hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

CPP: Add change notes for new query contributions.

Browse Source
This commit is contained in:
Geoffrey White
2018-11-20 16:11:33 +00:00
parent e8f967a477
commit 7df7d8dd9e
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
change-notes/1.19/analysis-cpp.md
View File

@@ -10,6 +10,9 @@
| Setting a DACL to `NULL` in a `SECURITY_DESCRIPTOR` (`cpp/unsafe-dacl-security-descriptor`) | external/cwe/cwe-732 | This query finds code that creates world-writable objects on Windows by setting their DACL to `NULL`. Enabled by default. |
| Cast from `char*` to `wchar_t*` | security, external/cwe/cwe-704 | Detects potentially dangerous casts from `char*` to `wchar_t*`. Enabled by default on LGTM. |
| Dead code due to `goto` or `break` statement (`cpp/dead-code-goto`) | maintainability, external/cwe/cwe-561 | Detects dead code following a goto or break statement. Enabled by default on LGTM. |
| Inconsistent direction of for loop | correctness, external/cwe/cwe-835 | This query detects for loops where the increment and guard condition don't appear to correspond. Enabled by default on LGTM. |
| Incorrect Not Operator Usage | security, external/cwe/cwe-480 | This query finds uses of the logical not (!) operator that look like they should be bit-wise not (~). Available but not displayed by default on LGTM. |
| NULL application name with an unquoted path in call to CreateProcess | security, external/cwe/cwe-428 | This query finds unsafe uses of the CreateProcess function. Available but not displayed by default on LGTM. |
## Changes to existing queries