hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-14 23:14:59 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,777 Commits 1,680 Branches 158 Tags
codeql-cli/v2.4.4
Commit Graph

19777 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
lcartey@github.com
e2cec582be Java: XSS - ignore Spring sinks when content-type is safe. 
Methods annotated with a produces field which indicates a safe
content-type should not be considered XSS sinks. For example:

@RequestMapping(..., produces = "application/json")
 2020-06-16 09:50:35 +01:00
lcartey@github.com
f6a99cb42e Java: Model produces parameter to RequestMapping attribute. 2020-06-16 09:50:34 +01:00
lcartey@github.com
8057dff368 Java: Add Spring XSS sinks 
Look for Spring request methods which return a String value which may be
coerced into a text/html output.
 2020-06-16 09:50:34 +01:00
lcartey@github.com
c59042f9c3 Java: Taint tracking through String.replace(all)? 2020-06-16 09:50:34 +01:00
lcartey@github.com
7d555a7467 Java: Track flow through HttpEntity and ResponseEntity 
- Only track if the body is a String type, as that is the only type at
   risk of XSS.
 2020-06-16 09:50:33 +01:00
lcartey@github.com
1d1234093f Java: Model Spring @ResponseBody methods. 2020-06-16 09:50:33 +01:00
lcartey@github.com
fd2cd6025d Java: Modelling of the Spring HTTP classes. 2020-06-16 09:50:33 +01:00
lcartey@github.com
bfcc06dd0b Java: Improve Spring controller modelling 
- Identify ModelMaps correctly
 - Add extra not tainted param types (Pageable)
 - Identify ModelAttributes
 2020-06-16 09:50:33 +01:00
lcartey@github.com
7c4251deac Java: Add flow out of Map and List 2020-06-16 09:50:32 +01:00
lcartey@github.com
6de2b93f3a Java: Add SpringWebRequest to RemoteTaintedMethod 2020-06-16 09:50:32 +01:00
lcartey@github.com
4300bc8088 Java: Update RemoteFlowSource to use improve Spring request parameter 
mapping.
 2020-06-16 09:50:31 +01:00
lcartey@github.com
f5dc0337ed Java: Improve modelling of Spring request methods 
- Recognise @<httpverb>Mapping as well as @RequestMapping.
 - Identify tainted/not tainted parameters of RequestMapping methods.
 2020-06-16 09:50:31 +01:00
Mathias Vorreiter Pedersen
c30d1a618e C++: Add charpred to partial definition node classes in qltest 2020-06-16 09:55:37 +02:00
Jonas Jensen
d80a033bed Merge pull request #3719 from dbartol/github/codeql-c-analysis-team/69-consistency 
C++/C#: Fix a couple new consistency failures, and improve consistency messages
 2020-06-16 08:48:35 +02:00
Rasmus Lerchedahl Petersen
0abba238cc Python: bit more local flow and fix ql docs 2020-06-16 08:21:32 +02:00
Rasmus Lerchedahl Petersen
ad04ec554a Python: group related predicates 
also restore accidentally removed comment
 2020-06-16 07:30:44 +02:00
Jonathan Leitschuh
c2052ed152 Add .gitignore for VS Code Generated maven project files 
When VS Code detects a Maven project, it automatically generates
a bunch of Eclipse files to describe the project.

These are now ignored in order to not pollute the repository
 2020-06-15 22:29:30 -04:00
Erik Krogh Kristensen
5e060fa6a8 Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2020-06-15 23:47:40 +02:00
Erik Krogh Kristensen
315faaffee small corrections in documentation 
Co-authored-by: Asger F <asgerf@github.com>
 2020-06-15 23:40:27 +02:00
Asger Feldthaus
23d28967a7 JS: Autoformat 2020-06-15 20:40:17 +01:00
Asger Feldthaus
3242f5ed94 JS: Include qhelp example in test suite 2020-06-15 17:37:26 +01:00
Asger Feldthaus
824054ba62 JS: Change note and updated help 2020-06-15 17:34:36 +01:00
Asger Feldthaus
7091a9f704 JS: Special-case alert message for type annotations 2020-06-15 17:17:47 +01:00
Asger Feldthaus
c8ab69af11 JS: Avoid duplicate alerts 2020-06-15 16:57:54 +01:00
Asger Feldthaus
f380898126 JS: Add test showing duplicate alerts 2020-06-15 16:40:37 +01:00
Aditya Sharad
d7d00bddf6 Merge pull request #3718 from adityasharad/cpp/formatting-function-doc 
C++: Fix QLDoc on `FormattingFunction` library
 2020-06-15 08:39:16 -07:00
Asger Feldthaus
51d143d6f1 JS: Add test with destructuring pattern that looks like type annotations 2020-06-15 16:35:36 +01:00
Dave Bartolomeo
881b3c8e33 C#: Fix IR consistency errors 
We were creating a `TranslatedFunction` even for functions that were not from source code, but then telling the IR package that those functions didn't have IR. This resulted in having prologue/epilogue instructions (e.g. `EnterFunction`, `ExitFunction`) with no enclosing `IRFunction`.
 2020-06-15 11:33:00 -04:00
Owen Mansel-Chan
f9db197e17 Merge pull request #3683 from owen-mc/improve-ast-class-reference-for-java 
Improve ast class reference for java
 2020-06-15 16:25:25 +01:00
Erik Krogh Kristensen
23223fc5fb change-note 2020-06-15 17:22:11 +02:00
Erik Krogh Kristensen
3ef5dc74a1 add backtracking to find division that end up being rounded 2020-06-15 17:10:10 +02:00
Erik Krogh Kristensen
e8db624e74 add .jar and .war to the list of sensitive files for js/insecure-download 2020-06-15 16:48:07 +02:00
Dave Bartolomeo
fecffab8e7 C++: Fix consistency error 
`TTranslatedAllocationSideEffects` wasn't limiting itself to functions that actually have IR, so it was getting used even in template definitions.
 2020-06-15 10:47:00 -04:00
Dave Bartolomeo
8cbc7e8654 C++/C#: Improve consistency failure result messages 
Some of our IR consistency failure query predicates already produced results in the schema as an `@kind problem` query, including `$@` replacements for the enclosing `IRFunction` to make it easier to figure out which function to dump when debugging. This change moves the rest of the query predicates in `IRConsistency.qll` to do the same. In addition, it wraps each call to `getEnclosingIRFunction()` to return an `OptionalIRFunction`, which can be either a real `IRFunction` or a placeholder in case `getEnclosingIRFunction()` returned no results. This exposes a couple new consistency failures in `syntax-zoo`, which will be fixed in a subsequent commit.

This change also deals with consistency failures when the enclosing `IRFunction` has more than one `Function` or `Location`. For multiple `Function`s, we concatenate the function names. For multiple `Location`s, we pick the first one in lexicographical order. This changes the number of results produced in the existing tests, but does't change the actual number of problems.
 2020-06-15 10:46:46 -04:00
semmle-qlci
3728e1afd3 Merge pull request #3715 from asger-semmle/js/returned-functions 
Approved by erik-krogh, esbena
 2020-06-15 15:32:54 +01:00
Aditya Sharad
1033d22d1b C++: Fix QLDoc on FormattingFunction library 
Copy-paste typo from `DataFlowFunction`.
 2020-06-15 07:32:53 -07:00
Shati Patel
3520f2c737 Merge pull request #3714 from shati-patel/name-res-114 
QL handbook: Update process for module resolution
 2020-06-15 15:29:56 +01:00
Rasmus Lerchedahl Petersen
f8eb5839cd Python: start on local flow 2020-06-15 16:25:41 +02:00
Shati Patel
947ccb06c7 Update docs/language/ql-handbook/name-resolution.rst 
Co-authored-by: Henning Makholm <hmakholm@github.com>
 2020-06-15 15:15:44 +01:00
Shati Patel
e69c946f31 Mention libraryPathDependencies 2020-06-15 14:56:57 +01:00
Erik Krogh Kristensen
d2716c532c qhelp 2020-06-15 14:59:48 +02:00
Asger Feldthaus
17010e25a1 JS: Update another test 2020-06-15 13:55:46 +01:00
Erik Krogh Kristensen
dc09a68eb4 add change-note 2020-06-15 14:30:34 +02:00
semmle-qlci
57c8dd85a4 Merge pull request #2801 from esbena/js/bulky-route-handler-registration 
Approved by asgerf
 2020-06-15 13:06:22 +01:00
Erik Krogh Kristensen
8682918779 add change note 2020-06-15 13:47:43 +02:00
Erik Krogh Kristensen
fe9aa241a1 add qhelp 2020-06-15 13:47:39 +02:00
Erik Krogh Kristensen
4d1920eec1 add .js and .py files to js/insecure-download 2020-06-15 12:48:50 +02:00
Asger Feldthaus
4b3faabcc8 JS: Autoformat 2020-06-15 11:16:55 +01:00
Asger Feldthaus
c4179eb81d JS: Update test 2020-06-15 11:13:20 +01:00
Rasmus Wriedt Larsen
c0043eb9db Python: Don't treat re.escape(...) as a regex 
Fixes https://github.com/github/codeql/issues/3712
 2020-06-15 11:54:14 +02:00