github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
30 102 коммитов 1 541 ветка 132 Теги 497 MiB
Граф коммитов

115 Коммитов

Автор SHA1 Сообщение Дата
Erik Krogh Kristensen ee858d840e get ReDoSUtil in sync for ruby 2021-11-18 16:49:34 +01:00
Erik Krogh Kristensen 1cca377e7d
Merge pull request #6561 from erik-krogh/htmlReg 
JS/Py/Ruby: add a bad-tag-filter query
 2021-11-18 09:39:13 +01:00
Mathias Vorreiter Pedersen 7197216185 Add a copy of SsaImplCommon to the identical-files script. 2021-10-28 12:36:36 +01:00
Erik Krogh Kristensen 97264b5dda add the bad tag filter query to ruby 2021-10-26 15:25:12 +02:00
Erik Krogh Kristensen 44afa34e37 Merge branch 'main' of github.com:github/codeql into htmlReg 2021-10-26 14:46:27 +02:00
Arthur Baars 804aef9b4a Merge remote-tracking branch 'codeql/main' into 'main' 
Conflicts:
	config/identical-files.json
 2021-10-15 16:37:59 +02:00
Arthur Baars 5a16f1e093 Merge identical-files.json 2021-10-15 15:38:16 +02:00
Tom Hvitved ed6a182cd1 C#: Adopt inline test expectations framework 2021-10-14 15:22:21 +02:00
Andrew Eisenberg 0d1632a5d2 Move tutorial directly into each qlpack 
Previously, the tutorial was injected during build time. This is much
simpler.
 2021-10-13 08:37:04 -07:00
Erik Krogh Kristensen 99ed4a1a89 add a bad-tag-filter query for Python and JavaScript 2021-09-21 15:04:03 +02:00
Erik Krogh Kristensen f5a1a12435 support case insensitive regexps in the ReDoS queries 2021-08-30 09:59:33 +02:00
Andrew Eisenberg 5609c3d1b5 Packaging: Fix identical files script 2021-08-25 12:17:27 -07:00
Andrew Eisenberg e23df94748 Packaging: Fix identical files script 2021-08-24 16:12:43 -07:00
Andrew Eisenberg 8e75fef923 Fix identical files script 2021-08-19 14:55:54 -07:00
Andrew Eisenberg 2c5dd2dfa3 Packaging: Refactor the cpp libraries 
This PR separates the core cpp packs into `codeql/cpp-queries` and
`codeql/cpp-all`.

There are very few lines of code changed. Almost all changes are moving
files around.
 2021-08-17 11:22:36 -07:00
Chris Smowton 75310a6609 Create a dataflow instance specifically for the Serializability library 
Otherwise because this dataflow instance populates AdditionalTaintStep there is an ever-present danger that a user will stumble into creating a recursive configuration, or at least that by using DataFlow5::Configuration for any other purpose they will needlessly recalculate the Serializability dataflow results.
 2021-08-03 10:36:46 +01:00
Rasmus Lerchedahl Petersen c306cee04e Python: mimic JS file hierarchy 2021-06-30 15:03:22 +02:00
Rasmus Lerchedahl Petersen 591b6ef69c Python: Add ReDoS as identical files from JS 
The library specific file is `RegExpTreeView`.
The files are recorded as identical via the mapping
in `identical-files.json`.
 2021-06-28 17:04:48 +02:00
Jonas Jensen 7282ad90d0
Merge pull request #5854 from dbartol/dbartol/smart-pointers/side-effects 
C++: Generate side effect instructions for smart pointer indirections
 2021-06-01 16:57:05 +02:00
Rasmus Wriedt Larsen 97fadd9970 Merge branch 'main' into port-weak-crypto-algorithm 2021-05-18 14:04:18 +02:00
yoff 549c9eee1a
Merge pull request #5739 from RasmusWL/share-sensitive-data-modeling 
Python/JS: Share sensitive data modeling
 2021-05-11 11:53:59 +02:00
Dave Bartolomeo 773e5f2e2e Merge remote-tracking branch 'upstream/main' into side-effects 2021-05-07 16:50:48 -04:00
Dave Bartolomeo 54b9f2175d C++: Allow annotating IR dumps with Alias Analysis info 
This commit adds a `PrintAliasAnalysis.qll` module, which can be imported alongside `PrintIR.qll` to annotate those dumps with alias analysis results.
 2021-05-07 16:03:11 -04:00
Tom Hvitved 017beb6786 Java: Use separate data-flow copy for `PredictableSeedFlowConfiguration` 2021-04-27 10:07:33 +02:00
Rasmus Wriedt Larsen a8de2aba3b Python: Move CryptoAlgorithms implementation 2021-04-22 14:51:15 +02:00
Rasmus Wriedt Larsen 16b62486e9 Python: Extract SensitiveDataHeuristics to be shared with JS 
Initially I had called `nameIndicatesSensitiveData` for `maybeSensitiveName`,
which made the relationship with `maybeSensitive` and `notSensitive` quite
strange -- and therefore I added the more informative `maybeSensitiveRegexp` and
`notSensitiveRegexp`.

Although I'm no longer using `maybeSensitiveName`, and I no longer have a strong
argument for making this name change, I still like it. If someone thinks this is
a terrible idea, I'm happy to change it though 👍
 2021-04-21 11:31:28 +02:00
Tom Hvitved fd8f745468 Java: Adopt shared flow summary library and refactor data-flow nodes. 2021-04-09 16:57:03 +02:00
Mathias Vorreiter Pedersen 983b64a05f Merge branch 'main' into rdmarsh/cpp/use-taint-configuration-dtt 2021-03-26 09:11:12 +01:00
Tom Hvitved 90868a4788
Merge pull request #5524 from hvitved/csharp/cleanup 
C#: Remove legacy queries and `@precision` tags from metric queries
 2021-03-25 15:36:12 +01:00
Tom Hvitved eeb8c74666 C#: Remove `filter` and `external` queries 
These are legacy queries that are no longer used.
 2021-03-25 09:50:01 +01:00
Tom Hvitved 20aa05b090 C#: Add CIL SSA library 2021-03-23 10:07:36 +01:00
Mathias Vorreiter Pedersen d09458a486 C++: Add another taint tracking copy to identical-files.json 2021-03-22 11:35:59 +01:00
Anders Schack-Mulligen 45f52289ea Merge branch 'main' into java/merge-5226 2021-03-04 11:36:16 +01:00
Marcono1234 b9c0193022 Sync .qhelp file renaming to other languages 2021-03-03 15:38:08 +01:00
Rasmus Wriedt Larsen 443780f27e Python/JS: Share modeling of cryptographic algorithms 
I didn't quite know where to place it for JS, so I tried my best :)

The canonical Python version might be changed in the future, but I wanted to
keep this change small.
 2021-02-27 11:39:35 +01:00
Tom Hvitved bed66203c1 C#: Use shared SSA implementation for `BaseSsa` 2021-02-23 14:06:27 +01:00
Tom Hvitved b0ee508f10 C#: Use shared SSA implementation for `PreSsa` 2021-02-23 14:06:27 +01:00
Chris Smowton bf03c0f419 Port InlineExpectationsTest for the Java analysis 2021-02-16 14:48:39 +00:00
Mathias Vorreiter Pedersen 09c5caa3bd C++: Move ExternalAPI files into query directory to prevent out-of-tree use. 2020-11-18 10:18:03 +01:00
Mathias Vorreiter Pedersen 5c9b8f1cff C++: Update sync-identical-files. 2020-11-17 12:27:53 +01:00
Nick Rolfe 1e1eb7ee33 Replace getEncodedFile with shared getFileBySourceArchiveName predicate 
While also making it work with paths for databases created on Windows.
 2020-11-10 13:55:27 +00:00
Taus Brock-Nannestad 69d2d714a2 Python: Update `identical-files.json` 2020-11-02 23:25:58 +01:00
Rasmus Lerchedahl Petersen 9fd1bf60fa Merge branch 'main' of github.com:github/codeql into python-port-path-injection 2020-10-28 10:24:23 +01:00
Rasmus Lerchedahl Petersen 601a803ee2 Python: DataFlow/TaintTrackin 3/4 2020-10-26 14:42:18 +01:00
Rasmus Lerchedahl Petersen eb5ed23354 Python: Add TaintTracking2 2020-10-21 21:39:50 +02:00
Tom Hvitved 952b2da7d4 C#: Add copy of `ControlFlowReachability.qll` to be used by sign/modulus analysis 2020-10-14 10:28:08 +02:00
Tamas Vajk 4df6a41616 ModulusAnalysis shared between C# and Java 2020-10-07 16:12:24 +02:00
Tamas Vajk d2d8d009eb Sync Bound between C# and Java 2020-10-07 11:43:30 +02:00
Tamas Vajk 8bf4a4209c C#: Sign analysis 
Synced between Java and C# through `identical-files.json`.
 2020-09-21 16:15:12 +02:00
Arthur Baars aedfa47cb4 Add missing QHelp files 2020-09-01 12:46:57 +02:00