hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
81,307 Commits 1,672 Branches 157 Tags
codeql-cli-2.22.2
Commit Graph

1899 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
7bb806563f Merge branch 'mathiasvp/replace-ast-with-ir-use-usedataflow' into no-taint-indirect-direct-conflation 2023-02-27 17:19:36 +00:00
Mathias Vorreiter Pedersen
2a9133aae0 C++: Accept query-test changes. 2023-02-27 17:15:53 +00:00
Mathias Vorreiter Pedersen
354a12c906 C++: Fix queries. Since there's no longer indirect -> direct flow in 
taint-tracking we need to make sure the affected sink definitions also
handle indirect flow.
 2023-02-27 14:57:36 +00:00
Mathias Vorreiter Pedersen
1e4caca23a C++: Accept query changes. Nothing bad to see here. 2023-02-27 14:57:35 +00:00
Jeroen Ketema
9e462866a0 C++: Update test annotations for use-use dataflow 2023-02-14 14:48:08 +01:00
Jeroen Ketema
20ce4cdf91 C++: Map operand nodes that are only used once onto the related instruction node 2023-02-07 14:17:54 +01:00
Mathias Vorreiter Pedersen
77250af444 Merge pull request #12050 from MathiasVP/flow-out-of-iterators-3 2023-02-03 18:43:37 +00:00
Mathias Vorreiter Pedersen
968fff29ac Merge branch 'mathiasvp/replace-ast-with-ir-use-usedataflow' into flow-out-of-iterators-3 2023-02-02 09:12:02 +00:00
Mathias Vorreiter Pedersen
eb31160ae0 C++: Accept test changes. 2023-02-01 13:42:03 +00:00
Mathias Vorreiter Pedersen
702b10ff96 Merge branch 'mathiasvp/replace-ast-with-ir-use-usedataflow' into global-flow 2023-02-01 13:37:10 +00:00
Mathias Vorreiter Pedersen
0e1dcc8062 C++: Accept test changes. These all appear to be good changes. 2023-02-01 13:25:37 +00:00
Jeroen Ketema
24891c3f43 C++: Fix missing subpaths when displaying dataflow paths 2023-01-31 10:57:06 +01:00
Mathias Vorreiter Pedersen
7cc7675cdc C++: Accept query changes. These are just deduplications. 2023-01-30 09:26:14 +00:00
Mathias Vorreiter Pedersen
7fb9db49be C++: Accept test changes. 2023-01-24 11:11:11 +00:00
Mathias Vorreiter Pedersen
79b77b01fd Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2023-01-23 15:49:36 +00:00
Jeroen Ketema
05ecd2e015 Merge pull request #11958 from jketema/argv-if-tests 
C++: Add some additional uncontrolled format string tests
 2023-01-23 14:05:07 +01:00
Jeroen Ketema
cfc0dabad9 C++: Add some additional uncontrolled format string tests 
These duplicate the `i9` and `i91` tests slightly earlier in the same file, but
use an explicit `if` instead of the ternary operator.
 2023-01-23 11:50:45 +01:00
Jeroen Ketema
f628152be1 C++: In dataflow use the AST representation of IR Instructions and Operands 2023-01-20 10:39:50 +01:00
Jeroen Ketema
a892ae8764 C++: Fix spurious results in default taint tracking 2023-01-16 19:10:10 +01:00
Geoffrey White
13ae15b867 C++: Add tests for more edge cases. 2023-01-13 18:38:29 +00:00
Mathias Vorreiter Pedersen
8b01dfe696 Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2023-01-10 17:30:29 +00:00
Mathias Vorreiter Pedersen
0f93e5c907 Merge pull request #11781 from MathiasVP/as-expr-for-arrays 
C++: Map more expressions to `OperandNode`s
 2023-01-09 14:38:22 +00:00
Geoffrey White
bb451f3911 C++: Fix result duplication. 2023-01-06 11:05:47 +00:00
Geoffrey White
823c767aac C++: Undo changes to SizeCheck.ql, SizeCheck2.ql. 2023-01-05 12:34:12 +00:00
Geoffrey White
2023abdc60 C++: Update the queries. 2023-01-05 11:33:58 +00:00
Geoffrey White
a9aa67177b C++: Add test cases for HeuristicAllocationExpr in queries. 2023-01-05 11:30:21 +00:00
Geoffrey White
10ca2dac19 C++: Remove unnecessary 'semmle' directory. 2023-01-05 11:30:15 +00:00
Mathias Vorreiter Pedersen
e86e3ec3ec Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2022-12-22 11:29:43 +00:00
Mathias Vorreiter Pedersen
e453c7a36e C++: Accept test changes. 2022-12-22 10:57:54 +00:00
Arthur Baars
98c5b81456 Merge pull request #11723 from aibaars/alert-suppression 
CodeQL alert suppression
 2022-12-21 10:59:57 +01:00
Jeroen Ketema
0addae81cd Merge remote-tracking branch 'upstream/main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2022-12-20 11:34:41 +01:00
Mathias Vorreiter Pedersen
cbe330eb7b Merge pull request #11693 from jketema/argv-param-flowsource 
C++: Define the `argv` flow source in terms the input parameter
 2022-12-20 09:30:19 +00:00
Arthur Baars
0f313231bc AlertSuppression: add more tests 2022-12-19 16:43:11 +01:00
Arthur Baars
c176606be5 AlertSuppression: allow //lgtm comments to scope over the next line 2022-12-19 16:10:26 +01:00
Jeroen Ketema
7549915773 C++: Accept test changes 2022-12-19 12:52:35 +01:00
Arthur Baars
ad80822a52 C/C++: use shared AlertSuppression.qll 2022-12-19 12:25:46 +01:00
Jeroen Ketema
2705aebbbc C++: Restrict CWE-119 semmle tests to have a single main function 2022-12-19 12:13:37 +01:00
Jeroen Ketema
88a1eead03 Merge pull request #11724 from MathiasVP/clear-text-transmission-dont-track-indirection 
C++: Use `asExpr` in `cpp/cleartext-transmission`
 2022-12-19 11:31:06 +01:00
Robert Marsh
df7a4ac093 Merge pull request #11722 from MathiasVP/make-buffer.qll-unique-again 
C++: Use `unique` in `getBufferSize`
 2022-12-16 15:00:18 -05:00
Mathias Vorreiter Pedersen
c09ed10d33 Merge pull request #11727 from MathiasVP/fix-crement-and-assign-op-dataflow-mappings 
C++: Fix `DataFlow <-> Expr` mappings for `CrementOperation` and `AssignOperation`
 2022-12-16 17:05:13 +00:00
Mathias Vorreiter Pedersen
33649ed7d3 Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2022-12-16 17:02:06 +00:00
Mathias Vorreiter Pedersen
a7aa1a7d8b C++: Accept more test changes 2022-12-16 16:04:35 +00:00
Mathias Vorreiter Pedersen
45f69be94c C++: Accept test changes 2022-12-16 14:14:58 +00:00
Mathias Vorreiter Pedersen
2de2887ebb C++: Accept test changes 2022-12-16 13:27:08 +00:00
Mathias Vorreiter Pedersen
81de93da2d C++: Accept test changes 2022-12-16 12:58:53 +00:00
Jeroen Ketema
4fb43d56b3 C++: Exclude deallocation functions as scanf result accesses 2022-12-15 09:39:16 +01:00
Jeroen Ketema
31b4dda7bd Merge pull request #11687 from jketema/tainted-path-use-use 
C++: Make `cpp/path-injection` work with use-use dataflow
 2022-12-14 18:06:05 +01:00
Jeroen Ketema
bb256514c0 Merge remote-tracking branch 'upstream/main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2022-12-14 15:52:20 +01:00
Jeroen Ketema
4075f693bd C++: Make cpp/path-injection work with use-use dataflow 2022-12-14 13:38:55 +01:00
Jeroen Ketema
3be0b3e6c7 C++: Recognize indirect argv accesses as flow sources for use-use dataflow 
This fixes the test regression on `cpp/command-line-injection`.
 2022-12-13 16:18:17 +01:00