codeql

Граф коммитов

Автор	SHA1	Сообщение	Дата
Rasmus Wriedt Larsen	83bd14b687	Python: Make experimental/library-tests/CallGraph pass for Python 2 The import doesn't actually work the intended way, so running ``` $ python python/ql/test/experimental/library-tests/CallGraph/test.py ``` will procude no output. but our extractor will extract the things we need, so for a quick fix this will need to suffice.	2020-07-13 14:52:28 +02:00
Geoffrey White	6519629472	Merge pull request #3942 from MathiasVP/remove-abstract-preprocessor C++: Remove abstract classes from Preprocessor.qll	2020-07-13 10:00:50 +01:00
Mathias Vorreiter Pedersen	d6da318645	C++: Remove abstract classes from Preprocessor.qll	2020-07-10 21:55:14 +02:00
Dave Bartolomeo	912c50a881	Merge pull request #3937 from MathiasVP/replace-result-type-with-ir-result-type C++: Replace getResultType() with getResultIRType()	2020-07-10 13:37:30 -04:00
Geoffrey White	456a05ecd5	Merge pull request #3940 from MathiasVP/remove-abstract-stmt C++: Remove abstract classes and predicates from Stmt.qll	2020-07-10 16:41:45 +01:00
Mathias Vorreiter Pedersen	7cc83da97a	C++: Remove @stmt_while from the TConditionalStmt union type.	2020-07-10 15:51:34 +02:00
Taus	df3eb9f9c5	Merge pull request #3790 from RasmusWL/python-add-annotated-callgraph-tests Python: Add annotated call-graph tests	2020-07-10 15:38:38 +02:00
Geoffrey White	2941f413f9	Merge pull request #3931 from aeisenberg/aeisenberg/cpp-print-ast Add the printAst.ql contextual query for C++	2020-07-10 14:08:25 +01:00
Mathias Vorreiter Pedersen	567984af3d	C++: Remove abstract classes from Stmt.qll	2020-07-10 14:21:56 +02:00
Anders Schack-Mulligen	a1d272e870	Merge pull request #3918 from aibaars/organise-container-flow Java: Clean up ContainerFlow, consider more methods	2020-07-10 14:19:44 +02:00
Arthur Baars	43b61038e9	Drop Map.merge as taint step	2020-07-10 13:00:14 +02:00
Robert Marsh	05685cc896	Merge pull request #3919 from dbartol/dbartol/IgnoreAutoBuilder C++: Add `.gitignore` for autobuilder	2020-07-09 15:02:52 -07:00
Andrew Eisenberg	782759d58e	Add the printAst.ql contextual query for C++ This query will be used by the VS Code extension for viewing ASTs of C/C++ files.	2020-07-09 08:28:49 -07:00
Arthur Baars	0d33a77ee3	Fix modelling of Stack.push Stack.push(E) returns its argument, it does not propagate taint from the stack to the return value.	2020-07-09 16:16:29 +02:00
Anders Schack-Mulligen	879551fc6a	Merge pull request #3936 from aibaars/object-clone Java: model Object.clone	2020-07-09 16:09:01 +02:00
Anders Schack-Mulligen	c8b9b779ae	Merge pull request #3927 from rvermeulen/java-importable-cwe-601 Java: Move `UrlRedirectSink` into importable library	2020-07-09 16:03:29 +02:00
Anders Schack-Mulligen	99a4f8fd0b	Merge pull request #3926 from rvermeulen/java-importable-cwe-089 Java: Move `QueryInjectionSink` into importable library	2020-07-09 16:00:56 +02:00
Mathias Vorreiter Pedersen	002f930dba	C#: Sync identical files	2020-07-09 15:54:42 +02:00
Jonas Jensen	2fa54552f0	Merge pull request #3914 from geoffw0/cc_followup C++: Repair swap taint tests	2020-07-09 15:54:40 +02:00
Mathias Vorreiter Pedersen	85a8280b30	C++: Replace getResultType() with getResultIRType() in IR dataflow	2020-07-09 15:54:15 +02:00
Mathias Vorreiter Pedersen	7029739691	C++: Replace getResultType() with getResultIRType() in IR range analysis	2020-07-09 15:53:54 +02:00
Mathias Vorreiter Pedersen	a405a95b68	C++: Introduce isSigned() and isUnsigned() predicates on IRIntegerType to mirror IntegralType	2020-07-09 15:52:09 +02:00
Jonas Jensen	277185a792	Merge pull request #3925 from geoffw0/rangefixup C++: Add getFullyConverted() where missing in SimpleRangeAnalysis	2020-07-09 15:45:58 +02:00
Remco Vermeulen	7428a8cd95	Add missing java import	2020-07-09 15:06:26 +02:00
Remco Vermeulen	d3db4fa5b2	Add missing java import	2020-07-09 15:04:16 +02:00
Remco Vermeulen	54d6c8b5f4	Mark ServletUrlRedirectSink private	2020-07-09 15:03:51 +02:00
Arthur Baars	e183171fea	Java: model Object.clone	2020-07-09 14:50:29 +02:00
Remco Vermeulen	1212feab28	Add file-level qldoc	2020-07-09 14:11:59 +02:00
Remco Vermeulen	99228d8bc2	Optimize imports	2020-07-09 14:09:39 +02:00
Remco Vermeulen	ba9f3e2a1e	Join ServletUrlRedirectSink with UrlRedirectSink	2020-07-09 14:08:43 +02:00
Remco Vermeulen	88f4b224c3	Extend UrlRedirectSink from DataFlow::Node	2020-07-09 14:05:54 +02:00
Remco Vermeulen	f8078f1125	Remove superfluous imports	2020-07-09 13:43:10 +02:00
Arthur Baars	d3d58795f1	Java: ContainerFlow add comments Some method variants are captured by a super class. Added some comments to indicate where this happens to make review of missing methods easier in the future.	2020-07-09 12:46:57 +02:00
semmle-qlci	e167b87150	Merge pull request #3932 from max-schaefer/portals-additions Approved by esbena	2020-07-09 11:43:45 +01:00
Remco Vermeulen	9a84abf259	Generalize QueryInjectionSink Extends from the more general DataFlow::Node instead of DataFlow::ExprNode	2020-07-09 12:32:17 +02:00
Arthur Baars	24c6e506aa	Java: ContainerFlow: RValue -> Expr While most flow for a qualifierToArgumentStep goes through a variable use this is not always the case. Therefore it is best to remove the restriction to RValue to allow taint steps to use postupdate nodes. See also: `ba86dea657`	2020-07-09 12:20:48 +02:00
Arthur Baars	0bd103ac05	Java: add tests for Container taint steps	2020-07-09 12:15:38 +02:00
Remco Vermeulen	c01844a39e	Add file-level qldoc	2020-07-09 10:30:31 +02:00
Max Schaefer	7a1410e0d5	JavaScript: Update and expand tests.	2020-07-09 09:25:52 +01:00
Remco Vermeulen	42e261ac02	Move SqlInjectionSink and PersistenceQueryInjectionSink Join SqlInjectionSink and PersistenceQueryInjectionSink with QueryInjectionSink to make its definition more transparent.	2020-07-09 10:21:24 +02:00
Remco Vermeulen	d07d21c9e2	Fix import	2020-07-09 10:20:53 +02:00
Anders Schack-Mulligen	777dc6305c	Merge pull request #3893 from aibaars/set-map-list-copy-of Java: model some new Set,List,Map methods	2020-07-09 10:18:12 +02:00
Max Schaefer	1c47260bde	JavaScript: Add support for global variables to portals.	2020-07-09 09:12:56 +01:00
Max Schaefer	c40ef0556a	JavaScript: Broaden scope of imports considered relevant to portals. Previously, we only considered an import relevant to portals if the path it imported was declared as a dependency. This falls down for deep imports where a specific module inside the package is imported rather than the default entry point, for imports of built-in modules like `fs`, and in cases where a developer simply forgets to declare a dependency. So instead we now consider all imports relevant whose path does not start with a dot or a slash.	2020-07-09 09:09:44 +01:00
Max Schaefer	8b4b5781e6	JavaScript: Add utility predicate `getBasePortal(i)`. This iterates the existing `getBasePortal()` predicate `i` times.	2020-07-09 09:08:18 +01:00
Robert Marsh	0e66d0892b	Merge pull request #3785 from MathiasVP/dataflow-operand-nodes C++: Operands as dataflow nodes	2020-07-08 14:50:54 -07:00
Arthur Baars	6367eb9ee8	Address review comments	2020-07-08 22:08:27 +02:00
Remco Vermeulen	170be9ffe8	Move `UrlRedirectSink` into importable library - The `UrlRedirect` class is renamed to `ServletUrlRedirect`. - Abstract class `UrlRedirectSink` is defined that can be imported and used to customise CWE-601 via Customizations.qll	2020-07-08 16:47:51 +02:00
Jonas Jensen	0bbbfe58cf	Merge pull request #3916 from geoffw0/cc_followup2 C++: Add missing constructor taint test	2020-07-08 16:35:47 +02:00
Remco Vermeulen	06517c6f82	Move `QueryInjectionSink` into importable library This enables defining of new sinks to customise the CWE-089 queries.	2020-07-08 16:24:06 +02:00

1 2 3 4 5 ...

14384 Коммитов Все ветки Поиск

14384 Коммитов

Все ветки