Geoffrey White
c083c6235d
C++: Explicitly model data flow in through reference return values.
2020-08-25 16:20:12 +01:00
Tamas Vajk
997388b075
Fix first set of code review comments
2020-08-25 17:11:34 +02:00
Rasmus Lerchedahl Petersen
551ae42fb9
Merge branch 'main' of github.com:github/codeql into SharedDataflow_NestedComprehensions
2020-08-25 15:45:20 +02:00
Rasmus Lerchedahl Petersen
d67f57a0bb
Python: Remove dead code
2020-08-25 15:39:37 +02:00
Taus
000fa33d54
Merge pull request #4013 from yoff/SharedDataflow_SequenceFlow
...
Python: Shared dataflow: Content flow
2020-08-25 15:38:14 +02:00
Rasmus Lerchedahl Petersen
56b78a664e
Python: Store step for generators
2020-08-25 15:36:26 +02:00
Rasmus Lerchedahl Petersen
ecf3928ed1
Python: Handle comprehensions with multiple fors
2020-08-25 15:21:08 +02:00
CodeQL CI
92c97b1778
Merge pull request #4124 from RasmusWL/python-taint-tracking-string-methods
...
Approved by yoff
2020-08-25 14:14:47 +01:00
Erik Krogh Kristensen
592ed8a3a1
remove ordinary return flow from generator functions
2020-08-25 14:02:57 +02:00
Geoffrey White
76a07f7292
C++: Use [, ...] syntax.
2020-08-25 12:30:06 +01:00
Geoffrey White
d31987d496
C++: Additional QLDoc.
2020-08-25 12:21:06 +01:00
Geoffrey White
23a792b8c6
C++: Add tests of nested vectors.
2020-08-25 12:13:32 +01:00
Rasmus Wriedt Larsen
2dbf83b579
Python: TaintTracking: Move tests of py3 string methods
2020-08-25 13:06:27 +02:00
Rasmus Wriedt Larsen
cf121cc4d0
Python: TaintTracking: stringMethods => stringManipualtion
2020-08-25 13:05:27 +02:00
Rasmus Lerchedahl Petersen
1cdb6be531
Merge branch 'main' of github.com:github/codeql into SharedDataflow_NestedComprehensions
2020-08-25 13:05:13 +02:00
Rasmus Wriedt Larsen
238e0845aa
Python: Minor refactoring
2020-08-25 12:50:41 +02:00
Rasmus Wriedt Larsen
0439b83c60
Python: Taint when using unicode
2020-08-25 12:50:32 +02:00
Rasmus Wriedt Larsen
2a29e26687
Python: Fix grammar
...
Co-authored-by: yoff <lerchedahl@gmail.com >
2020-08-25 12:41:53 +02:00
Tamás Vajk
74db25d80c
C#: Enable nullability on Semmle.Extraction.CIL.Driver ( #4114 )
2020-08-25 11:44:08 +02:00
CodeQL CI
722b1a24f6
Merge pull request #4087 from erik-krogh/thisJsx
...
Approved by asgerf
2020-08-25 10:20:32 +01:00
CodeQL CI
844abc51e8
Merge pull request #4108 from erik-krogh/packType
...
Approved by asgerf
2020-08-25 10:17:28 +01:00
Rasmus Wriedt Larsen
483bd0e863
Python: Fix shared taint tracking tests
...
Since there was a .ql file, qltest tried to run a test in
test/experimental/dataflow/taintracking/ which failed since there was no code.
2020-08-25 11:15:11 +02:00
yoff
3140b43db2
Apply suggestions from code review
...
Co-authored-by: Taus <tausbn@github.com >
2020-08-25 10:48:01 +02:00
Tamás Vajk
dc62cd166c
C#: Enable nullability checks in Semmle.Extraction.Tests ( #4112 )
2020-08-25 08:40:30 +02:00
Robert Marsh
9aa3735165
C++: add tests for non-std:: iterators
2020-08-24 14:19:34 -07:00
Tamas Vajk
66e3739e72
Fix failing PrintAst test
2020-08-24 22:41:08 +02:00
Erik Krogh Kristensen
b0d4e79653
split out trap tests to avoid "package.json" naming conflict in trap test
2020-08-24 21:36:34 +02:00
Geoffrey White
adbfad21ef
C++: Correct the localFlow test.
2020-08-24 18:05:30 +01:00
ubuntu
22f5ae4ad4
Format code
2020-08-24 18:53:37 +02:00
Geoffrey White
c0aaed2fac
Merge branch 'main' into oparray2
2020-08-24 17:36:18 +01:00
Geoffrey White
ae807f7f33
C++: Autoformat.
2020-08-24 17:36:07 +01:00
Rasmus Wriedt Larsen
13148b42d3
Python: Handle taint of f-strings
2020-08-24 17:23:10 +02:00
Rasmus Wriedt Larsen
2f090df6d3
Python: Transform comments to QLDoc for security.strings.Basic
2020-08-24 17:20:04 +02:00
Rasmus Lerchedahl Petersen
2608509fa7
Merge branch 'main' of github.com:github/codeql into SharedDataflow_SequenceFlow
2020-08-24 17:16:33 +02:00
Rasmus Lerchedahl Petersen
e91581e9fa
Python: Experiments with nested comprhensions
2020-08-24 17:15:31 +02:00
Rasmus Wriedt Larsen
be2acc00db
Python: Add test for tainted f-string
2020-08-24 17:14:51 +02:00
CodeQL CI
e2c6a01c00
Merge pull request #4097 from erik-krogh/createRequire
...
Approved by esbena
2020-08-24 15:57:10 +01:00
Rasmus Wriedt Larsen
d96ef73033
Python: Handle taint for f-strings
...
Which we seem to not handle in the current taint tracking :O
f-strings needs to be Python 3 only, so enabled that test setup. I really liked
the idea for having the version specific tests right next to the normal tests,
so you don't have to look in
test/experimental/3/dataflow/i/will/forget/to/look/here.
2020-08-24 16:46:00 +02:00
Tamas Vajk
3dea6b3218
C#: Change implicitly sized array test input
2020-08-24 16:14:00 +02:00
Tamas Vajk
7516825b5f
C#: Fix computed sizes for implicitly sized array creation
2020-08-24 16:14:00 +02:00
Geoffrey White
1c38a4d5d6
Update cpp/ql/src/semmle/code/cpp/dataflow/internal/TaintTrackingUtil.qll
...
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com >
2020-08-24 14:33:51 +01:00
Tamas Vajk
699cafa890
C#: Add implicitly sized array creations to tests
2020-08-24 15:27:35 +02:00
Geoffrey White
d3c8ffb995
C++: Clean up, comment, and restrict the new flow to the post-update node of the returned reference.
2020-08-24 14:07:06 +01:00
Geoffrey White
f2caa8a2b0
C++: Reverse taint through function models returning a reference.
2020-08-24 14:05:04 +01:00
Geoffrey White
f25ef26c37
C++: Permit taint flow to the left side of an assignment.
2020-08-24 14:01:49 +01:00
Geoffrey White
1da78ada14
C++: Model 'operator[]' and 'at' for std::string, std::vector and other containers.
2020-08-24 13:58:43 +01:00
Rasmus Wriedt Larsen
cb4b4e91ab
Python: Taint for string multiplication
2020-08-24 14:54:06 +02:00
Rasmus Wriedt Larsen
b688fe68d6
Python: Add options file to shared dataflow tests
...
Since there isn't one in top-level of experimental, making a single import made
tests go really slow :|
2020-08-24 14:54:05 +02:00
Rasmus Wriedt Larsen
5125c7a55c
Python: Add taint tests for encode/decode functions
2020-08-24 14:54:04 +02:00
Geoffrey White
f6770c5b88
C++: Add tests for std::string 'operator[]' and 'at()'.
2020-08-24 13:49:39 +01:00
