codeql

mirror of https://github.com/github/codeql.git synced 2026-01-13 22:44:48 +01:00

Author	SHA1	Message	Date
Mathias Vorreiter Pedersen	2e9c0fc6a5	C++: Cache the TIRDataFlowNode newtype	2020-07-10 11:10:41 +02:00
Robert Marsh	05685cc896	Merge pull request #3919 from dbartol/dbartol/IgnoreAutoBuilder C++: Add `.gitignore` for autobuilder	2020-07-09 15:02:52 -07:00
Remco Vermeulen	c739c733fe	Update class qldocs Change the ql docs to meet the style-guide points 1 and 3 for classes.	2020-07-09 17:31:37 +02:00
Andrew Eisenberg	782759d58e	Add the printAst.ql contextual query for C++ This query will be used by the VS Code extension for viewing ASTs of C/C++ files.	2020-07-09 08:28:49 -07:00
Arthur Baars	0d33a77ee3	Fix modelling of Stack.push Stack.push(E) returns its argument, it does not propagate taint from the stack to the return value.	2020-07-09 16:16:29 +02:00
Philippe Antoine	50f2f69f5f	indent comments	2020-07-09 16:14:26 +02:00
Remco Vermeulen	b3bb4cbf54	Rename and update qldoc of default safe header splitting source	2020-07-09 16:14:21 +02:00
Philippe Antoine	06c8a0bf20	move to experimental	2020-07-09 16:09:57 +02:00
Anders Schack-Mulligen	879551fc6a	Merge pull request #3936 from aibaars/object-clone Java: model Object.clone	2020-07-09 16:09:01 +02:00
Philippe Antoine	d2763e8149	Comments taken into account	2020-07-09 16:05:24 +02:00
Anders Schack-Mulligen	c8b9b779ae	Merge pull request #3927 from rvermeulen/java-importable-cwe-601 Java: Move `UrlRedirectSink` into importable library	2020-07-09 16:03:29 +02:00
Anders Schack-Mulligen	99a4f8fd0b	Merge pull request #3926 from rvermeulen/java-importable-cwe-089 Java: Move `QueryInjectionSink` into importable library	2020-07-09 16:00:56 +02:00
Mathias Vorreiter Pedersen	002f930dba	C#: Sync identical files	2020-07-09 15:54:42 +02:00
Jonas Jensen	2fa54552f0	Merge pull request #3914 from geoffw0/cc_followup C++: Repair swap taint tests	2020-07-09 15:54:40 +02:00
Mathias Vorreiter Pedersen	85a8280b30	C++: Replace getResultType() with getResultIRType() in IR dataflow	2020-07-09 15:54:15 +02:00
Mathias Vorreiter Pedersen	7029739691	C++: Replace getResultType() with getResultIRType() in IR range analysis	2020-07-09 15:53:54 +02:00
Mathias Vorreiter Pedersen	a405a95b68	C++: Introduce isSigned() and isUnsigned() predicates on IRIntegerType to mirror IntegralType	2020-07-09 15:52:09 +02:00
Jonas Jensen	277185a792	Merge pull request #3925 from geoffw0/rangefixup C++: Add getFullyConverted() where missing in SimpleRangeAnalysis	2020-07-09 15:45:58 +02:00
Remco Vermeulen	b147be6fea	Restrict SafeHeaderSplittingSource to RemoteFlowSource	2020-07-09 15:13:18 +02:00
Remco Vermeulen	7428a8cd95	Add missing java import	2020-07-09 15:06:26 +02:00
Remco Vermeulen	d3db4fa5b2	Add missing java import	2020-07-09 15:04:16 +02:00
Remco Vermeulen	54d6c8b5f4	Mark ServletUrlRedirectSink private	2020-07-09 15:03:51 +02:00
Remco Vermeulen	782573ed43	Add and format qldocs according to the style guide.	2020-07-09 14:58:53 +02:00
Remco Vermeulen	4ad6357cd7	Add missing Java import	2020-07-09 14:54:46 +02:00
Remco Vermeulen	7435dac3d2	Move source and sink into importable library	2020-07-09 14:53:59 +02:00
Arthur Baars	e183171fea	Java: model Object.clone	2020-07-09 14:50:29 +02:00
intrigus	641c5df79f	Centralize and model additional path creations.	2020-07-09 14:48:47 +02:00
Remco Vermeulen	b66f391c31	Extend source and sink from DataFlow::Node instead of DataFlow::exprNode	2020-07-09 14:39:08 +02:00
Remco Vermeulen	fed506a12f	Rename TrustedSource to SafeHeaderSplittingSource	2020-07-09 14:36:23 +02:00
Henry Mercer	3d711b8cd1	C#: Fix broken link to ECMA-335	2020-07-09 13:15:22 +01:00
Remco Vermeulen	1212feab28	Add file-level qldoc	2020-07-09 14:11:59 +02:00
Remco Vermeulen	99228d8bc2	Optimize imports	2020-07-09 14:09:39 +02:00
Remco Vermeulen	ba9f3e2a1e	Join ServletUrlRedirectSink with UrlRedirectSink	2020-07-09 14:08:43 +02:00
Remco Vermeulen	88f4b224c3	Extend UrlRedirectSink from DataFlow::Node	2020-07-09 14:05:54 +02:00
Remco Vermeulen	f8078f1125	Remove superfluous imports	2020-07-09 13:43:10 +02:00
Arthur Baars	d3d58795f1	Java: ContainerFlow add comments Some method variants are captured by a super class. Added some comments to indicate where this happens to make review of missing methods easier in the future.	2020-07-09 12:46:57 +02:00
semmle-qlci	e167b87150	Merge pull request #3932 from max-schaefer/portals-additions Approved by esbena	2020-07-09 11:43:45 +01:00
Remco Vermeulen	9a84abf259	Generalize QueryInjectionSink Extends from the more general DataFlow::Node instead of DataFlow::ExprNode	2020-07-09 12:32:17 +02:00
Arthur Baars	24c6e506aa	Java: ContainerFlow: RValue -> Expr While most flow for a qualifierToArgumentStep goes through a variable use this is not always the case. Therefore it is best to remove the restriction to RValue to allow taint steps to use postupdate nodes. See also: `ba86dea657`	2020-07-09 12:20:48 +02:00
Arthur Baars	0bd103ac05	Java: add tests for Container taint steps	2020-07-09 12:15:38 +02:00
Mathias Vorreiter Pedersen	834263f72a	C++: Alternate instruction -> operand flow	2020-07-09 11:36:54 +02:00
Philippe Antoine	5eff8d3165	Performance improvements suggested	2020-07-09 11:31:47 +02:00
Rasmus Wriedt Larsen	e7c89dc24b	Python: Fix grammar Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>	2020-07-09 10:39:58 +02:00
Remco Vermeulen	c01844a39e	Add file-level qldoc	2020-07-09 10:30:31 +02:00
Max Schaefer	7a1410e0d5	JavaScript: Update and expand tests.	2020-07-09 09:25:52 +01:00
Remco Vermeulen	42e261ac02	Move SqlInjectionSink and PersistenceQueryInjectionSink Join SqlInjectionSink and PersistenceQueryInjectionSink with QueryInjectionSink to make its definition more transparent.	2020-07-09 10:21:24 +02:00
Remco Vermeulen	d07d21c9e2	Fix import	2020-07-09 10:20:53 +02:00
Anders Schack-Mulligen	777dc6305c	Merge pull request #3893 from aibaars/set-map-list-copy-of Java: model some new Set,List,Map methods	2020-07-09 10:18:12 +02:00
Max Schaefer	1c47260bde	JavaScript: Add support for global variables to portals.	2020-07-09 09:12:56 +01:00
Max Schaefer	c40ef0556a	JavaScript: Broaden scope of imports considered relevant to portals. Previously, we only considered an import relevant to portals if the path it imported was declared as a dependency. This falls down for deep imports where a specific module inside the package is imported rather than the default entry point, for imports of built-in modules like `fs`, and in cases where a developer simply forgets to declare a dependency. So instead we now consider all imports relevant whose path does not start with a dot or a slash.	2020-07-09 09:09:44 +01:00

... 105 106 107 108 109 ...

19777 Commits