hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-01 08:42:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
20,350 Commits 1,673 Branches 157 Tags
codeql-cli/v2.4.5
Commit Graph

20350 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
luchua-bc
f5f7259937 Revamp the query to implement AdditionalTaintStep 2020-10-23 12:00:36 +01:00
luchua-bc
3c5c8494b1 Refine the query to check intents coming from outside only 2020-10-23 11:58:16 +01:00
luchua-bc
f86413a9b5 text changes 2020-10-23 11:58:12 +01:00
Bt2018
2ddeb0b169 Add method access qualifier as source 2020-10-23 11:57:02 +01:00
luchua-bc
f5ca459795 Add remote source of Android intent extra 2020-10-23 11:57:01 +01:00
Jonas Jensen
08bf464437 Merge pull request #4540 from criemen/printast-performance 
C++: Improve PrintAST performance if only individual files are printed
 2020-10-23 12:46:34 +02:00
Rasmus Wriedt Larsen
ae60ac211b Python: Annotate django v1 routing tests 
Again need to remove trailing $, since inline-expectation tests still don't
handle $
 2020-10-23 12:05:05 +02:00
Rasmus Wriedt Larsen
78ab637b54 Python: Port django v1 tests 2020-10-23 12:00:27 +02:00
Rasmus Lerchedahl Petersen
f88cc3c98e Python: Use custom PathGraph 2020-10-23 01:10:21 +02:00
Rasmus Wriedt Larsen
41ec4f8166 Python: Use FlaskModel as workaround name 
As suggested by Taus 👍
 2020-10-22 19:13:26 +02:00
Dave Bartolomeo
99072483b8 Fix PR feedback 2020-10-22 12:55:40 -04:00
Dave Bartolomeo
b62bda6c3a Fix regression due to primary instructions for side effects not being computed correctly in the presence of synthetic temporary objects. 2020-10-22 12:55:30 -04:00
Cornelius Riemenschneider
6b072686ab C++: Improve PrintAST performance. 
This improves the performance of the printAst.ql query by excluding a lot of string concatenations that happen in files unrelated to the one the user is interested in printing.
This is supposed to help the performance of the AST Viewer on bigger databases.
 2020-10-22 16:38:52 +02:00
Mathias Vorreiter Pedersen
a1b59e2d6c Merge pull request #4538 from geoffw0/taintbug 
C++: Add taint test for memcpy-ing into a vector
 2020-10-22 16:05:56 +02:00
Mathias Vorreiter Pedersen
90c027f291 Merge pull request #4532 from geoffw0/wrongtypeformaterr 
C++: Harden queries against ErroneousType
 2020-10-22 14:21:14 +02:00
Geoffrey White
ceea947f5e C++: Add another test case. 2020-10-22 12:41:23 +01:00
Mathias Vorreiter Pedersen
d0dd71ba10 Apply suggestions from code review 
Co-authored-by: hubwriter <54933897+hubwriter@users.noreply.github.com>
 2020-10-22 12:53:35 +02:00
Rasmus Lerchedahl Petersen
8ce5f41366 Python: Fix source of second part of path 2020-10-22 12:20:50 +02:00
Rasmus Lerchedahl Petersen
8549c9cfde Python: Rewrite logic to split on nomalization 2020-10-22 11:35:55 +02:00
Rasmus Lerchedahl Petersen
391925532d Python: PathCheck StartswithCall 
Should this use `Value::named`?
 2020-10-22 11:34:07 +02:00
Rasmus Lerchedahl Petersen
6e361c7793 Python: Make PathCheck a BarrierGuard 2020-10-22 11:32:18 +02:00
Calum Grant
7544bc872a Merge pull request #3974 from owen-mc/docs/query-classification-and-display 
Docs: Query classification and display
 2020-10-22 10:01:19 +01:00
Geoffrey White
3cca8443f8 C++: Add memcpy(vector test. 2020-10-22 09:46:07 +01:00
Geoffrey White
227bf91626 C++: Correct test annotation. 2020-10-22 09:45:09 +01:00
Erik Krogh Kristensen
e89e99deaa Merge pull request #4461 from erik-krogh/pyPrint 
Python: implement printAst for Python
 2020-10-22 09:37:10 +02:00
Dave Bartolomeo
f7eeadadd9 Accept more diffs 2020-10-21 18:37:49 -04:00
Dave Bartolomeo
1de1ab65b7 Merge remote-tracking branch 'upstream/main' into work 2020-10-21 18:22:55 -04:00
Dave Bartolomeo
5259f86e32 Accept diff (needs further investigation, though) 2020-10-21 18:06:34 -04:00
Rasmus Lerchedahl Petersen
f8dba85e0f Python: PathNormalization os.path.normpath 2020-10-21 22:21:40 +02:00
Rasmus Lerchedahl Petersen
17273dd27e Python: Add FileSystemAccess open 2020-10-21 22:01:49 +02:00
Rasmus Lerchedahl Petersen
4570c29a11 Python: port query 2020-10-21 21:40:42 +02:00
Rasmus Lerchedahl Petersen
eb5ed23354 Python: Add TaintTracking2 2020-10-21 21:39:50 +02:00
Rasmus Lerchedahl Petersen
da77cbb3d0 Python: concepts PathCheck and PathNormalization 
Should they be in a module?
 2020-10-21 21:37:43 +02:00
Cornelius Riemenschneider
9388448053 C++: Extend jump-to-def support to template instantiations. 
This commit extends developers ability to use jump-to-def in C/C++ files opened in the VSCode extension.
Before, jump-to-def starting with code in a template instantiation did not work.

Furthermore, this fixes a bug, as the list of all references of a location did not include template instantiations.
 2020-10-21 21:35:38 +02:00
Robert Marsh
1a365d2098 C++: remove InitializeNonLocalInstruction from IR 
Instead, have AliasedDefinition initialize read-only nonlocal memory
 2020-10-21 12:12:38 -07:00
Rasmus Wriedt Larsen
278c071fe6 Python: Modernise werkzeug FileStorage modeling 2020-10-21 20:36:40 +02:00
Rasmus Wriedt Larsen
d0fdb542e5 Python: Modernise werkzeug MultiDict modeling 2020-10-21 20:30:20 +02:00
Rasmus Wriedt Larsen
b6bd70a5da Python: Modernise flask library modeling 
Two interesting things happened while doing this:

1. I found out that you can't use the same name to define a submodule as any
parent module. So we need give unique names to the top-level module, and the
module for modeling the `flask.Flask` class. I randomly choose a new name for
the top-level module to get things moving (and not be stuck in bikeshedding
forever).

2. With this new setup, I wanted to expose the `route` and `add_url_rule`
methods on instances of `flask.Flask`. It wasn't quite obvious how to do so. I
simply lumped them next to `classRef()` and `instance()`, without too much
care. I did consider putting them inside a `instance` module, which would allow
you to access them by `flask::Flask::instance::route()`, but I wasn't quite
sure, and just did something easy to get moving.
 2020-10-21 20:30:14 +02:00
Rasmus Wriedt Larsen
62d665ecb3 Python: Fix shared QLDoc for InstanceSource 2020-10-21 19:55:40 +02:00
Rasmus Wriedt Larsen
047a326183 Python: Remove reference to old PR 
These have been added to internal tracking issue instead
 2020-10-21 19:53:25 +02:00
Dave Bartolomeo
ee18db7b36 Fix IR for member accesses on prvalues 
This fixes the IR generation for member accesses where the qualifier is a prvalue that is _not_ the load of a `TemporaryObjectExpr`. We synthesize a temporary variable during IR generation instead. It fits into the IR construction code at the same spot as `TranslatedLoad`, since it's basically the opposite of `TranslatedLoad` (prvalue->glvalue instead of vice versa). Note that array prvalues require special treatment.

This fixes some consistency errors in the `syntax-zoo`. It introduces three new ones in `dataflow-ir-consistency.expected`, but those are along the same lines as tons of existing failures.
 2020-10-21 13:32:15 -04:00
Rasmus Lerchedahl Petersen
2e8cbbd866 Python: Add concept FileSystemAccess 2020-10-21 17:35:21 +02:00
Mathias Vorreiter Pedersen
056a553976 C++: Fix broken qhelp links 2020-10-21 17:26:46 +02:00
Aditya Sharad
9ff5142529 Merge pull request #4525 from adityasharad/js/autobuild-github-hidden-folder 
JavaScript: Include .github hidden folders in autobuild
 2020-10-21 07:10:42 -07:00
Rasmus Wriedt Larsen
a6abee9b3a Merge pull request #4476 from yoff/python-port-sql-injection 
Python: Port SqlInjection
 2020-10-21 15:55:19 +02:00
Geoffrey White
678e769553 C++: Change note. 2020-10-21 14:52:43 +01:00
Geoffrey White
d97f03c2be C++: Exclude error types from NonPortablePrintf. 2020-10-21 14:51:52 +01:00
yoff
ea4ea6b3e6 Merge pull request #4529 from tausbn/python-remove-cartesian-product-in-tkwoverflownode 
Python: Remove bad join in `getCallableScope`
 2020-10-21 15:36:38 +02:00
Rasmus Lerchedahl Petersen
060481053a Python: Add note about incompleteness 
I was going to do this in an issue, but it makes sense
to have it in the code. We could still add an issue as well.
 2020-10-21 15:15:19 +02:00
Rasmus Lerchedahl Petersen
c57c798bfa Python: Add TODO 2020-10-21 15:10:40 +02:00