hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-02 01:08:53 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,087 Commits 1,673 Branches 157 Tags
codeql-cli/v2.4.3
Commit Graph

19087 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Arthur Baars
b382711f14 Java: change note for Hiberate ORM improvements 2020-09-22 18:55:07 +02:00
CodeQL CI
475519c9ee Merge pull request #4267 from asgerf/js/log-typescript-memory 
Approved by esbena
 2020-09-22 08:51:51 -07:00
Jonas Jensen
4faeede5cd C++: Remove unnecessary comment on import 2020-09-22 16:55:25 +02:00
Rasmus Wriedt Larsen
71a75ce596 Python: Handle bound methods in flask modeling 2020-09-22 16:33:35 +02:00
Rasmus Wriedt Larsen
5709189c2a Python: Expand flask test 2020-09-22 16:33:34 +02:00
Rasmus Wriedt Larsen
e614365963 Python: Adopt new approach in flask modeling 
Removed all the dict-like stuff, not sure that is how we should do things.
 2020-09-22 16:33:33 +02:00
Rasmus Wriedt Larsen
a82fa04d8a Python: Add worked example of taint step modeling of external libs 
This can't be seen on the example, but I went through quite a lot of iterations
before arriving at this fairly simple solution.
 2020-09-22 16:28:26 +02:00
Rasmus Wriedt Larsen
00ea0cebc3 Python: More Flask modeling kinda works 
It "kinda" works now, but it really is not a pretty solution. Adding all these
"tracked" objects is SUPER annoying... it _would_ be possible to skip them, but
that seems like it will give the wrong edges for dataflow/taintflow queries :|

A good chunk of it should be able to be removed with access-paths like C# does
for library modeling. Some of it could be solved by better type-tracking API
like API Graphs... but it seems like we generally are just lacking the
nice-to-have features like `.getAMemberCall` and the like. See
https://github.com/github/codeql/pull/4082/files#diff-9aa94c4d713ef9d8da73918ff53db774L33
 2020-09-22 16:28:25 +02:00
Rasmus Wriedt Larsen
3c08590ee4 Python: Expand flask tests a bit 2020-09-22 16:28:24 +02:00
Rasmus Wriedt Larsen
2bdd0284dc Python: Port py-command-line-injection with new dataflow 2020-09-22 16:28:23 +02:00
Rasmus Wriedt Larsen
7c205dd3fc Python: First attempt at modeling Flask 2020-09-22 16:28:21 +02:00
Rasmus Wriedt Larsen
cdc5ca7aec Python: Model os.system and os.popen 2020-09-22 16:28:20 +02:00
Rasmus Wriedt Larsen
0265f26301 Python: Add importModule and importMember DataFlow helpers 2020-09-22 16:28:19 +02:00
Rasmus Wriedt Larsen
2551173156 Python: Update example in QLDoc for TypeTracker 2020-09-22 16:28:18 +02:00
Jonas Jensen
9fd8b0431a C++: Add a SimpleRangeAnalysisDefinition test def 2020-09-22 15:54:54 +02:00
Jonas Jensen
826632d6a9 C++: Add a test of def overrides 
The def used in this test is not overridden yet.
 2020-09-22 15:54:54 +02:00
Jonas Jensen
d1f453be36 C++: import SimpleRangeAnalysisInternal 
This ensures that `getFullyConverted{Lower,Upper}Bounds` are available
where they need to be called.
 2020-09-22 15:54:54 +02:00
Jonas Jensen
8065bf15ad C++: Per-variable overrides 
Without these changes, there was no way to tell which variables were
overridden by a given instance of `SimpleRangeAnalysisDefinition`. All
four overrides are needed because they fit into different mutual
recursions of the `SimpleRangeAnalysis` implementation.
 2020-09-22 15:53:22 +02:00
Jonas Jensen
7dce4d0a6e C++: Rename: name the file the same as the class 2020-09-22 15:48:36 +02:00
Tamás Vajk
54c35748f0 Merge pull request #4193 from tamasvajk/feature/sign-analysis 
C#: Sign analysis
 2020-09-22 15:33:33 +02:00
Anders Schack-Mulligen
66e2ed9b65 Merge pull request #4031 from aibaars/hibernate 
Add additional Hibernate SQL sinks
 2020-09-22 15:29:40 +02:00
Rasmus Lerchedahl Petersen
131cf8d2ec Python: Fix compilation error 2020-09-22 15:02:31 +02:00
CodeQL CI
036a36a474 Merge pull request #4317 from max-schaefer/js/api-node-depth 
Approved by asgerf
 2020-09-22 05:58:48 -07:00
Mathias Vorreiter Pedersen
535c8cc87e C++: Cache simpleLocalFlowStep instead of simpleInstructionLocalFlowStep 2020-09-22 13:46:19 +01:00
Erik Krogh Kristensen
717ea2369c Merge pull request #4311 from erik-krogh/indirect-fix 
JS: improve join-order for HTTP::isDecoratedCall
 2020-09-22 14:35:50 +02:00
CodeQL CI
9a306866c5 Merge pull request #4282 from erik-krogh/es2021 
Approved by esbena
 2020-09-22 05:34:35 -07:00
Geoffrey White
e836bae20f C++: Tidy up test stl.h a little. 2020-09-22 13:21:50 +01:00
Rasmus Lerchedahl Petersen
b065d8724e Python: Fixup comments after merge 2020-09-22 13:52:30 +02:00
Rasmus Lerchedahl Petersen
3e2331c87f Merge branch 'main' of github.com:github/codeql into SharedDataflow_FieldFlow 2020-09-22 13:32:36 +02:00
Jonas Jensen
ee211b02fb Merge remote-tracking branch 'lcartey/cpp/range-analysis-custom-defs' into range-analysis-custom-defs 2020-09-22 13:27:56 +02:00
Tamas Vajk
5f96c37b28 C#: Fix switch case expression types 2020-09-22 13:16:31 +02:00
Anders Schack-Mulligen
47506a859e Merge pull request #4287 from joefarebrother/exectainted-array 
Java: Improve the ExecTainted query
 2020-09-22 13:16:05 +02:00
Jonas Jensen
269b7101c0 Merge pull request #4273 from lcartey/cpp/custom-range-analysis-override 
C++: Support overriding existing simple range analysis bounds
 2020-09-22 13:15:05 +02:00
Tamas Vajk
a89d13a5ee C#: Add change notes for increased required key size in 'cs/insufficient-key-size' 2020-09-22 13:00:45 +02:00
Tom Hvitved
8de57c7d19 C#: Move ASP extraction from auto builder to pre-finalize.{sh,cmd} 2020-09-22 11:55:02 +02:00
Jonas Jensen
e86bc0c6ac C++: Autoformat fixup 2020-09-22 11:53:05 +02:00
Asger Feldthaus
d34bd51f61 JS: Call codeql.exe instead of codeql.cmd 2020-09-22 10:28:40 +01:00
Asger Feldthaus
bc09bc45bc JS: Concatenate paths properly 2020-09-22 10:17:30 +01:00
Faten Healy
c35a5d120a C#: Increasing required size of RSA key to 2048 2020-09-22 11:09:49 +02:00
Tamas Vajk
cc979d0b5f C#: Add switch case expression type test 2020-09-22 11:04:44 +02:00
Tom Hvitved
71da9045e5 Java/Python: Reduce size of blockPrecedesVar 2020-09-22 11:00:26 +02:00
Erik Krogh Kristensen
32b0f1b480 add code example to isDecoratedCall 2020-09-22 10:42:49 +02:00
Max Schaefer
dafd45f0f4 JavaScript: Add a few metric queries for API graphs. 2020-09-22 09:30:19 +01:00
Max Schaefer
46ba4a1fa8 JavaScript: Expose another useful predicate on API-graph nodes. 2020-09-22 09:30:12 +01:00
Jonas Jensen
5cbf498a2d Merge pull request #4302 from MathiasVP/fix-field-conflation-after-4230 
C++: Fix field conflation after #4230
 2020-09-22 10:23:17 +02:00
Erik Krogh Kristensen
ec49c444ef Apply suggestions from code review 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-09-22 10:15:30 +02:00
Tamas Vajk
d8176bc00d C#: Change TrapStackBehaviour of local functions 2020-09-22 09:53:35 +02:00
Tom Hvitved
b6d93ae81d Merge remote-tracking branch 'upstream/rc/1.25' into merge-rc-1.25 2020-09-22 09:35:39 +02:00
Jonas Jensen
c56d5eb90e Merge pull request #4295 from rdmarsh2/rdmarsh2/cpp/ir-qualifier-flow 
C++: Improved qualifier flow in IR taint tracking
 2020-09-22 09:23:10 +02:00
Tom Hvitved
83340e2a62 Merge pull request #4212 from hvitved/csharp/path-transformers 
C#: Implement support for path transformers
 2020-09-22 09:20:53 +02:00