hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,920 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.2
Commit Graph

1928 Commits

Author SHA1 Message Date
Geoffrey White
4685f193f5 CPP: Widen varMaybeStackAllocated. 2019-01-30 18:36:32 +00:00
Geoffrey White
25e11512db CPP: Add a test of ReturnStackAllocatedMemory. 2019-01-30 18:36:31 +00:00
Jonas Jensen
d776d9f903 Merge pull request #821 from geoffw0/query-tags-case 
CPP: Improve ArrayArgSizeMismatch.ql
 2019-01-29 03:52:52 -08:00
semmle-qlci
bf64fee4bd Merge pull request #790 from rdmarsh2/rdmarsh/cpp/futile-params 
Approved by semmledocs-ac
 2019-01-28 22:11:44 +00:00
Geoffrey White
b0805f8e79 CPP: Adjust ArithmeticTainted.ql so that it can work on non-VariableAccesses. 2019-01-28 17:36:56 +00:00
Geoffrey White
f1dc538796 CPP: Add a test using strtoul in a taint query. 2019-01-28 16:59:02 +00:00
Geoffrey White
1a044a0a22 CPP: Add 'fread' to BufferAccess.qll. 2019-01-25 12:58:25 +00:00
Geoffrey White
fd6365838b CPP: Add test cases involving fread. 2019-01-25 12:58:25 +00:00
Jonas Jensen
2aca40a021 Merge pull request #736 from geoffw0/macroinv2 
CPP: Deprecate MacroInvocationExpr and MacroInvocationStmt
 2019-01-25 09:02:02 +01:00
Robert Marsh
44d8e6b6e2 C++: respond to PR comments 2019-01-24 10:50:56 -08:00
Geoffrey White
02c69a744f CPP: Fix false positive. 2019-01-24 15:15:02 +00:00
Geoffrey White
e1d31bf117 CPP: Add a test of ArrayArgSizeMismatch.ql. 2019-01-24 11:20:58 +00:00
Jonas Jensen
61e23bed88 Merge branch 'master' into strcpy-fixups 2019-01-24 10:51:51 +01:00
Robert Marsh
fa02042fda C++: add more tests and rename test functions 2019-01-23 11:42:44 -08:00
Dave Bartolomeo
bfb8125474 Merge pull request #754 from jbj/copy-assignment-no-effect 
C++: Exclude assignment operator in ExprHasNoEffect
 2019-01-23 00:46:17 -08:00
Jonas Jensen
7bb9deeb34 C++: Recognize more function decls as code 2019-01-21 11:47:35 +01:00
Geoffrey White
821a7bfadd Merge pull request #779 from jbj/commented-out-code-braces 
C++: Relax commented-out code heuristic for `}`
 2019-01-21 09:37:30 +00:00
Jonas Jensen
9561fdaabf Merge pull request #672 from geoffw0/lgtm1605 
CPP: Fix function pointer/lambda related false positives in 'Resource not released in destructor'
 2019-01-21 09:35:30 +01:00
Jonas Jensen
169bbcdfa0 Merge pull request #682 from geoffw0/suspiciousaddsizeof 
CPP: Fix false positive in SuspiciousAddWithSizeof.ql
 2019-01-21 09:06:18 +01:00
Geoffrey White
bff23f546d CPP: Clearer naming. 2019-01-18 16:21:28 +00:00
Jonas Jensen
189d82b79a C++: Change exclusion to not be only operator= 2019-01-18 11:19:38 +01:00
Robert Marsh
64ed9305d3 C++: new query for futile arguments to C functions 2019-01-17 10:45:10 -08:00
Jonas Jensen
f147b63bb8 Merge pull request #654 from geoffw0/lossyresultcast 
CPP: Work on Lossy function result cast query
 2019-01-17 17:07:29 +01:00
Jonas Jensen
9c42b5fab7 C++: Relax commented-out code heuristic for } 
I looked through a few hundred results from this query on lgtm.com and
found that most of the FPs had to do with comment lines ending in `}`.
This change should fix most of them, at the cost of very few false
negatives.

On Wireshark, this query goes from 7,425 results to 6,686 results before
filtering for generated code. Almost all the lost results were FP,
except a handful of results involving initializer lists.
 2019-01-17 10:20:48 +01:00
Jonas Jensen
92b48bf6af C++: Add another test for CommentedOutCode.ql 2019-01-17 09:15:25 +01:00
Jonas Jensen
9751a91087 C++: Accept changes to alert message in test 2019-01-14 21:43:57 +01:00
Jonas Jensen
6385dd38cf C++: Exclude operator= in ExprHasNoEffect 2019-01-11 13:30:08 +01:00
Jonas Jensen
95e457cb49 C++: Add test with FP in ExprHasNoEffect 2019-01-11 13:18:44 +01:00
Jonas Jensen
1cc36dd969 C++: Exclude copy assignment in LargeParameter.ql 
The purpose of the copy assignment operator is to copy the object, so we
should not complain that a copy happens when passing the parameter. See
https://en.wikibooks.org/wiki/More_C++_Idioms/Copy-and-swap for details.
 2019-01-11 12:00:02 +01:00
Jonas Jensen
4ea3849595 C++: Add failing test case for LargeParameter.ql 2019-01-11 11:53:04 +01:00
Geoffrey White
f2e68da322 CPP: Use dataflow to find wrapped rounding functions. 2019-01-10 14:44:11 +00:00
Geoffrey White
207c4d365a CPP: Test wrapped rounding functions more thoroughly. 2019-01-10 14:39:23 +00:00
Jonas Jensen
aa0f2f2da3 C++: Support ?: in UsingStrcpyAsBoolean.ql 
I removed some unnecessary parentheses for symmetry, causing whitespace
changes.
 2019-01-10 08:35:54 +01:00
Jonas Jensen
0f88a4b312 C++: Test ?: support in UsingStrcpyAsBoolean.ql 
This test shows that the query only supports the ternary operator in
C++, not C.
 2019-01-10 08:35:54 +01:00
Jonas Jensen
4dd36772ef C++: Remove UsingStrcpyAsBoolean.ql duplicates 2019-01-10 08:35:54 +01:00
Jonas Jensen
3a6a515a1d C++: Tabs to spaces and // Bug comments in test 
This changes the column numbers in the expected test output.
 2019-01-10 08:35:53 +01:00
Jonas Jensen
9219214d64 Merge pull request #695 from raulgarciamsft/users/raulga/c6324 
cpp - Using the return value of a strcpy or related string copy function in an if statement
 2019-01-10 08:34:17 +01:00
Geoffrey White
7a877bfe14 CPP: Add exception for wrapped whitelisted functions. 2019-01-09 18:30:19 +00:00
Geoffrey White
f983391cbf CPP: Add exception for pow. 2019-01-09 15:06:23 +00:00
Geoffrey White
11013b0ec6 CPP: Add a few more test cases. 2019-01-09 14:58:25 +00:00
Geoffrey White
cbe69f2daf CPP: Fix false positive. 2019-01-09 13:59:24 +00:00
Geoffrey White
e26c709dbf CPP: Add a test for LossyFunctionResultCast.ql. 2019-01-09 13:59:24 +00:00
Geoffrey White
6088ca5d5b CPP: Update our uses of MacroInvocationExpr. 2019-01-09 12:17:29 +00:00
Geoffrey White
b59c2868cd CPP: Add test cases for the macro logic and other details of ArithmeticUncontrolled.ql. 2019-01-09 12:17:29 +00:00
Raul Garcia
18bb6696e0 Fixing conditional only issue. 
I changed  to detect any logical operation usage (i.e. !, ==), but I kept usage in a conditional directly as a separate detection condition. I found no false positives on the projects you shared with me previously.
 2019-01-07 10:44:11 -08:00
Raul Garcia
880306c621 Removing duplicated results 2019-01-04 10:45:43 -08:00
Raul Garcia
28932e85d9 Fixing the code based on PR feedback. 2019-01-02 16:23:19 -08:00
Raul Garcia
f8ab945b91 Merge branch 'master' into users/raulga/c6324 2018-12-14 15:46:38 -08:00
Raul Garcia
16f2bacf4d cpp - Using the return value of a strcpy or related string copy function in an if statement 2018-12-14 15:42:49 -08:00
Geoffrey White
e443eb8889 CPP: Fix type logic. 2018-12-13 09:49:32 +00:00