github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
10 954 коммитов 1 538 Ветки 130 Теги 478 MiB
Граф коммитов

633 Коммитов

Автор SHA1 Сообщение Дата
Anders Schack-Mulligen 9fc75f1f92
Merge pull request #2850 from SpaceWhite/CWE-094 
ScriptEngine java code injection
 2020-03-13 13:43:09 +01:00
Anders Schack-Mulligen 2a2484ee0f
Merge pull request #2800 from SpaceWhite/CWE-643 
CWE-643 XPathInjection on java
 2020-03-13 13:40:17 +01:00
Anders Schack-Mulligen 99c55b6edb Java: Add taint steps for java.util.Queue methods. 2020-03-12 15:02:06 +01:00
SpaceWhite 300aee39be nit: add dot to qhelp 2020-03-12 20:38:03 +09:00
SpaceWhite bb1ea94c54 Nit: Fix qhelp and ql autoformat 2020-03-12 20:35:01 +09:00
SpaceWhite 822bfcd36c Nit: fix qhelp 2020-03-12 20:25:23 +09:00
Anders Schack-Mulligen e1a0c2d846 Java: Add minor test case to typeflow qltest. 2020-03-11 13:13:19 +01:00
Tom Hvitved bd6c23d165
Merge pull request #3020 from aschackmull/dataflow/type-pruning-bigstep 
Dataflow: Fix bug in type pruning.
 2020-03-10 14:21:21 +01:00
Anders Schack-Mulligen a2bbacf58d Java/C++/C#: Fix performance issue in partial paths exploration. 2020-03-09 11:30:59 +01:00
Anders Schack-Mulligen 4298a3a931 Java: Add test. 2020-03-09 11:16:59 +01:00
Anders Schack-Mulligen f491fcd5ae Java/C++/C#: Sync. 2020-03-09 11:05:13 +01:00
Anders Schack-Mulligen 7a74634cfd Java/C++/C#: Simplify. 2020-03-09 11:04:28 +01:00
Anders Schack-Mulligen cf84a53573 Java/C++/C#: Fix bug in type pruning. 2020-03-09 11:04:24 +01:00
SpaceWhite 5e912cbf8e Move directory to experimental 2020-03-07 11:55:32 +09:00
SpaceWhite 8cdc2bb268 Merge branch 'master' into CWE-094 2020-03-07 11:54:31 +09:00
SpaceWhite b7af1645aa Move directory to experimental 2020-03-07 11:49:33 +09:00
SpaceWhite 2ec107bc2d Merge branch 'master' into CWE-643 2020-03-07 11:47:53 +09:00
Anders Schack-Mulligen 4601639bad Java: Document a FP in a test. 2020-03-03 13:39:26 +01:00
Anders Schack-Mulligen b210009eec
Merge pull request #2923 from yo-h/java-customizations 
Java: add `Customizations.qll`
 2020-03-02 09:58:34 +01:00
semmle-qlci ec90627a64
Merge pull request #2909 from yo-h/experimental 
Approved by aschackmull, jbj, max-schaefer, tausbn
 2020-02-28 03:15:58 +00:00
yo-h f8bf055fe1
Merge pull request #2927 from aschackmull/java/taintgettersetter-tests 
Java: Add some more taint-getter-setter tests.
 2020-02-27 22:12:25 -05:00
Anders Schack-Mulligen 33f6392be5 Java: Add some more taint-getter-setter tests. 2020-02-27 10:47:25 +01:00
Anders Schack-Mulligen 0c30d7cced Java: Update test output. 2020-02-27 10:28:12 +01:00
yo-h bd91bc0b29 Java: add `Customizations.qll` 2020-02-26 13:18:13 -05:00
Anders Schack-Mulligen 508b6050a8 Java: Remove some irrelevant bounds from TypeFlow. 2020-02-26 13:51:25 +01:00
Jonas Jensen db33c360bc
Merge pull request #2910 from aschackmull/dataflow/cleanup 
Java/C++: Minor dataflow cleanup.
 2020-02-25 12:47:10 +01:00
Anders Schack-Mulligen fba8772411 Java/C++: Minor dataflow cleanup. 2020-02-25 09:40:25 +01:00
yo-h 43bcd5b26c Add guidelines for experimental CodeQL queries and libraries 2020-02-24 15:08:31 -05:00
Anders Schack-Mulligen 67b32796dd
Merge pull request #853 from joshhale/tweak-cwe-078-example 
doc: remove - from command arguments
 2020-02-24 16:15:58 +01:00
Anders Schack-Mulligen 771cb754c2
Merge pull request #2822 from hvitved/dataflow/node-cand-simple-call-context 
Data flow: Track simple call contexts in `nodeCand[Fwd]1`
 2020-02-21 10:02:06 +01:00
Tom Hvitved a772b82fea Address review comments 2020-02-20 19:48:49 +01:00
Anders Schack-Mulligen 91166431d2 Java/C++/C#: s/Callable/DataFlowCallable/ 2020-02-19 17:23:01 +01:00
Anders Schack-Mulligen c6016bb08c Java/C++/C#: Improve join-order in pathStep predicate 2020-02-19 14:47:39 +01:00
Tom Hvitved a695b567ec Data flow: Sync files 2020-02-17 19:39:52 +01:00
semmle-qlci ecad925101
Merge pull request #2631 from hvitved/dataflow/generalize-flow-summaries 
Approved by aschackmull
 2020-02-17 18:22:46 +00:00
Tom Hvitved 0e7838aca5 Data flow: Sync files 2020-02-17 15:08:26 +01:00
Anders Schack-Mulligen cabe627d1e Java: Fix qldoc. 2020-02-17 14:44:12 +01:00
Tom Hvitved 28307399f8 Data flow: Sync files 2020-02-17 10:45:35 +01:00
SpaceWhite 0be6f84387 Add sample 2020-02-15 16:49:33 +09:00
SpaceWhite 1ad7bd9684 add sample code 2020-02-15 16:46:09 +09:00
SpaceWhite a29ccd674f Initial commit 2020-02-15 16:27:03 +09:00
Tom Hvitved 332733a92e Java/C++: Follow-up changes 2020-02-13 16:34:06 +01:00
Tom Hvitved b5b0c2b8cf Data flow: Sync files 2020-02-13 16:34:06 +01:00
SpaceWhite 949914e48a Add XPathInjection 2020-02-10 13:48:02 +09:00
Tom Hvitved 9b699618a8 Data flow: Improve performance of `flowFwdStore()` 2020-02-09 19:34:04 +01:00
Anders Schack-Mulligen 85adc3be10 Java: Add String.join as default taint step. 2020-02-07 14:43:31 +01:00
Anders Schack-Mulligen ee3af0a247 Java: Add String.format as default taint step. 2020-02-07 13:43:35 +01:00
Tom Hvitved f30a42ce26 Data flow: Fix bad join-order in `TPathNodeSink` 
Avoids a Cartesian product on nodes:

```
[2020-02-07 11:01:22] (432s) Tuple counts for dom#DataFlowImpl::TPathNodeSink#ff:
                      0          ~0%      {2} r1 = JOIN DataFlowImpl::Configuration::isSource_dispred#ff AS L WITH DataFlowImpl::Configuration::isSink_dispred#ff AS R ON FIRST 2 OUTPUT R.<1>, R.<0>
                      101611     ~0%      {2} r2 = SCAN DataFlowImpl::PathNodeMid#class#ffffff AS I OUTPUT I.<5>, I.<0>
                      3534537047 ~3%      {3} r3 = JOIN r2 WITH DataFlowImpl::Configuration::isSink_dispred#ff AS R ON FIRST 1 OUTPUT r2.<1>, R.<1>, R.<0>
                      251        ~41%     {3} r4 = JOIN r3 WITH project#DataFlowImpl::pathStep#fffff AS R ON FIRST 2 OUTPUT R.<2>, r3.<2>, r3.<1>
                      251        ~50%     {2} r5 = JOIN r4 WITH DataFlowImpl::TNil#ff_1#join_rhs AS R ON FIRST 1 OUTPUT r4.<2>, r4.<1>
                      251        ~50%     {2} r6 = r1 \/ r5
                      323        ~67%     {3} r7 = JOIN r6 WITH DataFlowImpl::flow#ff AS R ON FIRST 1 OUTPUT r6.<1>, r6.<0>, R.<1>
                      288        ~58%     {3} r8 = SELECT r7 ON r7.<2> >= r7.<0>
                      251        ~53%     {3} r9 = SELECT r8 ON r8.<2> <= r8.<0>
                      251        ~50%     {2} r10 = SCAN r9 OUTPUT r9.<1>, r9.<0>
```
 2020-02-07 12:08:31 +01:00
yo-h 9c3fed7550
Merge pull request #2734 from aschackmull/java/taint-postupdate 
Java: Improve taint step modeling to use postupdate nodes.
 2020-02-06 21:17:55 -05:00
Tom Hvitved b3af3ad12f Data flow: Fix bad join order in `getReturnPosition()` 
Joining on the enclosing callable before the kind is crucial, as witnessed by this pipeline:

```
[2020-02-06 17:58:21] (1086s) Starting to evaluate predicate DataFlowImplCommon::getReturnPosition#ff/2@83c546
[2020-02-06 18:53:16] (4382s) Tuple counts for DataFlowImplCommon::getReturnPosition#ff:
                      385478      ~1%     {3} r1 = SCAN DataFlowImplCommon::Cached::TReturnPosition0#fff@staged_ext AS I OUTPUT I.<2>, I.<0>, I.<1>
                      385478      ~2%     {3} r2 = JOIN r1 WITH DataFlowImplCommon::Cached::TReturnPosition0#fff_2#join_rhs AS R ON FIRST 1 OUTPUT r1.<2>, r1.<1>, r1.<0>
                      58638116860 ~0%     {3} r3 = JOIN r2 WITH DataFlowImplCommon::ReturnNodeExt::getKind_dispred#ff_10#join_rhs AS R ON FIRST 1 OUTPUT R.<1>, r2.<1>, r2.<2>
                      914049      ~0%     {2} r4 = JOIN r3 WITH DataFlowImplCommon::returnNodeGetEnclosingCallable#ff AS R ON FIRST 2 OUTPUT r3.<0>, r3.<2>
                                          return r4
```
 2020-02-06 19:06:40 +01:00