hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-27 20:33:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,884 Commits 1,697 Branches 161 Tags
codeql-cli/v2.8.5
Commit Graph

33884 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Lerchedahl Petersen
71f364eef3 Python: Implement OutNode 
Also, fix test for local flow
 2020-06-17 16:24:44 +02:00
Dave Bartolomeo
e85cc0b0c6 C++: Stop caching raw IR construction predicates 
These predicates are only used within the new single IR stage, so there's no need to cache them beyond that. RA diffs are trivial. Where previously many of the predicate on `Instruction` were inline wrappers around cached predicates from `IRConstruction`, now the predicates from `IRConstruction` get inlined into the `Instruction` predicates, and the `Instruction` predicates get materialized. The net amount of work is the same, but now it's not getting cached unnecessarily.
 2020-06-17 09:47:48 -04:00
Anders Schack-Mulligen
d28b5ace63 Dataflow: Sync. 2020-06-17 15:40:48 +02:00
Anders Schack-Mulligen
10b64fc47a Dataflow: Record content type for stores. 2020-06-17 15:40:42 +02:00
Mathias Vorreiter Pedersen
01abaf373a Merge pull request #3728 from geoffw0/memberfunctions 
C++: Split MemberFunction.qll from Function.qll.
 2020-06-17 14:54:33 +02:00
Jonas Jensen
a87ff80ac0 Merge pull request #3587 from rdmarsh2/ir-this-parameter-2 
C++: IR return indirections for `this`
 2020-06-17 13:27:35 +02:00
Geoffrey White
7edaade175 C++: Improve QLDoc. 2020-06-17 12:11:42 +01:00
Erik Krogh Kristensen
cd111fe350 Merge pull request #3721 from asger-semmle/js/non-linear-pattern-msg 
JS: Improve alert message in js/non-linear-pattern
 2020-06-17 13:10:56 +02:00
Geoffrey White
0a9ec70c31 C++: Autoformat. 2020-06-17 11:54:50 +01:00
Erik Krogh Kristensen
b0be0eb805 fix qhelp links 2020-06-17 11:50:44 +02:00
Erik Krogh Kristensen
fa0a8c3423 add documentation examples as tests 2020-06-17 11:37:32 +02:00
Erik Krogh Kristensen
b42824640d add qhelp for js/exposure-of-private-files 2020-06-17 11:29:24 +02:00
Geoffrey White
f3e24963cb C++: Update QLDoc. 2020-06-17 10:27:34 +01:00
ubuntu
22cb45beab Merge remote-tracking branch 'upstream/master' 2020-06-17 11:13:13 +02:00
Erik Krogh Kristensen
345283fe34 add change note 2020-06-17 10:48:27 +02:00
Erik Krogh Kristensen
639907967f add home/rootdir as leaking folders 2020-06-17 10:46:42 +02:00
Erik Krogh Kristensen
6675ddae12 add more libraries that serve static files to js/exposure-of-private-files 2020-06-17 10:00:59 +02:00
Jonas Jensen
e0ba23d2c7 C++: @precision high for tainted-format-string* 
I think these queries have excellent results on lgtm.com. Many of the
results come from projects that use `sprintf` like it's a templating
engine, trusting that values from `argv` or `getenv` contain the correct
number of `%s`. I think we want to flag that.

The structure of the change note is modeled after 91af51cf46.
 2020-06-17 09:03:13 +02:00
Rasmus Lerchedahl Petersen
52898f16f5 Python: update paths after move 2020-06-17 08:34:45 +02:00
Rasmus Lerchedahl Petersen
47f5b04e87 Python: fix identical-files.json after move 
also more grouping
 2020-06-17 07:08:46 +02:00
Rasmus Lerchedahl Petersen
e192b66116 Python: move shared dataflow to experimental 2020-06-17 06:46:46 +02:00
luchua-bc
f40e27a3c5 Hardcoded AWS credentials 2020-06-17 02:46:02 +00:00
Erik Krogh Kristensen
fb5e13b456 Apply suggestions from doc review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2020-06-16 23:45:45 +02:00
Erik Krogh Kristensen
d811518a2e fixed from doc review, and add fixed example for js/biased-cryptographic-random using a secure library 2020-06-16 23:26:54 +02:00
Dave Bartolomeo
8e977dc6bf C++/C#: Move overrides of IRType::getByteSize() into leaf classes 
See https://github.com/github/codeql/pull/2272. I've added code comments in all of the places that future me will be tempted to hoist these overrides.
 2020-06-16 16:48:42 -04:00
Dave Bartolomeo
24c3110989 Merge from master 2020-06-16 16:37:38 -04:00
Erik Krogh Kristensen
210e71cd93 update expected output 2020-06-16 21:52:59 +02:00
Robert Marsh
ef940e815f C++: Add comment for false positives in swap tests 2020-06-16 11:46:14 -07:00
Robert Marsh
0c99b3644c C++: remove false negative comments in swap tests 2020-06-16 11:33:26 -07:00
Robert Marsh
1c9b6f0a48 Merge branch 'master' into ir-this-parameter-2 
Accept test changes - dataflow changes are all positive
 2020-06-16 11:28:49 -07:00
Geoffrey White
3d75d287a9 C++: Split MemberFunction.qll from Function.qll. 2020-06-16 17:40:46 +01:00
ubuntu
3104f8a37b Remove Fields in PostMessageEvent 2020-06-16 18:30:00 +02:00
Alessio Della Libera
68b2a6c848 Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-16 18:27:21 +02:00
Alessio Della Libera
8843522d14 Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-16 18:26:42 +02:00
Alessio Della Libera
72dc6510b2 Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-06-16 18:22:55 +02:00
Robert Marsh
ab327b989d Merge pull request #3713 from MathiasVP/flow-diff-test 
C++: Add test for differences between AST and IR field flow
 2020-06-16 09:09:46 -07:00
Erik Krogh Kristensen
ac1a0d9925 Merge pull request #3725 from erik-krogh/yargs-changenote 
JS: add changenote for yargs
 2020-06-16 16:28:43 +02:00
Erik Krogh Kristensen
02c825351c add change note for js/bad-code-sanitization 2020-06-16 16:25:30 +02:00
Erik Krogh Kristensen
5ce17bea60 add qhelp for js/bad-code-sanitization 2020-06-16 16:23:41 +02:00
Jonas Jensen
e5e373cff2 Merge pull request #3673 from MathiasVP/assign-op-using-swap 
C++: Add tests for taint through swap
 2020-06-16 15:43:52 +02:00
Rasmus Lerchedahl Petersen
0f77403f0e Python: small start on global flow 
need to actually have `OutNode`s
 2020-06-16 15:36:03 +02:00
Erik Krogh Kristensen
a0951f76b6 add additional taint steps when type-tracking RemoteFlowSource 2020-06-16 14:55:07 +02:00
semmle-qlci
07bff646d8 Merge pull request #3641 from asger-semmle/js/pre-call-graph-steps 
Approved by erik-krogh
 2020-06-16 13:41:55 +01:00
Erik Krogh Kristensen
cb5b946546 add changenote for yargs 2020-06-16 14:37:53 +02:00
Jonas Jensen
17737cd872 C++: Account for unreachable blocks in guards 
This restores the code I removed in 4642037dc.
 2020-06-16 14:33:12 +02:00
Rasmus Lerchedahl Petersen
f3e879a5ab Python: small test of local flow 2020-06-16 14:31:22 +02:00
Erik Krogh Kristensen
696879653a add qhelp to js/biased-cryptographic-random 2020-06-16 11:10:09 +02:00
lcartey@github.com
2978af34cd Java: Add RestTemplate as flow source. 2020-06-16 09:50:37 +01:00
lcartey@github.com
f2edc53144 Java: Add Spring RestTemplate return values to untrusted data types 
- Also improve unwrapping of lists/arrays/maps etc.
 2020-06-16 09:50:37 +01:00
lcartey@github.com
9625e82afd Java: Model Spring WebClients/RestTemplates. 2020-06-16 09:50:37 +01:00