hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
81,788 Commits 1,672 Branches 157 Tags
codeql-cli-2.22.4
Commit Graph

7071 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
d2d6b2ca7c apply range pattern patch to cpp 2021-10-25 19:38:10 +02:00
ihsinme
1dacd2ea76 Add files via upload 2021-10-25 14:47:25 +03:00
ihsinme
6173b11274 Add files via upload 2021-10-25 14:39:43 +03:00
ihsinme
baec186359 Add files via upload 2021-10-25 14:33:01 +03:00
ihsinme
8e8a324fa6 Add files via upload 2021-10-25 14:23:19 +03:00
Geoffrey White
da412178ce C++: Use set literals (more). 2021-10-20 14:18:27 +01:00
Geoffrey White
3f3c79f48f Merge pull request #6884 from geoffw0/setliterals 
Replace or chains with set literals.
 2021-10-18 16:46:55 +01:00
Jonas Jensen
493a37ba5e Merge pull request #6903 from MathiasVP/remove-implicit-this-for-cpp 
C++: Remove uses of implicit `this`
 2021-10-18 13:41:30 +02:00
Geoffrey White
f38dade578 C++: Disable the two null termination queries enabled by 6794. 2021-10-15 17:39:12 +01:00
Erik Krogh Kristensen
fe891746bf C++: fix implicit this 2021-10-15 14:59:48 +01:00
Geoffrey White
f08d2ee759 Merge branch 'main' into setliterals 2021-10-14 14:39:39 +01:00
Mathias Vorreiter Pedersen
a2371370ff Merge pull request #6865 from MathiasVP/fix-if-none 
C++/C#/JS/Python: Replace 'if p() then q() else none()' with a conjunction
 2021-10-13 19:47:55 +01:00
Geoffrey White
2e61ae244a C++: Set literals. 2021-10-13 16:12:36 +01:00
Philip Ginsbach
a204b7f3e7 Merge pull request #6866 from github/ginsbach/MoreInstanceofExtensions 
more instanceof extensions
 2021-10-13 14:21:50 +01:00
Mathias Vorreiter Pedersen
6ece3c2b46 Merge pull request #6870 from jbj/cp-fixes 
C++: Fix potential Cartesian products
 2021-10-13 14:15:33 +01:00
Jonas Jensen
e80c1ad91f C++: Fix resource-not-released-in-destructor CP 
By moving a disjunct outside the scope of an `exists(Function f`
variable it doens't use, the code becomes clearer and can be optimized
better.

The CP in the QL code did not lead to a CP at evaluation time since the
optimizer was smart enough to compensate for it:

    376161  ~37597630%     {0} r1 = SCAN functions OUTPUT {}
    1       ~0%            {0} r2 = STREAM DEDUP r1

Before this change, the largest tuple count in `leakedInSameMethod` on
bitcoin/bitcoin was 2M. Now it's 400k.
 2021-10-13 14:24:26 +02:00
Jonas Jensen
955344e175 C++: Inline a predicate that contains CPs 
The `overflows` predicate had quite severe Cartesian products. We didn't
see them in practice because magic saved us, but we can't rely on magic
in the future, so it seems better to inline this predicate.

Tuple counts and speed look good both before and after.
 2021-10-13 14:11:47 +02:00
Mathias Vorreiter Pedersen
ba981c525b C++: Replace 'if p() then q() else none()' with a conjunction. 2021-10-13 12:11:42 +01:00
Philip Ginsbach
4a0aac8505 SuppressionScope non-extending subtype of SuppressionComment 2021-10-13 11:40:32 +01:00
Aditya Sharad
a517a05ca8 Merge pull request #6830 from github/henrymercer/report-extraction-errors-as-warnings 
C++: Improve SARIF severity level reporting of extractor diagnostics
 2021-10-12 09:59:27 -07:00
Mathias Vorreiter Pedersen
6853f491f4 Merge pull request #6794 from geoffw0/impropnullfp 
C++: Improvements to cpp/improper-null-termination
 2021-10-12 14:47:02 +01:00
Mathias Vorreiter Pedersen
df8c399efb Merge pull request #6710 from ihsinme/ihsinme-patch-70 
CPP: Add query for CWE-1041 Use of Redundant Code
 2021-10-11 17:17:01 +01:00
ihsinme
4334acb6f2 Update FindWrapperFunctions.qhelp 2021-10-11 18:40:03 +03:00
Henry Mercer
5b26d41d27 C++: Improve SARIF severity level reporting of extractor diagnostics 2021-10-08 17:53:55 +01:00
ihsinme
8c42545d1c Update FindWrapperFunctions.qhelp 2021-10-08 13:10:36 +03:00
ihsinme
d79596354e Update cpp/ql/src/experimental/Security/CWE/CWE-1041/FindWrapperFunctions.ql 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-10-08 11:50:45 +03:00
Geoffrey White
2c64fa50d2 Merge branch 'main' into impropnullfp 2021-10-04 16:51:21 +01:00
Mathias Vorreiter Pedersen
eac0222f2c C++: Add more CWEs to 'cpp/incorrect-allocation-error-handling'. 2021-10-04 15:15:40 +01:00
Geoffrey White
51188aa93f C++: Give the two queries medium precision (for now). 2021-10-01 17:04:22 +01:00
Geoffrey White
11d7a0b712 C++: Exclude results where the address of the variable is taken. 2021-10-01 14:39:02 +01:00
Mathias Vorreiter Pedersen
a3cf721b9e Merge pull request #6713 from geoffw0/cwe139 
C++: New query for 'Cleartext transmission of sensitive information'
 2021-10-01 11:10:36 +02:00
Jonas Jensen
45cf6344cd Merge pull request #6184 from github/rdmarsh2/improve-exec-tainted 
C++: Refactor ExecTainted.ql to only report results after string concatenation
 2021-09-29 19:21:13 +02:00
Rasmus Wriedt Larsen
987b573709 Fix hasLocationInfo URL reference 
Follow up to https://github.com/github/codeql/pull/5830
 2021-09-29 13:47:58 +02:00
Geoffrey White
89098f54be C++: Correct comment. 2021-09-28 20:03:42 +01:00
Geoffrey White
10323ac819 Update cpp/ql/src/Security/CWE/CWE-311/CleartextStorage.inc.qhelp 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2021-09-28 15:13:29 +01:00
Anders Fugmann
e0921ac983 C++: Increase precision of cpp/static-buffer-overflow to high 2021-09-27 09:06:36 +02:00
Geoffrey White
6901d9d9c2 C++: Add and use getRemoteSocket predicates. 2021-09-24 15:16:48 +01:00
Geoffrey White
9f59bc8f7b C++: Naive translation to use RemoteFlow*Function. 2021-09-24 15:12:14 +01:00
Anders Fugmann
032ac50034 C++: Do not warn on static buffer overflow using loop counters, if the loop counter has been widened 2021-09-24 08:31:36 +02:00
Anders Fugmann
3e5f7d0db5 C++: using buildin offsetof for an array member indexed after end is legal 2021-09-24 08:31:35 +02:00
Anders Fugmann
a4a9e2aa96 C++: Weaken wording on overflow static alert text 2021-09-24 08:31:35 +02:00
ihsinme
13741ba137 Update FindWrapperFunctions.ql 2021-09-23 12:55:03 +03:00
Robert Marsh
21ed5c430d Merge branch 'main' into rdmarsh2/improve-exec-tainted 
Manual fix for conflict in Models.qll
 2021-09-22 11:51:18 -07:00
ihsinme
88a257fcdc Apply suggestions from code review 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-09-21 20:32:08 +03:00
Robert Marsh
d62f76afa6 Merge pull request #6133 from MathiasVP/promote-sql-pqxx 
C++: Promote `cpp/sql-injection-via-pqxx` out of experimental
 2021-09-21 10:13:57 -07:00
Robert Marsh
97c2917c16 Merge pull request #6409 from JordyZomer/main 
cpp: Add query to detect unsigned integer to signed integer conversio…
 2021-09-21 09:57:44 -07:00
Mathias Vorreiter Pedersen
bd5edc7ae5 Respond to review comments. 2021-09-21 14:29:26 +01:00
Mathias Vorreiter Pedersen
797966fd3d C++: Change the names of the new classes and predicates to match the upcoming 'CommandExecutionFunction' class. 2021-09-20 11:49:09 +01:00
Geoffrey White
24668b2281 Merge branch 'main' into cwe139 2021-09-17 16:04:51 +01:00
Geoffrey White
90bc138049 CPP: Fix QLDoc comments. 2021-09-17 14:12:04 +01:00