github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
5 807 коммитов 1 541 ветка 132 Теги 497 MiB
Граф коммитов

5807 Коммитов

Автор SHA1 Сообщение Дата
Jonas Jensen cb51a4259f
Merge pull request #3 from ian-semmle/getURL 
C++: Make Folder.getURL() consistent with Folder.getLocation()
 2018-08-21 11:07:52 +02:00
semmle-qlci a01a453045
Merge pull request #78 from xiemaisi/js/remove-old-test 
Approved by esben-semmle
 2018-08-21 09:04:52 +01:00
Esben Sparre Andreasen 2d63524f83 JS: explain sanitizer equivalence 2018-08-21 09:54:32 +02:00
Tom Hvitved bae32659e4 C#: Add change note 2018-08-21 09:11:31 +02:00
Esben Sparre Andreasen f522376217 JS: mention string formatting taint step in change notes 2018-08-21 09:02:35 +02:00
Esben Sparre Andreasen bbdf6b0f1d JS: mark PrintfStyleCall as a taint step 2018-08-21 09:02:35 +02:00
Esben Sparre Andreasen c058b91587 JS: extract PrintfStyleCall out of TaintedFormatString 2018-08-21 09:02:35 +02:00
Tom Hvitved 4560468cb8 C#: Update expected test output 2018-08-21 08:57:03 +02:00
Robert Marsh 51bfb8db88 C++: exclude conversion in MacroInvocation.getExpr 2018-08-20 15:10:28 -07:00
Denis Levin be3d2931e3 Changed query message text as requested 2018-08-20 14:02:33 -07:00
Esben Sparre Andreasen be8a32bb18 JS: add sanitizer support for `~whitelist.indexOf(x)` 2018-08-20 20:32:57 +02:00
Ian Lynagh 0f350780bb C++: Make Folder.getURL() consistent with Folder.getLocation() 2018-08-20 19:01:31 +01:00
Dave Bartolomeo f2053c488e C++: Make `InitializeParameter` and `Uninitialized` return memory results 
The IR avoids having non-trivially-copyable and non-trivially-assignable types in register results, because objects of those types need to exist at a particular memory location. The `InitializeParameter` and `Uninitialized` instructions were violating this restriction because they returned register results, which were then stored into the destination location via a `Store`.

This change makes those two instructions take the destination address as an operand, and return a memory result representing the (un-)initialized memory, removing the need for a separate `Store` instruction.
 2018-08-20 09:13:45 -07:00
Luke Cartey d6c58d6bd9 C#: ZipSlip - Add precision tag. 2018-08-20 16:59:57 +01:00
Luke Cartey 0477bd781a C#: ZipSlip - Add change note. 2018-08-20 16:59:57 +01:00
Luke Cartey fa78d04f18 C#: ZipSlip - Add qhelp file. 
This adds a help file which describes the problem, provides
recommendations on how to fix it and an example.
 2018-08-20 16:59:56 +01:00
Luke Cartey 99d1cf70be C#: ZipSlip - Update name, description and message. 
This commit updates the name, description and message to better match
the house style for the security queries.
 2018-08-20 16:59:56 +01:00
Luke Cartey 112d104005 C#: ZipSlip - remove ZipSlip prefix from TaintTracking class name. 2018-08-20 16:18:13 +01:00
Luke Cartey b6c9f844e8 C#: ZipSlip - refactor to use Source, Sink, Sanitizer 
This commit refactors the existing predicates to be classes extending
Source, Sink or Sanitizer, as appropriate.
 2018-08-20 16:17:03 +01:00
Ian Lynagh 99dbbdf863 C++: Add some comments 2018-08-20 16:12:26 +01:00
Ian Lynagh 9c4d4f8732 C++: No need to cache so many predicates 2018-08-20 16:12:26 +01:00
Ian Lynagh c241b081cb C++: Don't unresolve 'this' 
For example, if you have 3 types called T, where t1 and t2 are defined
but t3 isn't, then you will have

    unspecifiedtype(t1, t1)
    unspecifiedtype(t2, t2)
    unspecifiedtype(t3, t3)

    t1 = resolve(t1)
    t1 = resolve(t3)
    t2 = resolve(t2)
    t2 = resolve(t3)

so given

    Type getUnspecifiedType() {
        unspecifiedtype(unresolve(this), unresolve(result))
    }

you get t1.getUnspecifiedType() = t2.

I think that in general the best thing to do is to not unresolve 'this',
but to just take the underlying value.
 2018-08-20 16:12:26 +01:00
Ian Lynagh a1e44041ec C++: Use mkElement/unresolveElement consistently 2018-08-20 16:12:26 +01:00
Ian Lynagh 34c9892f77 C++: isfromtemplateinstantiation test output change 2018-08-20 16:12:26 +01:00
Max Schaefer 46ef208e09 JavaScript: Remove spurious test file. 2018-08-20 15:02:51 +01:00
semmle-qlci e1f3637b66
Merge pull request #75 from asger-semmle/server-side-url-redirect-performance 
Approved by xiemaisi
 2018-08-20 14:53:16 +01:00
Jonas Jensen b931e88686
Merge pull request #67 from dave-bartolomeo/dave/CastToVoid 
C++: Handle casts to `void` in IR
 2018-08-20 15:45:11 +02:00
Jonas Jensen 5e6f34fa3c
Merge pull request #64 from calumgrant/ql-style-guide 
QL Style Guide
 2018-08-20 15:31:51 +02:00
semmle-qlci 0adeef73ff
Merge pull request #74 from xiemaisi/js/multi-step-export-from 
Approved by asger-semmle
 2018-08-20 12:36:26 +01:00
Luke Cartey 09b23878fd C#: ZipSlip, introduce source, sink, sanitizer classes. 2018-08-20 12:25:51 +01:00
Luke Cartey 3bc035fb5a C#: Reformat ZipSlip module. 
Reformat the ZipSlip module to adhere to the "QL Style Guide".
 2018-08-20 12:11:06 +01:00
Tom Hvitved b1451b079e C#: Add CFG test that mixes `finally` splitting and `catch` splitting 2018-08-20 13:10:09 +02:00
Tom Hvitved 91ed111735 C#: Improve CFG for exception handlers 
Use generic CFG splitting to add a new type of split for exception handlers,
`ExceptionHandlerSplit`, which tags eachs node belonging to a `catch` clause
with the type of exception being caught. This allows for a more accurate CFG
for `try-catch` statements, where exception filters are handled properly.
 2018-08-20 13:08:28 +02:00
Tom Hvitved a705b3afa5 C#: Generic control flow graph splitting 
Refactor existing logic for splitting control flow nodes belonging to a `finally`
block. A `Split` defines (1) when to enter the split, (2) when to stay in the split,
and (3) when to leave the split. With only these definitions, control flow splitting
is achieved by tagging each control flow element with the set of splits that apply
to it.
 2018-08-20 13:04:29 +02:00
Luke Cartey 80e4815125 C#: Extract ZipSlip library 2018-08-20 12:03:33 +01:00
calum 08d0718ecc Update CONTRIBUTING.md and README.md to link the the QL Style Guide. 2018-08-20 11:06:22 +01:00
calum 529dbe08c8 Address review comments. Reformat bullet lists with capitals and remove trailing punctuation. 2018-08-20 11:00:35 +01:00
Tom Hvitved 1365761f72 C#: Change `toString()` for `FinallySplitControlFlowNode` 2018-08-20 09:41:54 +02:00
Max Schaefer a27a14d0d3
Merge pull request #69 from asger-semmle/ts-typescript2.9 
TypeScript: support for v2.9 features
 2018-08-20 08:15:41 +01:00
Max Schaefer b2e304951e
Merge branch 'master' into ts-typescript2.9 2018-08-20 08:14:58 +01:00
Max Schaefer a9f1e21363 JavaScript: Fix exported name of default re-exports. 
A default re-export (not part of the standard yet) looks like this:

```
export f from 'mod';
```

What this means is that the default export of `mod` is re-exported under the name `f`.

Default re-export specifiers (like `f` in this example) are modelled as a kind of default export specifier in our library, but unlike normal default export specifiers they do not export the name `default`.

This was previously not modelled correctly, leading to surprising errors down the line, for example in type inference where we suddenly would no longer be able to resolve an import that otherwise looked resolvable.
 2018-08-20 08:02:15 +01:00
semmle-qlci 44e4b25f42
Merge pull request #14 from rdmarsh2/rdmarsh/js/electron-http-client 
Approved by xiemaisi
 2018-08-20 07:59:25 +01:00
Esben Sparre Andreasen 0c4fb15651 JS: add query js/cleartext-logging 2018-08-20 08:34:16 +02:00
Esben Sparre Andreasen b4952e7bfd JS: improve and expose SensitiveActions::HeuristicNames 2018-08-20 08:27:42 +02:00
Esben Sparre Andreasen 804c06bd59 JS: add models of logging frameworks 2018-08-20 08:27:42 +02:00
Dave Bartolomeo d975964674
Merge pull request #70 from hvitved/csharp/graph-tests 
C#: Do not use `@kind graph` in ql tests
 2018-08-18 10:04:07 -07:00
Dave Bartolomeo 332e944c16 C++: Remove `ConvertToVoid`, replace with `Convert` 2018-08-18 10:01:12 -07:00
Dave Bartolomeo 650539dbb6 C++: IR sanity query `unnecessaryPhiInstruction` 
Have `Instruction.getResultSize()` return zero for `void`.
 2018-08-17 15:37:19 -07:00
Denis Levin 276deee68c Added comments to the test file. Fixed a typo. 2018-08-17 10:50:52 -07:00
Robert Marsh aaeda5dfcc JavaScript: add the ESLint attack as a test 2018-08-17 10:16:52 -07:00