hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-21 09:23:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,872 Commits 1,693 Branches 161 Tags
codeql-cli/v2.8.4
Commit Graph

33872 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger Feldthaus
fd9975db85 JS: Address comments 2020-02-05 09:47:51 +00:00
Esben Sparre Andreasen
f6ad22dd1f Merge pull request #2758 from asger-semmle/js/string-concat-concat 
JS: Model concat() calls as string concatenation
 2020-02-05 10:41:02 +01:00
Erik Krogh Kristensen
ec9c37075c address review feedback 2020-02-05 10:31:53 +01:00
Erik Krogh Kristensen
35a7e15a2f remove private modifer on isUrlSearchParams 2020-02-05 10:30:31 +01:00
Erik Krogh Kristensen
76aca02752 change the pseudo-property on URL to a two-stage process 2020-02-05 10:27:03 +01:00
Matthew Gretton-Dann
b601908577 CPP: Update for changes in EDG IL. 2020-02-05 09:11:23 +00:00
Matthew Gretton-Dann
1b67f47918 C++: Update with improved location information 
EDG 6.0 gives better location in some circumstances changing the results
of these tests for the better.
 2020-02-05 09:11:23 +00:00
Matthew Gretton-Dann
cec6646846 C++: Update for EDG 6.0 behaviour change 
EDG 6.0 has changed how much information it gives about invalid
expressions.  Changing the output of this test.
 2020-02-05 09:11:23 +00:00
Erik Krogh Kristensen
e525cf0959 generalize isAdditionalLoadStoreStep such that it loads and stores different properties 2020-02-05 09:40:16 +01:00
Anders Schack-Mulligen
7d19eb7c05 Java: Add LICENSE.txt 2020-02-05 09:38:16 +01:00
Dave Bartolomeo
73ad2e9658 Merge from master 2020-02-04 18:33:10 -07:00
Dave Bartolomeo
a23d5afc6c C++: Add test case to demonstrate string literl aliasing change 
Also fixed a minor bug where we should have been treating `AllNonLocalMemory` as _totally_ overlapping an access to a non-local variable, rather than _partially_ overlapping it. This fix is exhibited both in the new test case and in a couple existing test functions in `ssa.cpp`.
 2020-02-04 18:24:08 -07:00
Jonathan Leitschuh
832a4f2e07 Add DefaultFullHttpResponse to Netty Check 2020-02-04 15:40:59 -05:00
Robert Marsh
1576bcfa3f C++: remove unused predicates 2020-02-04 12:08:03 -08:00
Jonas Jensen
c77a921b06 Merge pull request #2695 from rdmarsh2/default-taint-tracking-diff-test 
C++: add diff tests for DefaultTaintTracking
 2020-02-04 20:57:55 +01:00
Robert Marsh
ac2e89317b C++: autoformat 2020-02-04 10:41:30 -08:00
Robert Marsh
861d5eb86b C++: update tests after merge 2020-02-04 10:29:52 -08:00
Robert Marsh
785d54ac67 Merge branch 'master' into default-taint-tracking-diff-test 2020-02-04 09:50:05 -08:00
Asger Feldthaus
b4df03767d JS: Ignore obvious Array.prototype.concat calls 2020-02-04 16:36:41 +00:00
Asger Feldthaus
db2212e33e TS: Only print number of errors if there were any 2020-02-04 15:31:30 +00:00
Erik Krogh Kristensen
8d37c03209 using pseudo-properties to model URL parsing 2020-02-04 16:30:07 +01:00
Anders Schack-Mulligen
cf815351a9 Java: Elaborate change note. 2020-02-04 16:18:35 +01:00
Asger Feldthaus
3ccdaa94ad JS: Expose argumentPassing as DataFlow::argumentPassingStep 2020-02-04 15:06:45 +00:00
Asger Feldthaus
c185cededf JS: More pruning and more data flow 2020-02-04 15:06:42 +00:00
Tom Hvitved
6e14ba4e56 C++: Follow-up changes 2020-02-04 14:09:12 +01:00
Tom Hvitved
15ee1e37b9 Java: Follow-up changes 2020-02-04 14:09:12 +01:00
Tom Hvitved
c591719df2 Data flow: Sync files 2020-02-04 14:09:12 +01:00
Tom Hvitved
7678cb0349 C#: Remove Public wrapper module from DataFlowImplCommon.qll 2020-02-04 14:09:12 +01:00
Tom Hvitved
fed6dd5324 C#: Generalize data-flow flow-through summaries 
The predicate

```
argumentValueFlowsThrough(ArgumentNode arg, OutNode out, CallContext cc)
```

has been generalized to

```
argumentValueFlowsThrough(
  DataFlowCall call, ArgumentNode arg, Node out, ContentOption contentIn,
  ContentOption contentOut
)
```

This enables us to summarize normal flow-through (as before), getters, setters,
as well as getter-setters.
 2020-02-04 14:09:12 +01:00
semmle-qlci
4b89eee683 Merge pull request #2757 from max-schaefer/js/resolveMainModule-extensions 
Approved by asgerf
 2020-02-04 13:07:08 +00:00
Erik Krogh Kristensen
15e26666cd add declaration for private field in syntax error test 2020-02-04 14:05:09 +01:00
Rasmus Wriedt Larsen
de63eb1450 Merge pull request #2592 from tausbn/python-remove-manual-tc-in-ssashortcut 
Python: Remove manual TC from `ssaShortCut`.
 2020-02-04 14:04:25 +01:00
Anders Schack-Mulligen
2b1723dd88 Java: Move some taint tests. 2020-02-04 13:21:31 +01:00
Tom Hvitved
00fdc70155 Merge pull request #2710 from calumgrant/cs/short-circuit-out 
C#: Remove false positive in cs/non-short-circuit
 2020-02-04 12:09:17 +01:00
Mathias Vorreiter Pedersen
0276c97b9c Merge pull request #2755 from jbj/BarrierGuard-SSA 
C++: Don't use GVN in AST DataFlow BarrierNode
 2020-02-04 12:00:12 +01:00
Rasmus Wriedt Larsen
c1d073a54d Python: Add test-cases for py/hardcoded-credentials 2020-02-04 11:42:11 +01:00
Rasmus Wriedt Larsen
2837f987c5 Python: Show how pointsTo handles 0+0 == 0 (2/2) 2020-02-04 11:42:11 +01:00
Rasmus Wriedt Larsen
4231bb1bcf Python: Show how pointsTo handles 0+0 == 0 (1/2) 2020-02-04 11:42:11 +01:00
Rasmus Wriedt Larsen
6b5b28aded Python: Add Value.getABooleanValue and Value.getDefiniteBooleanValue 
Replacing `Value.booleanValue`. We wanted to match `Object.booleanValue` that
only gives a result if it is either `true` or `false`, but also wanted to keep
the flexibility to see if the Value _could_ be `true`/`false`. We don't have a
motivating usecase, so let's see if we ever need it :P

+ fix modernisation regression on py/jinja2/autoescape-false
 2020-02-04 11:42:11 +01:00
Rasmus Wriedt Larsen
bd1f21fb7a Python: Fix modernisation regression on py/weak-crypto-key 
also fixes test code to use the right argument name
 2020-02-04 11:42:11 +01:00
Rasmus Wriedt Larsen
e5abfd0196 Python: Modernise Security/ queries 2020-02-04 11:42:11 +01:00
Rasmus Wriedt Larsen
2802ac2e72 Python: Add NumericValue 
Since `IntObjectInternal` extends `TInt`, and `TInt` is defined for all
instances of `Builtin.intValue`, and `Builtin.intValue` includes both `int` and
`long`, we don't need to handles Longs in a special manner, as we did in NumericObject.
 2020-02-04 11:39:16 +01:00
Asger Feldthaus
bf2c944b4f JS: Model concat() calls as string concatenation 2020-02-04 10:20:37 +00:00
Esben Sparre Andreasen
1ec8fa24b3 JS: reformulate optimization 2020-02-04 10:52:38 +01:00
Esben Sparre Andreasen
8a2c81b41c JS: address review comments about duplicated logic 2020-02-04 10:49:23 +01:00
Max Schaefer
43e4ed1e18 JavaScript: Teach resolveMainModule to try adding extensions. 2020-02-04 09:39:04 +00:00
Max Schaefer
e21c24c60e JavaScript: Add failing test case. 2020-02-04 09:39:04 +00:00
Esben Sparre Andreasen
e1180495f5 JS: optimize a prefix-check 2020-02-04 09:48:56 +01:00
semmle-qlci
bd51ef35b7 Merge pull request #2731 from erik-krogh/CVE527 
Approved by esbena
 2020-02-04 08:38:26 +00:00
Jonas Jensen
b4385c6e60 C++: Don't use GVN in AST DataFlow BarrierNode 
It turns out that the evaluator will evaluate the GVN stage even when no
predicate from it is needed after optimization of the subsequent stages.
The GVN library is expensive to evaluate, and it'll become even more
expensive when we switch its implementation to IR.

This PR disables the use of GVN in `DataFlow::BarrierNode` for the AST
data-flow library, which should improve performance when evaluating a
single data-flow query on a snapshot with no cache. Precision decreases
slightly, leading to a new FP in the qltests.

There is no corresponding change for the IR data-flow library since IR
GVN is not very expensive.
 2020-02-04 08:40:36 +01:00