hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-22 18:03:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,872 Commits 1,693 Branches 161 Tags
codeql-cli/v2.8.4
Commit Graph

33872 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Taus Brock-Nannestad
f406a45ce0 Python: Autoformat web. 2020-03-20 16:38:27 +01:00
Taus Brock-Nannestad
5b121b7723 Python: Autoformat values. 2020-03-20 16:37:06 +01:00
Taus Brock-Nannestad
51f1cf020c Python: Autoformat security. 2020-03-20 16:36:48 +01:00
Taus Brock-Nannestad
4852bb7355 Python: Autoformat pointsto. 2020-03-20 16:36:25 +01:00
Taus Brock-Nannestad
d8b942f922 Python: Autoformat objects. 2020-03-20 16:36:07 +01:00
Taus Brock-Nannestad
165dcd37a1 Python: Autoformat library-tests. 2020-03-20 16:35:37 +01:00
Geoffrey White
ccf5e03fc8 C++: Autoformat. 2020-03-20 15:01:22 +00:00
Geoffrey White
9e117709bc C++: mustwrite = false. 2020-03-20 14:59:57 +00:00
luchua-bc
d9327705d2 Fix the issue of mixed tabs and spaces 2020-03-20 08:16:45 -04:00
luchua-bc
dfb42ecf42 Address sensitive info logging 2020-03-20 08:14:48 -04:00
Tom Hvitved
2d90e7daca Autoformat 2020-03-20 09:34:34 +01:00
Erik Krogh Kristensen
f88cc2a977 inline promiseStep predicate 2020-03-20 09:07:52 +01:00
Erik Krogh Kristensen
90a324148d add extra sinks to js/tainted-path 2020-03-20 09:07:39 +01:00
Dave Bartolomeo
bf284514fc C++: Better IR for varargs 
This PR changes the IR we generate for functions that accept a variable argument list. Rather than simply using `BuiltInOperationInstruction` to model the various `va_*` macros as mysterious function-like operations, we now model them in more detail. The intent is to enable better alias analysis and taint flow through varargs.

The `va_start` macro now generates a unary `VarArgsStart` instruction that takes the address of the ellipsis pseudo-parameter as its operand, and returns a value of type `std::va_list`. This value is then stored into the actual `std::va_list` variable via a regular `Store`.

The `va_arg` macro now loads the `std::va_list` argument, then emits a `VarArg` instruction on the result. This returns the address of the vararg argument to be loaded. That address is later used as the address operand of a regular `Load` to return the value of the argument. To model the side effect of moving to the next argument, we emit a `NextVarArg` instruction that takes the previous `std::va_list` value and returns an updated one, which is then stored back into the `std::va_list` variable.

The `va_end` macro just emits a `VarArgsEnd` unary instruction that takes the address of the `std::va_list` argument and does nothing, since `va_end` doesn't really do anything on most compiler implementations anyway.

The `va_copy` macro is just modeled as a plain copy.
 2020-03-19 19:23:33 -04:00
Mathias Vorreiter Pedersen
67cb8525bf Merge pull request #3082 from dbartol/dbartol/VarArgIR 
C++: Model varargs in IR, Part I
 2020-03-19 18:05:46 +01:00
Geoffrey White
88193dd389 C++: .expected change (desirable). 2020-03-19 13:32:17 +00:00
Dave Bartolomeo
74f61dc148 C++: Fix formatting 2020-03-19 09:18:32 -04:00
Tom Hvitved
fc74a482a4 C#: More XPath injection sinks 2020-03-19 14:13:35 +01:00
Geoffrey White
b444383ed1 C++: Add 'override' specifiers where I missed them. 2020-03-19 13:09:37 +00:00
Tom Hvitved
0d45700088 C#: Add change note 2020-03-19 13:41:22 +01:00
Tom Hvitved
4b3cf72c1c C#: Teach XPath injection query about XPathNavigator 2020-03-19 13:38:16 +01:00
Tom Hvitved
7f0181ccff C#: Add XPathNavigator test for cs/xml/xpath-injection 2020-03-19 13:37:03 +01:00
semmle-qlci
deb20fc37f Merge pull request #3076 from esbena/js/even-more-mongoose-improvements 
Approved by erik-krogh
 2020-03-19 12:03:53 +00:00
Max Schaefer
ee62706ad2 JavaScript: Split up a predicate to avoid bad join order. 2020-03-19 11:47:53 +00:00
Max Schaefer
d91e6a4893 JavaScript: Avoid a few bad join orders. 2020-03-19 11:47:53 +00:00
semmle-qlci
2821b01017 Merge pull request #2915 from tausbn/python-add-points-to-for-missing-builtin-return-types 
Approved by RasmusWL
 2020-03-19 11:02:46 +00:00
Asger Feldthaus
4f42675b35 JS: Autformat 2020-03-19 09:36:27 +00:00
Rasmus Wriedt Larsen
f4e5079dd3 Merge pull request #2991 from BekaValentine/python-objectapi-to-valueapi-unguardednextingenerator 
Python: ObjectAPI to ValueAPI: UnguardedNextInGenerator
 2020-03-19 10:33:32 +01:00
Asger Feldthaus
3ae33e3c1a JS: Update prototype pollution query 2020-03-18 23:59:25 +00:00
Asger Feldthaus
b6ca4fbee3 JS: Add getDefaultSourceLabel() 2020-03-18 23:52:25 +00:00
Rebecca Valentine
06f0947318 Update python/ql/src/Exceptions/UnguardedNextInGenerator.ql 
Co-Authored-By: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-03-18 14:16:00 -07:00
Rebecca Valentine
9560c804b8 Update python/ql/test/query-tests/Exceptions/generators/test.py 
Co-Authored-By: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-03-18 14:15:49 -07:00
Robert Marsh
59a81d8445 C++: merge from master and accept test changes 2020-03-18 13:47:01 -07:00
Robert Marsh
a30954599d Merge pull request #3085 from jbj/inStaticInitializer-AggregateLiteral 
C++: Manual magic in inStaticInitializer
 2020-03-18 13:23:04 -07:00
Dave Bartolomeo
30d2b865c6 C++: Fix formatting 2020-03-18 14:06:28 -04:00
Geoffrey White
f32e84b1d0 C++: Autoformat. 2020-03-18 17:24:46 +00:00
Tom Hvitved
937924571c Data flow: Sync files 2020-03-18 18:16:27 +01:00
Tom Hvitved
d0aaaad537 Address review comments 2020-03-18 18:16:11 +01:00
Geoffrey White
2e4e491ce8 Merge branch 'master' into sideeffect 2020-03-18 17:12:14 +00:00
Rasmus Wriedt Larsen
9a0b2b1843 Merge pull request #2989 from BekaValentine/python-objectapi-to-valueapi-incorrectexceptorder 
Python: ObjectAPI to ValueAPI: IncorrectExceptOrder
 2020-03-18 18:03:25 +01:00
Taus
ae1268f241 Merge branch 'master' into python-add-points-to-for-missing-builtin-return-types 2020-03-18 17:59:17 +01:00
Rasmus Wriedt Larsen
290e33a912 Merge pull request #2922 from tausbn/python-fix-multi-assign-points-to 
Python: Fix bug in `multi_assignment_points_to`.
 2020-03-18 17:50:37 +01:00
Rasmus Wriedt Larsen
b0303158a5 Merge pull request #3088 from tausbn/python-prepare-autoformatting 
Python: Prepare for autoformatting.
 2020-03-18 17:48:46 +01:00
Geoffrey White
6cc1c2341c C++: Add some SideEffect models. 2020-03-18 16:42:33 +00:00
Geoffrey White
935b8d96f8 C++: Offset .expected for cleaner diff. 2020-03-18 16:42:33 +00:00
Geoffrey White
0c9466640a C++: Add IR test for strcpy/strcat. 2020-03-18 16:42:25 +00:00
Dave Bartolomeo
0329327f9f C++: Move VarArgs utilities location 2020-03-18 11:24:44 -04:00
Dave Bartolomeo
fed1bce015 C++: Make vararg utilities internal for now. 2020-03-18 11:18:38 -04:00
Dave Bartolomeo
4fce20116e C++: Fix formatting 2020-03-18 09:53:01 -04:00
Dave Bartolomeo
26ea93af58 Merge remote-tracking branch 'upstream/master' into dbartol/VarArgIR 2020-03-18 09:52:21 -04:00