaef changes based on review 2020-10-08 21:54:23 +02:00
Erik Krogh Kristensen
65b90c411c Update javascript/ql/src/semmle/javascript/security/dataflow/CodeInjectionCustomizations.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-10-08 21:28:50 +02:00