hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-15 07:24:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,777 Commits 1,681 Branches 158 Tags
codeql-cli/v2.4.4
Commit Graph

19777 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger F
712c53afe9 Merge pull request #3579 from erik-krogh/fix-change-note-merge 
JS: remove duplicates from change-note
 2020-06-01 13:22:23 +01:00
Philip Ginsbach
faf4c16865 Mark the QL code as invalid more explicitly 2020-06-01 12:24:06 +01:00
Asger Feldthaus
707b0f33a0 JS: Use in ContainsHTMLGuard 2020-06-01 12:06:40 +01:00
Robert Brignull
6e0552c074 add more code-scanning suites 2020-06-01 11:45:46 +01:00
Asger Feldthaus
fa1a6eefa7 JS: Add StringOps::RegExpTest 2020-06-01 11:43:50 +01:00
Artem Smotrakov
df3adeec36 Java: Add a query for SpEL injections 
- Added experimental/Security/CWE/CWE-094/SpelInjection.ql
  and a couple of libraries
- Added a qhelp file with a few examples
- Added tests and stubs for Spring
 2020-05-31 20:52:45 +03:00
semmle-qlci
14be4fedf7 Merge pull request #3594 from erik-krogh/CachedExprStringValue 
Approved by asgerf
 2020-05-30 16:56:40 +01:00
Erik Krogh Kristensen
dfd35aee61 autoformat 2020-05-30 14:50:13 +02:00
Mathias Vorreiter Pedersen
cd574e8569 Merge pull request #3589 from rdmarsh2/ir-placement-new-consistency 
C++: fix IR control flow for cast in placement new
 2020-05-30 13:27:34 +02:00
luchua-bc
3d4a5a337d Add check for J2EE server directory listing 2020-05-30 10:58:16 +00:00
Erik Krogh Kristensen
3b4e57ab8d autoformat 2020-05-30 12:45:51 +02:00
Robert Marsh
e17adf14dc C++: autoformat 2020-05-29 16:13:40 -07:00
Robert Marsh
f8b6e07391 C++: Added QLDoc for Element.qll-Include.qll 2020-05-29 16:09:19 -07:00
Robert Marsh
1c20714c62 C++: file QLDoc for AutogeneratedFile-Diagnostics 2020-05-29 14:58:01 -07:00
Robert Marsh
45e555cff0 C++: accept inconsistency with unreachable exit block 2020-05-29 14:43:48 -07:00
Robert Marsh
5ee37bcd5a Merge branch 'master' into ir-this-parameter-2 
Bring in fix for duplicate virtual variables for parameter indirections
 2020-05-29 14:40:45 -07:00
Jonas Jensen
91da0d5567 Merge pull request #3592 from geoffw0/strlen 
CPP: Don't taint the return value of strlen
 2020-05-29 19:23:47 +02:00
Robert Marsh
f8cfcef9c9 C++/C#: document isThisIndirection and sync files 2020-05-29 09:52:03 -07:00
Robert Marsh
6c9051ae6f C++: accept consistency fixes 2020-05-29 09:49:28 -07:00
Geoffrey White
9ee75aaca1 C++: Change note. 2020-05-29 16:22:42 +01:00
Mathias Vorreiter Pedersen
3adc10fdb4 C++: Accept tests 2020-05-29 15:33:55 +02:00
Geoffrey White
f534f09784 C++: Autoformat. 2020-05-29 14:05:08 +01:00
Geoffrey White
19c33ab41c C++: Refine StrLenFunction, including removal of taint flow. 2020-05-29 14:04:27 +01:00
Geoffrey White
705529cdf7 C++: Split StrLenFunction from PureStrFunction (without changes). 2020-05-29 14:04:27 +01:00
Geoffrey White
59cb5f9b1e C++: Remove a special case for strlen in DefaultTaintTracking. 2020-05-29 14:04:26 +01:00
Geoffrey White
408e38a4d4 C++: Clarify which taint tracking libraries should be used somewhat. 2020-05-29 14:04:26 +01:00
Geoffrey White
d77092c931 C++: Add taint tests for strlen. 2020-05-29 13:39:40 +01:00
Rasmus Wriedt Larsen
551420401a Python: Fix typo 
Co-authored-by: Taus <tausbn@gmail.com>
 2020-05-29 14:27:07 +02:00
semmle-qlci
f291749243 Merge pull request #3585 from asger-semmle/js/use-newer-yarn 
Approved by erik-krogh
 2020-05-29 13:02:20 +01:00
Mathias Vorreiter Pedersen
a0603692cb C++: Add LoadChain and StoreChain nodes to handle reverse reads in dataflow 2020-05-29 13:53:53 +02:00
Rasmus Wriedt Larsen
59548a523e Python: Add change-note about UntrustedStringKind imports 2020-05-29 13:45:10 +02:00
Philip Ginsbach
2d47537f11 Slightly modified version of Henning's suggestion 2020-05-29 12:41:58 +01:00
Erik Krogh Kristensen
f7ad210331 use SSA instead of internal AccessPath API 2020-05-29 13:08:19 +02:00
Erik Krogh Kristensen
05bfba4f99 use getImmediatePredecessor instead of getALocalSource() 2020-05-29 13:01:09 +02:00
Jonas Jensen
453de6bf4e Merge pull request #3583 from MathiasVP/qldoc-for-unix-constants 
C++: QLDoc for Constants
 2020-05-29 12:27:59 +02:00
Mathias Vorreiter Pedersen
335baaef73 C++: Add testcases for partial definitions with long access paths 2020-05-29 12:15:39 +02:00
Rasmus Wriedt Larsen
48be57c8fd Python: Improve QLDoc for ExternalStringDictKind 2020-05-29 12:06:57 +02:00
Rasmus Wriedt Larsen
b083c01520 Python: Deprecate StringDictKind 
This QL

```codeql
import python
import semmle.python.dataflow.TaintTracking
import semmle.python.security.strings.Untrusted

from CollectionKind ck
where
    ck.(DictKind).getMember() instanceof StringKind
    or
    ck.getMember().(DictKind).getMember() instanceof StringKind
select ck, ck.getAQlClass(), ck.getMember().getAQlClass()
```

generates these 6 results.

```
1	{externally controlled string}          ExternalStringDictKind	UntrustedStringKind
2	{externally controlled string}	        StringDictKind	        UntrustedStringKind
3	[{externally controlled string}]	SequenceKind	        ExternalStringDictKind
4	[{externally controlled string}]	SequenceKind	        StringDictKind
5	{{externally controlled string}}	DictKind	        ExternalStringDictKind
6	{{externally controlled string}}	DictKind	        StringDictKind
```

StringDictKind was only used in *one* place in our library code. As illustrated
above, it pollutes our set of TaintKinds. Effectively, every time we make a
flow-step for dictionaries with tainted strings as values, we do it TWICE --
once for ExternalStringDictKind, and once for StringDictKind... that is just a
waste.
 2020-05-29 12:06:57 +02:00
Rasmus Wriedt Larsen
87bc8ae28d Python: Don't use UntrustedStringKind in web lib 
If I wanted to use my own TaintKind and not have any interaction with
`UntrustedStringKind` that wouldn't be possible today since these standard http
libraries import it directly. (also, I wouldn't get any sources of my custom
TaintKind from turbogears or bottle). I changed them to use the same pattern of
`ExternalStringKind` as everything else does.
 2020-05-29 12:06:57 +02:00
Mathias Vorreiter Pedersen
ae4f6edc6a Merge pull request #3204 from jbj/Expr-location-workaround 
C++: Move Expr location workaround to Expr.qll
 2020-05-29 11:58:50 +02:00
Philip Ginsbach
bb9e800241 remove "experimental syntax" box for type unions 2020-05-29 10:24:42 +01:00
Philip Ginsbach
299d87aa8e better explanation of the purpose of type unions 
Co-authored-by: Pavel Avgustinov <54942558+p0@users.noreply.github.com>
 2020-05-29 10:22:57 +01:00
Philip Ginsbach
0562b4a2dd restricted _subsets_ of algebraic datatypes 
Co-authored-by: Pavel Avgustinov <54942558+p0@users.noreply.github.com>
 2020-05-29 10:21:58 +01:00
Asger Feldthaus
f3a08375b4 JS: Use newer yarn.lock format 2020-05-29 09:45:50 +01:00
Jonas Jensen
7d4d435f25 Merge remote-tracking branch 'upstream/master' into Expr-location-workaround 
Conflicts:
	cpp/ql/test/library-tests/dataflow/fields/dataflow-ir-consistency.expected
 2020-05-29 10:04:12 +02:00
Mathias Vorreiter Pedersen
a305d39111 Merge pull request #3577 from dbartol/github/codeql-c-analysis-team/69 
C++: Fix `MemoryLocation` with multiple `VirtualVariables`
 2020-05-29 09:40:58 +02:00
Mathias Vorreiter Pedersen
0467995f4f C++: Make explicit that O_CREAT and O_EXCL are Linux-specific 2020-05-29 09:36:08 +02:00
Jonas Jensen
9813258a3e Merge remote-tracking branch 'upstream/master' into Expr-location-workaround 
Conflicts and semantic conflicts in `library-tests/dataflow/fields` and
`library-tests/ir/ir`.
 2020-05-29 08:44:37 +02:00
Jonas Jensen
87ad519541 Merge pull request #3569 from geoffw0/strftime 
C++: Taint flow consistency change for strftime
 2020-05-29 08:05:25 +02:00
yo-h
1fea545160 Merge pull request #3573 from aschackmull/java/private-interface-methods 
Java: Fix for private interface methods.
 2020-05-28 20:31:55 -04:00