hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-18 17:04:50 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,777 Commits 1,679 Branches 158 Tags
codeql-cli/v2.4.4
Commit Graph

19777 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Taus
fe00d1cbf4 Merge pull request #2888 from RasmusWL/python-tarslip-sanitizer 
Python: Improve tarslip sanitizer
 2020-03-24 12:59:20 +01:00
Rasmus Wriedt Larsen
3ed48aae4c Python: remove leftover arg in test code 2020-03-24 11:49:08 +01:00
Rasmus Wriedt Larsen
5ec0716cb0 Python: Add points-to regression when using @classmethod decorators 
Specifically a problem when using a second decorator
 2020-03-24 11:39:08 +01:00
Erik Krogh Kristensen
36981f385a Merge branch 'master' of git.semmle.com:Semmle/ql into MorePathSinks 2020-03-24 11:20:33 +01:00
Rasmus Wriedt Larsen
49fa7c8589 Python: update 1.24 changelog 2020-03-24 10:15:36 +01:00
Rasmus Wriedt Larsen
4b8020b98d Python: Autoformat Command.qll 2020-03-24 10:11:57 +01:00
semmle-qlci
4c9a6b73ee Merge pull request #3107 from erik-krogh/FArgs 
Approved by esbena
 2020-03-24 08:32:56 +00:00
Erik Krogh Kristensen
fa710c5864 Merge remote-tracking branch 'upstream/master' into UrlSearch 2020-03-24 00:23:15 +01:00
Erik Krogh Kristensen
5b4f091257 add test for remote flow sources in WebSockets 2020-03-23 23:58:20 +01:00
Erik Krogh Kristensen
6a1491d83d add SockJS to the existing WebSocket model 2020-03-23 23:56:11 +01:00
Erik Krogh Kristensen
9a18dc32c1 autoformat WebSocket tests 2020-03-23 23:49:26 +01:00
Erik Krogh Kristensen
7b7eddff1e remove previous SockJS implementation, and move example to WebSocket test 2020-03-23 23:45:05 +01:00
Asger F
a1e032bee6 Merge pull request #3098 from kyprizel/master 
Experimental SockJS support
 2020-03-23 22:39:10 +00:00
yo-h
d315864383 Merge pull request #3108 from aschackmull/java/finalizemethod 
Java: Fixup FinalizeMethod definition.
 2020-03-23 18:27:57 -04:00
Dave Bartolomeo
bebf89fed5 C++: Accept test diffs 
All changes look like real improvements.
 2020-03-23 17:20:19 -04:00
kyprizel
dec1b8b070 Update javascript/ql/src/experimental/SockJS/SockJS.qll 
Fix comments

Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-03-23 22:59:48 +03:00
kyprizel
b90ff5e84d Update javascript/ql/src/experimental/SockJS/SockJS.qll 
do not import specific libs

Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-03-23 22:59:23 +03:00
Jonas Jensen
29c4c8c0b2 C#: Fixup to follow C++ changes 2020-03-23 20:39:43 +01:00
Jonas Jensen
999051d20e C++: QLDoc terminology: object -> mem allocation 2020-03-23 20:32:47 +01:00
Dave Bartolomeo
c5ac357bfc C++/C#: Fix bad overlap sanity failures 
`Instruction.getDefinitionOverlap()` depends on `SSAConstruction::getMemoryOperandDefinition()`, which in turn depends on `SSAConstruction::hasMemoryOperandDefinition()`. When the definition in question came from a `Chi` instruction, `hasMemoryOperandDefinition()` incorrectly bound `overlap` to the overlap relationship between the original (non-`Chi`) instruction and the use. The fix is to make use of the `actualDefLocation` parameter to `getDefinitionOrChiInstruction()`, which specifies the location for the result of the `Chi` in that case.
 2020-03-23 14:57:41 -04:00
Jonas Jensen
b0d3c9ee6b C++: Fix getExtentOverlap for entire allocation 2020-03-23 19:49:39 +01:00
Dave Bartolomeo
a2741da8e2 C++/C#: Add sanity test for invalid overlap from getDefinitionOverlap() 
The result of `getDefinitionOverlap()` should never be `MayPartiallyOverlap`, because if that were the case, we should have inserted as `Chi` instruction and hooked the definition up to that instead.

There are quite a few existing failures.
 2020-03-23 14:37:06 -04:00
Rasmus Wriedt Larsen
b567205579 Python: Model fabric v1.x command injection sinks 2020-03-23 17:49:56 +01:00
Rasmus Wriedt Larsen
a57eadaeb6 Python: Model fabric/invoke command injection sinks 2020-03-23 17:33:41 +01:00
Anders Schack-Mulligen
f29f0f418f Dataflow: Exclude flow param-param flow through with identical params. 2020-03-23 17:27:53 +01:00
semmle-qlci
e5590091a0 Merge pull request #3109 from max-schaefer/js/performance-fixes 
Approved by asgerf
 2020-03-23 16:08:07 +00:00
Rasmus Wriedt Larsen
d475bb998e Python: Add abstract class CommandSink 
I'm going to add more in a sec, and listing *all* of them in CommandInjection.ql
started to be silly
 2020-03-23 17:04:08 +01:00
Max Schaefer
55e7b22cdf JavaScript: Autoformat. 2020-03-23 14:37:04 +00:00
kyprizel
49e5a22cab Fixed code style for SockJS 
also fixed appCreation, thanks to Erik Krogh.
 2020-03-23 17:16:17 +03:00
Jonas Jensen
13465921a3 Merge pull request #3092 from dbartol/dbartol/VarArgIR2_ElectricBoogaloo 
C++: Better IR for varargs
 2020-03-23 14:13:54 +01:00
Erik Krogh Kristensen
833183c706 change note 2020-03-23 14:13:30 +01:00
Erik Krogh Kristensen
7bc7ffffd6 autoformat 2020-03-23 14:10:07 +01:00
Erik Krogh Kristensen
f1e0d37273 Update javascript/ql/test/library-tests/frameworks/Concepts/file-access.js 
Co-Authored-By: Asger F <asgerf@github.com>
 2020-03-23 14:02:22 +01:00
Max Schaefer
b13e6141a2 JavaScript: Inline promiseStep/4. 2020-03-23 12:01:52 +00:00
Asger F
6c2842bd49 Merge pull request #2919 from asger-semmle/js/property-barriers 
JS: Make sanitizers no longer block taint inside an object
 2020-03-23 11:43:18 +00:00
Rasmus Wriedt Larsen
dcfc9a8796 Python: TarSlip sanitizer: explain tests with not 
It was a bit confusing what was meant before
 2020-03-23 12:00:59 +01:00
Anders Schack-Mulligen
4bc0cb0d28 Java: Fixup FinalizeMethod definition. 2020-03-23 11:11:00 +01:00
Erik Krogh Kristensen
2c43d1d731 fix FP in superfluous-trailing-arguments related to Function.arguments 2020-03-23 10:40:35 +01:00
Luke Cartey
9eee16b2d6 Merge pull request #3091 from hvitved/csharp/xpath-injection-more-sinks 
C#: Teach XPath injection query about `XPathNavigator`
 2020-03-23 09:39:26 +00:00
semmle-qlci
2c7af72f14 Merge pull request #2858 from RasmusWL/python-support-django2 
Approved by tausbn
 2020-03-23 09:35:46 +00:00
Anders Schack-Mulligen
6d3717cff8 Java: Sharpen return type of LambdaExpr.getStmtBody(). 2020-03-23 10:27:36 +01:00
Anders Schack-Mulligen
c78906500d Java: Fix missing jump step from PostUpdate to capture. 2020-03-23 10:24:25 +01:00
Anders Schack-Mulligen
888c504f55 Merge pull request #2903 from hvitved/dataflow/performance 
Data flow: Refactoring + performance improvements
 2020-03-23 10:01:20 +01:00
Jonas Jensen
79d5b88e33 C++: Remove redundant case 2020-03-20 19:40:53 +01:00
Eldar T. Zaitov
ee0b65ad39 Added experimental SockJS support 2020-03-20 21:24:16 +03:00
Dave Bartolomeo
fb71f781a0 C++: Fix formatting 2020-03-20 14:23:58 -04:00
Robert Marsh
d529fedbad C++: accept extractor changes to IR 2020-03-20 11:00:54 -07:00
yo-h
16f2957029 Merge pull request #3081 from aschackmull/java/urldecoder-step 
Java: Add URLDecoder.decode as taint step.
 2020-03-20 13:53:20 -04:00
yo-h
bcda481d4a Merge pull request #3086 from aschackmull/java/apache-base64-taint 
Java: Add apache Base64 taint steps.
 2020-03-20 13:49:20 -04:00
Jonas Jensen
f6f9afe462 C++: Implement Instruction.isResultConflated 
This predicate replaces `isChiForAllAliasedMemory`, which was always
intended to be temporary. A test is added to `IRSanity.qll` to verify
that the new predicate corresponds exactly with (a fixed version of) the
old one.

The implementation of the new predicate,
`Cached::hasConflatedMemoryResult` in `SSAConstruction.qll`, is faster
to compute than the old `isChiForAllAliasedMemory` because it uses
information that's readily available during SSA construction.
 2020-03-20 17:57:18 +01:00