hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
74,247 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.1
Commit Graph

5370 Commits

Author SHA1 Message Date
erik-krogh
96b46de7c8 update alert-messages based on review feedback 2022-09-23 14:53:54 +02:00
erik-krogh
edd03020c2 fix the casing in the alert-message of cpp/unclear-array-index-validation 2022-09-23 14:48:01 +02:00
erik-krogh
9e4843d53e update the alert-message of cpp/file-may-not-be-closed based on feedback 2022-09-23 14:46:00 +02:00
erik-krogh
2351884352 update some alert-messages based on review feedback 2022-09-23 14:45:59 +02:00
erik-krogh
40bea78186 remove more instances of the alert-loc being repeated as a link 2022-09-23 14:45:59 +02:00
erik-krogh
33165f4f55 CPP: update expected output 2022-09-23 14:45:59 +02:00
Mathias Vorreiter Pedersen
ce3654c6ec C++: Make ql-for-ql happy. 2022-09-23 13:07:07 +01:00
Mathias Vorreiter Pedersen
162ec2884e C++: Also fix 'OverrunWriteProductFlow.ql' 2022-09-23 12:59:27 +01:00
Mathias Vorreiter Pedersen
494afdde96 C++: Accept test changes. 2022-09-23 12:21:31 +01:00
Mathias Vorreiter Pedersen
6d06234048 C++: Add testcase demonstrating missing result for 'cpp/invalid-pointer-deref' query. 2022-09-23 11:41:16 +01:00
Nora Dimitrijević
dca13f5c89 C++: Initial cpp/comma-before-misleading-indentation 
MRVA top 1000 run at: https://github.com/github/semmle-code/actions/runs/3106828111
 2022-09-22 17:44:18 +02:00
Mathias Vorreiter Pedersen
c4afb3a2b5 Merge branch 'main' into further-work-on-buffer-over-queries 2022-09-22 16:35:52 +01:00
Nora Dimitrijević
f1efc76e8c C++: Initial commit of cpp/comma-before-missing-indentation 2022-09-22 17:06:04 +02:00
Tom Hvitved
7a694d5da5 C++: Update expected test output 2022-09-22 15:01:40 +02:00
Robert Marsh
32ab636c77 C++: adjust test so size flows from malloc to field 2022-09-21 12:43:44 -04:00
Robert Marsh
fcd0bb13b3 C++: add paths to ArrayAccessProductFlow 2022-09-21 12:37:31 -04:00
Andrew Eisenberg
99e8cb78b0 Merge pull request #10496 from aeisenberg/aeisenberg/merge-rc3.7-into-main 
Aeisenberg/merge rc3.7 into main
 2022-09-21 08:09:47 -07:00
Geoffrey White
518b45bc8e C++: Add two more test cases. 2022-09-21 15:41:27 +01:00
Geoffrey White
2756c0e7af C++: Don't report results in files with compilation errors. 2022-09-21 10:45:28 +01:00
Andrew Eisenberg
58e4861b45 Merge branch 'main' into rc/3.7 2022-09-20 12:43:20 -07:00
Geoffrey White
9ddb485405 Merge branch 'main' into cleartext-perf 2022-09-20 17:56:18 +01:00
Geoffrey White
c599b02e98 C++: Add test case. 2022-09-20 15:23:13 +01:00
Mathias Vorreiter Pedersen
3e6576bfaf C++: Add example of missing result. 2022-09-18 12:18:04 +01:00
Mathias Vorreiter Pedersen
d1cf688abf C++: Fix test function naming. 2022-09-18 12:17:46 +01:00
Mathias Vorreiter Pedersen
4482669d7e C++: Add a new 'InvalidPointerDeref' query to experimental. 2022-09-15 17:47:15 +01:00
Mathias Vorreiter Pedersen
b8a5aa5d85 C++: Fix a couple of range analysis issues: 
1. The new query is expecting pointer arithmetic operations to generate
range-analysis bounds, but this wasn't true on main.
2. The bounds generated by `boundFlowCond` was incorrectly inferred as
non-strict when comparing a pointers (unlike when comparing values of
integral types). This gave FPs in the new query.

This also fixes a couple of missing results in existing queries that
use the new range-analysis library.
 2022-09-15 17:46:52 +01:00
ihsinme
50105c1f6d create new branchihsinme-patch-111 in fork 2022-09-15 06:35:42 +00:00
Mathias Vorreiter Pedersen
c7ccff2e20 C++: Accept test changes. 2022-09-13 12:11:22 +01:00
Geoffrey White
6011ae9ecc Merge branch 'main' into cleartext-perf 2022-09-09 11:40:47 +01:00
Robert Marsh
0feeafd0ac Merge pull request #10339 from MathiasVP/dont-use-get-unique-id-in-range-analysis 
C++: Don't use `getUniqueId` in range analysis
 2022-09-08 11:13:43 -04:00
Jeroen Ketema
1140d27bda C++: Add tests for newly supported builtin operations 2022-09-08 10:06:57 +02:00
Mathias Vorreiter Pedersen
7062263885 C++: Accept test changes. 2022-09-07 21:11:52 +01:00
Mathias Vorreiter Pedersen
86259ced97 Merge branch 'main' into rdmarsh2/cpp/product-flow 2022-09-07 16:38:42 +01:00
Robert Marsh
55a10d99b4 Merge pull request #10305 from MathiasVP/ql-workaround-for-missing-decl-entries 
C++: Synthesize `DeclarationEntry`s for IR construction
 2022-09-07 11:34:28 -04:00
Mathias Vorreiter Pedersen
011d15aca3 C++: Accept test changes. 2022-09-07 14:56:08 +01:00
Mathias Vorreiter Pedersen
5ce47d97b2 Merge branch 'main' into rdmarsh2/cpp/product-flow 2022-09-07 11:14:42 +01:00
Mathias Vorreiter Pedersen
d6b8f25312 C++: Add more tests. 2022-09-06 15:22:10 +01:00
Mathias Vorreiter Pedersen
885bf427bd C++: Accept test changes. 2022-09-05 23:26:03 +01:00
Mathias Vorreiter Pedersen
fc85ef76ed C++: Introduce 'PseudoDeclarationEntry's to handle missing 'DeclarationEntry's during IR construction. 2022-09-05 22:17:14 +01:00
Mathias Vorreiter Pedersen
2da46ad691 C++: Add two testcases demonstrating malformed IR from missing declaration entries from decl stmts. 2022-09-05 17:49:20 +01:00
Geoffrey White
946456acc2 C++: Apply the sanitizer improvement from cpp/cleartext-storage-buffer in cpp/cleartext-storage-file and cpp/cleartext-transmission. 2022-09-05 14:44:33 +01:00
Robert Marsh
ca2694ae1d C++: exclude end pointers in iterator-style loops 2022-09-01 17:42:19 -04:00
Nora Dimitrijević
ce1e4ad422 Merge branch 'main' into missing-check-scanf-squashed 2022-08-30 11:34:00 +02:00
erik-krogh
cc7a9ef97a rename more acronyms 2022-08-25 20:52:27 +02:00
Nora Dimitrijević
02772ed20c Revert changes to .gitignore and .clang-format 
because they are potentially too global, belong in a separate PR.
 2022-08-25 16:37:39 +02:00
Nora Dimitrijević
ad56274a73 C++: Small improvements to query qldoc and message 2022-08-25 15:22:41 +02:00
Nora Dimitrijević
5c894ae40b Merge branch 'main' into missing-check-scanf-squashed 2022-08-24 21:14:57 +02:00
Nora Dimitrijević
170d12bf5a Write MissingCheckScanf.qhelp 2022-08-24 19:58:19 +02:00
erik-krogh
1c0f2251e2 Merge branch 'main' into msgConsis 2022-08-24 14:38:57 +02:00
Nora Dimitrijević
ca162a4365 C++: complete initial implementation of cpp/missing-check-scanf 
There are still some remaining FPs (haven't fully tested them)
that should be ironed out in a follow-up to increase the precision, e.g.:

  * if scanf(&i) != 1 return
    if maybe() && scanf(&i) != 1 return
    use(i) // should be OK on both counts

  * The minimum guard constant for the *_s variants may not be right.

  * int i[2]
    scanf(i, i+1) // second i is flagged as a use of the first

  * Maybe loosen the "unguarded or badly guarded use() = bad" policy to
    "unguarded but already-initialized = good" and "badly guarded = bad",
    since a lot of FPs in MRVA fall into the "unguarded but already-
    initialized" bucket.
 2022-08-24 11:25:06 +02:00