hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-07 03:30:24 +01:00
Code Issues Packages Projects Releases Wiki Activity
20,357 Commits 1,676 Branches 157 Tags
codeql-cli/v2.4.6
Commit Graph

20357 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
282d3e8f7e Merge pull request #4322 from jbj/range-analysis-custom-defs 
C++: Support custom defs in SimpleRangeAnalysis
 2020-09-30 15:43:32 +01:00
Taus
32bf7d6bdf Merge pull request #4256 from fatenhealy/Noblowfish 
CWE-327 BrokenCryptoAlgorithm recommendation to AES instead of Blowfish
 2020-09-30 16:15:46 +02:00
Rasmus Lerchedahl Petersen
b0ed7af897 Python: Approximate **arg -> **param 2020-09-30 15:54:12 +02:00
Rasmus Lerchedahl Petersen
4ae422ce16 Python: Add test for extraneous overflow arguments 2020-09-30 15:28:29 +02:00
Erik Krogh Kristensen
bfb653a34a rename getAReference to getAnImmediateUse 2020-09-30 15:15:49 +02:00
Erik Krogh Kristensen
eb973b39fe Update javascript/ql/src/semmle/javascript/frameworks/SQL.qll 
Co-authored-by: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-09-30 15:12:17 +02:00
Arthur Baars
cf6036f9b4 Java: fix some android database sinks 2020-09-30 14:42:19 +02:00
Rasmus Wriedt Larsen
f501003879 Design Patterns: Recommend this = range for ::Range pattern 2020-09-30 14:28:08 +02:00
Faten Healy
03d8fc7296 changed to AES 2020-09-30 22:18:36 +10:00
Jonas Jensen
3af3d87ecd C++: Change note for several range-analysis PRs 2020-09-30 13:52:23 +02:00
Erik Krogh Kristensen
d316cb512e deprecate exports and replace uses with the new getAnExportedValue 2020-09-30 13:46:28 +02:00
Rasmus Wriedt Larsen
4adc26eb62 Python: Fix command injection example code 
`subprocess.Popen(["ls", "-la"], shell=True)` correspond to running `sh -c "ls" -la`

So it doesn't follow the pattern of the rest of the test file.
 2020-09-30 13:38:37 +02:00
Taus
d694777894 Merge pull request #4369 from RasmusWL/python-ospathjoin-taintstep 
Python: Add taint-step for os.path.join
 2020-09-30 13:35:16 +02:00
Erik Krogh Kristensen
b24e959033 add getAnInvocation to the ApiGraphs API 2020-09-30 13:33:36 +02:00
Rasmus Wriedt Larsen
9c1253c8af Python: Remove flow out of CommandInjection sinks 2020-09-30 13:29:40 +02:00
Erik Krogh Kristensen
b720bfdd11 Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2020-09-30 13:26:51 +02:00
Rasmus Lerchedahl Petersen
00966bba0d Python: update test expectations 2020-09-30 13:11:23 +02:00
Rasmus Wriedt Larsen
a2d12f0440 Python: Update CommandInjection.expected 2020-09-30 13:00:10 +02:00
Jonas Jensen
b1c826e5c0 Merge pull request #4135 from rdmarsh2/rdmarsh2/cpp/output-iterators-1 
C++: Output iterators in AST taint tracking
 2020-09-30 12:54:55 +02:00
Arthur Baars
061c2a754f Java: tests for android database flow steps 2020-09-30 12:42:19 +02:00
Arthur Baars
a13e845127 Java: tests for android database sinks 2020-09-30 12:42:19 +02:00
Arthur Baars
39f5284dcc Java: add stubs for some android database classes 2020-09-30 12:33:33 +02:00
Arthur Baars
449fb24ef6 Java: android add taint and SQL sink for ContentProvider/Resolver 2020-09-30 12:33:32 +02:00
Arthur Baars
efd5b6ff66 Java: SQLite: make classes private 2020-09-30 12:32:27 +02:00
Arthur Baars
28c965765b Move query sinks into SQLite.qll 2020-09-30 12:32:27 +02:00
Arthur Baars
b3aae276ba Add types to SQLite.qll 2020-09-30 12:32:24 +02:00
Arthur Baars
6db4f839cb Java: add Android database taint and SQL injection sinks 2020-09-30 12:31:11 +02:00
Rasmus Lerchedahl Petersen
30d048f9d4 Python: Support unpacking of keyword arguments. 2020-09-30 11:55:27 +02:00
Rasmus Lerchedahl Petersen
e02cfbf6b0 Python: Support keyword overflow arguments 2020-09-30 11:55:27 +02:00
Rasmus Lerchedahl Petersen
27af9bbae8 Python: Support overflow positional arguments 
Currently ignoring starred arguments
 2020-09-30 11:55:26 +02:00
Rasmus Lerchedahl Petersen
8f2ef94b3e Python: Hook up keyword arguments 2020-09-30 11:55:26 +02:00
Rasmus Lerchedahl Petersen
f5244aab8c Python: Add testfiles 2020-09-30 11:54:40 +02:00
Rasmus Wriedt Larsen
1595fed2d6 Python: Add preliminary taint tests for pathlib 2020-09-30 11:44:37 +02:00
Rasmus Wriedt Larsen
0542c3b91e Python: Model os.path.join and add taint-step 2020-09-30 11:42:36 +02:00
Rasmus Wriedt Larsen
efa2484718 Python: Add taint test for os.path.join 
Surprisingly the first two just worked, due to our very general handling of any
`join` methods :D
 2020-09-30 11:35:21 +02:00
Rasmus Wriedt Larsen
aa6fad558c Python: Minor cleanup in taint-step tests 2020-09-30 11:15:53 +02:00
Erik Krogh Kristensen
e0b25798ff remove type-tracking from getAReference, and rewrite qldocs 2020-09-30 10:36:08 +02:00
Rasmus Wriedt Larsen
b3efa28277 Merge branch 'main' into python-command-execution-modeling 2020-09-30 10:24:11 +02:00
Jonas Jensen
68f6d93325 C++: Autoformat fixup 2020-09-30 09:49:56 +02:00
Anders Schack-Mulligen
8d4f7e2db7 Merge pull request #4366 from joefarebrother/field-rvalue-lvalue 
Java: Make `FieldRead` and `FieldWrite` extend `RValue` and `LValue`
 2020-09-30 07:55:24 +02:00
Ian Lynagh
d5f8cbc50c C++: Accept test changes in unnamed entity naming 2020-09-29 17:30:33 +01:00
Erik Krogh Kristensen
65441705ef renamings based on review 2020-09-29 18:23:10 +02:00
Erik Krogh Kristensen
c3f5a6dcac introduce API::Node::getACall() 2020-09-29 18:23:10 +02:00
Erik Krogh Kristensen
69f4ac25c4 renamings based on review 2020-09-29 18:23:10 +02:00
Erik Krogh Kristensen
1596436f7e rename getASourceUse to getAReference 2020-09-29 18:23:10 +02:00
Erik Krogh Kristensen
adc05022f3 update comment in test case 
Co-authored-by: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-09-29 18:21:41 +02:00
Joe
be07d27a4c Java: Improve tests 2020-09-29 16:36:34 +01:00
Erik Krogh Kristensen
3857331657 avoid .getReturn().getAUse().(DataFlow::InvokeNode) in the SQL model 2020-09-29 17:08:09 +02:00
Erik Krogh Kristensen
deae9256dd add convenience method to API graphs 2020-09-29 17:08:00 +02:00
Joe
efc3a25237 Java: Don't pass taint through the format methods of Console 2020-09-29 16:02:51 +01:00