hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-26 20:03:51 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,872 Commits 1,694 Branches 161 Tags
codeql-cli/v2.8.4
Commit Graph

33872 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Lerchedahl Petersen
d283919b92 Python: implemented ParameterNode, updated test 2020-06-18 07:45:16 +02:00
ubuntu
41c029567f Add CodeQL query to detect Log Injection in JS code 2020-06-17 21:16:24 +02:00
Erik Krogh Kristensen
27a20b263e Merge branch 'https-fix' of github.com:erik-krogh/ql into https-fix 2020-06-17 21:06:21 +02:00
Erik Krogh Kristensen
7a1c161e9e Merge branch 'js-team-sprint' into https-fix 2020-06-17 21:04:44 +02:00
Erik Krogh Kristensen
218338b4f1 Merge branch 'js-team-sprint' into bad-random-polish 2020-06-17 21:04:00 +02:00
Erik Krogh Kristensen
73f26956a6 Merge branch 'js-team-sprint' into priv-file-polish 2020-06-17 21:03:09 +02:00
Rasmus Lerchedahl Petersen
c20219c2b9 Python: more local flow and more tests 2020-06-17 20:48:06 +02:00
Geoffrey White
35487ff109 Merge branch 'master' into stringtest 2020-06-17 19:00:26 +01:00
Erik Krogh Kristensen
bdda587247 Merge branch 'js-team-sprint' into build-leaks 2020-06-17 19:51:30 +02:00
ubuntu
c490cfdfa5 Create another branch 2020-06-17 19:51:14 +02:00
Erik Krogh Kristensen
6d6f29eb85 Merge pull request #3726 from erik-krogh/bad-code-polish 
JS: Bad code polish
 2020-06-17 19:45:37 +02:00
ubuntu
4ccfdef71d Add CodeQL query to detect Log Injection in JS code 2020-06-17 19:44:58 +02:00
Geoffrey White
174fdadbf5 Merge branch 'master' into stringtest 2020-06-17 18:24:30 +01:00
Rasmus Lerchedahl Petersen
ce57a28c8f Python: Use CallableValue and improve tests 2020-06-17 19:12:10 +02:00
Geoffrey White
03c6d7a7e5 Merge pull request #3654 from jbj/controlsBlock-perf 
C++: Speed up IRGuardCondition::controlsBlock
 2020-06-17 17:53:10 +01:00
Rasmus Lerchedahl Petersen
f24dc69e1d Python: add flow from ArgumentNodes 2020-06-17 18:36:50 +02:00
Rasmus Lerchedahl Petersen
a45b5a7d3c Python: Implemented return node 
but I think they receive no flow
 2020-06-17 17:41:43 +02:00
Tom Hvitved
ad56f17246 Merge pull request #2 from aschackmull/dataflow/content-type-tracking 
Dataflow: Record content types
 2020-06-17 17:26:04 +02:00
Erik Krogh Kristensen
a465fef7aa shorten sentence in qhelp 2020-06-17 17:24:18 +02:00
Anders Schack-Mulligen
74eab3cbc0 Dataflow: Fix qltest. 2020-06-17 17:23:35 +02:00
Erik Krogh Kristensen
7aa911b9f4 add reference to cwe-116 in change-note 2020-06-17 17:20:46 +02:00
Erik Krogh Kristensen
abd9aab109 code-injection -> code injection 2020-06-17 17:20:46 +02:00
Erik Krogh Kristensen
45e2b94eb5 Apply suggestions from doc review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2020-06-17 17:19:44 +02:00
Erik Krogh Kristensen
69888f90c6 add dot after bullet-point 2020-06-17 17:15:39 +02:00
Anders Schack-Mulligen
cedfaf6aaf Dataflow: autoformat 2020-06-17 17:09:55 +02:00
Anders Schack-Mulligen
543ab71dfe Dataflow: minor review fixes. 2020-06-17 17:03:22 +02:00
Rasmus Lerchedahl Petersen
25d624d64b Python: Implement parameter nodes 2020-06-17 16:59:19 +02:00
Geoffrey White
33fab08975 C++: Autoformat. 2020-06-17 15:53:05 +01:00
Dave Bartolomeo
687d6d2643 C++: Replace TRawInstruction() calls 
Replace most direct calls to `TRawInstruction()` with calls to `getInstructionTranslatedElement()` and `getInstructionTag()`, matching existing practice. One tiny RA diff in an inconsequential join order in `getInstructionVariable`.
 2020-06-17 10:52:32 -04:00
Geoffrey White
833f5b0cf3 C++: Add flow through assignment operators. 2020-06-17 15:47:37 +01:00
Geoffrey White
b9a65581ce C++: Some constructors should have dataflow instead of taint. 2020-06-17 15:47:37 +01:00
Geoffrey White
031c9b98f1 C++: General taint flow through constructors. 2020-06-17 15:47:37 +01:00
Geoffrey White
30151c99d7 C++: Remove the std::string Constructor model. 2020-06-17 15:43:58 +01:00
Rasmus Lerchedahl Petersen
8e51b2fed8 Python: refactor test for global flow 2020-06-17 16:43:11 +02:00
Geoffrey White
d565cfc58e C++: Add a test of default constructors etc. 2020-06-17 15:41:36 +01:00
Geoffrey White
c196ea24b2 C++: Add taint tests of class constructors and assignment. 2020-06-17 15:41:00 +01:00
Geoffrey White
ea9e9a7a26 C++: Add taint tests of std::string constructors and assignment. 2020-06-17 15:41:00 +01:00
Dave Bartolomeo
c1016743a5 C++: Remove instructionOrigin() 
This noopt predicate is no longer necessary. It's equivalent to `instruction = TRawInstruction(element, tag)`, which is already materialized and has a more favorable column order anyway.
 2020-06-17 10:25:59 -04:00
Rasmus Lerchedahl Petersen
71f364eef3 Python: Implement OutNode 
Also, fix test for local flow
 2020-06-17 16:24:44 +02:00
Dave Bartolomeo
e85cc0b0c6 C++: Stop caching raw IR construction predicates 
These predicates are only used within the new single IR stage, so there's no need to cache them beyond that. RA diffs are trivial. Where previously many of the predicate on `Instruction` were inline wrappers around cached predicates from `IRConstruction`, now the predicates from `IRConstruction` get inlined into the `Instruction` predicates, and the `Instruction` predicates get materialized. The net amount of work is the same, but now it's not getting cached unnecessarily.
 2020-06-17 09:47:48 -04:00
Anders Schack-Mulligen
d28b5ace63 Dataflow: Sync. 2020-06-17 15:40:48 +02:00
Anders Schack-Mulligen
10b64fc47a Dataflow: Record content type for stores. 2020-06-17 15:40:42 +02:00
Mathias Vorreiter Pedersen
01abaf373a Merge pull request #3728 from geoffw0/memberfunctions 
C++: Split MemberFunction.qll from Function.qll.
 2020-06-17 14:54:33 +02:00
Jonas Jensen
a87ff80ac0 Merge pull request #3587 from rdmarsh2/ir-this-parameter-2 
C++: IR return indirections for `this`
 2020-06-17 13:27:35 +02:00
Geoffrey White
7edaade175 C++: Improve QLDoc. 2020-06-17 12:11:42 +01:00
Erik Krogh Kristensen
cd111fe350 Merge pull request #3721 from asger-semmle/js/non-linear-pattern-msg 
JS: Improve alert message in js/non-linear-pattern
 2020-06-17 13:10:56 +02:00
Geoffrey White
0a9ec70c31 C++: Autoformat. 2020-06-17 11:54:50 +01:00
Erik Krogh Kristensen
b0be0eb805 fix qhelp links 2020-06-17 11:50:44 +02:00
Erik Krogh Kristensen
fa0a8c3423 add documentation examples as tests 2020-06-17 11:37:32 +02:00
Erik Krogh Kristensen
b42824640d add qhelp for js/exposure-of-private-files 2020-06-17 11:29:24 +02:00