hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-21 17:33:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,872 Commits 1,692 Branches 161 Tags
codeql-cli/v2.8.4
Commit Graph

33872 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger Feldthaus
23d2f11840 JS: Handle inheritance 2021-03-23 14:39:37 +00:00
Chris Smowton
fa90655dd0 Partial revert: only introduce inferred taint edges from callsite-crossing value edges if an original taint edge targets the *start* of the value edge. 
Previously we would also take a taint edge targeting a result and a value-preserving edge propagating another argument to the result to imply a taint edge targeting that argument.
 2021-03-23 14:35:03 +00:00
Asger Feldthaus
3d94ccf5dd JS: Support accessor-calls in object literals via local flow 2021-03-23 14:16:06 +00:00
mr-sherman
3e889c398e updated document formatting 2021-03-23 10:09:30 -04:00
Mathias Vorreiter Pedersen
ce638096de Merge pull request #5492 from geoffw0/samateissue 
C++: Test taint regression
 2021-03-23 14:01:03 +01:00
Rasmus Wriedt Larsen
f2bc413318 Python: remove single commented out line of code 2021-03-23 14:00:38 +01:00
Tom Hvitved
3c26779f40 Merge pull request #5415 from tamasvajk/feature/async-flow 
C#: add store step for return statements inside async methods
 2021-03-23 13:59:19 +01:00
Rasmus Wriedt Larsen
a4924856a2 Python: Model known form/field subclasses in Django 
I used some ad-hoc QL queries to help me find all these extra instances, but not
quite ready to share that code yet :P
 2021-03-23 13:57:39 +01:00
Rasmus Wriedt Larsen
8d0f6086af Python: Model django forms/fields 
I'm not feeling 100% confident about `SelfRefMixin`, but since I needed it for
both DjangoViewClass and DjangoFormClass, I wanted to avoid copy-pasting this
code around. However, I'm not so opitimistic about it that I want to add it to a
sharable utility qll file :D
 2021-03-23 13:57:38 +01:00
Anders Schack-Mulligen
27408fefe2 Merge pull request #5008 from torque59/cwe-346 
Java: Queries to detect remote source flow origins to CORS header.
 2021-03-23 13:54:00 +01:00
Anders Schack-Mulligen
9a56601dd3 Merge pull request #5164 from luchua-bc/java/insecure-ldap-endpoint 
Java: CWE-297 Query to detect insecure LDAP endpoint configuration
 2021-03-23 13:53:51 +01:00
Asger Feldthaus
b5be9d07aa JS: Add change note 2021-03-23 12:51:14 +00:00
Geoffrey White
b38a9d51e6 C++: Effect of 'Don't override getParameterSizeIndex in the model for Accept'... 2021-03-23 12:26:59 +00:00
Geoffrey White
13eb9e0833 C++: Fix the test. 2021-03-23 12:26:58 +00:00
Geoffrey White
30e1b88b7f C++: Extend test. 2021-03-23 12:26:58 +00:00
Asger Feldthaus
6c8b4a82c1 JS: Autoformat 2021-03-23 11:55:37 +00:00
Geoffrey White
da08c6e63e Merge pull request #5496 from MathiasVP/accept-model-getParameterSizeIndex-should-be-none 
C++: Don't override getParameterSizeIndex in Accept
 2021-03-23 11:42:50 +00:00
Asger Feldthaus
98143b071d JS: Autoformat 2021-03-23 11:26:29 +00:00
Anders Schack-Mulligen
1e6b5391d6 Merge pull request #4994 from haby0/main 
Java: CWE-652: Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')
 2021-03-23 12:05:53 +01:00
Taus
b46a3616d8 Merge pull request #5490 from RasmusWL/private-imports 
Python: Make import private for better auto-complete
 2021-03-23 12:00:35 +01:00
Mathias Vorreiter Pedersen
585606a933 C++: Respond to review comments. 2021-03-23 11:14:29 +01:00
Arthur Baars
d103acb04f Merge pull request #158 from github/hvitved/vscode-hide-codeql-submodule 
Hide `codeql` sub module in VS Code workspace
 2021-03-23 10:41:32 +01:00
Arthur Baars
6a26483fc7 Merge pull request #159 from github/hvitved/herdoc-body-rank-performance 
Improve performance of `HereDoc::getBody()`
 2021-03-23 10:40:28 +01:00
Tom Hvitved
2891d94f99 Improve performance of HereDoc::getBody() 
Gets rid of
```
[2021-03-23 10:07:49] (138s) Tuple counts for Literal::HereDoc::getBody_dispred#ff#shared#1/4@1cc5b9:
                      11294    ~0%        {1} r1 = SCAN AST::Cached::THereDoc#ff@staged_ext OUTPUT In.0
                      11294    ~388%      {1} r2 = JOIN r1 WITH Literal::HereDoc::getBody_dispred#ff#join_rhs ON FIRST 1 OUTPUT Rhs.1 'arg1'
                      95514613 ~2080%     {4} r3 = JOIN r2 WITH locations_default_1023#join_rhs ON FIRST 1 OUTPUT Rhs.1 'arg0', Lhs.0 'arg1', Rhs.2 'arg2', Rhs.3 'arg3'
```
 2021-03-23 10:31:48 +01:00
Mathias Vorreiter Pedersen
0b4650a4c9 C++: Accept test changes. 2021-03-23 10:27:19 +01:00
Tom Hvitved
20aa05b090 C#: Add CIL SSA library 2021-03-23 10:07:36 +01:00
Tom Hvitved
1004363131 Hide codeql sub module in VS Code workspace 2021-03-23 09:55:56 +01:00
Mathias Vorreiter Pedersen
7d0cfc69f1 C++: Don't override getParameterSizeIndex in the model for Accept. This fixes IR construction of calls to accept. 2021-03-23 09:53:09 +01:00
Mathias Vorreiter Pedersen
0ff7cc845c C++: Add reduced testcase that broke IR construction in #5492. 2021-03-23 09:53:04 +01:00
yoff
921b560e89 Merge pull request #5489 from tausbn/python-make-getacall-return-a-callcfgnode 
Python: Make `API::Node::getACall` return a `CallCfgNode`
 2021-03-23 09:31:38 +01:00
mr-sherman
858c0e67a1 added support for remote flow sinks in the form of parameters to the function 
ServiceStack.IRestClient.Get()
 2021-03-22 19:27:49 -04:00
Rasmus Lerchedahl Petersen
198a4ca79b Python: Add files to experimental 2021-03-22 21:42:06 +01:00
Taus Brock-Nannestad
7cdf439b83 Python: Clean up basicStoreStep 
Moves the `flowsTo` logic into the shared implementation, so that
`TypeTrackingPrivate` only has to define the shape of immediate store
steps.

Also cleans up the documentation to talk a bit more about what
`content` can represent, and what caveats there are.
 2021-03-22 18:42:24 +01:00
Taus Brock-Nannestad
0e81fd2624 Python: Move Boolean into TypeTrackerPrivate 
In general, this may be defined already for other languages, so moving
it in here will avoid potential clashes.
 2021-03-22 18:41:22 +01:00
Marcono1234
993999f64f Java: Add test for negative numeric literals 2021-03-22 17:43:34 +01:00
Asger Feldthaus
6b19e69d30 JS: Fix some join orders 2021-03-22 16:17:19 +00:00
Rasmus Wriedt Larsen
1890e63d4c Python: Make import private for better auto-complete 
With the non-private imports, auto-completing on `API::` gave ALL results
available from `import python`, as well as the ones specified in the `API`
module.

The non-private import in Attributes.qll did the same for `DataFlow::`.
 2021-03-22 16:45:44 +01:00
Taus Brock-Nannestad
4a6589d0ae Python: Make API::Node::getACall return a CallCfgNode 
This should eliminate the need for explicit casting to
`CallCfgNode` (which does not appear in our code as far as I can see,
but was observed in an external contribution).
 2021-03-22 16:37:24 +01:00
Asger Feldthaus
42e6c7eb2e JS: Remove field from InvokeNode 2021-03-22 15:19:31 +00:00
Asger Feldthaus
c03e9d6c75 JS: Address review comments 2021-03-22 15:19:31 +00:00
Asger Feldthaus
5bfdca895b JS: Remove recursive def of SourceNode::Range 2021-03-22 15:07:38 +00:00
Asger Feldthaus
230b9cf5d3 JS: Avoid recursion in SourceNode::Range 2021-03-22 15:07:38 +00:00
Nick Rolfe
b293522710 Merge pull request #150 from github/parent_child 
Create `ast_node_parent` relation
 2021-03-22 15:06:50 +00:00
Nick Rolfe
e7f1ae8c96 Merge remote-tracking branch 'origin/main' into parent_child 2021-03-22 14:58:33 +00:00
Nick Rolfe
3284a3fc1f Merge pull request #157 from github/cfg_impl 
Port CFG implementation to public AST interface
 2021-03-22 14:57:43 +00:00
Shati Patel
34e25624e0 Merge pull request #5488 from github/rc/3.1 
Merge release candidate branch back into main
codeql-cli/v2.5.0 		2021-03-22 14:28:25 +00:00
Rasmus Lerchedahl Petersen
c1e3ccfb6c Python, doc: Note ephemeral nature of import nodes 2021-03-22 15:07:51 +01:00
Shati Patel
c7a79a51fe Merge pull request #5479 from github/shati-patel/docs-bump-version 
Docs: Prepare supported languages/frameworks for 1.27 release
 2021-03-22 13:50:53 +00:00
Rasmus Wriedt Larsen
c8a6e837b5 Python: Model QuerySet chains in django 2021-03-22 14:38:54 +01:00
CodeQL CI
119872d8a4 Merge pull request #5461 from erik-krogh/moreOutDir 
Approved by asgerf
 2021-03-22 13:27:14 +00:00