github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
16 530 коммитов 1 538 Ветки 130 Теги 478 MiB
Граф коммитов

16530 Коммитов

Автор SHA1 Сообщение Дата
Jonas Jensen b7d0939f4a C++: ExtendedRangeAnalysis stub implementation 
Just to demonstrate how things fit together, I've created
`SubtractSelf.qll` that adds a (hopefully sound) version of the test
extension that was already used in `extensibility.ql`.
 2020-09-23 15:50:07 +02:00
Arthur Baars 5894263671
Java: improve change note 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2020-09-23 15:37:55 +02:00
Max Schaefer dc7b447895 JavaScript: Make alert locations for command injection more precise. 2020-09-23 14:07:36 +01:00
Max Schaefer 439aadf0b6 JavaScript: Do even more type tracking in command injection. 2020-09-23 14:07:36 +01:00
Max Schaefer ef18b39124 JavaScript: Fix use of type backtracker in `IndirectCommandArgument.qll`. 2020-09-23 14:07:36 +01:00
Max Schaefer 825fc2228b JavaScript: Add two new command-injection tests. 2020-09-23 14:07:36 +01:00
Rasmus Wriedt Larsen 66815c9d3d Python: Suppress unused variable warnings in DataFlowPrivate 2020-09-23 14:33:10 +02:00
Tamás Vajk 9b14a70eef
Merge pull request #4316 from tamasvajk/feature/local-functions 
C#: Change TrapStackBehaviour of local functions
 2020-09-23 14:12:07 +02:00
Tamas Vajk 2868d5bf34 C#: Add pointer cast test cases 2020-09-23 12:20:51 +02:00
Rasmus Wriedt Larsen 6aec2ec673
Python: Fix os.popen modeling 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2020-09-23 11:18:32 +02:00
Rasmus Wriedt Larsen 624cdd339a
Python: Fix grammar 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2020-09-23 11:18:12 +02:00
Tom Hvitved d652b95b21
Merge pull request #4011 from hvitved/csharp/asp-extraction-pre-finalize 
C#: Move ASP extraction from auto builder to `pre-finalize.{sh,cmd}`
 2020-09-23 09:11:11 +02:00
Tamás Vajk 03e20eed05
Merge pull request #4314 from tamasvajk/feature/switch-case-expr 
C#: Fix switch case expression types
 2020-09-23 08:57:32 +02:00
Rasmus Lerchedahl Petersen ef4461ce54 Python: Address review comments 2020-09-22 23:48:28 +02:00
Tamás Vajk 5ab5e75b85
Merge pull request #4255 from fatenhealy/IncreaseInsufficientKeySizeValue 
Increase insufficient key size value from 1024 to 2048
 2020-09-22 23:06:12 +02:00
yoff aece0ff652
Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2020-09-22 22:33:46 +02:00
Erik Krogh Kristensen ec2b3f0b6c better join-order fix in HTTP 2020-09-22 21:02:26 +02:00
Robert Marsh e28a45b8e6 Merge branch 'main' into rdmarsh2/cpp/output-iterators-1 
Resolve test output conflicts from IR model improvements
 2020-09-22 11:17:38 -07:00
Arthur Baars b382711f14 Java: change note for Hiberate ORM improvements 2020-09-22 18:55:07 +02:00
CodeQL CI 475519c9ee
Merge pull request #4267 from asgerf/js/log-typescript-memory 
Approved by esbena
 2020-09-22 08:51:51 -07:00
Jonas Jensen 4faeede5cd C++: Remove unnecessary comment on import 2020-09-22 16:55:25 +02:00
Rasmus Wriedt Larsen 71a75ce596 Python: Handle bound methods in flask modeling 2020-09-22 16:33:35 +02:00
Rasmus Wriedt Larsen 5709189c2a Python: Expand flask test 2020-09-22 16:33:34 +02:00
Rasmus Wriedt Larsen e614365963 Python: Adopt new approach in flask modeling 
Removed all the dict-like stuff, not sure that is how we should do things.
 2020-09-22 16:33:33 +02:00
Rasmus Wriedt Larsen a82fa04d8a Python: Add worked example of taint step modeling of external libs 
This can't be seen on the example, but I went through quite a lot of iterations
before arriving at this fairly simple solution.
 2020-09-22 16:28:26 +02:00
Rasmus Wriedt Larsen 00ea0cebc3 Python: More Flask modeling kinda works 
It "kinda" works now, but it really is not a pretty solution. Adding all these
"tracked" objects is SUPER annoying... it _would_ be possible to skip them, but
that seems like it will give the wrong edges for dataflow/taintflow queries :|

A good chunk of it should be able to be removed with access-paths like C# does
for library modeling. Some of it could be solved by better type-tracking API
like API Graphs... but it seems like we generally are just lacking the
nice-to-have features like `.getAMemberCall` and the like. See
https://github.com/github/codeql/pull/4082/files#diff-9aa94c4d713ef9d8da73918ff53db774L33
 2020-09-22 16:28:25 +02:00
Rasmus Wriedt Larsen 3c08590ee4 Python: Expand flask tests a bit 2020-09-22 16:28:24 +02:00
Rasmus Wriedt Larsen 2bdd0284dc Python: Port py-command-line-injection with new dataflow 2020-09-22 16:28:23 +02:00
Rasmus Wriedt Larsen 7c205dd3fc Python: First attempt at modeling Flask 2020-09-22 16:28:21 +02:00
Rasmus Wriedt Larsen cdc5ca7aec Python: Model os.system and os.popen 2020-09-22 16:28:20 +02:00
Rasmus Wriedt Larsen 0265f26301 Python: Add importModule and importMember DataFlow helpers 2020-09-22 16:28:19 +02:00
Rasmus Wriedt Larsen 2551173156 Python: Update example in QLDoc for TypeTracker 2020-09-22 16:28:18 +02:00
Jonas Jensen 9fd8b0431a C++: Add a SimpleRangeAnalysisDefinition test def 2020-09-22 15:54:54 +02:00
Jonas Jensen 826632d6a9 C++: Add a test of def overrides 
The def used in this test is not overridden yet.
 2020-09-22 15:54:54 +02:00
Jonas Jensen d1f453be36 C++: import SimpleRangeAnalysisInternal 
This ensures that `getFullyConverted{Lower,Upper}Bounds` are available
where they need to be called.
 2020-09-22 15:54:54 +02:00
Jonas Jensen 8065bf15ad C++: Per-variable overrides 
Without these changes, there was no way to tell which variables were
overridden by a given instance of `SimpleRangeAnalysisDefinition`. All
four overrides are needed because they fit into different mutual
recursions of the `SimpleRangeAnalysis` implementation.
 2020-09-22 15:53:22 +02:00
Jonas Jensen 7dce4d0a6e C++: Rename: name the file the same as the class 2020-09-22 15:48:36 +02:00
Tamás Vajk 54c35748f0
Merge pull request #4193 from tamasvajk/feature/sign-analysis 
C#: Sign analysis
 2020-09-22 15:33:33 +02:00
Anders Schack-Mulligen 66e2ed9b65
Merge pull request #4031 from aibaars/hibernate 
Add additional Hibernate SQL sinks
 2020-09-22 15:29:40 +02:00
Rasmus Lerchedahl Petersen 131cf8d2ec Python: Fix compilation error 2020-09-22 15:02:31 +02:00
CodeQL CI 036a36a474
Merge pull request #4317 from max-schaefer/js/api-node-depth 
Approved by asgerf
 2020-09-22 05:58:48 -07:00
Erik Krogh Kristensen 717ea2369c
Merge pull request #4311 from erik-krogh/indirect-fix 
JS: improve join-order for HTTP::isDecoratedCall
 2020-09-22 14:35:50 +02:00
CodeQL CI 9a306866c5
Merge pull request #4282 from erik-krogh/es2021 
Approved by esbena
 2020-09-22 05:34:35 -07:00
Geoffrey White e836bae20f C++: Tidy up test stl.h a little. 2020-09-22 13:21:50 +01:00
Rasmus Lerchedahl Petersen b065d8724e Python: Fixup comments after merge 2020-09-22 13:52:30 +02:00
Rasmus Lerchedahl Petersen 3e2331c87f Merge branch 'main' of github.com:github/codeql into SharedDataflow_FieldFlow 2020-09-22 13:32:36 +02:00
Jonas Jensen ee211b02fb Merge remote-tracking branch 'lcartey/cpp/range-analysis-custom-defs' into range-analysis-custom-defs 2020-09-22 13:27:56 +02:00
Tamas Vajk 5f96c37b28 C#: Fix switch case expression types 2020-09-22 13:16:31 +02:00
Anders Schack-Mulligen 47506a859e
Merge pull request #4287 from joefarebrother/exectainted-array 
Java: Improve the ExecTainted query
 2020-09-22 13:16:05 +02:00
Jonas Jensen 269b7101c0
Merge pull request #4273 from lcartey/cpp/custom-range-analysis-override 
C++: Support overriding existing simple range analysis bounds
 2020-09-22 13:15:05 +02:00