hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 02:13:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,294 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.3
Commit Graph

7095 Commits

Author SHA1 Message Date
Jeroen Ketema
0c39d1e5ca C++: Fix query formatting 2023-03-07 18:55:58 +01:00
Jeroen Ketema
2eb2e11ef7 C++: Fix query compilation 2023-03-07 18:53:07 +01:00
Jeroen Ketema
fb57914751 C++: Convert a number of data flow based queries to use ConfigSig 2023-03-07 18:21:52 +01:00
Mathias Vorreiter Pedersen
cc0b8bbebb Merge pull request #12430 from MathiasVP/no-to-string-on-state-in-cast-array-pointer-arith 
C++: Convert `cpp/upcast-array-pointer-arithmetic` to the new API
 2023-03-07 16:48:15 +00:00
Mathias Vorreiter Pedersen
ce02de48a0 C++: Fix Code Scanning error. 2023-03-07 14:40:36 +00:00
Mathias Vorreiter Pedersen
f2b311a008 C++: We don't need to check type equivalence at the end anymore: the dataflow state now precisely tracks the types. 2023-03-07 14:31:11 +00:00
Mathias Vorreiter Pedersen
ce6366f023 C++: Use the parameterized module dataflow API in 'cpp/upcast-array-pointer-arithmetic'. 
This allows us to swap out the old string state with the Type-based state.
 2023-03-07 14:17:12 +00:00
Mathias Vorreiter Pedersen
63690066c5 Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2023-03-07 13:06:43 +00:00
Mathias Vorreiter Pedersen
b054b9c5cd Merge pull request #12408 from jketema/merge-main 
C++: use-use dataflow merge main
 2023-03-07 13:05:30 +00:00
Paolo Tranquilli
c4fd39ec3f C++: fix example code for FilePermissions.qll 2023-03-07 13:50:20 +01:00
Jeroen Ketema
3a4c0a2aae Merge pull request #12389 from jketema/more-deprecated 
C++: Add `deprecated` to predicates that are deprecated according to the QLDoc
 2023-03-07 11:21:43 +01:00
Jeroen Ketema
9ec479a2a0 C++: Update queries to use DataFlow::ConfigSig 2023-03-07 10:15:11 +01:00
Jeroen Ketema
47930f94e2 Merge remote-tracking branch 'upstream/main' into merge-main 2023-03-06 15:20:39 +01:00
Anders Schack-Mulligen
5c7f2ac7f7 Merge pull request #12186 from aschackmull/dataflow/refactor-configuration 
Data flow: Refactor configuration
 2023-03-06 13:38:59 +01:00
Mathias Vorreiter Pedersen
8836cbae5b C++: Make sure we use an indirect sink only for the sinks that receive a 
pointer to the data. Also fix a bug where we used 'asExpr' instead
of 'asIndirectExpr'.
 2023-03-06 11:22:58 +00:00
github-actions[bot]
af61b45785 Post-release preparation for codeql-cli-2.12.4 2023-03-04 14:16:55 +00:00
Jeroen Ketema
aa00424b75 C++: Fix experimental query that uses the deprecated freeCall predicate 2023-03-03 17:53:49 +01:00
Mathias Vorreiter Pedersen
907e6299a4 C++: Convert 'ExecTainted' to use the new refactored dataflow library. 2023-03-03 14:41:29 +00:00
github-actions[bot]
462da63970 Release preparation for version 2.12.4 2023-03-03 14:11:51 +00:00
Geoffrey White
7b596f4928 Merge pull request #10431 from ihsinme/ihsinme-patch-111 
CPP: Add query for CWE-369: Divide By Zero.
 2023-03-03 10:42:04 +00:00
Mathias Vorreiter Pedersen
075a83c987 Stage stats before on 'ExecTainted.ql' before: 
```
1	10	1 Fwd	609968	1398	-1	94	769936	ExecTaintConfiguration
2	15	1 Rev	239464	774	-1	52	320663	ExecTaintConfiguration
3	20	2 Fwd	205794	511	650	39	18576546	ExecTaintConfiguration
4	25	2 Rev	161966	351	428	39	13639502	ExecTaintConfiguration
5	30	3 Fwd	31889	322	791	39	5982574	ExecTaintConfiguration
6	35	3 Rev	30068	303	661	39	4181421	ExecTaintConfiguration
7	40	4 Fwd	24031	232	1432	39	14725618	ExecTaintConfiguration
8	45	4 Rev	21506	219	907	39	5962780	ExecTaintConfiguration
9	50	5 Fwd	20149	204	1527	38	8350094	ExecTaintConfiguration
10	55	5 Rev	20102	204	1472	38	7515307	ExecTaintConfiguration
11	60	6 Fwd	19950	200	904	33	9673369	ExecTaintConfiguration
12	65	6 Rev	18431	200	901	33	7030957	ExecTaintConfiguration
```

Stage stats after:
```
1	10	1 Fwd	368610	699	-1	65	445199	ExecTaintConfiguration
2	15	1 Rev	112848	336	-1	23	150522	ExecTaintConfiguration
3	20	2 Fwd	91528	219	270	22	4120713	ExecTaintConfiguration
4	25	2 Rev	66017	141	159	22	2657398	ExecTaintConfiguration
5	30	3 Fwd	12161	119	208	22	792468	ExecTaintConfiguration
6	35	3 Rev	11640	111	167	22	569193	ExecTaintConfiguration
7	40	4 Fwd	11423	109	331	22	1203871	ExecTaintConfiguration
8	45	4 Rev	10851	107	323	22	904017	ExecTaintConfiguration
9	50	5 Fwd	10694	107	763	22	2428404	ExecTaintConfiguration
10	55	5 Rev	10332	104	735	22	2355698	ExecTaintConfiguration
11	60	6 Fwd	10302	104	729	22	5772762	ExecTaintConfiguration
12	65	6 Rev	9482	102	725	22	4020951	ExecTaintConfiguration
```
 2023-02-28 15:05:29 +00:00
Mathias Vorreiter Pedersen
8dd0bdbdb0 C++: Rename 'fst' and 'snd' to 'incoming' and 'outgoing'. 2023-02-28 15:05:18 +00:00
Mathias Vorreiter Pedersen
d93d22ba3e C++: Fix FPs in 'cpp/non-constant-format'. 2023-02-28 10:05:05 +00:00
Mathias Vorreiter Pedersen
354a12c906 C++: Fix queries. Since there's no longer indirect -> direct flow in 
taint-tracking we need to make sure the affected sink definitions also
handle indirect flow.
 2023-02-27 14:57:36 +00:00
Mathias Vorreiter Pedersen
a5bb093935 Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2023-02-27 14:57:06 +00:00
Nicky Mouha
08f04d5386 Update IfStatementAdditionOverflow.ql 2023-02-23 17:50:02 -05:00
Nicky Mouha
ed75172bdd Update IfStatementAdditionOverflow.ql 2023-02-21 18:11:22 -05:00
ihsinme
49af5ec536 Update DivideByZeroUsingReturnValue.ql 2023-02-19 21:41:28 +03:00
Nicky Mouha
f577a04eab Update IfStatementAdditionOverflow.ql 2023-02-18 21:34:03 -05:00
github-actions[bot]
8eb8daa4d4 Post-release preparation for codeql-cli-2.12.3 2023-02-16 17:23:25 +00:00
github-actions[bot]
b0315119c6 Release preparation for version 2.12.3 2023-02-16 11:49:06 +00:00
Jeroen Ketema
7bd28183ba Merge pull request #12151 from jketema/remove-experimental-dataflow 
C++: Remove experimental copy of the use-use IR dataflow library
 2023-02-10 18:08:14 +01:00
Jeroen Ketema
b023c6bb23 C++: Remove experimental copy of the use-use IR dataflow library 2023-02-10 16:20:33 +01:00
Jeroen Ketema
ecdeb9a970 C++: Revert semmle.code.cpp.dataflow to its old state 
While here make sure all queries and tests use IR dataflow when appropriate.
 2023-02-10 14:21:44 +01:00
Mathias Vorreiter Pedersen
e1aef3127c Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2023-02-10 09:23:37 +00:00
Jeroen Ketema
1c35109675 C++: Add experimental tag to experimental query 2023-02-06 20:31:26 +01:00
Jeroen Ketema
868f07bc91 Merge branch 'main' into ihsinme-patch-102 2023-02-06 20:16:53 +01:00
ihsinme
065ca3c227 Update DivideByZeroUsingReturnValue.ql 2023-02-06 19:42:46 +03:00
github-actions[bot]
faf21f3edb Post-release preparation for codeql-cli-2.12.2 2023-02-02 23:01:04 +00:00
github-actions[bot]
a4fa984792 Release preparation for version 2.12.2 2023-02-02 14:34:55 +00:00
Nora Dimitrijević
1df0be3ca2 C++: Fix join order in cpp/missing-check-scanf 
The issues were:
* `revFlow`: `revFlow` joins `fwdFlow` on `vn`.
* `Node.getASuccessor()`: `MkNode` self-join on `vn`.
* `hasFlow/5`: `MkNode` self-join on `vn`.
 2023-02-01 16:29:43 +01:00
Nicky Mouha
5a4a63f8a9 Create IfStatementAdditionOverflow.ql 2023-01-30 18:52:35 -05:00
Mathias Vorreiter Pedersen
e8db563e98 C++: Reformulate the sanitizer in 'NonConstantFormat.ql'. It should no longer incorrectly sanitize indirect nodes for which there is no result for 'asIndirectExpr'. 2023-01-27 10:04:48 +00:00
Mathias Vorreiter Pedersen
79b77b01fd Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2023-01-23 15:49:36 +00:00
github-actions[bot]
b62cb6ba84 Post-release preparation for codeql-cli-2.12.1 2023-01-20 19:49:56 +00:00
github-actions[bot]
005b3e4a47 Release preparation for version 2.12.1 2023-01-20 12:03:19 +00:00
Geoffrey White
54b3262d9c Merge pull request #11891 from geoffw0/authbypass 
C++: Fix issue with cpp/user-controlled-bypass
 2023-01-17 15:43:08 +00:00
Geoffrey White
d628cc5ab8 Update cpp/ql/src/Security/CWE/CWE-290/AuthenticationBypass.ql 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2023-01-17 14:37:19 +00:00
Jeroen Ketema
a892ae8764 C++: Fix spurious results in default taint tracking 2023-01-16 19:10:10 +01:00
Geoffrey White
1a416884d4 C++: Do something similar with the other three cases. 2023-01-14 00:09:01 +00:00