hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
81,788 Commits 1,672 Branches 157 Tags
codeql-cli-2.22.4
Commit Graph

7071 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
cd0efbe7ce Dataflow: Sync. 2021-06-24 14:19:17 +02:00
Mathias Vorreiter Pedersen
c0ffd9027f C++: Add more random sources. 2021-06-24 13:40:00 +02:00
Mathias Vorreiter Pedersen
c8c77396fa C++: Get rid of the trivial 'True' condition. Turns out it's not actually needed. 2021-06-24 09:57:54 +02:00
Mathias Vorreiter Pedersen
656ff4aee9 C++: Add more QLDoc. 2021-06-24 09:57:25 +02:00
Mathias Vorreiter Pedersen
d70ea5f6e0 Update cpp/ql/src/semmle/code/cpp/controlflow/StackVariableReachability.qll 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2021-06-24 09:27:11 +02:00
Edoardo Pirovano
0909c9ff22 Performance: Fix bad join order in dataflow library 2021-06-24 08:24:17 +01:00
Geoffrey White
06591956ff C++: Rename some variables. 2021-06-23 17:54:47 +01:00
Mathias Vorreiter Pedersen
43bbd4f7ad C++: Fix join order with 'pragma[noopt]'. 2021-06-23 18:34:04 +02:00
Geoffrey White
a2c904d0c0 C++: Clarify the meanings of predicates. 2021-06-23 17:17:50 +01:00
Mathias Vorreiter Pedersen
a8c57ec4aa C++: Prevent false negatives caused by incorrectly concluding that a loop variant condition refutes itself across loop iterations. 2021-06-23 15:08:16 +02:00
Mathias Vorreiter Pedersen
c44475458e Update cpp/ql/src/Security/CWE/CWE-190/Bounded.qll 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2021-06-23 14:38:36 +02:00
Mathias Vorreiter Pedersen
d308dd2f40 Update cpp/ql/src/semmle/code/cpp/controlflow/StackVariableReachability.qll 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2021-06-23 11:54:56 +02:00
Mathias Vorreiter Pedersen
90633b9ce1 C++: Make the new SQL abstract classes extend 'Function' instead. This is more in line with how we model RemoteFlowFunction. 2021-06-23 11:49:51 +02:00
Mathias Vorreiter Pedersen
6379463bcf Merge branch 'main' into improve-tainted-arithmetic 2021-06-23 11:42:45 +02:00
Geoffrey White
298f70f082 Merge pull request #6120 from MathiasVP/not-overflow-is-barrier-in-cwe-190 
C++: Recognize any non-overflowing arithmetic expression as a barrier for `cpp/uncontrolled-arithmetic`
 2021-06-23 10:35:33 +01:00
Mathias Vorreiter Pedersen
9b94f3a650 Merge branch 'main' into improve-tainted-arithmetic 2021-06-23 11:04:08 +02:00
Mathias Vorreiter Pedersen
a611e76ed2 C++: Respond to review comments. 2021-06-23 10:28:00 +02:00
ihsinme
460fde72ff Add files via upload 2021-06-23 10:44:27 +03:00
Mathias Vorreiter Pedersen
2e2673aff6 C++: Delete the experimental SqlPqxxTainted query. 2021-06-22 17:13:07 +02:00
Mathias Vorreiter Pedersen
222cd41aa3 C++: Use the new SQL interface in 'Security.qll' and 'SqlTainted.ql'. 2021-06-22 17:13:06 +02:00
Mathias Vorreiter Pedersen
092fbd60d9 C++: Create a new SQL interface. 2021-06-22 17:13:06 +02:00
ihsinme
94bd2a32f9 Update FindIncorrectlyUsedSwitch.qhelp 2021-06-22 10:39:37 +03:00
Mathias Vorreiter Pedersen
3bc6b11ae5 C++: Share the 'bounded' predicate from 'cpp/uncontrolled-arithmetic' and use it in 'cpp/tainted-arithmetic'. 2021-06-21 16:38:17 +02:00
Mathias Vorreiter Pedersen
05389bb9d4 Merge pull request #6099 from geoffw0/weak-crypto3 
Further improvements to cpp/weak-cryptographic-algorithm
 2021-06-21 15:46:50 +02:00
Anders Schack-Mulligen
65ac8be5ac Java: Add defaultImplicitTaintRead and sync. 2021-06-21 14:42:47 +02:00
Anders Schack-Mulligen
38319a4832 C/C++: Make Content public as DataFlow::Content. 2021-06-21 14:42:47 +02:00
Anders Schack-Mulligen
80880320d5 Dataflow: Sync. 2021-06-21 14:42:47 +02:00
Mathias Vorreiter Pedersen
238c483e5b C++: Make any non-overflowing arithmetic operation a barrier. 2021-06-21 14:05:34 +02:00
Geoffrey White
79198974dc Merge branch 'main' into weak-crypto3 2021-06-21 11:55:29 +01:00
Anders Schack-Mulligen
9110dfaeb3 Merge pull request #6095 from hvitved/dataflow/local-cc-join 
Data flow: Fix `getLocalCallContext` join-order
 2021-06-21 12:53:38 +02:00
Mathias Vorreiter Pedersen
17df8e44d0 C++: Convert 'cpp/tainted-arithmetic' to a 'path-problem' query. 2021-06-18 14:56:17 +02:00
Calum Grant
32f6a465b0 Merge pull request #6080 from github/calumgrant/security-severities 
Update security-severity scores
 2021-06-18 09:40:40 +01:00
Tom Hvitved
eb86bceb4d Address review comments 2021-06-18 10:18:47 +02:00
Geoffrey White
b4cbe6dce8 C++: Increase query precision to high. 2021-06-17 14:33:17 +01:00
Geoffrey White
b5c71fd1d7 C++: Repair funcion call in a function call. 2021-06-17 14:33:16 +01:00
Geoffrey White
e5147c2a1f C++: Exclude functions that don't involve buffers. 2021-06-17 14:33:16 +01:00
Geoffrey White
a481e5c292 C++: Exclude template code. 2021-06-17 12:36:14 +01:00
ihsinme
1cabaec0c3 Update cpp/ql/src/experimental/Security/CWE/CWE-561/FindIncorrectlyUsedSwitch.qhelp 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-06-17 11:09:36 +03:00
Tom Hvitved
ffb2350a54 Data flow: Fix getLocalCallContext join-order 2021-06-17 10:02:31 +02:00
Tom Hvitved
cc383e0f6a Data flow: Workaround for too clever compiler in consistency queries 2021-06-17 09:43:36 +02:00
ihsinme
f5008d31f5 Add files via upload 2021-06-15 16:51:38 +03:00
ihsinme
bdab785bef Add files via upload 2021-06-15 16:42:38 +03:00
Calum Grant
771e686946 Update security-severity scores 2021-06-15 13:25:17 +01:00
Cornelius Riemenschneider
0ebf53b9df Merge pull request #6073 from geoffw0/loc 
C++: Add lines of user code query
 2021-06-15 09:18:46 +02:00
Mathias Vorreiter Pedersen
cc6ae7f8b8 Merge branch 'main' into path-sensitive-stack-variable-reachability-analysis 2021-06-14 22:02:46 +02:00
Mathias Vorreiter Pedersen
79926788d1 C++: Fix non-monotonic recursion problems in 'StackVariableReachabilityWithReassignment' by using the old StackVariableReachability predicates that don't care about paths. 2021-06-14 22:00:17 +02:00
Mathias Vorreiter Pedersen
c32f72063f C++: Add path sensitivity to StackVariableReachability. 2021-06-14 21:59:13 +02:00
Geoffrey White
e71264d1d2 C++: Lines of user code query. 2021-06-14 16:03:16 +01:00
Jonas Jensen
e23b88b7f1 Merge pull request #6052 from jsinglet/jsinglet/stdtypes 
Implementation of standard C/C++ fixed width, minimum width, and maximum width types
 2021-06-11 17:03:01 +02:00
John L. Singleton
8c6c011be2 Formatting fixes, comment moving. 2021-06-11 10:17:05 -04:00