hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
77,734 Commits 1,672 Branches 157 Tags
codeql-cli-2.21.0
Commit Graph

2466 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
43932b61a8 C++: Add more comments. 2023-11-30 14:20:00 +00:00
Mathias Vorreiter Pedersen
a7ef84f2d1 C++: Replace 'strictcount(...) = 1' with 'unique(...)'. 2023-11-30 11:20:00 +00:00
Benjamin Rodes
94a0420040 Updated getResultExpr to getResultNode. Added strlcat. Added tests. 2023-11-29 16:03:41 -05:00
Benjamin Rodes
4919c4a424 Added StringConcatenation.qll 2023-11-29 13:00:57 -05:00
Mathias Vorreiter Pedersen
1f9e2c71ce Merge pull request #14928 from MathiasVP/surprising-lifetimes-c_str 
C++: Add a new query for calling `c_str` on temporary objects
 2023-11-29 10:15:11 +00:00
Mathias Vorreiter Pedersen
911f1543e0 DataFlow: Adjust QLDoc. 2023-11-28 15:26:48 +00:00
Mathias Vorreiter Pedersen
339bf1363a DataFlow: s/flowThroughStepAllowed/validParameterAliasStep. 2023-11-28 14:32:23 +00:00
Mathias Vorreiter Pedersen
9049932f42 C++: Implement the new predicate. 2023-11-28 14:27:15 +00:00
Mathias Vorreiter Pedersen
2b36ba33f0 C++: Add support for 'data' in the query. 2023-11-28 12:57:59 +00:00
Jeroen Ketema
7dec819151 C++: Expose whether a function was prototyped or not 2023-11-28 10:24:43 +01:00
Mathias Vorreiter Pedersen
22a91d18b8 C++: Make the sequence container classes public. 2023-11-27 21:32:49 +00:00
Jeroen Ketema
c02a732632 C++: Remove DefaultTaintTracking library 2023-11-24 18:35:19 +01:00
Jeroen Ketema
ee35bfb290 C++: Do not use isReturnValue in getenv, gets, and fgets models 2023-11-24 16:38:15 +01:00
Mathias Vorreiter Pedersen
0c924c2b27 C++: Taint-flow through integer to boolean casts. 2023-11-24 10:55:50 +00:00
Mathias Vorreiter Pedersen
6f5cfca84c C++: Sync identical files. 2023-11-23 16:53:57 +00:00
Mathias Vorreiter Pedersen
cc261bfabb C++: Recurse through 'LogicalNotInstruction' in 'getConstantValue'. 2023-11-23 16:53:57 +00:00
Mathias Vorreiter Pedersen
7364634a6b C++: No need to special-case negations in IRGuards. 2023-11-23 16:53:57 +00:00
Mathias Vorreiter Pedersen
3af3a72161 C++: Don't short-circuit negations in conditions. 2023-11-23 16:53:57 +00:00
Tom Hvitved
1a6886cf99 SSA: Add locations to ease debugging 2023-11-22 08:37:02 +01:00
Mathias Vorreiter Pedersen
ef2caa3944 C++: Add a new API for mapping a dataflow node to a definition. This means we can reduce duplication from 'asExpr'. 2023-11-21 17:49:02 +00:00
Mathias Vorreiter Pedersen
dcba8e5408 C++: Fix global variable flow for array types. 2023-11-20 12:15:55 +00:00
Mathias Vorreiter Pedersen
d25c24b64d C++: Reduce code duplication by moving shared code into a module. 2023-11-16 10:52:46 +00:00
Mathias Vorreiter Pedersen
5a7cb8f25a C++: Fix duplication on reference dereference expressions. 2023-11-16 10:52:35 +00:00
Anders Schack-Mulligen
bf6cfd3bef Rangeanalysis: Simplify api. 2023-11-13 10:35:44 +01:00
Anders Schack-Mulligen
30aefabb2a Rangeanalysis: Rename predicate. 2023-11-13 10:35:44 +01:00
Anders Schack-Mulligen
27e6173bb7 C++: Remove SemSsaExplicitUpdate.getSourceExpr. 2023-11-13 10:35:43 +01:00
Anders Schack-Mulligen
3a73faf061 Rangeanalysis: Remove unused getAlternateType predicates. 2023-11-13 10:35:43 +01:00
Anders Schack-Mulligen
00549e36ed Merge pull request #14742 from aschackmull/rangeanalysis/share-util-3 
Java/C++/Rangeanalysis: Share more range analysis utility predicates.
 2023-11-13 10:19:41 +01:00
Mathias Vorreiter Pedersen
01a074c146 Merge pull request #14749 from MathiasVP/less-code-duplication 2023-11-10 19:45:56 +00:00
Jeroen Ketema
3a62628938 Merge pull request #14735 from jketema/strl 
C++: Add models for `strlcpy` and `strlcat`
 2023-11-10 17:51:59 +01:00
Mathias Vorreiter Pedersen
9062fb666a C++: Move a couple of predicates to 'Node0Impl'. 2023-11-10 16:26:03 +00:00
Mathias Vorreiter Pedersen
2ceb4cffbc Merge pull request #14736 from MathiasVP/fix-global-indirect-flow 
C++: Fix indirect global-variable flow
 2023-11-10 14:25:23 +00:00
Jeroen Ketema
c71bdce2d0 Merge pull request #14744 from jketema/fgets 
C++: Fix `hasRemoteFlowSource` for `fgets`
 2023-11-10 14:03:40 +01:00
Jeroen Ketema
617d950a25 Apply suggestions from code review 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2023-11-10 13:55:39 +01:00
Jeroen Ketema
1c87875049 C++: Drop the size return value of strlcat from hasTaintFlow 2023-11-10 13:15:57 +01:00
Jeroen Ketema
5e21a5d284 C++: Fix flow for return values of strlcat and strlcpy 2023-11-10 12:28:48 +01:00
Jeroen Ketema
ba51b65d84 C++: Fix hasRemoteFlowSource for fgets 
Also add the test that exposed this. Note that the test would only have started
failing after `cpp/uncontrolled-process-operation` with the rewrite of the
query away from default taint tracking, which has not happened yet.
 2023-11-10 11:56:23 +01:00
Jeroen Ketema
e4c8406365 C++: Split strlcat off in a separate model 2023-11-10 10:11:57 +01:00
Mathias Vorreiter Pedersen
b858a284c9 Merge pull request #14726 from microsoft/28-strsafe-library-updates2 2023-11-09 21:39:10 +00:00
Mathias Vorreiter Pedersen
eb1024c79b C++: Improve (and simplify) 'toString's. 2023-11-09 20:27:23 +00:00
Mathias Vorreiter Pedersen
86e791980c C++: Simplify 'isGlobalUse' and 'isGlobalDefImpl'. 2023-11-09 20:27:23 +00:00
Mathias Vorreiter Pedersen
9762313500 C++: Implement jumpStep using the indirection instead of index. 2023-11-09 20:27:23 +00:00
Mathias Vorreiter Pedersen
95bb70f577 C++: Also add a 'getIndirection' on 'GlobalDef' as well. This will be useful in the next commit. 2023-11-09 20:25:29 +00:00
Benjamin Rodes
5e140021fb Removed non-ascii characters. 2023-11-09 15:24:58 -05:00
Mathias Vorreiter Pedersen
fd26ae18bf C++: Obtain the SSA variable of a 'GlobalUse' using the indirection instead of the index (like we do for non-global uses as well). 2023-11-09 20:20:27 +00:00
Mathias Vorreiter Pedersen
bb5a78d3f1 C++: Factor the IPA body of 'TGlobalUse' and 'TGlobalDef' out into predicates. 2023-11-09 20:17:47 +00:00
Anders Schack-Mulligen
657c29f409 Java/C++: Share valueFlowStep. 2023-11-09 20:24:28 +01:00
Jeroen Ketema
a051a57e00 Update cpp/ql/lib/semmle/code/cpp/models/implementations/Strcat.qll 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2023-11-09 17:48:45 +01:00
Jeroen Ketema
0b91310357 C++: Add models for strlcpy and strlcat 2023-11-09 17:21:37 +01:00
Anders Schack-Mulligen
b8e7e1d15e Java/C++: Share ssaUpdateStep. 2023-11-09 16:02:44 +01:00