hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
79,000 Commits 1,672 Branches 157 Tags
codeql-cli-2.21.3
Commit Graph

3427 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
1f9e2c71ce Merge pull request #14928 from MathiasVP/surprising-lifetimes-c_str 
C++: Add a new query for calling `c_str` on temporary objects
 2023-11-29 10:15:11 +00:00
Mathias Vorreiter Pedersen
911f1543e0 DataFlow: Adjust QLDoc. 2023-11-28 15:26:48 +00:00
Mathias Vorreiter Pedersen
339bf1363a DataFlow: s/flowThroughStepAllowed/validParameterAliasStep. 2023-11-28 14:32:23 +00:00
Mathias Vorreiter Pedersen
9049932f42 C++: Implement the new predicate. 2023-11-28 14:27:15 +00:00
Jeroen Ketema
28ac46a73f C++: Add change note 2023-11-28 14:57:02 +01:00
Mathias Vorreiter Pedersen
2b36ba33f0 C++: Add support for 'data' in the query. 2023-11-28 12:57:59 +00:00
Jeroen Ketema
7dec819151 C++: Expose whether a function was prototyped or not 2023-11-28 10:24:43 +01:00
Mathias Vorreiter Pedersen
22a91d18b8 C++: Make the sequence container classes public. 2023-11-27 21:32:49 +00:00
Jeroen Ketema
c02a732632 C++: Remove DefaultTaintTracking library 2023-11-24 18:35:19 +01:00
Jeroen Ketema
ee35bfb290 C++: Do not use isReturnValue in getenv, gets, and fgets models 2023-11-24 16:38:15 +01:00
Mathias Vorreiter Pedersen
0c924c2b27 C++: Taint-flow through integer to boolean casts. 2023-11-24 10:55:50 +00:00
Mathias Vorreiter Pedersen
6f5cfca84c C++: Sync identical files. 2023-11-23 16:53:57 +00:00
Mathias Vorreiter Pedersen
cc261bfabb C++: Recurse through 'LogicalNotInstruction' in 'getConstantValue'. 2023-11-23 16:53:57 +00:00
Mathias Vorreiter Pedersen
7364634a6b C++: No need to special-case negations in IRGuards. 2023-11-23 16:53:57 +00:00
Mathias Vorreiter Pedersen
3af3a72161 C++: Don't short-circuit negations in conditions. 2023-11-23 16:53:57 +00:00
Tom Hvitved
1a6886cf99 SSA: Add locations to ease debugging 2023-11-22 08:37:02 +01:00
Mathias Vorreiter Pedersen
ef2caa3944 C++: Add a new API for mapping a dataflow node to a definition. This means we can reduce duplication from 'asExpr'. 2023-11-21 17:49:02 +00:00
Mathias Vorreiter Pedersen
ab6260600e Merge pull request #14822 from MathiasVP/fix-global-variable-flow-for-arrays 
C++: Fix global-variable flow for array types
 2023-11-20 13:46:05 +00:00
Mathias Vorreiter Pedersen
dcba8e5408 C++: Fix global variable flow for array types. 2023-11-20 12:15:55 +00:00
Arthur Baars
db180d9872 Merge pull request #14823 from github/post-release-prep/codeql-cli-2.15.3 
Post-release preparation for codeql-cli-2.15.3
 2023-11-19 12:13:42 +01:00
github-actions[bot]
bad499e360 Post-release preparation for codeql-cli-2.15.3 2023-11-17 14:35:41 +00:00
Mathias Vorreiter Pedersen
a10f94af81 Merge pull request #14810 from MathiasVP/fix-ref-deref-duplication 
C++: Fix dataflow duplication from `ReferenceDereference` expressions
 2023-11-16 16:10:07 +00:00
github-actions[bot]
6ec9b95072 Release preparation for version 2.15.3 2023-11-16 13:07:16 +00:00
Mathias Vorreiter Pedersen
d25c24b64d C++: Reduce code duplication by moving shared code into a module. 2023-11-16 10:52:46 +00:00
Mathias Vorreiter Pedersen
5a7cb8f25a C++: Fix duplication on reference dereference expressions. 2023-11-16 10:52:35 +00:00
Mathias Vorreiter Pedersen
5c0fb2030d C++: Move change note. 2023-11-16 09:57:08 +00:00
Mathias Vorreiter Pedersen
ec63099c54 C++: Add change note. 2023-11-15 11:57:09 +00:00
Anders Schack-Mulligen
bf6cfd3bef Rangeanalysis: Simplify api. 2023-11-13 10:35:44 +01:00
Anders Schack-Mulligen
30aefabb2a Rangeanalysis: Rename predicate. 2023-11-13 10:35:44 +01:00
Anders Schack-Mulligen
27e6173bb7 C++: Remove SemSsaExplicitUpdate.getSourceExpr. 2023-11-13 10:35:43 +01:00
Anders Schack-Mulligen
3a73faf061 Rangeanalysis: Remove unused getAlternateType predicates. 2023-11-13 10:35:43 +01:00
Anders Schack-Mulligen
00549e36ed Merge pull request #14742 from aschackmull/rangeanalysis/share-util-3 
Java/C++/Rangeanalysis: Share more range analysis utility predicates.
 2023-11-13 10:19:41 +01:00
Mathias Vorreiter Pedersen
01a074c146 Merge pull request #14749 from MathiasVP/less-code-duplication 2023-11-10 19:45:56 +00:00
Jeroen Ketema
3a62628938 Merge pull request #14735 from jketema/strl 
C++: Add models for `strlcpy` and `strlcat`
 2023-11-10 17:51:59 +01:00
Mathias Vorreiter Pedersen
9062fb666a C++: Move a couple of predicates to 'Node0Impl'. 2023-11-10 16:26:03 +00:00
Jeroen Ketema
b48d483eba C++: Add change note 2023-11-10 17:25:19 +01:00
Mathias Vorreiter Pedersen
2ceb4cffbc Merge pull request #14736 from MathiasVP/fix-global-indirect-flow 
C++: Fix indirect global-variable flow
 2023-11-10 14:25:23 +00:00
Jeroen Ketema
c71bdce2d0 Merge pull request #14744 from jketema/fgets 
C++: Fix `hasRemoteFlowSource` for `fgets`
 2023-11-10 14:03:40 +01:00
Jeroen Ketema
617d950a25 Apply suggestions from code review 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2023-11-10 13:55:39 +01:00
Jeroen Ketema
1c87875049 C++: Drop the size return value of strlcat from hasTaintFlow 2023-11-10 13:15:57 +01:00
Jeroen Ketema
5e21a5d284 C++: Fix flow for return values of strlcat and strlcpy 2023-11-10 12:28:48 +01:00
Jeroen Ketema
ba51b65d84 C++: Fix hasRemoteFlowSource for fgets 
Also add the test that exposed this. Note that the test would only have started
failing after `cpp/uncontrolled-process-operation` with the rewrite of the
query away from default taint tracking, which has not happened yet.
 2023-11-10 11:56:23 +01:00
Jeroen Ketema
e4c8406365 C++: Split strlcat off in a separate model 2023-11-10 10:11:57 +01:00
Mathias Vorreiter Pedersen
b858a284c9 Merge pull request #14726 from microsoft/28-strsafe-library-updates2 2023-11-09 21:39:10 +00:00
Mathias Vorreiter Pedersen
eb1024c79b C++: Improve (and simplify) 'toString's. 2023-11-09 20:27:23 +00:00
Mathias Vorreiter Pedersen
86e791980c C++: Simplify 'isGlobalUse' and 'isGlobalDefImpl'. 2023-11-09 20:27:23 +00:00
Mathias Vorreiter Pedersen
9762313500 C++: Implement jumpStep using the indirection instead of index. 2023-11-09 20:27:23 +00:00
Mathias Vorreiter Pedersen
95bb70f577 C++: Also add a 'getIndirection' on 'GlobalDef' as well. This will be useful in the next commit. 2023-11-09 20:25:29 +00:00
Benjamin Rodes
5e140021fb Removed non-ascii characters. 2023-11-09 15:24:58 -05:00
Mathias Vorreiter Pedersen
fd26ae18bf C++: Obtain the SSA variable of a 'GlobalUse' using the indirection instead of the index (like we do for non-global uses as well). 2023-11-09 20:20:27 +00:00