hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
81,307 Commits 1,671 Branches 157 Tags
codeql-cli-2.22.2
Commit Graph

1899 Commits

Author SHA1 Message Date
erik-krogh
33165f4f55 CPP: update expected output 2022-09-23 14:45:59 +02:00
Nora Dimitrijević
dca13f5c89 C++: Initial cpp/comma-before-misleading-indentation 
MRVA top 1000 run at: https://github.com/github/semmle-code/actions/runs/3106828111
 2022-09-22 17:44:18 +02:00
Nora Dimitrijević
f1efc76e8c C++: Initial commit of cpp/comma-before-missing-indentation 2022-09-22 17:06:04 +02:00
Andrew Eisenberg
99e8cb78b0 Merge pull request #10496 from aeisenberg/aeisenberg/merge-rc3.7-into-main 
Aeisenberg/merge rc3.7 into main
 2022-09-21 08:09:47 -07:00
Geoffrey White
518b45bc8e C++: Add two more test cases. 2022-09-21 15:41:27 +01:00
Geoffrey White
2756c0e7af C++: Don't report results in files with compilation errors. 2022-09-21 10:45:28 +01:00
Andrew Eisenberg
58e4861b45 Merge branch 'main' into rc/3.7 2022-09-20 12:43:20 -07:00
Geoffrey White
c599b02e98 C++: Add test case. 2022-09-20 15:23:13 +01:00
Mathias Vorreiter Pedersen
d6b8f25312 C++: Add more tests. 2022-09-06 15:22:10 +01:00
Geoffrey White
946456acc2 C++: Apply the sanitizer improvement from cpp/cleartext-storage-buffer in cpp/cleartext-storage-file and cpp/cleartext-transmission. 2022-09-05 14:44:33 +01:00
Nora Dimitrijević
ce1e4ad422 Merge branch 'main' into missing-check-scanf-squashed 2022-08-30 11:34:00 +02:00
Nora Dimitrijević
02772ed20c Revert changes to .gitignore and .clang-format 
because they are potentially too global, belong in a separate PR.
 2022-08-25 16:37:39 +02:00
Nora Dimitrijević
ad56274a73 C++: Small improvements to query qldoc and message 2022-08-25 15:22:41 +02:00
Nora Dimitrijević
170d12bf5a Write MissingCheckScanf.qhelp 2022-08-24 19:58:19 +02:00
Nora Dimitrijević
ca162a4365 C++: complete initial implementation of cpp/missing-check-scanf 
There are still some remaining FPs (haven't fully tested them)
that should be ironed out in a follow-up to increase the precision, e.g.:

  * if scanf(&i) != 1 return
    if maybe() && scanf(&i) != 1 return
    use(i) // should be OK on both counts

  * The minimum guard constant for the *_s variants may not be right.

  * int i[2]
    scanf(i, i+1) // second i is flagged as a use of the first

  * Maybe loosen the "unguarded or badly guarded use() = bad" policy to
    "unguarded but already-initialized = good" and "badly guarded = bad",
    since a lot of FPs in MRVA fall into the "unguarded but already-
    initialized" bucket.
 2022-08-24 11:25:06 +02:00
Nora Dimitrijević
69911d4f36 .clang-format: do not autoformat test.cpp 2022-08-24 11:25:05 +02:00
erik-krogh
a50234adb0 apply suggestion from review 2022-08-23 15:41:37 +02:00
erik-krogh
1a7d3ee831 update expected output after changing queries 2022-08-23 12:35:32 +02:00
erik-krogh
7e0bd5bde4 update expected output of tests 2022-08-22 21:41:47 +02:00
Geoffrey White
c62ae3b350 C++: First working. We now prefer flagging the cases where the variable was initialized, as in real world cases we haven't seen it done safely. 2022-08-11 12:27:48 +02:00
Geoffrey White
76ef779f60 C++: Add test and placeholder query. 2022-08-11 12:27:39 +02:00
Nora Dimitrijević
8e60a4a478 Update StrncpyFlippedArgs.expected 
Add output lines for the newly implemented test case, test.cpp/test9().
 2022-08-10 13:42:21 +02:00
Nora Dimitrijević
df419003ad Use Strcpy.qll in StrncpyFlippedArgs.ql 
As a result, the query gets access to more types of strncpy-like
functions, as demonstrated by test.cpp, which now "fails" (i.e. works) for the new test
cases instroduced
in the previous commit.
 2022-08-10 13:42:21 +02:00
Nora Dimitrijević
554aea1bb8 New strcpy-variant in StrncpyFlippedArgs test 
Added wcsxfrm_l, which is not currently caught by the query,
meaning that in this case a successful
test implies missing functionality.
 2022-08-10 13:42:21 +02:00
Jeroen Ketema
ba2cee07a9 Merge pull request #8596 from rdmarsh2/rdmarsh2/dataflow-global-vars 
C++: IR data flow through global variables
 2022-08-05 10:07:00 +02:00
Mathias Vorreiter Pedersen
5181cc1295 C++: Add a 'allowInterproceduralFlow' predicate to the 'MustFlow' library to and use it instead of checking the enclosing callables after computing the dataflow graph. 2022-08-02 13:43:01 +01:00
Robert Marsh
6dbaae6bfc Merge branch 'main' into rdmarsh2/dataflow-global-vars 2022-08-01 14:56:24 -04:00
Jeroen Ketema
7d6fb7f91a C++: Rename LossyFunctionResultCast tests to be correctly named 2022-07-06 21:52:13 +02:00
Robert Marsh
813a8548d7 C++: accept test changes for globals in data flow 2022-06-22 16:42:42 -04:00
Robert Marsh
048e5d8474 C++: IR data flow through global variables 2022-06-20 15:15:45 -04:00
Geoffrey White
3dddc560a1 C++: Add LSParser specific transformer. 2022-05-11 11:02:01 +01:00
Geoffrey White
e3be7749ea C++: Repair the LSParser sinks. 2022-05-11 11:02:01 +01:00
Geoffrey White
8852043558 C++: Additional test cases. 2022-05-11 11:01:26 +01:00
Geoffrey White
6b5a1921dd C++: Support the SAX2XMLReader interface. 2022-05-05 16:35:21 +01:00
Geoffrey White
c4bc7050a9 C++: Additional test cases. 2022-05-05 16:26:09 +01:00
Geoffrey White
5aa862acfd C++: Fixup after merge. 2022-05-03 16:12:42 +01:00
Geoffrey White
fd5b4dfff2 Merge branch 'main' into xxe4 2022-05-03 16:08:54 +01:00
Geoffrey White
42a78a27e0 C++: Fixup spacing in tests. 2022-05-03 11:48:03 +01:00
Geoffrey White
9faa825304 C++: Add support for libxml2 in the query. 2022-05-03 11:19:13 +01:00
Geoffrey White
812a24fc18 C++: Add test cases for libxml2. 2022-04-29 13:23:29 +01:00
Geoffrey White
dd258781ed C++: More test cases. 2022-04-29 10:38:31 +01:00
Geoffrey White
1d71f042db C++: Turns out DOMLSParser is not an AbstractDOMParser and works a little differently than I'd thought. 2022-04-29 10:38:31 +01:00
Geoffrey White
c6deddb290 C++: For consistency. 2022-04-29 10:35:34 +01:00
Geoffrey White
4be3161891 C++: Move some stuff from tests3.cpp to common tests.h 2022-04-29 10:35:34 +01:00
Geoffrey White
397efd1648 C++: Split off the createLSParser tests into their own file. 2022-04-29 10:35:33 +01:00
Geoffrey White
b02519bf0b C++: Make the createLSParser test a bit closer to real life. 2022-04-29 10:33:47 +01:00
Geoffrey White
a1542322e2 C++: Add test cases for SAX2XMLReader. 2022-04-29 10:33:46 +01:00
Geoffrey White
7fb1069d69 C++: Use GVN on the values passed into set* functions. 2022-04-29 10:09:52 +01:00
Geoffrey White
2ccd5a5531 C++: Add support for SAXParser in the query. 2022-04-28 16:13:21 +01:00
Geoffrey White
4e2344c488 C++: Add test cases for SAXParser. 2022-04-28 16:11:08 +01:00