hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-03 01:30:19 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,777 Commits 1,673 Branches 157 Tags
codeql-cli/v2.4.4
Commit Graph

19777 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Lerchedahl Petersen
27af9bbae8 Python: Support overflow positional arguments 
Currently ignoring starred arguments
 2020-09-30 11:55:26 +02:00
Rasmus Lerchedahl Petersen
8f2ef94b3e Python: Hook up keyword arguments 2020-09-30 11:55:26 +02:00
Rasmus Lerchedahl Petersen
f5244aab8c Python: Add testfiles 2020-09-30 11:54:40 +02:00
Rasmus Wriedt Larsen
1595fed2d6 Python: Add preliminary taint tests for pathlib 2020-09-30 11:44:37 +02:00
Rasmus Wriedt Larsen
0542c3b91e Python: Model os.path.join and add taint-step 2020-09-30 11:42:36 +02:00
Rasmus Wriedt Larsen
efa2484718 Python: Add taint test for os.path.join 
Surprisingly the first two just worked, due to our very general handling of any
`join` methods :D
 2020-09-30 11:35:21 +02:00
Rasmus Wriedt Larsen
aa6fad558c Python: Minor cleanup in taint-step tests 2020-09-30 11:15:53 +02:00
Erik Krogh Kristensen
e0b25798ff remove type-tracking from getAReference, and rewrite qldocs 2020-09-30 10:36:08 +02:00
Rasmus Wriedt Larsen
b3efa28277 Merge branch 'main' into python-command-execution-modeling 2020-09-30 10:24:11 +02:00
Jonas Jensen
68f6d93325 C++: Autoformat fixup 2020-09-30 09:49:56 +02:00
Anders Schack-Mulligen
8d4f7e2db7 Merge pull request #4366 from joefarebrother/field-rvalue-lvalue 
Java: Make `FieldRead` and `FieldWrite` extend `RValue` and `LValue`
 2020-09-30 07:55:24 +02:00
Ian Lynagh
d5f8cbc50c C++: Accept test changes in unnamed entity naming 2020-09-29 17:30:33 +01:00
Erik Krogh Kristensen
65441705ef renamings based on review 2020-09-29 18:23:10 +02:00
Erik Krogh Kristensen
c3f5a6dcac introduce API::Node::getACall() 2020-09-29 18:23:10 +02:00
Erik Krogh Kristensen
69f4ac25c4 renamings based on review 2020-09-29 18:23:10 +02:00
Erik Krogh Kristensen
1596436f7e rename getASourceUse to getAReference 2020-09-29 18:23:10 +02:00
Erik Krogh Kristensen
adc05022f3 update comment in test case 
Co-authored-by: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-09-29 18:21:41 +02:00
Joe
be07d27a4c Java: Improve tests 2020-09-29 16:36:34 +01:00
Erik Krogh Kristensen
3857331657 avoid .getReturn().getAUse().(DataFlow::InvokeNode) in the SQL model 2020-09-29 17:08:09 +02:00
Erik Krogh Kristensen
deae9256dd add convenience method to API graphs 2020-09-29 17:08:00 +02:00
Joe
efc3a25237 Java: Don't pass taint through the format methods of Console 2020-09-29 16:02:51 +01:00
Joe Farebrother
eccfa5d26a Fix documentation typo 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2020-09-29 15:34:05 +01:00
Joe
d184aa7c06 Make FieldRead and FieldWrite extend LValue and RValue 2020-09-29 15:24:51 +01:00
yoff
60c310d1bf Merge pull request #4361 from RasmusWL/python-new-flask-perf-fix 
Python: Hotfix performance problem with flask methods
 2020-09-29 15:41:14 +02:00
CodeQL CI
d7add29dc2 Merge pull request #4359 from erik-krogh/cookieWrites 
Approved by esbena
 2020-09-29 06:32:01 -07:00
CodeQL CI
910c19e613 Merge pull request #4348 from erik-krogh/needle 
Approved by esbena
 2020-09-29 02:57:32 -07:00
Erik Krogh Kristensen
51f1f03f5f add change note for js/missing-token-validation 2020-09-29 11:56:10 +02:00
CodeQL CI
11f39a9d88 Merge pull request #4342 from erik-krogh/track-where-prop 
Approved by asgerf
 2020-09-29 02:09:53 -07:00
Rasmus Wriedt Larsen
fee279f952 Python: Hotfix performance problem with flask methods 
This improves runtime for command injection query on
https://lgtm.com/projects/g/alibaba/funcraft from +200 seconds (I did not care
to wait more) down to ~55 seconds on my machine.

This type of tracking predicate with string as additional argument apparently
causes trouble :|
 2020-09-29 11:00:57 +02:00
Erik Krogh Kristensen
89195d7ada add change note for needle 2020-09-29 10:13:48 +02:00
Erik Krogh Kristensen
52d94f6177 use getABoundCallbackParameter instead of getCallback and getParameter. 2020-09-29 10:12:46 +02:00
Rasmus Wriedt Larsen
e859a804c4 Update docs on CodeQL design patterns 2020-09-29 09:05:18 +02:00
CodeQL CI
060c19a063 Merge pull request #4352 from erik-krogh/destructing-redirect 
Approved by esbena
 2020-09-28 12:31:42 -07:00
Erik Krogh Kristensen
e04404b713 also recognize cookie writes are leading to cookie access 2020-09-28 21:17:25 +02:00
Max Schaefer
dfc4436012 JavaScript: Teach API graphs to recognise arguments supplied in partial function applications. 2020-09-28 17:52:57 +01:00
Geoffrey White
6de29a6dd3 C++: Provide std::pair constructor initializers. 2020-09-28 17:52:33 +01:00
Ian Lynagh
8a76195f04 Merge pull request #4356 from github/igfoo/front_end 
C++: accept test changes from extractor frontend upgrade
 2020-09-28 17:27:37 +01:00
Geoffrey White
8059230bbc Update cpp/ql/src/semmle/code/cpp/models/implementations/StdPair.qll 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2020-09-28 16:59:28 +01:00
Geoffrey White
773bc48a91 C++: Use a more modern make_pair. 2020-09-28 16:54:41 +01:00
Geoffrey White
759324ca1b Update cpp/ql/src/semmle/code/cpp/models/implementations/StdPair.qll 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2020-09-28 16:51:21 +01:00
Joe
bea38fcd07 Java: Add taint modelling for string format methods 2020-09-28 16:25:45 +01:00
Rasmus Wriedt Larsen
a62c3345d1 Add docs on CodeQL Design Patterns 2020-09-28 16:38:48 +02:00
Tom Hvitved
93edaa75eb Merge pull request #4309 from tamasvajk/feature/enum-value-init 
Extract constant value of enum member equal clauses
 2020-09-28 16:18:10 +02:00
Tamas Vajk
2bbaa4e173 Handle unsigned types in sign analysis (C# and Java) 2020-09-28 14:46:32 +02:00
Esben Sparre Andreasen
c0a67a8d7b JS: another CWE-20 -> CWE-020 2020-09-28 14:27:10 +02:00
CodeQL CI
75262ddace Merge pull request #4328 from erik-krogh/indirect-fix2 
Approved by esbena
 2020-09-28 04:55:19 -07:00
Jonas Jensen
165779ea09 Merge pull request #4343 from rdmarsh2/rdmarsh2/cpp/ir-construction-qldoc 
C++: Add some IR QLDoc
 2020-09-28 13:37:12 +02:00
Nick Rolfe
7609ce2d47 C++: accept test changes from extractor frontend upgrade 2020-09-28 12:23:26 +01:00
CodeQL CI
18bdc054cd Merge pull request #4347 from max-schaefer/js/handle-empty-pkgjson 
Approved by asgerf
 2020-09-28 02:42:21 -07:00
Rasmus Wriedt Larsen
6cb2ca63a6 Python: tests to show modeling is very syntactical 2020-09-28 11:23:06 +02:00