hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-19 00:13:44 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,872 Commits 1,693 Branches 160 Tags
codeql-cli/v2.8.4
Commit Graph

33872 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
753dca91b1 Python: weak-crypto: Make algorithm selection less brittle 
As discussed in https://github.com/github/codeql/pull/5635#discussion_r633477154
 2021-05-19 17:47:09 +02:00
Rasmus Wriedt Larsen
22d4d7956a Python: Fix typo in QLDoc 2021-05-19 17:47:05 +02:00
Rasmus Wriedt Larsen
8d1e7da851 Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-05-19 17:42:46 +02:00
Rasmus Wriedt Larsen
61ad5d0673 Python: Allow printing PostUpdateNode in ConceptsTest.qll 
See how this works in `test_json.py`
 2021-05-19 17:10:33 +02:00
Rasmus Wriedt Larsen
9dbb364cca Python: Move json tests to be part of stdlib 
This is better, since the modeling is also part of Stdlib.qll
 2021-05-19 17:10:33 +02:00
Rasmus Wriedt Larsen
51a25e45fe Python: Use shared prettyExpr in ConceptsTest.qll 
This required quite some changes in the expected output. I think it's much more
clear what the selected nodes are now 👍 (but it was a bit boring work to fix
this up)
 2021-05-19 17:10:33 +02:00
Rasmus Wriedt Larsen
1af6d97c51 Python: Remove straggling f-: annotations 2021-05-19 17:10:33 +02:00
Rasmus Wriedt Larsen
f66dccafda Python: Rename prettyExp => prettyExpr 
So we're consistenly using `expr` and not leaving our the `r`.
 2021-05-19 17:10:33 +02:00
Tom Hvitved
1509584e27 Merge pull request #185 from github/hvitved/resolve-expr-perf 
Improve performance of `internal/Module.qll`
 2021-05-19 14:53:46 +02:00
Tom Hvitved
6b6aeb10c7 Improve performance of internal/Module.qll 2021-05-19 14:33:52 +02:00
Taus
75a43e76e8 Python: Address review comments. 
- Removes the version check on the set of built-in names.
- Renames the predicate used to represent said set.
- Documents how these lists of names were obtained.
- Gets rid of a superfluous import.
 2021-05-19 11:54:47 +00:00
Mathias Vorreiter Pedersen
c4f604bafe Merge pull request #5896 from geoffw0/weak_crypto 
C++: Improve cpp/weak-cryptographic-algorithm
 2021-05-19 13:17:13 +02:00
Rasmus Wriedt Larsen
c4987e94e0 Python: Re-introduce syntactic handling of str/bytes/unicode 
I don't want to loose results on this, so until type-tracking/API graphs
can handle this, I want to keep our syntactic handling.
 2021-05-19 13:00:11 +02:00
Alexander Eyers-Taylor
c80495fbdd Merge pull request #5851 from github/alexet/patch 
Use only_bind_out to force a good join order.
 2021-05-19 12:00:07 +01:00
Rasmus Wriedt Larsen
aa8b7306a3 Python: Use more API graphs in TaintTrackingPrivate 
But now we suddenly don't handle the call to `unicode` :O -- at least
not when I run the test locally (using Python 3).
 2021-05-19 12:59:58 +02:00
CodeQL CI
9bdfdb02d3 Merge pull request #5916 from erik-krogh/scriptSink 
Approved by esbena
 2021-05-19 03:46:17 -07:00
Tom Hvitved
4798a1a008 Merge pull request #184 from github/cfg/singleton-method-abnormal 
CFG: Add missing `propagatesAbnormal` overrides
 2021-05-19 12:45:59 +02:00
Rasmus Wriedt Larsen
a2e8417c11 Python: Use API graphs in TaintTrackingPrivate 
Some of this modeling could probably go to the standard lib modeling
file, but this chain of commits is already pretty feature creep :|
 2021-05-19 12:39:10 +02:00
Rasmus Wriedt Larsen
53f1d2342d Python: Small refactor of TaintTrackingPrivate 
Highlight why we need to import `DataFlowPrivate`
 2021-05-19 12:19:18 +02:00
Geoffrey White
aaae717328 Merge branch 'main' into weak_crypto 2021-05-19 11:19:08 +01:00
CodeQL CI
c793ac933a Merge pull request #5921 from erik-krogh/expressChain 
Approved by esbena
 2021-05-19 03:17:40 -07:00
Geoffrey White
e985204a62 C++: Add change note. 2021-05-19 11:14:23 +01:00
Rasmus Wriedt Larsen
3f5602c048 Python: Refactoring of TaintTrackingPrivate 
To use all the good new stuff 🎉
 2021-05-19 12:13:04 +02:00
Rasmus Wriedt Larsen
b02fb90807 Python: Add getObject(string attrName) to AttrRef 
Now that I got started adding small things that are nice, I've been
missing this one (that is available on an `AttrNode`).
 2021-05-19 12:11:49 +02:00
Rasmus Wriedt Larsen
9137f04bd3 Python: Add getPostUpdateNode to DataFlow::Node 
as discussed in https://github.com/github/codeql/pull/5864#discussion_r634675940
 2021-05-19 11:57:49 +02:00
Tony Torralba
1351516e9a Moved JNDI injection related files from experimental to standard 2021-05-19 11:32:51 +02:00
CodeQL CI
23e8092452 Merge pull request #5864 from RasmusWL/some-framework-modeling 
Approved by tausbn
 2021-05-19 02:31:06 -07:00
Tony Torralba
43d4575359 Add createParser as taint preserving callable 2021-05-19 11:20:54 +02:00
Geoffrey White
e66b5559a4 Merge pull request #5924 from MathiasVP/cleanup-modelFlow 
C++: Remove a disjunction from `modelFlow`
 2021-05-19 10:12:20 +01:00
Geoffrey White
99833f16e1 Merge pull request #5923 from MathiasVP/range-analysis-in-overflow-static 
C++: Add range analysis to `cpp/static-buffer-overflow`
 2021-05-19 10:12:02 +01:00
Rasmus Wriedt Larsen
904eacf9a2 Python: Use absolute import for PEP249 2021-05-19 11:10:06 +02:00
Mathias Vorreiter Pedersen
4d00513606 C++: Use the isParameterDerefOrQualifierObject predicate to remove a disjunction. 2021-05-19 10:47:04 +02:00
Tony Torralba
e58746508d Merge branch 'main' into atorralba/promote-ognl-injection 2021-05-19 10:41:08 +02:00
Mathias Vorreiter Pedersen
741eed93b2 C++: Replace minimum(any(...)) with a min aggregate. Also removed the min aggregate further down since it's no longer needed. 2021-05-19 09:03:05 +02:00
yoff
60da193620 Update python/ql/src/semmle/python/frameworks/Cryptodome.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-05-19 08:08:59 +02:00
Erik Krogh Kristensen
9a1f80aa93 accept updated test output for express test 2021-05-18 22:23:29 +02:00
Erik Krogh Kristensen
e9d2dd0b57 support the chaining methods on Express apps 2021-05-18 22:23:27 +02:00
Robert Marsh
db85a215ab C++: fix alias model for smart pointer setters 2021-05-18 13:16:22 -07:00
Robert Marsh
e590a7bc33 C++: Handle alias models for this/qualifiers 2021-05-18 13:15:38 -07:00
Evgenii Protsenko
af75d85b2e ClickHouseSQLInjection.qll : add tests 2021-05-18 22:49:11 +03:00
Tom Hvitved
c866f88410 CFG: Add missing propagatesAbnormal overrides 2021-05-18 20:39:46 +02:00
Tom Hvitved
9871698cee Add more CFG tests 2021-05-18 20:39:08 +02:00
Chris Smowton
0c970b5f1f Merge pull request #5802 from luchua-bc/java/rhino-injection 
Java: CWE-094 Rhino code injection
 2021-05-18 19:25:53 +01:00
Mathias Vorreiter Pedersen
6103aabdce C++: Add change-note. 2021-05-18 19:17:11 +02:00
luchua-bc
02aa9c6fc7 Optimize the sink and update qldoc 2021-05-18 16:12:23 +00:00
luchua-bc
d4323a4a54 Update qldoc 2021-05-18 16:12:23 +00:00
luchua-bc
9d392263a5 Refactor inconsistent method names 2021-05-18 16:12:23 +00:00
luchua-bc
2fa249a8eb Update method name and qldoc 2021-05-18 16:12:23 +00:00
luchua-bc
2c1374bdcf Use inline implementation for ScriptEngineFactory 2021-05-18 16:12:23 +00:00
luchua-bc
0ac8453398 Allow all arguments of methods in ScriptEngineFactory 2021-05-18 16:12:23 +00:00