hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,267 Commits 1,671 Branches 157 Tags
codeql-cli-2.21.1
Commit Graph

924 Commits

Author SHA1 Message Date
Jeroen Ketema
3e2397a3d1 C++: Fix chmod prototype in toctou test and additional test 2023-12-04 16:15:44 +01:00
Mathias Vorreiter Pedersen
359b15bb60 C++: Fix FP by special-casing compound assignments in 'asExprInternal'. 2023-12-04 11:29:51 +00:00
Mathias Vorreiter Pedersen
ce28c9b485 C++: Add more CWE-119 testcases with compound assignments instead of increments. 2023-12-04 11:22:16 +00:00
Mathias Vorreiter Pedersen
c1561e8675 Merge branch 'main' into reduce-duplication-from-operators 2023-11-30 14:30:50 +00:00
Mathias Vorreiter Pedersen
2b36ba33f0 C++: Add support for 'data' in the query. 2023-11-28 12:57:59 +00:00
Mathias Vorreiter Pedersen
7b8d164692 C++: Add more good test cases. 2023-11-28 11:58:33 +00:00
Mathias Vorreiter Pedersen
62c432f3c7 C++: Tabs -> Spaces. 2023-11-28 11:52:17 +00:00
Mathias Vorreiter Pedersen
e10caa68f6 C++: Add tests. 2023-11-28 09:06:24 +00:00
Mathias Vorreiter Pedersen
e94cde9b4b C++: Move the use-after-free tests to subdirectory. 2023-11-28 09:06:24 +00:00
Mathias Vorreiter Pedersen
204acbacc5 C++: Add a new query for detecting calls to 'c_str' on temporary objects. 2023-11-28 09:06:24 +00:00
Jeroen Ketema
ee35bfb290 C++: Do not use isReturnValue in getenv, gets, and fgets models 2023-11-24 16:38:15 +01:00
Mathias Vorreiter Pedersen
e438671846 Merge pull request #14896 from MathiasVP/no-dtt-in-user-controlled-bypass 
C++: Rewrite `cpp/user-controlled-bypass` away from `DefaultTaintTracking`
 2023-11-24 14:43:10 +00:00
Mathias Vorreiter Pedersen
2681617f28 C++: Undo the workaround in 'cpp/tainted-permissions-check'. 2023-11-24 10:56:11 +00:00
Mathias Vorreiter Pedersen
5604fd7d80 C++: Rewrite 'cpp/user-controlled-bypass' away from 'DefaultTaintTracking'. 2023-11-23 17:35:54 +00:00
Jeroen Ketema
7834626e26 C++: Rewrite cpp/tainted-permissions-check to not use DefaultTaintTracking 2023-11-23 14:52:53 +01:00
Jeroen Ketema
1fbe23228e C++: Update test to reflect updated test results 2023-11-22 16:49:13 +01:00
Jeroen Ketema
bb1945f899 C++: Rewrite cpp/tainted-format-string away from DefaultTaintTracking 2023-11-22 16:49:13 +01:00
Mathias Vorreiter Pedersen
a80dbc5200 C++: Accept test changes. 2023-11-21 17:50:11 +00:00
Mathias Vorreiter Pedersen
a10f94af81 Merge pull request #14810 from MathiasVP/fix-ref-deref-duplication 
C++: Fix dataflow duplication from `ReferenceDereference` expressions
 2023-11-16 16:10:07 +00:00
Mathias Vorreiter Pedersen
c5d2866948 Merge pull request #14812 from MathiasVP/no-dtt-in-Integer-overflow-tainted 
C++: Convert `cpp/integer-overflow-tainted` away from DefaultTaintTracking
 2023-11-16 15:24:13 +00:00
Mathias Vorreiter Pedersen
da2215e7e5 C++: Accept test changes. 2023-11-16 13:54:13 +00:00
Mathias Vorreiter Pedersen
5a7cb8f25a C++: Fix duplication on reference dereference expressions. 2023-11-16 10:52:35 +00:00
Jeroen Ketema
afe318edbe C++: Delete cpp/tainted-format-string-through-global 2023-11-16 10:52:05 +01:00
Jeroen Ketema
46e6e72593 C++: Address review comments 2023-11-15 14:57:53 +01:00
Jeroen Ketema
92c18960c5 C++: Rewrite cpp/uncontrolled-process-operation to not use DefaultTaintTracking 2023-11-15 14:57:53 +01:00
Mathias Vorreiter Pedersen
1623bba18a Merge branch 'main' into no-dtt-in-tainted-arithmetic 2023-11-14 13:35:15 +00:00
Mathias Vorreiter Pedersen
c950e26b3e C++: Rewrite 'cpp/cpp/tainted-arithmetic' away from DefaultTaintTracking. 2023-11-14 12:19:12 +00:00
Mathias Vorreiter Pedersen
967bbbc1a7 C++: Block flow out of sinks that are qualifiers. This removes the new result duplication and keeps the new result. 2023-11-14 09:29:47 +00:00
Mathias Vorreiter Pedersen
c73e6f1fa8 C++: Accept more test changes. 2023-11-13 16:51:07 +00:00
Mathias Vorreiter Pedersen
9aafbfce13 C++: Fix test annotation. 2023-11-13 16:17:18 +00:00
Mathias Vorreiter Pedersen
cc6268339b C++: Fix failing test and accept test cases. 2023-11-13 15:57:22 +00:00
Mathias Vorreiter Pedersen
834b07e6ad C++: Add failing tests. 2023-11-13 15:54:41 +00:00
Mathias Vorreiter Pedersen
eb263e747f C++: Make sure the test terminates. 2023-11-13 15:25:48 +00:00
Mathias Vorreiter Pedersen
bc576f658e C++: Add a test that fails because of a non-terminating test that dominates this one. 2023-11-13 15:24:56 +00:00
Mathias Vorreiter Pedersen
18c0bcec0b Merge pull request #14669 from MathiasVP/no-dtt-in-unbounded-write 
C++: Rewrite `cpp/unbounded-write` away from `DefaultTaintTracking`
 2023-11-10 15:08:42 +00:00
Jeroen Ketema
ba51b65d84 C++: Fix hasRemoteFlowSource for fgets 
Also add the test that exposed this. Note that the test would only have started
failing after `cpp/uncontrolled-process-operation` with the rewrite of the
query away from default taint tracking, which has not happened yet.
 2023-11-10 11:56:23 +01:00
Mathias Vorreiter Pedersen
38bd893c81 Merge branch 'main' into no-dtt-in-unbounded-write 2023-11-08 15:06:59 +00:00
Mathias Vorreiter Pedersen
e90803a81c C++: Rewrite 'cpp/unbounded-write' away from DefaultTaintTracking. 2023-11-08 14:57:04 +00:00
Mathias Vorreiter Pedersen
ab64d9a9d6 Merge pull request #14713 from MathiasVP/no-gvn-as-ssa-in-range-analysis 
C++: Don't use GVN as SSAVariable in new range analysis
 2023-11-08 09:28:15 +00:00
Mathias Vorreiter Pedersen
a8eed6bd7e Merge pull request #14704 from MathiasVP/fix-uninitialized-local 
C++: IR'ify `cpp/uninitialized-local` and fix FPs
 2023-11-07 22:45:34 +00:00
Mathias Vorreiter Pedersen
69502d0c31 C++: Add some more tests. 2023-11-07 17:31:01 +00:00
Mathias Vorreiter Pedersen
2d43eec3c3 C++: Accept test changes. 2023-11-07 14:57:30 +00:00
Mathias Vorreiter Pedersen
022c9eb3cd C++: Add a barrier feature to 'MustFlow'. 2023-11-07 09:23:42 +00:00
Mathias Vorreiter Pedersen
6bf2d47321 C++: Allow source = sink in 'MustFlow'. 2023-11-07 09:23:42 +00:00
Mathias Vorreiter Pedersen
1dc08941f8 C++: Use 'MustFlow' in 'cpp/uninitialized-local'. 2023-11-07 09:23:41 +00:00
Mathias Vorreiter Pedersen
4455ed982d C++: Accept query test changes. 2023-11-06 17:33:46 +00:00
Mathias Vorreiter Pedersen
679d64f0e8 Merge pull request #14647 from microsoft/24-odbc-model-instantiation-upstream2 
C++: Adding a model implementation for ODBC.
 2023-11-02 19:42:27 +00:00
Benjamin Rodes
947e0274c7 Adding sql injection test for ODBC. 2023-11-02 13:27:42 -04:00
Mathias Vorreiter Pedersen
b54b5ae0a9 Merge pull request #14648 from MathiasVP/simplify-invalid-ptr-deref 
C++: Remove one use of range analysis in `cpp/invalid-pointer-deref`
 2023-11-01 14:42:20 +00:00
Mathias Vorreiter Pedersen
b79a5fee14 Merge pull request #14637 from MathiasVP/dataflow-for-realloc 
C++: Add a taint model for `realloc`
 2023-10-31 18:24:04 +01:00