hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-03 01:30:19 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,087 Commits 1,673 Branches 157 Tags
codeql-cli/v2.4.3
Commit Graph

19087 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Lerchedahl Petersen
a2d006fe47 Python: Tests for field flow 2020-09-19 22:27:10 +02:00
Robert Marsh
6b3557ec58 C++: cache localAdditionalTaintStep 2020-09-18 15:42:14 -07:00
Robert Marsh
bc3e74f7d6 Merge branch 'main' into rdmarsh2/cpp/ir-qualifier-flow 
Fix test conflicts
 2020-09-18 15:40:43 -07:00
Robert Marsh
12be90a6af C++: remove unneeded cast 2020-09-18 15:00:01 -07:00
Robert Marsh
c179a07fc7 C++: fix constructor models 2020-09-18 14:43:39 -07:00
Robert Marsh
bd7f5a41d1 C++: autoformat 2020-09-18 14:19:29 -07:00
Robert Marsh
b84bf5e9bb C++: QLDoc for IteratorPartialDefinitionNode 2020-09-18 14:18:38 -07:00
Robert Marsh
107e9770da C++: remove accidentally committed test code 2020-09-18 14:12:33 -07:00
Tom Hvitved
d867172d27 Merge pull request #4300 from hvitved/csharp/runtime-checks-bypass-bad-magic 
C#: Avoid bad magic in `RuntimeChecksBypass.ql`
 2020-09-18 19:40:34 +02:00
Taus Brock-Nannestad
11c85f0fb5 Python: Clean up various jump/local data flow steps 
Removes steps from `ModuleVariableNode`s from `essaFlowStep`, and
instead puts them only in `jumpStep`. This cleans up the logic a bit.

This slightly broke the type tracker implementation (as it relied on
`essaFlowStep` being fairly liberal), so I have rewritten it to
explicitly rely on just familiar predicates for local and jump steps.

Additionally, we disallow Essa-to-Essa steps where exactly one of the
two nodes corresponds to a global variable (i.e. only local-local and
global-global steps).
 2020-09-18 18:14:47 +02:00
Mathias Vorreiter Pedersen
53da751b15 C++: Accept tests 2020-09-18 17:12:27 +02:00
Mathias Vorreiter Pedersen
b6b17fe95e C++: Add a read and store step that replace ArrayContent with FieldContent when we realize that the target of a store is a field. 2020-09-18 17:12:09 +02:00
Joe
9baf2b9eff Fix cartesian product 2020-09-18 15:42:03 +01:00
Tom Hvitved
dff9f8264b Merge pull request #4296 from hvitved/csharp/useless-upcast-nomagic 
C#: Avoid bad magic in `UselessUpcast.ql`
 2020-09-18 16:24:20 +02:00
Joe
abb1731be7 Java: Simplify the implementation of ExecTainted 2020-09-18 15:21:03 +01:00
Anders Schack-Mulligen
b3bf570fb7 Merge pull request #4301 from lcartey/java/update-cwe-claims 
Java: Update some CWE claims
 2020-09-18 16:08:40 +02:00
Joe
3cc38feebc Fix a couple of typos in QLDoc comments 2020-09-18 14:51:38 +01:00
Mathias Vorreiter Pedersen
b4edbe4773 Merge pull request #4298 from MathiasVP/field-conflation-with-array-content 
C++: Add test demonstrating field conflation after merging #4230
 2020-09-18 15:16:33 +02:00
Anders Schack-Mulligen
4f9d2f118d Merge pull request #4288 from joefarebrother/printAST-java 
Java: Add a container node for Imports in the PrintAst view
 2020-09-18 14:17:26 +02:00
Tom Hvitved
aac2e0ebfb C#: Avoid bad magic in RuntimeChecksBypass.ql 
Before:

```
[2020-09-18 14:03:57] (2587s) Tuple counts for RuntimeChecksBypass::uncheckedWrite#bbf#antijoin_rhs#1:
                      1270       ~8%     {2} r1 = SCAN RuntimeChecksBypass::uncheckedWrite#bbf#shared AS I OUTPUT I.<1>, I.<0>
                      188197390  ~0%     {3} r2 = JOIN r1 WITH #Callable::Callable::calls_dispred#bfPlus AS R ON FIRST 1 OUTPUT R.<1>, r1.<1>, r1.<0>
                      2425784042 ~1%     {3} r3 = JOIN r2 WITH Expr::Expr::getEnclosingCallable_dispred#ff_10#join_rhs AS R ON FIRST 1 OUTPUT r2.<1>, R.<1>, r2.<2>
                      58         ~9%     {2} r4 = JOIN r3 WITH project#RuntimeChecksBypass::checkedWrite#bfff AS R ON FIRST 2 OUTPUT r3.<0>, r3.<2>
                                         return r4
```

After:

```
[2020-09-18 14:08:48] (5s) Tuple counts for RuntimeChecksBypass::uncheckedWrite#fff#antijoin_rhs:
                      24704473 ~2%      {2} r1 = SCAN DataFlowPublic::localExprFlow#ff AS I OUTPUT I.<1>, I.<0>
                      23784154 ~6%      {4} r2 = JOIN r1 WITH Expr::Expr::getEnclosingCallable_dispred#ff AS R ON FIRST 1 OUTPUT r1.<1>, 28, R.<0>, R.<1>
                      201391   ~2%      {2} r3 = JOIN r2 WITH expressions AS R ON FIRST 2 OUTPUT r2.<2>, r2.<3>
                      23784154 ~0%      {3} r4 = JOIN r1 WITH Expr::Expr::getEnclosingCallable_dispred#ff AS R ON FIRST 1 OUTPUT r1.<1>, R.<0>, R.<1>
                      1065242  ~20%     {2} r5 = JOIN r4 WITH expr_value AS R ON FIRST 1 OUTPUT r4.<1>, r4.<2>
                      1266633  ~16%     {2} r6 = r3 \/ r5
                                        return r6
```
 2020-09-18 14:15:30 +02:00
Jonas Jensen
6463a94258 Merge pull request #4297 from github/igfoo/compileTimeConstantInt 
C++: Improve `compileTimeConstantInt`
 2020-09-18 13:58:16 +02:00
lcartey@github.com
2c6f587ee9 Java: Add coverage claim for CWE 193 (off by one) 2020-09-18 12:51:24 +01:00
lcartey@github.com
39200566c3 Java: Update CWE claims for XXE. 
This matches the claims in the C# equivalent.
 2020-09-18 12:30:52 +01:00
Mathias Vorreiter Pedersen
b40941b89c C++: Add test demonstrating field conflation after merging #4230 2020-09-18 13:23:23 +02:00
Tom Hvitved
4090859207 C#: Avoid bad magic in UselessUpcast.ql 2020-09-18 12:14:52 +02:00
Joe
3258134098 Java: Remove superfluous conjunct 2020-09-18 10:41:06 +01:00
lcartey@github.com
32f43a84be Java: Add CWE 564 (SQL Injection: Hibernate) 2020-09-18 10:20:21 +01:00
Jonas Jensen
c67605f15c Merge pull request #4230 from MathiasVP/mathiasvp/array-field-flow 
C++: Replace `field -> object` taint rule with `ArrayContent` dataflow
 2020-09-18 10:56:51 +02:00
Mathias Vorreiter Pedersen
8c615ece8a Merge pull request #4292 from MathiasVP/mathiasvp/cache-simpleLocalFlowStep 
C++: Cache simpleLocalFlowStep instead of simpleInstructionLocalFlowStep
 2020-09-18 10:18:21 +02:00
Mathias Vorreiter Pedersen
3ef6e8a580 Merge pull request #4283 from geoffw0/stringstream4 
C++: Model getline
 2020-09-18 10:17:47 +02:00
Erik Krogh Kristensen
0b16f81f8b improve performance by using RouteHandlerCandidate 2020-09-18 09:29:13 +02:00
Erik Krogh Kristensen
b4e75bf567 update expected output 2020-09-18 09:29:13 +02:00
Erik Krogh Kristensen
1f95311342 further loosen the RouteHandlerCandidate heuristic 2020-09-18 09:29:13 +02:00
Erik Krogh Kristensen
3eaa56ed60 support containers with decorated route handlers 2020-09-18 09:29:08 +02:00
Erik Krogh Kristensen
c087e94d47 add additional indirect route-handler steps 2020-09-18 09:26:33 +02:00
Erik Krogh Kristensen
02c1d689e4 support indirect route-handlers for NodeJS 2020-09-18 09:26:33 +02:00
Erik Krogh Kristensen
dafcd59148 add another indirect route-handler test 2020-09-18 09:26:33 +02:00
Erik Krogh Kristensen
43e5c0212c add basic support for indirect route handlers 2020-09-18 09:26:33 +02:00
Robert Marsh
3a83cc71fe C++: use qualifier flow in more models 2020-09-17 18:03:02 -07:00
Robert Marsh
556ace004f C++: use qualifiers in string constructor model 2020-09-17 17:39:50 -07:00
Robert Marsh
6b7b64d7be C++: IR data and taint flow through qualifiers 2020-09-17 17:10:11 -07:00
Robert Marsh
f73ff988e0 C++: improve cast and ptr handling in taint test 2020-09-17 16:55:36 -07:00
Mathias Vorreiter Pedersen
c6ff805a07 C++: Cache simpleLocalFlowStep instead of simpleInstructionLocalFlowStep 2020-09-17 21:13:02 +02:00
Robert Marsh
3d07ba9d0b Merge pull request #4290 from MathiasVP/mathiasvp/fix-join-order-in-single-field-flow 
C++: Fix bad join order introduced by #4270
 2020-09-17 14:52:59 -04:00
Mathias Vorreiter Pedersen
8e1d9e0996 C++: Fix bad join order introduced by #4270 2020-09-17 19:23:01 +02:00
Joe
9c643ec1cd Java: Fix formatting 2020-09-17 17:46:05 +01:00
Joe
69fd579dfd Java: Fix QLDoc 2020-09-17 17:37:16 +01:00
Joe
2da6234317 Java: Fix QLDoc 2020-09-17 17:31:24 +01:00
Joe
6d0df7cb3a Java: Add a container node for Imports in the PrintAst view 2020-09-17 17:29:36 +01:00
Joe
810baad63f Java: Fix formatting 2020-09-17 17:13:55 +01:00