codeql

mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00

Author	SHA1	Message	Date
Jeroen Ketema	18dea55071	C++: Fix `cpp/alloca-in-loop` regressions with use-use dataflow	2022-12-12 19:15:50 +01:00
erik-krogh	698e05f85a	Swift/C++: Use instanceof in more places	2022-12-12 16:58:13 +01:00
Jeroen Ketema	b2091e8632	Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow	2022-12-12 11:40:36 +01:00
Jeroen Ketema	beb66d027e	C++: Use `FlowSource` in `cpp/path-injection`	2022-12-10 20:27:56 +01:00
Jeroen Ketema	ce92ba640a	C++: Accept test changes	2022-12-09 23:38:03 +01:00
Jeroen Ketema	b216c79992	C++: Accept test changes	2022-12-08 15:22:41 +01:00
Mathias Vorreiter Pedersen	4fd6ac5657	Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow	2022-12-08 13:10:18 +00:00
Jeroen Ketema	5637d573c1	C++: Add test case that is no longer detected after latest changes	2022-12-06 08:31:22 +01:00
Jeroen Ketema	6dbc59d5b5	C++: Simplify `isSink` based on reviewer comments	2022-12-05 23:23:08 +01:00
Jeroen Ketema	d3cccca7f1	C++: Filter duplicate (source, sink)-pairs	2022-11-29 11:17:39 +01:00
Jeroen Ketema	378206ae7d	C++: Stop taint from flowing to arithmetic types These are not likely to give the user much control over what can be accessed.	2022-11-29 11:15:28 +01:00
Jeroen Ketema	718663415b	C++: Stop flow from going through another source Without this we get confusing results: ``` char userAndFile = argv[2]; char fileName = argv[1]; fopen(fileName, "wb+"); // Both argv[1] and argv[2] marked as source without // this change. ``` While here add some more test cases.	2022-11-29 10:52:57 +01:00
Jeroen Ketema	63334764d7	C++: Rewrite `cpp/path-injection` to not use `DefaultTaintTracking`	2022-11-29 10:52:57 +01:00
Jeroen Ketema	2ef13d1df7	Merge remote-tracking branch 'upstream/main' into mathiasvp/replace-ast-with-ir-use-usedataflow	2022-11-29 10:43:01 +01:00
Jeroen Ketema	4607f5990e	C++: Add more tests that exercise the default taint barrier implementation	2022-11-25 10:19:45 +01:00
Jeroen Ketema	223eeb6921	C++: Fix upper bound detection in default taint flow	2022-11-24 14:38:36 +01:00
Jeroen Ketema	6fa5fdfeb2	C++: Fix CWE-611 XXE query to work with use-use dataflow - take 2 This commit ensures stack allocated parsers are also handled.	2022-11-23 23:59:04 +01:00
Jeroen Ketema	30bdd25228	C++: Fix CWE-611 XXE query to work with use-use dataflow	2022-11-23 16:14:28 +01:00
Mathias Vorreiter Pedersen	349c5cd800	Merge pull request #11254 from MathiasVP/fix-ssa-flow C++: Fix spurious reference flow	2022-11-23 09:52:28 +00:00
Jeroen Ketema	4731f9222c	Merge remote-tracking branch 'upstream/main' into mathiasvp/replace-ast-with-ir-use-usedataflow	2022-11-22 10:53:24 +01:00
Mathias Vorreiter Pedersen	fc3d6a1847	Merge branch 'replace-ast-with-ir-use-usedataflow' into fix-ssa-flow	2022-11-21 20:57:24 +00:00
Mathias Vorreiter Pedersen	d1274e2769	C++: Accept more test changes.	2022-11-21 18:33:14 +00:00
Mathias Vorreiter Pedersen	ef6b85fa77	C++: Accept test changes.	2022-11-18 16:43:30 +00:00
Mathias Vorreiter Pedersen	aa385a293d	C++: Accept test changes.	2022-11-16 23:00:00 +00:00
Mathias Vorreiter Pedersen	29f4b26280	Merge branch 'replace-ast-with-ir-use-usedataflow' into fix-ssa-flow	2022-11-16 16:09:35 +00:00
Mathias Vorreiter Pedersen	a9173727cf	Merge branch 'replace-ast-with-ir-use-usedataflow' into fix-ssa-flow	2022-11-16 14:22:54 +00:00
Mathias Vorreiter Pedersen	4f2c2e6d5e	C++: Accept test changes.	2022-11-16 14:05:54 +00:00
Mathias Vorreiter Pedersen	2cebd5c51d	C++: Accept test changes.	2022-11-16 13:56:24 +00:00
Mathias Vorreiter Pedersen	1f43a1a924	Merge branch 'replace-ast-with-ir-use-usedataflow' into merge-some-indirect-and-instruction-nodes	2022-11-15 16:00:52 +00:00
Mathias Vorreiter Pedersen	16565401c7	C++: Reduce path duplication.	2022-11-14 15:29:57 +00:00
Mathias Vorreiter Pedersen	0c7f57e0c4	C++: Accept test changes.	2022-11-11 11:09:38 +00:00
Jeroen Ketema	0d27d63984	Merge remote-tracking branch 'upstream/main' into mathiasvp/replace-ast-with-ir-use-usedataflow	2022-11-09 14:28:47 +01:00
Geoffrey White	d72ea52f68	C++: More accurate test tags.	2022-11-07 16:32:46 +00:00
Geoffrey White	55a7adff20	C++: Make the message clearer.	2022-11-07 16:32:45 +00:00
Geoffrey White	b911556896	C++: Add a test showing the motivation.	2022-11-07 16:17:32 +00:00
Jeroen Ketema	5732c3bca0	Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow	2022-11-07 15:03:26 +01:00
Tom Hvitved	a533c95640	C++: Update expected test output	2022-11-03 15:52:30 +01:00
Mathias Vorreiter Pedersen	1ca7c5b97d	Merge pull request #11091 from JarLob/assign Fix AV Rule 76	2022-11-03 13:06:10 +00:00
Mathias Vorreiter Pedersen	5d5c64a58b	C++: Accept test change.	2022-11-03 10:27:07 +00:00
Mathias Vorreiter Pedersen	18802a2883	Merge pull request #11042 from MathiasVP/simplify-buffer.qll C++: Simplify `buffer.qll` repair	2022-11-03 09:18:39 +00:00
JarLob	3317223e19	Fix AV Rule 76	2022-11-02 22:50:25 +01:00
Dave Bartolomeo	9d5e5e3ee7	`${workspace}` all the things	2022-11-01 13:29:05 -04:00
Mathias Vorreiter Pedersen	30f15473db	C++: Use 'max' instead of 'unique.'	2022-11-01 16:55:45 +00:00
Jeroen Ketema	80ef3b39ff	Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow	2022-10-31 18:26:34 +01:00
Jeroen Ketema	b43cbf7f95	Update cpp/ql/test/query-tests/Likely Bugs/Format/NonConstantFormat/test.cpp Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>	2022-10-31 17:03:29 +01:00
Jeroen Ketema	abe9258943	C++: Add `strcpy` test for `cpp/non-constant-format`	2022-10-31 15:29:17 +01:00
Jeroen Ketema	83afc2a0ad	C++: Add `strcpy` prototype to test	2022-10-31 15:25:35 +01:00
Mathias Vorreiter Pedersen	aa8214addf	C++: Simplify 'Buffer.qll' by avoiding 'asIndirectExpr'. This removes the flow from 'x' to 'x++', which makes the whole library a lot simpler.	2022-10-30 12:58:53 +01:00
Mathias Vorreiter Pedersen	9888de8acb	Merge branch 'replace-ast-with-ir-use-usedataflow' into rdmarsh2/repair-365-days-per-year	2022-10-28 13:48:12 +02:00
Mathias Vorreiter Pedersen	172261495f	Merge branch 'replace-ast-with-ir-use-usedataflow' into fix-as-expr	2022-10-28 10:32:31 +02:00

... 9 10 11 12 13 ...

1899 Commits