hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-22 10:52:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,651 Commits 1,685 Branches 158 Tags
codeql-cli/v2.5.2
Commit Graph

21651 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
96d1fc8c0b Python: Fix iterable-unpacking taint CP 
When running ql/python/ql/src/Security/CWE-079/ReflectedXss.ql against the
database for flask.

Iitially there were 10 million result-tuples for iterable_unpacking_descent.

With this change, we're down to roughly 2100,
 2020-03-26 16:42:48 +01:00
Calum Grant
71e0dc087b C#: General code tidy. 2020-03-26 15:35:31 +00:00
Erik Krogh Kristensen
6b507c6933 add urlSuffix support to DomBasedXSS 2020-03-26 15:47:59 +01:00
Erik Krogh Kristensen
a850616927 delete Xss.actual 2020-03-26 15:40:37 +01:00
Erik Krogh Kristensen
e2d2c2341e autoformat and update expected output 2020-03-26 15:38:00 +01:00
Erik Krogh Kristensen
baf50c832c more precise charpreds in taint steps 2020-03-26 15:30:43 +01:00
Philip Ginsbach
71c588a74f information on version support 2020-03-26 14:15:29 +00:00
Tom Hvitved
a8660d446e C#: Fix typo 2020-03-26 14:54:03 +01:00
Philip Ginsbach
f4a1479d33 sentence about semantics 2020-03-26 12:49:09 +00:00
Philip Ginsbach
783cee30c4 mention set literals in the specification 2020-03-26 12:21:38 +00:00
Asger Feldthaus
816968d102 JS: Rename test files to avoid clash 2020-03-26 11:59:57 +00:00
Tom Hvitved
db8d61c3be C#: Remove compiler warning in Remote.qll 2020-03-26 12:26:17 +01:00
Jonas Jensen
08c53d4a61 C++: Clean up the ParameterNode class tree 
The new names are chosen to align with Java's `DataFlowUtil.qll`.
 2020-03-26 11:57:53 +01:00
Mathias Vorreiter Pedersen
a43abaaed9 Merge branch 'master' into ir-flow-fields 2020-03-26 11:51:07 +01:00
Mathias Vorreiter Pedersen
c6c613840a C++: Removed toString from PostUpdateNodes. They were more confusing than helpful 2020-03-26 11:43:40 +01:00
Mathias Vorreiter Pedersen
fbef146a49 C++: Remove PositionalArgumentWithoutWriteSideEffectNode (since not all arguments need a PostUpdateNode). Also generalized the added flow rule in simpleLocalFlowStep since there isn't always a ChiInstruction - for instance of it's a write to a struct that only has a single field. 2020-03-26 11:39:20 +01:00
Jonas Jensen
4f068685e1 C++: Add AssignExpr + Initializer to lib overview 2020-03-26 10:49:03 +01:00
yo-h
0f70da2258 Merge pull request #3105 from aschackmull/java/postupdate-jump 
Java: Fix missing jump step from PostUpdate to capture.
 2020-03-25 22:05:30 -04:00
Robert Marsh
e6cdbb9bd2 Merge pull request #3121 from dbartol/dbartol/ir-generate-all-fixup 
C++: Late fix for PR feedback
 2020-03-25 17:58:01 -07:00
Erik Krogh Kristensen
1cefa12315 update expected output 2020-03-25 23:54:57 +01:00
Erik Krogh Kristensen
8f45c8fe83 use LoadStoreStep for type-tracking promises 2020-03-25 23:54:57 +01:00
Erik Krogh Kristensen
1a2983fe39 support small steps for promise tracking 2020-03-25 23:54:57 +01:00
Erik Krogh Kristensen
00181e059b add tests for type-tracking promises 2020-03-25 23:54:56 +01:00
Erik Krogh Kristensen
9a78d38df0 add a new LoadStoreStep as a StepSummary for TypeTracking 2020-03-25 23:54:56 +01:00
semmle-qlci
e7fd97e72b Merge pull request #3119 from erik-krogh/SockJS 
Approved by esbena
 2020-03-25 21:36:29 +00:00
Tom Hvitved
95b6f6aee0 C#: Add change note 2020-03-25 20:05:39 +01:00
Tom Hvitved
54677189de C#: Introduce RemoteFlowSink class 2020-03-25 20:05:39 +01:00
Tom Hvitved
142737dc61 C#: Move HtmlSinks from XSS.qll into separate file 2020-03-25 20:05:39 +01:00
Tom Hvitved
fddbce0b7b C#: Move all predefined sources and sinks into security/dataflow/flow{sinks,sources} 2020-03-25 20:05:39 +01:00
Erik Krogh Kristensen
4b0bc6b2b3 autoformat 2020-03-25 19:47:41 +01:00
Dave Bartolomeo
f981ce6be4 Merge pull request #3122 from jbj/getParameter-docs 
C++: Improve QLDoc for Function.getParameter
 2020-03-25 12:59:28 -04:00
Calum Grant
87970337ae C#: Improvements to buildless extraction, particularly for .NET Core. 2020-03-25 15:27:48 +00:00
Jonas Jensen
b622d62d3c C++: Wire up param/arg indirections in data flow 2020-03-25 15:23:43 +01:00
Jonas Jensen
bc3bdbb11b C++: Improve QLDoc for Function.getParameter 2020-03-25 15:21:24 +01:00
Dave Bartolomeo
1edd492abf C++: Late fix for PR feedback 
I missed this suggestion before I merged the original PR. Fixing it now before I forget.
 2020-03-25 10:10:30 -04:00
Asger Feldthaus
ad1e0ec50b JS: Inline variable again 2020-03-25 14:01:33 +00:00
Dave Bartolomeo
376779421d Merge pull request #2975 from rdmarsh2/printir-generate-all 
C++/C#: generate IR for funcs excluded in PrintIR
 2020-03-25 09:45:02 -04:00
Tom Hvitved
7ac25d2439 C#: Add more tests for cs/information-exposure-through-exception 2020-03-25 14:33:49 +01:00
Asger Feldthaus
54021a1c30 JS: Update old entry point and add a test 2020-03-25 13:24:18 +00:00
Asger Feldthaus
a78f1b864b JS: Fix trailing whitespace 2020-03-25 12:45:48 +00:00
Asger Feldthaus
6c9e35c22e JS: Skip .js files with a same-named .ts file next to it 2020-03-25 12:45:37 +00:00
semmle-qlci
cf5b1f0cd5 Merge pull request #3019 from erik-krogh/ArrayStep 
Approved by asgerf
 2020-03-25 12:08:44 +00:00
Erik Krogh Kristensen
abcdfe3c53 use LibraryName class for websocket library names 2020-03-25 13:06:21 +01:00
Rasmus Wriedt Larsen
dc9dbf3682 Python: Autoformat 2020-03-25 11:56:18 +01:00
Jonas Jensen
2b2667aef7 Merge remote-tracking branch 'upstream/master' into detect-conflated-memory 
Conflicts:
	cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/IRSanity.qll
	cpp/ql/src/semmle/code/cpp/ir/implementation/raw/IRSanity.qll
	cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/IRSanity.qll
	cpp/ql/test/library-tests/ir/ir/aliased_ssa_sanity.expected
	cpp/ql/test/library-tests/ir/ir/aliased_ssa_sanity_unsound.expected
	cpp/ql/test/library-tests/ir/ir/raw_sanity.expected
	cpp/ql/test/library-tests/ir/ir/unaliased_ssa_sanity.expected
	cpp/ql/test/library-tests/ir/ir/unaliased_ssa_sanity_unsound.expected
	cpp/ql/test/library-tests/ir/ssa/aliased_ssa_sanity.expected
	cpp/ql/test/library-tests/ir/ssa/aliased_ssa_sanity_unsound.expected
	cpp/ql/test/library-tests/ir/ssa/unaliased_ssa_sanity.expected
	cpp/ql/test/library-tests/ir/ssa/unaliased_ssa_sanity_unsound.expected
	cpp/ql/test/library-tests/syntax-zoo/aliased_ssa_sanity.expected
	cpp/ql/test/library-tests/syntax-zoo/raw_sanity.expected
	cpp/ql/test/library-tests/syntax-zoo/unaliased_ssa_sanity.expected
	csharp/ql/src/semmle/code/csharp/ir/implementation/raw/IRSanity.qll
	csharp/ql/src/semmle/code/csharp/ir/implementation/unaliased_ssa/IRSanity.qll
	csharp/ql/test/library-tests/ir/ir/raw_ir_sanity.expected
	csharp/ql/test/library-tests/ir/ir/unaliased_ssa_sanity.expected
 2020-03-25 11:55:39 +01:00
Rasmus Wriedt Larsen
12c6997e7b Python: Reduce result set in custom taint sanitizer 2020-03-25 11:55:29 +01:00
Erik Krogh Kristensen
f7faaa634f change-note 2020-03-25 11:37:39 +01:00
semmle-qlci
a413a3254b Merge pull request #3114 from RasmusWL/python-add-fp-for-non-callable 
Approved by tausbn
 2020-03-25 10:34:50 +00:00
semmle-qlci
ac7c74dcee Merge pull request #3111 from RasmusWL/python-fabric-command-injection 
Approved by BekaValentine
 2020-03-25 10:07:33 +00:00
Mathias Vorreiter Pedersen
ae076da517 Merge pull request #3112 from dbartol/codeql-c-analysis/34-Bad-Overlap 
C++/C#: Fix invalid overlap
 2020-03-25 10:40:39 +01:00