hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-28 22:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,651 Commits 1,673 Branches 157 Tags
codeql-cli/v2.5.2
Commit Graph

21651 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Taus Brock-Nannestad
6ce160c51c Python: Use call instead of invocation 2021-02-03 19:52:40 +01:00
luchua-bc
724c3e00e0 Update help file 2021-02-03 16:45:15 +00:00
Rasmus Wriedt Larsen
93f91d8746 Python: Apply suggestions from code review 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2021-02-03 17:44:04 +01:00
Taus Brock-Nannestad
3fafb47b16 Python: Fix global flow 
A slightly odd fix, but still morally okay, I think. The main issue
here was that global variables have their first occurrence in an inner
scope inside a so-called "scope entry definition", that then
subsequently flows to the first use of this variable. This meant that
that first use was _not_ a `LocalSourceNode` (since _something_ flowed
into it), and this blocked `trackUseNode` from type-tracking to it (as
it expects all nodes to be `LocalSourceNode`s).

The answer, then, is to say that a `LocalSourceNode` is simply one
that doesn't have flow to it from _any `CfgNode`_ (through one or more
steps). This disregards the flow from the scope entry definition, as
that is flow from an `EssaNode`.

Additionally, it makes sense to exclude `ModuleVariableNode`s. These
should never be considered local sources, since they always have flow
from (at least) the place where the corresponding global variable is
introduced.
 2021-02-03 16:41:22 +01:00
Mathias Vorreiter Pedersen
8cf8b704c5 C++: Add more indirection flow in dataflow models. Also revert the additions to DataFlowUtil added in #5035 as they can add too much flow. 2021-02-03 16:16:48 +01:00
Anders Schack-Mulligen
40d02e7e32 Merge pull request #4926 from luchua-bc/java/insufficient-key-size 
Java: Query to detect weak encryption: insufficient key size
 2021-02-03 15:16:10 +01:00
Anders Schack-Mulligen
0df7e9fa4e Merge pull request #4989 from lcartey/lcartey/spring-inheritence-improvements 
Java: Track taint through Spring Java bean getters on super types
 2021-02-03 15:06:03 +01:00
Jonas Jensen
e3bdebf7a0 Merge pull request #5077 from jbj/revert-nested-fields 
C++: Revert #4784
 2021-02-03 14:07:28 +01:00
Rasmus Wriedt Larsen
2453a25833 Update docs/ql-style-guide.md 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-02-03 13:42:08 +01:00
Rasmus Wriedt Larsen
0ea7aa54f9 Update CodeQL Style guide to mention acronyms 
Adding this after asking how to do this internally. Is based on https://dart.dev/guides/language/effective-dart/style#do-capitalize-acronyms-and-abbreviations-longer-than-two-letters-like-words
 2021-02-03 13:31:26 +01:00
luchua-bc
2ace10fcdf Use PostUpdateNode for wrapper method calls 2021-02-03 12:21:31 +00:00
Erik Krogh Kristensen
d016ba2252 rename name dataflow configuration in js/template-object-injection 2021-02-03 12:29:23 +01:00
Erik Krogh Kristensen
a5bde53bfe use the TaintedObject library in js/template-object-injection 2021-02-03 12:26:37 +01:00
Erik Krogh Kristensen
c6a22844e2 add test for js/template-object-injection 2021-02-03 12:16:57 +01:00
Tom Hvitved
a45c415c5b Merge pull request #5067 from hvitved/csharp/cfg/patterns 
C#: Adjust CFG for `{Recursive,Positional,Property}PatternExpr`
 2021-02-03 12:09:39 +01:00
CaptainFreak
12ee497485 move query to src, rename and refactor 2021-02-03 15:48:02 +05:30
Mathias Vorreiter Pedersen
691a316460 C++: Add tests to cpp/unsigned-difference-expression-compared-zero and remove a couple of classes of FPs. 2021-02-03 11:10:57 +01:00
Jonas Jensen
064568c36d Revert "Merge pull request #4784 from MathiasVP/mathiasvp/reverse-read-take-3" 
This reverts commit 1b3d69d617, reversing
changes made to 527c41520e.
 2021-02-03 08:49:37 +01:00
CodeQL CI
653c900d62 Merge pull request #4987 from erik-krogh/defensiveFunctions 
Approved by esbena
 2021-02-02 14:47:23 -08:00
Erik Krogh Kristensen
c51e951d1e add change note 2021-02-02 22:51:03 +01:00
CodeQL CI
209fe8d7e5 Merge pull request #5049 from erik-krogh/singleQuote 
Approved by esbena
 2021-02-02 13:48:42 -08:00
Taus Brock-Nannestad
e4c3544a3f Python: Add support for from foo.bar import baz 
This turned out to be fairly simple. Given an import such as
```python
from foo.bar.baz import quux
```
we create an API-graph node for each valid dotted prefix of
`foo.bar.baz`, i.e. `foo`, `foo.bar`, and `foo.bar.baz`. For these, we
then insert nodes in the API graph, such that `foo` steps to `foo.bar`
along an edge labeled `bar`, etc.

Finally, we only allow undotted names to hang off of the API-graph
root. Thus, `foo` will have a `moduleImport` edge off of the root, and
a `getMember` edge for `bar` (which in turn has a `getMember` edge for
`baz`).

Relative imports are explicitly ignored.

Finally, this commit also adds inline tests for a variety of ways of
importing modules, including a copy of the "import-helper" tests (with
a few modifications to allow a single annotation per line, as these
get rather long quickly!).
 2021-02-02 21:59:33 +01:00
luchua-bc
3151aeff48 Enhance the query 2021-02-02 18:26:29 +00:00
Robert Marsh
631ee28cae C++: update comments about SSA sharing 2021-02-02 09:11:21 -08:00
Robert Marsh
50edf44e84 C++/C#: autoformat and sync files 2021-02-02 09:06:44 -08:00
Geoffrey White
047cd2b706 Merge pull request #5074 from MathiasVP/strnextc-model-implementation 
C++: Implement a model for _strnextc and its variants
 2021-02-02 16:45:16 +00:00
luchua-bc
5e3b6fa341 Update qldoc 2021-02-02 16:20:39 +00:00
Mathias Vorreiter Pedersen
ff58d5a7c0 C++: Address review comments. 2021-02-02 17:06:38 +01:00
Mathias Vorreiter Pedersen
9e75a4be34 C++: Implement a model for _strnextc and its variants. 2021-02-02 16:42:39 +01:00
Mathias Vorreiter Pedersen
98d73bf474 Merge pull request #5072 from MathiasVP/strcrement-model-implementation 
C++: Implement model for _strinc and related functions
 2021-02-02 16:22:13 +01:00
Mathias Vorreiter Pedersen
07a20752bc Fix spelling in qldoc. 
Co-authored-by: Cornelius Riemenschneider <criemen@github.com>
 2021-02-02 15:51:40 +01:00
luchua-bc
50be54385a Update qldoc 2021-02-02 14:49:50 +00:00
Jonas Jensen
aa9ab41e30 Merge pull request #5059 from geoffw0/mswprintf 
C++: Exclude custom vprintf implementations from primitiveVariadicFormatter.
 2021-02-02 15:13:25 +01:00
Geoffrey White
708d3870ee C++: Actually it's more appropriate to remove the implementation of vswprintf. 2021-02-02 13:42:27 +00:00
Tamas Vajk
64f0dfb174 Fix code review findings 2021-02-02 14:21:26 +01:00
Geoffrey White
4e904dd87d C++: Repair the test. 2021-02-02 13:08:46 +00:00
Rasmus Wriedt Larsen
e57e4e1916 Merge branch 'main' into port-url-redirect-query 2021-02-02 13:37:34 +01:00
Mathias Vorreiter Pedersen
b54f74a68a C++: Implement model for _strinc and related functions. 2021-02-02 12:20:02 +01:00
Rasmus Wriedt Larsen
d046e39a82 Python: Fix tornado inline expectations in tests 
After merge commit
 2021-02-02 12:04:24 +01:00
Mathias Vorreiter Pedersen
5db1984315 Merge pull request #5070 from MathiasVP/strsep-model-implementation 
C++: Add strsep model implementation.
 2021-02-02 12:00:26 +01:00
Geoffrey White
eed2aee17d C++: Effect on tests. 2021-02-02 10:59:14 +00:00
Geoffrey White
9f50f67e6d Merge pull request #5065 from MathiasVP/scanf-model 
C++: Add sscanf and fscanf models
 2021-02-02 10:30:19 +00:00
Tom Hvitved
b19fd7bb72 C#: Only cache TDefinition in the shared SSA implementation 2021-02-02 10:52:03 +01:00
Mathias Vorreiter Pedersen
0db54e08b8 C++: Address review comments. 2021-02-02 10:48:07 +01:00
Tom Hvitved
74fd2c1c38 C#: Move uncertain-read logic into shared SSA implementation 2021-02-02 10:43:13 +01:00
CodeQL CI
4fdbda3543 Merge pull request #5056 from erik-krogh/react 
Approved by asgerf
 2021-02-02 01:40:08 -08:00
Mathias Vorreiter Pedersen
6e71c68f33 C++: Add strsep model implementation. 2021-02-02 10:29:23 +01:00
Tom Hvitved
1ffa15ea96 C#: Update expected test output 2021-02-02 08:52:28 +01:00
Tom Hvitved
8abc37fba3 Merge pull request #5051 from hvitved/csharp/ssa/caching 
C#: Reduce caching in `SsaImplCommon.qll`
 2021-02-02 08:35:03 +01:00
Erik Krogh Kristensen
ca435763b0 separate message for double and single quotes 2021-02-01 23:54:12 +01:00