hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-28 22:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
20,350 Commits 1,673 Branches 157 Tags
codeql-cli/v2.4.5
Commit Graph

20350 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tamas Vajk
fe0a494bab Extract line directives 2021-02-04 08:42:38 +01:00
Tamas Vajk
4bb8b6c992 Extract nullable directives 2021-02-04 08:42:38 +01:00
Tamas Vajk
15c611e22f Extract warning and error directives 2021-02-04 08:42:38 +01:00
Tamas Vajk
3740aba4a8 Extract undef directives 2021-02-04 08:42:38 +01:00
Tamas Vajk
9b405144ff Extract define directives 2021-02-04 08:42:38 +01:00
Tamas Vajk
94bf3467b7 Extract pragma checksum directives 2021-02-04 08:42:38 +01:00
Tamas Vajk
8b9c6712d1 Extract pragma warning directives 2021-02-04 08:42:38 +01:00
Tamas Vajk
40186db768 Rename CommentPopulator 2021-02-04 08:42:38 +01:00
Tamas Vajk
48d24b2264 Get line comments from trivia lines 2021-02-04 08:42:38 +01:00
Tamas Vajk
046a37b834 Simplify element access extraction 2021-02-04 08:42:38 +01:00
Tamas Vajk
c3ef6841d0 Add tests for trivia types 2021-02-04 08:42:38 +01:00
Tamas Vajk
3be229f097 C#: Separate visitors to dedicated files, rename and reorganize comment extraction related classes 2021-02-04 08:42:38 +01:00
Raul Garcia (MSFT)
53ab787efc Fixed format 2021-02-03 15:54:47 -08:00
Raul Garcia (MSFT)
86a2aa97ec Fixing incorrect file extension & adding suite 2021-02-03 15:48:16 -08:00
Raul Garcia (MSFT)
5e1e27c2b6 Adding queries related to the Solorigate campaign 2021-02-03 15:12:31 -08:00
Taus Brock-Nannestad
5974af661e Python: Update test file 
Makes the `a.b.c.d` test more sensible.

Also adds a test that shows a case where we're currently _not_ getting
the right flow.
 2021-02-03 22:43:21 +01:00
Taus Brock-Nannestad
ba98b08001 Python: Further elaboration of use/3 2021-02-03 22:31:33 +01:00
Taus Brock-Nannestad
ebfb1faf77 Python: Autoformat 2021-02-03 22:26:46 +01:00
Rasmus Lerchedahl Petersen
a7ca065411 Python: Fix ForTarget 2021-02-03 22:14:15 +01:00
yoff
b5633625b3 Update python/ql/src/semmle/python/dataflow/new/internal/DataFlowPrivate.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-02-03 21:56:03 +01:00
Tamas Vajk
cccca879d9 C#: Add initial DB scheme 2021-02-03 21:52:00 +01:00
Taus
56515c5708 Python: Improve documentation for moduleImport 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-02-03 21:29:15 +01:00
Tom Hvitved
cf860f1dac Merge pull request #5071 from hvitved/csharp/ssa/uncertain-reads 
C#: Move uncertain-read logic into shared SSA implementation
 2021-02-03 20:27:45 +01:00
Taus Brock-Nannestad
05f290f734 Python: Better explanation in use/3 2021-02-03 19:52:40 +01:00
Taus Brock-Nannestad
c5d6792c1e Python: Make toString abstract 2021-02-03 19:52:40 +01:00
Taus Brock-Nannestad
6ce160c51c Python: Use call instead of invocation 2021-02-03 19:52:40 +01:00
luchua-bc
724c3e00e0 Update help file 2021-02-03 16:45:15 +00:00
Rasmus Wriedt Larsen
93f91d8746 Python: Apply suggestions from code review 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2021-02-03 17:44:04 +01:00
Taus Brock-Nannestad
3fafb47b16 Python: Fix global flow 
A slightly odd fix, but still morally okay, I think. The main issue
here was that global variables have their first occurrence in an inner
scope inside a so-called "scope entry definition", that then
subsequently flows to the first use of this variable. This meant that
that first use was _not_ a `LocalSourceNode` (since _something_ flowed
into it), and this blocked `trackUseNode` from type-tracking to it (as
it expects all nodes to be `LocalSourceNode`s).

The answer, then, is to say that a `LocalSourceNode` is simply one
that doesn't have flow to it from _any `CfgNode`_ (through one or more
steps). This disregards the flow from the scope entry definition, as
that is flow from an `EssaNode`.

Additionally, it makes sense to exclude `ModuleVariableNode`s. These
should never be considered local sources, since they always have flow
from (at least) the place where the corresponding global variable is
introduced.
 2021-02-03 16:41:22 +01:00
Mathias Vorreiter Pedersen
8cf8b704c5 C++: Add more indirection flow in dataflow models. Also revert the additions to DataFlowUtil added in #5035 as they can add too much flow. 2021-02-03 16:16:48 +01:00
Anders Schack-Mulligen
40d02e7e32 Merge pull request #4926 from luchua-bc/java/insufficient-key-size 
Java: Query to detect weak encryption: insufficient key size
 2021-02-03 15:16:10 +01:00
Anders Schack-Mulligen
0df7e9fa4e Merge pull request #4989 from lcartey/lcartey/spring-inheritence-improvements 
Java: Track taint through Spring Java bean getters on super types
 2021-02-03 15:06:03 +01:00
Jonas Jensen
e3bdebf7a0 Merge pull request #5077 from jbj/revert-nested-fields 
C++: Revert #4784
 2021-02-03 14:07:28 +01:00
Rasmus Wriedt Larsen
2453a25833 Update docs/ql-style-guide.md 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-02-03 13:42:08 +01:00
Rasmus Wriedt Larsen
0ea7aa54f9 Update CodeQL Style guide to mention acronyms 
Adding this after asking how to do this internally. Is based on https://dart.dev/guides/language/effective-dart/style#do-capitalize-acronyms-and-abbreviations-longer-than-two-letters-like-words
 2021-02-03 13:31:26 +01:00
luchua-bc
2ace10fcdf Use PostUpdateNode for wrapper method calls 2021-02-03 12:21:31 +00:00
Erik Krogh Kristensen
d016ba2252 rename name dataflow configuration in js/template-object-injection 2021-02-03 12:29:23 +01:00
Erik Krogh Kristensen
a5bde53bfe use the TaintedObject library in js/template-object-injection 2021-02-03 12:26:37 +01:00
Erik Krogh Kristensen
c6a22844e2 add test for js/template-object-injection 2021-02-03 12:16:57 +01:00
Tom Hvitved
a45c415c5b Merge pull request #5067 from hvitved/csharp/cfg/patterns 
C#: Adjust CFG for `{Recursive,Positional,Property}PatternExpr`
 2021-02-03 12:09:39 +01:00
CaptainFreak
12ee497485 move query to src, rename and refactor 2021-02-03 15:48:02 +05:30
Mathias Vorreiter Pedersen
691a316460 C++: Add tests to cpp/unsigned-difference-expression-compared-zero and remove a couple of classes of FPs. 2021-02-03 11:10:57 +01:00
Jonas Jensen
064568c36d Revert "Merge pull request #4784 from MathiasVP/mathiasvp/reverse-read-take-3" 
This reverts commit 1b3d69d617, reversing
changes made to 527c41520e.
 2021-02-03 08:49:37 +01:00
CodeQL CI
653c900d62 Merge pull request #4987 from erik-krogh/defensiveFunctions 
Approved by esbena
 2021-02-02 14:47:23 -08:00
Erik Krogh Kristensen
c51e951d1e add change note 2021-02-02 22:51:03 +01:00
CodeQL CI
209fe8d7e5 Merge pull request #5049 from erik-krogh/singleQuote 
Approved by esbena
 2021-02-02 13:48:42 -08:00
Taus Brock-Nannestad
e4c3544a3f Python: Add support for from foo.bar import baz 
This turned out to be fairly simple. Given an import such as
```python
from foo.bar.baz import quux
```
we create an API-graph node for each valid dotted prefix of
`foo.bar.baz`, i.e. `foo`, `foo.bar`, and `foo.bar.baz`. For these, we
then insert nodes in the API graph, such that `foo` steps to `foo.bar`
along an edge labeled `bar`, etc.

Finally, we only allow undotted names to hang off of the API-graph
root. Thus, `foo` will have a `moduleImport` edge off of the root, and
a `getMember` edge for `bar` (which in turn has a `getMember` edge for
`baz`).

Relative imports are explicitly ignored.

Finally, this commit also adds inline tests for a variety of ways of
importing modules, including a copy of the "import-helper" tests (with
a few modifications to allow a single annotation per line, as these
get rather long quickly!).
 2021-02-02 21:59:33 +01:00
luchua-bc
3151aeff48 Enhance the query 2021-02-02 18:26:29 +00:00
Geoffrey White
047cd2b706 Merge pull request #5074 from MathiasVP/strnextc-model-implementation 
C++: Implement a model for _strnextc and its variants
 2021-02-02 16:45:16 +00:00
luchua-bc
5e3b6fa341 Update qldoc 2021-02-02 16:20:39 +00:00