github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
16 530 коммитов 1 533 Ветки 130 Теги 473 MiB
Граф коммитов

16530 Коммитов

Автор SHA1 Сообщение Дата
Geoffrey White 0d6bd6facb Merge branch 'main' into map 2020-10-02 16:24:03 +01:00
Taus fce76e2799
Merge pull request #4354 from RasmusWL/python-command-execution-modeling 
Python: Better command execution modeling
 2020-10-02 16:14:34 +02:00
Taus 2e4a61428d
Merge pull request #4346 from RasmusWL/python-add-implicit-init-test 
Python: add test for implicit __init__.py files
 2020-10-02 16:13:25 +02:00
Tom Hvitved 55d25d90fa
Merge pull request #4386 from hvitved/csharp/remove-deprecated-queries 
C#: Remove deprecated external queries
 2020-10-02 15:12:33 +02:00
Rasmus Wriedt Larsen e5b9ac8d9c Python: Use getCommand as tag in ConceptsTest 2020-10-02 14:12:41 +02:00
Rasmus Wriedt Larsen eb67986916 Python: Exlucde only command injection sinks in os and subprocess 2020-10-02 14:11:07 +02:00
Rasmus Wriedt Larsen 68eacef23c Python: Refactor OsExecCall and friends for better readability 2020-10-02 13:38:54 +02:00
Rasmus Wriedt Larsen de07d9e5d9 Python: Highlight that os.popen is not only problem for extra alerts 2020-10-02 13:34:33 +02:00
Geoffrey White 4b0e9a4fb1 C++: Remove the model of make_pair. 2020-10-02 10:55:13 +01:00
Geoffrey White 0b6096ebfe C++: Define make_pair and declare std::forward in the test. 2020-10-02 10:51:34 +01:00
Chris Smowton aa707e9370
Merge pull request #4381 from smowton/smowton/admin/fix-owasp-broken-links 
Fix OWASP broken links
 2020-10-02 08:51:36 +01:00
Tom Hvitved bc68578c8b C#: Remove deprecated external queries 2020-10-01 21:11:47 +02:00
Jonas Jensen 48c6f34f91
Merge pull request #4372 from matt-gretton-dann/cpp20-constinit 
Add support for Variable.is_constinit()
 2020-10-01 20:19:56 +02:00
Aditya Sharad f7f05476a2
Merge pull request #4375 from adityasharad/javascript/client-side-url-redirect-regexp 
JavaScript: Track taint through RegExp.prototype.exec for URL redirection
 2020-10-01 09:55:19 -07:00
Geoffrey White ad9f306352 C++: Model taint flow only when the second component of a pair would be tainted. 2020-10-01 17:38:09 +01:00
Ian Lynagh e555b6b2a8
Merge pull request #4380 from github/igfoo/unnamed 
C++: Accept test changes in unnamed entity naming
 2020-10-01 17:16:20 +01:00
Anders Schack-Mulligen c027f3bd2b
Merge pull request #4324 from tamasvajk/feature/unsigned-sign-analysis 
Handle unsigned types in sign analysis (C# and Java)
 2020-10-01 15:11:49 +02:00
CodeQL CI 36450a8998
Merge pull request #4338 from erik-krogh/nodejs-server-request-data 
Approved by asgerf
 2020-10-01 06:00:17 -07:00
Erik Krogh Kristensen d54a057457
Merge pull request #4377 from erik-krogh/babelCrash 
JS: prevent crash when TemplateLiteral is used in import
 2020-10-01 14:58:45 +02:00
Chris Smowton 578ea1ae43 Fix OWASP broken links 2020-10-01 13:09:52 +01:00
Erik Krogh Kristensen 4dec2171da add http request server data as a RemoteFlowSource 2020-10-01 13:21:56 +02:00
Rasmus Wriedt Larsen 3247b300ae Python: Fix problem with missing use-use flow 2020-10-01 12:55:11 +02:00
Rasmus Wriedt Larsen 9b3509f0ba Python: Highlight problem with missing use-use flow 2020-10-01 12:51:44 +02:00
CodeQL CI 0158e2ffef
Merge pull request #4374 from max-schaefer/js/api-graph 
Approved by erik-krogh
 2020-10-01 03:33:45 -07:00
Max Schaefer 7f075202c6
Merge pull request #4367 from erik-krogh/sql-api 
JS: Fixing an API-graph gotcha in `SQL.qll`
 2020-10-01 11:33:01 +01:00
Erik Krogh Kristensen fbd62abd64 prevent crash when TemplateLiteral is used in import 2020-10-01 11:26:49 +02:00
Aditya Sharad e712d16e7e
JavaScript: Track taint through RegExp.prototype.exec for URL redirection 
Regexp literals are currently handled, but not `RegExp` objects.
 2020-09-30 15:13:02 -07:00
Rasmus Wriedt Larsen 428c2a3fda Merge branch 'main' into python-command-execution-modeling 2020-09-30 17:38:59 +02:00
Matthew Gretton-Dann e0ca4dafb8 Add support for Variable.is_constinit() 2020-09-30 16:31:45 +01:00
Rasmus Wriedt Larsen c4a2e1d6d1 Python: Rewrite attribute lookup helpers for better performance 
Not that they actually had a huge problem right now, just that using the old
pattern HAS lead to bad performance in the past. See
https://github.com/github/codeql/pull/4361
 2020-09-30 17:31:20 +02:00
Geoffrey White 952cc89c2a C++: Improve make_pair in stl.h (using remove_reference). 2020-09-30 16:17:06 +01:00
Geoffrey White 7ecd229ce7 C++: Improve make_pair in stl.h (jbj solution). 2020-09-30 16:16:53 +01:00
Geoffrey White 282d3e8f7e
Merge pull request #4322 from jbj/range-analysis-custom-defs 
C++: Support custom defs in SimpleRangeAnalysis
 2020-09-30 15:43:32 +01:00
Taus 32bf7d6bdf
Merge pull request #4256 from fatenhealy/Noblowfish 
CWE-327 BrokenCryptoAlgorithm recommendation to AES instead of Blowfish
 2020-09-30 16:15:46 +02:00
Erik Krogh Kristensen bfb653a34a rename getAReference to getAnImmediateUse 2020-09-30 15:15:49 +02:00
Erik Krogh Kristensen eb973b39fe
Update javascript/ql/src/semmle/javascript/frameworks/SQL.qll 
Co-authored-by: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-09-30 15:12:17 +02:00
Faten Healy 03d8fc7296
changed to AES 2020-09-30 22:18:36 +10:00
Rasmus Wriedt Larsen 4adc26eb62 Python: Fix command injection example code 
`subprocess.Popen(["ls", "-la"], shell=True)` correspond to running `sh -c "ls" -la`

So it doesn't follow the pattern of the rest of the test file.
 2020-09-30 13:38:37 +02:00
Taus d694777894
Merge pull request #4369 from RasmusWL/python-ospathjoin-taintstep 
Python: Add taint-step for os.path.join
 2020-09-30 13:35:16 +02:00
Erik Krogh Kristensen b24e959033 add `getAnInvocation` to the ApiGraphs API 2020-09-30 13:33:36 +02:00
Rasmus Wriedt Larsen 9c1253c8af Python: Remove flow out of CommandInjection sinks 2020-09-30 13:29:40 +02:00
Erik Krogh Kristensen b720bfdd11 Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2020-09-30 13:26:51 +02:00
Rasmus Wriedt Larsen a2d12f0440 Python: Update CommandInjection.expected 2020-09-30 13:00:10 +02:00
Jonas Jensen b1c826e5c0
Merge pull request #4135 from rdmarsh2/rdmarsh2/cpp/output-iterators-1 
C++: Output iterators in AST taint tracking
 2020-09-30 12:54:55 +02:00
Rasmus Wriedt Larsen 1595fed2d6 Python: Add preliminary taint tests for pathlib 2020-09-30 11:44:37 +02:00
Rasmus Wriedt Larsen 0542c3b91e Python: Model os.path.join and add taint-step 2020-09-30 11:42:36 +02:00
Rasmus Wriedt Larsen efa2484718 Python: Add taint test for os.path.join 
Surprisingly the first two just worked, due to our very general handling of any
`join` methods :D
 2020-09-30 11:35:21 +02:00
Rasmus Wriedt Larsen aa6fad558c Python: Minor cleanup in taint-step tests 2020-09-30 11:15:53 +02:00
Erik Krogh Kristensen e0b25798ff remove type-tracking from `getAReference`, and rewrite qldocs 2020-09-30 10:36:08 +02:00
Rasmus Wriedt Larsen b3efa28277 Merge branch 'main' into python-command-execution-modeling 2020-09-30 10:24:11 +02:00