codeql

mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00

Author	SHA1	Message	Date
Mathias Vorreiter Pedersen	cbe330eb7b	Merge pull request #11693 from jketema/argv-param-flowsource C++: Define the `argv` flow source in terms the input parameter	2022-12-20 09:30:19 +00:00
Arthur Baars	a8be5d7274	AlertSuppression: add change notes	2022-12-19 17:02:52 +01:00
Arthur Baars	c176606be5	AlertSuppression: allow //lgtm comments to scope over the next line	2022-12-19 16:10:26 +01:00
Arthur Baars	016c7a8ca7	Merge pull request #11719 from aibaars/alert-suppression-shared Shared AlertSuppression library	2022-12-19 16:04:44 +01:00
Jeroen Ketema	949b61c635	Merge pull request #11729 from MathiasVP/fix-cleartext-sqlite-database C++: Prepare `cpp/cleartext-storage-database` for use-use flow	2022-12-19 14:01:34 +01:00
Jeroen Ketema	ed33b905a6	C++: Simplify `cpp/path-injection` now `argv` sources are parameters	2022-12-19 12:54:16 +01:00
Arthur Baars	ad80822a52	C/C++: use shared AlertSuppression.qll	2022-12-19 12:25:46 +01:00
Jeroen Ketema	88a1eead03	Merge pull request #11724 from MathiasVP/clear-text-transmission-dont-track-indirection C++: Use `asExpr` in `cpp/cleartext-transmission`	2022-12-19 11:31:06 +01:00
turbo	d1d4163b79	Exclude cpp/wrong-use-of-the-umask	2022-12-18 15:55:04 +01:00
turbo	1e5426fca2	Create security-experimental suite helper and all language suite implementations	2022-12-18 15:44:08 +01:00
ihsinme	c790b0fed6	Update DivideByZeroUsingReturnValue.ql	2022-12-18 00:34:14 +03:00
Henry Mercer	30451ee950	Merge pull request #11681 from github/henrymercer/mergeback-3.8 Merge `rc/3.8` back to `main`	2022-12-16 17:43:12 +00:00
Mathias Vorreiter Pedersen	1d80e94bb4	C++: Prepare 'CleartextSqliteDatabase.ql' for use-use flow.	2022-12-16 17:10:10 +00:00
Mathias Vorreiter Pedersen	33649ed7d3	Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow	2022-12-16 17:02:06 +00:00
Mathias Vorreiter Pedersen	4ace171447	C++: Don't track indirection expressions in 'cpp/cleartext-transmission'. Instead, just track the direct expression.	2022-12-16 13:26:53 +00:00
Mathias Vorreiter Pedersen	7d5e215a93	Merge pull request #11600 from geoffw0/offsetrangecheck C++: Fix cpp/offset-use-before-range-check performance.	2022-12-15 16:44:49 +00:00
Jeroen Ketema	ef61d14e9c	C++: Add change note	2022-12-15 12:57:13 +01:00
Jeroen Ketema	0b4c4fd580	C++: Simplify deallocation check	2022-12-15 12:46:32 +01:00
Jeroen Ketema	4fb43d56b3	C++: Exclude deallocation functions as `scanf` result accesses	2022-12-15 09:39:16 +01:00
Jeroen Ketema	31b4dda7bd	Merge pull request #11687 from jketema/tainted-path-use-use C++: Make `cpp/path-injection` work with use-use dataflow	2022-12-14 18:06:05 +01:00
turbo	4ec401a3f6	Tag all security queries in supported languages' experimental directories with an experimental tag	2022-12-14 17:15:50 +01:00
Jeroen Ketema	bb256514c0	Merge remote-tracking branch 'upstream/main' into mathiasvp/replace-ast-with-ir-use-usedataflow	2022-12-14 15:52:20 +01:00
Jeroen Ketema	4075f693bd	C++: Make `cpp/path-injection` work with use-use dataflow	2022-12-14 13:38:55 +01:00
Henry Mercer	a3933fbf4f	Bump minor versions of packs we regularly release	2022-12-13 18:59:24 +00:00
Henry Mercer	7167f078be	Merge branch 'main' into henrymercer/mergeback-3.8	2022-12-13 18:40:53 +00:00
Jeroen Ketema	628f92a9fb	C++: Fix QL-for-QL warnings	2022-12-13 16:24:55 +01:00
Jeroen Ketema	b10ed976cc	Update cpp/ql/src/Likely Bugs/Memory Management/AllocaInLoop.ql Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>	2022-12-13 10:57:34 +01:00
Jeroen Ketema	18dea55071	C++: Fix `cpp/alloca-in-loop` regressions with use-use dataflow	2022-12-12 19:15:50 +01:00
erik-krogh	698e05f85a	Swift/C++: Use instanceof in more places	2022-12-12 16:58:13 +01:00
Jeroen Ketema	b2091e8632	Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow	2022-12-12 11:40:36 +01:00
github-actions[bot]	343b7b1c8b	Post-release preparation for codeql-cli-2.11.6	2022-12-11 18:15:04 +00:00
Jeroen Ketema	beb66d027e	C++: Use `FlowSource` in `cpp/path-injection`	2022-12-10 20:27:56 +01:00
github-actions[bot]	0b2fb4f70a	Release preparation for version 2.11.6	2022-12-10 15:49:35 +00:00
Jeroen Ketema	9dc2614012	C++: Make all flow source descriptions start with a lower case letter In every context where we use the description a lower case letter makes more sense.	2022-12-09 23:18:58 +01:00
Geoffrey White	f373b7fe7c	Merge pull request #11596 from geoffw0/cleartextbufferwrite C++: Performance fix for cpp/cleartext-storage-buffer	2022-12-08 17:18:10 +00:00
Mathias Vorreiter Pedersen	4fd6ac5657	Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow	2022-12-08 13:10:18 +00:00
Chris Smowton	49bc524fd0	Merge remote-tracking branch 'origin/rc/3.8' into smowton/admin/merge-rc38-into-main	2022-12-08 11:12:30 +00:00
Geoffrey White	1d4631e231	C++: Better solution.	2022-12-07 18:00:38 +00:00
Geoffrey White	627162b343	C++: Fix cpp/offset-use-before-range-check performance.	2022-12-07 17:32:36 +00:00
Geoffrey White	a8b8b54f8d	Update cpp/ql/src/Security/CWE/CWE-311/CleartextBufferWrite.ql Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>	2022-12-07 16:44:33 +00:00
Geoffrey White	4b8575bfc3	C++: Simplify the query slightly.	2022-12-07 15:35:45 +00:00
Geoffrey White	b3d838d678	C++: Define the sources more clearly and consistently (fixes performance issue).	2022-12-07 14:45:39 +00:00
Jeroen Ketema	b5147bbfb0	C++: Deprecate `DefaultTaintTracking` and `TaintTrackingImpl`	2022-12-06 17:45:16 +01:00
Mathias Vorreiter Pedersen	2c500142c7	Merge pull request #11435 from jketema/rewrite-tainted-path C++: Rewrite `cpp/path-injection` to not use `DefaultTaintTracking`	2022-12-06 14:54:57 +00:00
Jeroen Ketema	995efef5da	C++: Add explanatory comment to `hasFilteredFlowPath`	2022-12-06 09:03:21 +01:00
Jeroen Ketema	6dbc59d5b5	C++: Simplify `isSink` based on reviewer comments	2022-12-05 23:23:08 +01:00
Mathias Vorreiter Pedersen	c563ed3635	Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow	2022-12-05 10:27:55 +00:00
github-actions[bot]	5e35785fd0	Post-release preparation for codeql-cli-2.11.5	2022-12-02 11:37:44 +00:00
github-actions[bot]	31ab22e3a0	Release preparation for version 2.11.5	2022-12-01 20:05:14 +00:00
Jeroen Ketema	3dfe18b565	C++: Introduce the coarse upper bound check from default taint tracking	2022-12-01 09:13:48 +01:00

... 22 23 24 25 26 ...

7071 Commits