hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-21 02:14:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,777 Commits 1,684 Branches 158 Tags
codeql-cli/v2.4.4
Commit Graph

19777 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dave Bartolomeo
976b564b68 C++: Update AliasedSSA to use Allocation instead of IRVariable 
This introduces a new type of `MemoryLocation`: `EntireAllocationMemoryLocation`, representing an entire contiguous allocation whose size is not known. This is used to model the memory accesses on `InitializeIndirection` and `ReturnIndirection`.
 2020-01-28 10:55:24 -07:00
Dave Bartolomeo
165a45d9b5 C++/C#: Update SimpleSSA to use Allocation instead of IRVariable 2020-01-28 10:53:18 -07:00
Dave Bartolomeo
1bbc875442 C++/C#: Parameterize alias analysis based on AliasConfiguration 
Instead of tracking `IRVariable`s directly, alias analysis now tracks instances of the `Allocation` type provided by its `Configuration` parameter. For unaliased SSA, an `Allocation` is just an `IRAutomaticVariable`. For aliased SSA, an `Allocation` is either an `IRVariable` or the memory pointed to by an indirect parameter.
 2020-01-28 10:51:21 -07:00
Dave Bartolomeo
b15dd82732 C++/C#: Share alias analysis between C++ and C# 2020-01-28 10:47:37 -07:00
Dave Bartolomeo
1b1fded535 C++/C#: Add new MemoryAccessKind to represent entire allocation 2020-01-28 10:41:53 -07:00
Mathias Vorreiter Pedersen
67d29e31cc C#: Sync identical files 2020-01-28 17:52:45 +01:00
Mathias Vorreiter Pedersen
c1091a03d0 C++: Accept output 2020-01-28 17:38:35 +01:00
Mathias Vorreiter Pedersen
46ce228bce C++: Add instruction for CheckedConvertOrNull and handle it in alias analysis and data flow 2020-01-28 17:36:17 +01:00
Mathias Vorreiter Pedersen
928b0c50d2 C++: Add test demonstrating false negative when using dynamic_cast 2020-01-28 17:31:53 +01:00
Rasmus Wriedt Larsen
4ca72de4cd Python: Fix recommended module for deprecated posixfile 
$ python2 -W default -c 'import posixfile'
-c:1: DeprecationWarning: The posixfile module is deprecated; fcntl.lockf() provides better locking

https://docs.python.org/2.7/library/posixfile.html
 2020-01-28 16:44:47 +01:00
Rasmus Wriedt Larsen
6c7cddf258 Python: py/import-deprecated-module handle backwards compatible code 2020-01-28 16:36:47 +01:00
Rasmus Wriedt Larsen
e92d6c0459 Python: Stop py/import-deprecated-module from double alerting 
This changes the location from the import statement, to the actual expression
 2020-01-28 16:15:46 +01:00
Rasmus Wriedt Larsen
7949acc3ef Python: Autoformat 2020-01-28 16:15:21 +01:00
Rasmus Wriedt Larsen
194228850a Python: Add tests for py/import-deprecated-module 2020-01-28 16:15:21 +01:00
Calum Grant
6b377d7ad4 C#: Analysis change notes 2020-01-28 14:59:25 +00:00
Geoffrey White
fc1816cbd7 C++: Update change note. 2020-01-28 14:53:18 +00:00
Geoffrey White
f02ffcbbd2 C++: Modify ParameterIndex to account for varargs. 2020-01-28 14:53:18 +00:00
Geoffrey White
d66f608d41 C++: Taint from FormattingFunction varargs. 2020-01-28 14:53:18 +00:00
Geoffrey White
8b215c155e C++: Correct a few test comments. 2020-01-28 14:51:46 +00:00
Geoffrey White
b1f66ae825 C++: Fix warnings. 2020-01-28 14:51:46 +00:00
yo-h
95d138bf00 Merge pull request #2659 from aschackmull/java/remove-parexpr 
Java: Update dbscheme for ParExpr removal.
 2020-01-28 09:50:06 -05:00
Erik Krogh Kristensen
aea365c424 adjust API naming 2020-01-28 15:09:31 +01:00
Calum Grant
0b3821c828 C#: Remove false positive for out params 2020-01-28 13:59:33 +00:00
Jonas Jensen
24a50fceef Merge pull request #2709 from MathiasVP/ql-tests-taint-tracking-fixup 
C++: Fix annotations in testcase file
 2020-01-28 14:52:55 +01:00
Erik Krogh Kristensen
cb16116b4d adjust type-tracking on custom EventEmitters 2020-01-28 14:00:26 +01:00
Mathias Vorreiter Pedersen
287af2bdec C++: Fix annotations in testcase file 2020-01-28 13:51:36 +01:00
Asger F
701d9989be Apply suggestions from code review 
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-01-28 12:46:51 +00:00
Asger F
310dd05185 Update javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.ql 
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-01-28 12:46:34 +00:00
Geoffrey White
01dc3661b7 C++: Autoformat. 2020-01-28 12:17:56 +00:00
Rasmus Wriedt Larsen
c25782d6da Python: For web tests, use more precise name HttpResponseSinks 
Since there are also HttpRedirectTaintSink, using HttpSink is confusing
 2020-01-28 13:06:48 +01:00
Rasmus Wriedt Larsen
46f4b74134 Python: Fix tornado lib: a redirect is not a http response 2020-01-28 13:06:48 +01:00
Rasmus Wriedt Larsen
ee382bb2ea Python: Fix typo (reques => request) 2020-01-28 13:06:48 +01:00
Rasmus Wriedt Larsen
9bc72450a0 Python: Temporarily disable falcon HttpSinks test 
I will fix this in an other PR
 2020-01-28 13:06:48 +01:00
Rasmus Wriedt Larsen
9b2ca0c9c7 Python: Update web libraries to use HttpSources and HttpSinks 2020-01-28 13:06:48 +01:00
Rasmus Wriedt Larsen
2cdbae08b6 Python: Don't make duplicate sink for Tornado handler 
`self.write(...)` would be treated as *both* TornadoConnectionWrite and
TornadoHttpRequestHandlerWrite
 2020-01-28 13:06:48 +01:00
Rasmus Wriedt Larsen
effa4548ab Python: Add toString to TurboGears HttpResponseTaintSinks 
Naming these were a bit hard, but better than generic "Taint Sink"
 2020-01-28 13:06:48 +01:00
Rasmus Wriedt Larsen
6b87458c2e Python: Add explicit tests for HttpSources and HttpSinks 
Some of the tests currently fail, since they can't reproduce the old tests
results (since the sinks/sources defined in the library code are not
HttpResponseTaintSink/HttpRequestTaintSource)
 2020-01-28 13:06:48 +01:00
Rasmus Wriedt Larsen
b36a6aa5b5 Python: Remove unused variable from exists expression 2020-01-28 13:05:25 +01:00
Rasmus Wriedt Larsen
0a1c91fbb8 Python: Autoformat web tests QL files 2020-01-28 13:05:25 +01:00
Calum Grant
f23438ea65 C#: Add test showing false positive 2020-01-28 11:48:59 +00:00
semmle-qlci
5ab6457370 Merge pull request #2699 from asger-semmle/js/callback-doc-typo 
Approved by max-schaefer
 2020-01-28 11:00:49 +00:00
Jonas Jensen
23030aa324 Merge pull request #2706 from MathiasVP/ql-tests-taint-tracking 
Ql tests for virtual dispatch taint tracking
 2020-01-28 11:56:10 +01:00
Asger Feldthaus
b306571d52 JS: Type-track react component factories 2020-01-28 10:22:04 +00:00
Mathias Vorreiter Pedersen
611d9553dd C++: Fix formatting 2020-01-28 10:22:33 +01:00
Anders Schack-Mulligen
0b3c90b526 Java: Fix whitespace query. 2020-01-28 10:15:48 +01:00
Anders Schack-Mulligen
34e6679afd Java: Add upgrade script. 2020-01-28 10:15:48 +01:00
Anders Schack-Mulligen
f8805ebb24 Java: Update 2 queries. 2020-01-28 10:15:48 +01:00
Anders Schack-Mulligen
4bd332ddca Java: Add Expr.isParenthesized, adjust VarAccess.toString, and fix tests. 2020-01-28 10:15:48 +01:00
Anders Schack-Mulligen
597d8e7d94 Java: Update dbscheme for ParExpr removal. 2020-01-28 10:15:48 +01:00
Anders Schack-Mulligen
dc7e8ad2ff Java: Reword help according to review comment. 2020-01-28 10:13:35 +01:00