hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,294 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.3
Commit Graph

7095 Commits

Author SHA1 Message Date
Jeroen Ketema
b10ed976cc Update cpp/ql/src/Likely Bugs/Memory Management/AllocaInLoop.ql 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2022-12-13 10:57:34 +01:00
Jeroen Ketema
18dea55071 C++: Fix cpp/alloca-in-loop regressions with use-use dataflow 2022-12-12 19:15:50 +01:00
erik-krogh
698e05f85a Swift/C++: Use instanceof in more places 2022-12-12 16:58:13 +01:00
Jeroen Ketema
b2091e8632 Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2022-12-12 11:40:36 +01:00
github-actions[bot]
343b7b1c8b Post-release preparation for codeql-cli-2.11.6 2022-12-11 18:15:04 +00:00
Jeroen Ketema
beb66d027e C++: Use FlowSource in cpp/path-injection 2022-12-10 20:27:56 +01:00
github-actions[bot]
0b2fb4f70a Release preparation for version 2.11.6 2022-12-10 15:49:35 +00:00
Jeroen Ketema
9dc2614012 C++: Make all flow source descriptions start with a lower case letter 
In every context where we use the description a lower case letter makes more
sense.
 2022-12-09 23:18:58 +01:00
Geoffrey White
f373b7fe7c Merge pull request #11596 from geoffw0/cleartextbufferwrite 
C++: Performance fix for cpp/cleartext-storage-buffer
 2022-12-08 17:18:10 +00:00
Mathias Vorreiter Pedersen
4fd6ac5657 Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2022-12-08 13:10:18 +00:00
Chris Smowton
49bc524fd0 Merge remote-tracking branch 'origin/rc/3.8' into smowton/admin/merge-rc38-into-main 2022-12-08 11:12:30 +00:00
Geoffrey White
1d4631e231 C++: Better solution. 2022-12-07 18:00:38 +00:00
Geoffrey White
627162b343 C++: Fix cpp/offset-use-before-range-check performance. 2022-12-07 17:32:36 +00:00
Geoffrey White
a8b8b54f8d Update cpp/ql/src/Security/CWE/CWE-311/CleartextBufferWrite.ql 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2022-12-07 16:44:33 +00:00
Geoffrey White
4b8575bfc3 C++: Simplify the query slightly. 2022-12-07 15:35:45 +00:00
Geoffrey White
b3d838d678 C++: Define the sources more clearly and consistently (fixes performance issue). 2022-12-07 14:45:39 +00:00
Jeroen Ketema
b5147bbfb0 C++: Deprecate DefaultTaintTracking and TaintTrackingImpl 2022-12-06 17:45:16 +01:00
Mathias Vorreiter Pedersen
2c500142c7 Merge pull request #11435 from jketema/rewrite-tainted-path 
C++: Rewrite `cpp/path-injection` to not use `DefaultTaintTracking`
 2022-12-06 14:54:57 +00:00
Jeroen Ketema
995efef5da C++: Add explanatory comment to hasFilteredFlowPath 2022-12-06 09:03:21 +01:00
Jeroen Ketema
6dbc59d5b5 C++: Simplify isSink based on reviewer comments 2022-12-05 23:23:08 +01:00
Mathias Vorreiter Pedersen
c563ed3635 Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2022-12-05 10:27:55 +00:00
github-actions[bot]
5e35785fd0 Post-release preparation for codeql-cli-2.11.5 2022-12-02 11:37:44 +00:00
github-actions[bot]
31ab22e3a0 Release preparation for version 2.11.5 2022-12-01 20:05:14 +00:00
Jeroen Ketema
3dfe18b565 C++: Introduce the coarse upper bound check from default taint tracking 2022-12-01 09:13:48 +01:00
Arthur Baars
cf7ebe2fa8 Merge pull request #11471 from github/rc/3.8 
Merge rc/3.8 into main
 2022-11-29 12:57:34 +01:00
Jeroen Ketema
d3cccca7f1 C++: Filter duplicate (source, sink)-pairs 2022-11-29 11:17:39 +01:00
Jeroen Ketema
378206ae7d C++: Stop taint from flowing to arithmetic types 
These are not likely to give the user much control over what can be accessed.
 2022-11-29 11:15:28 +01:00
Jeroen Ketema
718663415b C++: Stop flow from going through another source 
Without this we get confusing results:
```
    char *userAndFile = argv[2];
    char *fileName = argv[1];
    fopen(fileName, "wb+"); // Both argv[1] and argv[2] marked as source without
                            // this change.
```

While here add some more test cases.
 2022-11-29 10:52:57 +01:00
Jeroen Ketema
63334764d7 C++: Rewrite cpp/path-injection to not use DefaultTaintTracking 2022-11-29 10:52:57 +01:00
Jeroen Ketema
2ef13d1df7 Merge remote-tracking branch 'upstream/main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2022-11-29 10:43:01 +01:00
Felicity Chapman
59b6d657cc Apply suggestions from code review 
Co-authored-by: hubwriter <hubwriter@github.com>
 2022-11-28 15:45:05 +01:00
Felicity Chapman
c451fa8ad4 Update cpp/ql/src/Likely Bugs/RedundantNullCheckSimple.ql 
Co-authored-by: Taus <tausbn@github.com>
 2022-11-28 15:26:24 +01:00
Felicity Chapman
b5f849463b Update QL library references 2022-11-28 15:26:24 +01:00
Felicity Chapman
5f835da838 Update HTML comment in query 2022-11-28 15:25:38 +01:00
Jeroen Ketema
223eeb6921 C++: Fix upper bound detection in default taint flow 2022-11-24 14:38:36 +01:00
Jeroen Ketema
6fa5fdfeb2 C++: Fix CWE-611 XXE query to work with use-use dataflow - take 2 
This commit ensures stack allocated parsers are also handled.
 2022-11-23 23:59:04 +01:00
Erik Krogh Kristensen
1eec067474 Merge pull request #11294 from erik-krogh/fileDoc 
QL: improve the "this block-comment should have been a QLDoc"-query
 2022-11-23 22:23:36 +01:00
Jeroen Ketema
30bdd25228 C++: Fix CWE-611 XXE query to work with use-use dataflow 2022-11-23 16:14:28 +01:00
Jeroen Ketema
4731f9222c Merge remote-tracking branch 'upstream/main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2022-11-22 10:53:24 +01:00
ihsinme
5ceab40841 Update DivideByZeroUsingReturnValue.ql 2022-11-22 10:11:18 +03:00
Mathias Vorreiter Pedersen
c2ac60fc34 Merge pull request #11311 from MathiasVP/repair-mustflow 
C++: Repair `MustFlow` library for use-use flow
 2022-11-21 19:13:10 +00:00
Mathias Vorreiter Pedersen
7e80a57724 C++: Make ql-for-ql happy. 2022-11-21 15:13:19 +00:00
Mathias Vorreiter Pedersen
b748ed8f43 C++: Repair the 'MustFlow' library. 2022-11-18 16:41:32 +00:00
Mathias Vorreiter Pedersen
bfba95f9f7 C++: Fix performance of 'cpp/upcast-array-pointer-arithmetic'. 2022-11-18 14:50:18 +00:00
github-actions[bot]
5b14ebf22a Post-release preparation for codeql-cli-2.11.4 2022-11-18 11:26:00 +00:00
Mathias Vorreiter Pedersen
1e14af6e64 C++: Fix join in 'cpp/upcast-array-pointer-arithmetic'. 2022-11-18 10:19:55 +00:00
github-actions[bot]
e105c13e77 Release preparation for version 2.11.4 2022-11-17 16:40:45 +00:00
erik-krogh
20c4699478 CPP: convert some block-comments that could be QLDoc to QLDoc 2022-11-16 13:39:22 +01:00
Mathias Vorreiter Pedersen
16565401c7 C++: Reduce path duplication. 2022-11-14 15:29:57 +00:00
ihsinme
0fb1dedbb2 Update DivideByZeroUsingReturnValue.ql 2022-11-11 11:38:48 +03:00