Mathias Vorreiter Pedersen
20dfbdc5cc
Revert "Merge pull request #18057 from jketema/codeql-cli-2.19.4"
...
This reverts commit ed922f6519aa4cc72f30
2024-12-16 14:02:38 +00:00
Jeroen Ketema
fa8aba88af
Revert "Merge pull request #17938 from MathiasVP/fix-fp-in-missing-check-scanf-fixing-take-2"
...
This reverts commit 6785b93ed8d9b86f55c8
2024-11-21 15:39:00 +01:00
Mathias Vorreiter Pedersen
bb85aa2fc9
C++: Accept test changes.
2024-11-14 16:29:51 +00:00
Mathias Vorreiter Pedersen
a40c1d50b8
C++: Add FP tests.
2024-11-14 16:13:46 +00:00
Geoffrey White
6026f65f8b
C++: Fix FPs in cpp/incorrectly-checked-scanf.
2024-07-23 17:27:37 +01:00
Geoffrey White
c3f2faff76
C++: Add another pattern I found in the wild.
2024-07-23 17:19:01 +01:00
Geoffrey White
a9f6b2110e
C++: Add new test cases for cpp/incorrectly-checked-scanf.
2024-07-23 15:27:22 +01:00
Mathias Vorreiter Pedersen
14aff5c94c
C++: Convert 'cpp/missing-check-scanf' to a path-problem query.
2024-03-20 14:54:53 +00:00
Mathias Vorreiter Pedersen
ea79a84c2e
C++: Accept test changes.
2024-01-29 16:24:44 +00:00
Mathias Vorreiter Pedersen
7e29141196
C++: Add FP test.
2024-01-29 16:23:37 +00:00
Mathias Vorreiter Pedersen
a5794509ec
C++: Accept test changes.
2024-01-29 11:33:14 +00:00
Mathias Vorreiter Pedersen
3a66fd7175
C++: Add FP test.
2024-01-29 10:59:38 +00:00
Alex Eyers-Taylor
3e9aeac004
CPP: Fix sscanf false positives in older linux repos
2023-11-28 12:07:05 +00:00
Alex Eyers-Taylor
1c012548d4
CPP: Add tests for incorrect check scanf
2023-11-24 16:58:11 +00:00
Alex Eyers-Taylor
12e24a2b44
CPP: Exclude incorrect scanf checks from missing scanf checks
2023-11-24 16:57:59 +00:00
Alex Eyers-Taylor
f48e8b6062
CPP: Add query for detecteing incorrect error checking for scanf
2023-11-24 14:53:10 +00:00
Mathias Vorreiter Pedersen
0db05fe4fa
C++: Use the new dataflow library in the 'missing scanf' query.
2023-04-13 14:51:08 +01:00
Paolo Tranquilli
429518bcea
C++: add further FP to test
2023-03-07 12:03:34 +01:00
Paolo Tranquilli
311cf4e7fd
C++: add false positives to MissingCheckScanf test
...
See https://github.com/github/codeql/issues/12412 for the initial
report.
2023-03-07 11:56:05 +01:00
Jeroen Ketema
4fb43d56b3
C++: Exclude deallocation functions as scanf result accesses
2022-12-15 09:39:16 +01:00
erik-krogh
40bea78186
remove more instances of the alert-loc being repeated as a link
2022-09-23 14:45:59 +02:00
erik-krogh
33165f4f55
CPP: update expected output
2022-09-23 14:45:59 +02:00
Nora Dimitrijević
02772ed20c
Revert changes to .gitignore and .clang-format
...
because they are potentially too global, belong in a separate PR.
2022-08-25 16:37:39 +02:00
Nora Dimitrijević
ad56274a73
C++: Small improvements to query qldoc and message
2022-08-25 15:22:41 +02:00
Nora Dimitrijević
170d12bf5a
Write MissingCheckScanf.qhelp
2022-08-24 19:58:19 +02:00
Nora Dimitrijević
ca162a4365
C++: complete initial implementation of cpp/missing-check-scanf
...
There are still some remaining FPs (haven't fully tested them)
that should be ironed out in a follow-up to increase the precision, e.g.:
* if scanf(&i) != 1 return
if maybe() && scanf(&i) != 1 return
use(i) // should be OK on both counts
* The minimum guard constant for the *_s variants may not be right.
* int i[2]
scanf(i, i+1) // second i is flagged as a use of the first
* Maybe loosen the "unguarded or badly guarded use() = bad" policy to
"unguarded but already-initialized = good" and "badly guarded = bad",
since a lot of FPs in MRVA fall into the "unguarded but already-
initialized" bucket.
2022-08-24 11:25:06 +02:00
Nora Dimitrijević
69911d4f36
.clang-format: do not autoformat test.cpp
2022-08-24 11:25:05 +02:00
Geoffrey White
c62ae3b350
C++: First working. We now prefer flagging the cases where the variable was initialized, as in real world cases we haven't seen it done safely.
2022-08-11 12:27:48 +02:00
Geoffrey White
76ef779f60
C++: Add test and placeholder query.
2022-08-11 12:27:39 +02:00
