hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-27 22:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
20,357 Commits 1,673 Branches 157 Tags
codeql-cli/v2.4.6
Commit Graph

20357 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Taus Brock-Nannestad
f241dbabab Python: Clean up query a bit 2021-02-23 22:33:18 +01:00
Taus Brock-Nannestad
002d0fe565 Python: Port missing host key query 2021-02-23 22:26:03 +01:00
Taus Brock-Nannestad
e812eb777d Python: Port URL sanitisation queries to API graphs 
Really, this boils down to "Port `re` library model to use API graphs
instead of points-to", which is what this PR actually does.

Instead of using points-to to track flags, we use a type tracker. To
handle multiple flags at the same time, we add additional flow from

`x` to `x | y` and `y | x`

and, as an added bonus, the above with `+` instead of `|`, neatly
fixing https://github.com/github/codeql/issues/4707

I had to modify the `Qualified.ql` test slightly, as it now had a
result stemming from the standard library (in `warnings.py`) that
points-to previously ignored.

It might be possible to implement this as a type tracker on
`LocalSourceNode`s, but with the added steps for the above operations,
this was not obvious to me, and so I opted for the simpler
"`smallstep`" variant.
 2021-02-23 22:02:35 +01:00
Rasmus Wriedt Larsen
358ade67e5 Merge pull request #5248 from tausbn/python-port-insecure-temporary-file 
Python: Port `py/insecure-temporary-file`
 2021-02-23 21:37:59 +01:00
Tamás Vajk
91928fa098 Merge pull request #5220 from tamasvajk/feature/limit-codescanning-csharp 
Limit C# codeql analysis to the csharp folder
 2021-02-23 21:05:38 +01:00
Tamás Vajk
e6532cbd75 Merge pull request #4695 from tamasvajk/feature/csharp9-with-expr 
C#: Extract 'with' expressions
 2021-02-23 21:04:51 +01:00
Geoffrey White
431a004127 C++: QLDoc. 2021-02-23 19:10:03 +00:00
Taus Brock-Nannestad
b8ce5e969e Python: Port py/insecure-temporary-file 2021-02-23 20:02:22 +01:00
yoff
9eed17f647 Merge pull request #5152 from RasmusWL/improve-pyyaml-support 
Python: Improve pyyaml support
 2021-02-23 19:58:04 +01:00
CodeQL CI
c5ae8d2c53 Merge pull request #5210 from erik-krogh/barrierPerf 
Approved by asgerf
 2021-02-23 07:29:27 -08:00
luchua-bc
56e3b301e9 Resolve ambiguous method access 2021-02-23 15:18:07 +00:00
luchua-bc
45f9125bfa Update test program 2021-02-23 14:41:44 +00:00
luchua-bc
9eb8ec7da5 Create a separate file for EJB check 2021-02-23 14:38:15 +00:00
Rasmus Wriedt Larsen
6e2445cce6 Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-02-23 15:19:29 +01:00
Rasmus Wriedt Larsen
42de872bfa Python: Add INTERNAL annotation to Response::InstanceSource 
Since we need to reserve the flexibility to change this setup within the next
few months, we don't want to commit to keeping this extension point around for
the 12 months that the normal API deprecation cycle requires.
 2021-02-23 15:10:58 +01:00
Rasmus Wriedt Larsen
8ebedf26d2 Python: Add comment for MethodView being known subclass 2021-02-23 15:08:07 +01:00
Anders Schack-Mulligen
b1bed2731d Merge pull request #5172 from smowton/smowton/feature/commons-strbuilder 
Java: Add support for commons-lang's StrBuilder class
 2021-02-23 14:39:11 +01:00
Asger Feldthaus
c58947d3e6 JS: Refactor Vue::Instance to lead to better join orders 2021-02-23 13:13:59 +00:00
Tom Hvitved
bed66203c1 C#: Use shared SSA implementation for BaseSsa 2021-02-23 14:06:27 +01:00
Tom Hvitved
b0ee508f10 C#: Use shared SSA implementation for PreSsa 2021-02-23 14:06:27 +01:00
Tom Hvitved
d8792f2f7f C#: Fix bug in BaseSSA::reachesEndOf/3 2021-02-23 14:06:27 +01:00
Taus
53711dc82f Merge pull request #5238 from RasmusWL/no-flow-default-value 
Python: Highlight missing flow from default value in functions
 2021-02-23 13:27:41 +01:00
CodeQL CI
3f7f963ed5 Merge pull request #5227 from erik-krogh/infTest 
Approved by asgerf
 2021-02-23 04:03:18 -08:00
Erik Krogh Kristensen
539ef49b11 change join order for SystemCommandExecutors - and use ApiGraphs::getACall 2021-02-23 12:49:25 +01:00
Erik Krogh Kristensen
56405f40b0 change join order for summarizedHigherOrderCall 2021-02-23 12:48:24 +01:00
Erik Krogh Kristensen
b3aa358177 outline callee computation - to avoid many joins on getACall 2021-02-23 12:48:20 +01:00
CodeQL CI
2551aace89 Merge pull request #5236 from asgerf/js/html-invalid-attr-name 
Approved by erik-krogh
 2021-02-23 02:03:29 -08:00
Erik Krogh Kristensen
aa6cde2fe0 remove magic from inGuard 2021-02-23 10:03:21 +01:00
Erik Krogh Kristensen
69d6df7834 make globalVarRef non recursive 2021-02-23 10:03:17 +01:00
Erik Krogh Kristensen
06091e5312 cache AstNode::getParent 2021-02-23 09:52:58 +01:00
Erik Krogh Kristensen
b4e6f92505 rearange ArrayIndexingStep to avoid #shared predicate 2021-02-23 09:52:50 +01:00
yo-h
6213c20bc3 Merge pull request #5136 from aschackmull/java/csv-models 
Java: Add support for framework modelling through csv data.
 2021-02-22 19:00:41 -05:00
CodeQL CI
73e7b54bf1 Merge pull request #5214 from tausbn/actions-add-change-note-checker 
Approved by adityasharad
 2021-02-22 11:24:51 -08:00
Geoffrey White
362c12caea Merge pull request #5217 from MathiasVP/model-bsd-sockets-part-3 
C++: Implement models for poll, accept and select
 2021-02-22 18:34:59 +00:00
Jonathan Leitschuh
ad99aa2d76 Fix typo in test output 2021-02-22 13:26:51 -05:00
Owen Mansel-Chan
110f4072fd Merge pull request #5222 from owen-mc/update-go-supported-frameworks 
Update supported go frameworks
 2021-02-22 15:49:54 +00:00
Owen Mansel-Chan
31d6dbb9da Update supported go frameworks 2021-02-22 15:38:56 +00:00
Rasmus Wriedt Larsen
e160c855ad Merge pull request #5233 from yoff/python-for-tuple-iteration 
Python: `for`-iteration of tuples
 2021-02-22 15:28:13 +01:00
luchua-bc
40df01d2cd Update qldoc and method name 2021-02-22 14:15:41 +00:00
Rasmus Wriedt Larsen
127e778970 Merge pull request #5215 from github/RasmusWL/fix-acronym-style 
Style Guide: Fix two-letter acronym
 2021-02-22 15:05:26 +01:00
Rasmus Wriedt Larsen
5249b54a9b Python: Highlight missing flow from default value in functions 
Although it is becoming non-trivial to get an overview of what tests we have and
don't have, I didn't find any that highlighted this one

I used all 3 variants of parameters, just to be sure :)
 2021-02-22 14:52:51 +01:00
CodeQL CI
0a0bdcca4d Merge pull request #5204 from erik-krogh/inGuard 
Approved by asgerf
 2021-02-22 02:52:11 -08:00
Asger F
b8e1987cad Update javascript/ql/test/query-tests/DOM/HTML/DuplicateAttributes.html 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-02-22 10:08:56 +00:00
Taus Brock-Nannestad
439f9f1d90 Actions: More cleanup 
Removes the checkout action, as this is no longer needed, and folds
the `grep` into `jq`.
 2021-02-22 11:05:54 +01:00
Asger Feldthaus
e964771e9c JS: Add test 2021-02-22 09:47:21 +00:00
Mathias Vorreiter Pedersen
f908d2f1de C++: Remove hasTaintFlow from poll and select functions. 2021-02-22 08:54:43 +01:00
Taus Brock-Nannestad
4680b25f23 Actions: Remove dependence on external actions 2021-02-21 15:14:33 +01:00
Rasmus Lerchedahl Petersen
d23a8ad016 Python: elide test output 2021-02-21 13:12:54 +01:00
Rasmus Lerchedahl Petersen
46faba69ff Python: Fix for-iteration of tuples 2021-02-21 12:41:16 +01:00
Rasmus Lerchedahl Petersen
0aecf33fe6 Python: test iteration through overflow parameters 
These are in a tuple, so the for-step does not fire
 2021-02-21 12:33:04 +01:00