hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,294 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.3
Commit Graph

1929 Commits

Author SHA1 Message Date
Robert Marsh
9de63b2812 Merge branch 'main' into rdmarsh2/cpp/hex-format-range-analysis 
Accept test changes from query split
 2022-01-14 12:53:52 -05:00
Paolo Tranquilli
c117a1e21f C++: demote VeryLikelyOverrunWrite cast results 
There were some false positives where something like

    int x;
    // ...
    sprintf(buff, "%ld", (long)x);

was considered as if the parameter had a non-trivial range analysis only
because the range of `int` is smaller than the range for `long`, without
any non-trivial range analysis actually done on `x`.

These will now be reported by `OverrunWrite` instead.
 2022-01-13 11:59:48 +00:00
Paolo Tranquilli
9f811b2439 C++: remove unused variables and fix tests 2022-01-13 11:59:47 +00:00
Paolo Tranquilli
a0059202db C++: split cpp/overrunning-write into two 
This splits the `cpp/overruning-write` into two separate queries based
off on the reason for the estimation. If the overrun is detected based
on non-trivial range analysis, the results are now marked by the new
`cpp/very-likely-overruning-write` high precision query. If it is based
on less precise, usually type based bounds, then it will still be marked
by `cpp/overruning-write` which remains at medium precision.
 2022-01-13 11:59:47 +00:00
Robert Marsh
fe355a0bc9 C++: update test comments 2022-01-10 12:38:08 -05:00
Robert Marsh
67fb48fcc1 C++: use range analysis for hex format lengths 
The "new" result on line 189 is a tighter bound than was previously
established, not a newly introduced location.
 2022-01-07 16:16:22 -05:00
Robert Marsh
fa9242befe C++: Add tests for bounded hex format values 2022-01-07 16:08:53 -05:00
Robert Marsh
4322a39807 C++: fix typo in Overflow.qll abs handling 2022-01-07 14:09:47 -05:00
Robert Marsh
4f23cce63b C++: Accept more test output 2022-01-07 11:27:45 -05:00
Robert Marsh
355fc0ae63 C++: Use Guards library in Overflow.qll 
Replaces the ad-hoc guard handling with the Guards library. Fixes an
observed false positive pattern, and (hopefully) means some pragmas are
no longer necessary for performance.
 2022-01-06 12:15:37 -05:00
Robert Marsh
617bdbc5ba C++: test for guard-by-return in Overflow.qll 2022-01-06 12:15:37 -05:00
Mathias Vorreiter Pedersen
37c72cae3e Merge branch 'main' into promote-arithmetic-uncontrolled 2022-01-05 08:12:47 +00:00
Mathias Vorreiter Pedersen
5a38f81e23 C++: Accept test changes. 2021-12-21 08:08:59 +01:00
Mathias Vorreiter Pedersen
aa92fe8c90 Merge pull request #7338 from geoffw0/clrtxt2 
C++: Improvements to cpp/cleartext-transmission
 2021-12-20 16:05:12 +01:00
Geoffrey White
9363d64166 Merge pull request #7395 from MathiasVP/fix-fp-in-pointless-self-comparison 
C++: Fix FP in `cpp/comparison-of-identical-expressions`
 2021-12-15 10:47:57 +00:00
Mathias Vorreiter Pedersen
65c301c39f Update cpp/ql/test/query-tests/Likely Bugs/Arithmetic/BadAdditionOverflowCheck/templates.cpp 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2021-12-15 09:22:41 +00:00
Mathias Vorreiter Pedersen
b2082cc3da C++: Fix false positive in 'cpp/cpp/comparison-of-identical-expressions'. 2021-12-14 16:39:25 +00:00
Mathias Vorreiter Pedersen
9d14a85f3f C++: Add false positive. 2021-12-14 16:38:19 +00:00
Geoffrey White
041c2c77b3 C++: Separate two test cases slightly so that we get clearer test coverage of the interprocedural / multi-path cases. 2021-12-13 18:18:29 +00:00
Andrew Eisenberg
66c1629974 Merge pull request #7285 from github/post-release-prep-2.7.3-ddd4ccbb 
Post-release preparation 2.7.3
 2021-12-10 09:59:45 -08:00
Geoffrey White
23d4d035e5 C++: Different approach to sensitive exprs. 2021-12-09 18:33:50 +00:00
Geoffrey White
65f4ccce28 C++: Another test case. 2021-12-09 18:20:52 +00:00
Geoffrey White
0031ed39ec C++: Additional test cases. 2021-12-08 17:45:51 +00:00
Geoffrey White
122f6385e6 C++: Improve recognition of stdin, stdout etc. 2021-12-07 20:42:35 +00:00
Geoffrey White
6896b20dcd C++: Redesign and fix results that appear to be encrypted. 2021-12-07 20:42:13 +00:00
Geoffrey White
511bee7a1a C++: Fix results that flow to/from encryption routines. 2021-12-07 15:44:18 +00:00
Geoffrey White
b82425a35c C++: Add various new test cases. 2021-12-07 11:58:56 +00:00
Geoffrey White
2d4a2e0d44 C++: Test spacing. 2021-12-07 11:58:06 +00:00
Mathias Vorreiter Pedersen
9f8326a3fa Merge pull request #7243 from geoffw0/sslquery2 
C++: New query for SSL certificates not checked
 2021-12-01 15:02:19 +00:00
Paolo Tranquilli
3f218c903b C++: add some more range analysis tests 
Add more covering for integer conversions and some unsigned bit
manipulation.
 2021-11-30 11:29:02 +00:00
Geoffrey White
8f270b665c C++: Fix test comments. 2021-11-30 08:56:24 +00:00
Mathias Vorreiter Pedersen
f4555ed1a2 Merge pull request #7242 from geoffw0/sslquery 2021-11-30 07:01:33 +00:00
Dave Bartolomeo
2dfcd1dd9c Add groups property 
Also removed versions from test packs
 2021-11-29 14:15:53 -05:00
Geoffrey White
5eb814fd8b C++: Prototype SSL result not checked query. 2021-11-24 18:26:37 +00:00
Geoffrey White
6afcbce421 C++: Prototype SSL result conflation query. 2021-11-24 18:22:24 +00:00
Mathias Vorreiter Pedersen
2e7ddb479e C++: Accept test changes. 2021-11-24 09:41:00 +00:00
Paolo Tranquilli
0547e4ccf2 update further test with new locations 2021-11-23 15:28:15 +00:00
Mathias Vorreiter Pedersen
672485ae38 Merge branch 'main' into remove-reference-to-as-load 2021-11-23 10:24:17 +00:00
Mathias Vorreiter Pedersen
21167f4b67 C++: Accept test changes. 2021-11-22 13:04:23 +00:00
Geoffrey White
6f2b528a32 C++: Move experimental test. 2021-11-22 11:02:06 +00:00
Mathias Vorreiter Pedersen
c998370c84 C++: Accept more test changes. 2021-11-17 15:22:17 +00:00
Mathias Vorreiter Pedersen
71c279f537 Merge branch 'main' into use-range-analysis-in-buffer-write 2021-11-16 09:14:02 +00:00
Mathias Vorreiter Pedersen
9a9f7943aa C++: Fix bug for exact powers of 10 and accept test changes. 2021-11-15 13:20:45 +00:00
Mathias Vorreiter Pedersen
53884915a5 C++: Add more tests (which demonstrate a couple of bugs in the implementation). 2021-11-15 13:18:30 +00:00
Mathias Vorreiter Pedersen
c2e057def9 Merge pull request #7094 from geoffw0/non-https-url 
C++: New query 'Failure to use HTTPS URLs'
 2021-11-15 10:00:19 +00:00
Geoffrey White
901919f7ff C++: Add tests expanding on the issue with (global) variables. 2021-11-11 09:40:03 +00:00
Mathias Vorreiter Pedersen
e2ab1c8c5e Merge branch 'main' into use-range-analysis-in-buffer-write 2021-11-10 08:28:43 +00:00
Geoffrey White
6388ac5f1d C++: Add tests. 2021-11-09 18:41:57 +00:00
Mathias Vorreiter Pedersen
a9b7fed537 C++: Accept test changes. 2021-11-04 21:25:37 +00:00
Mathias Vorreiter Pedersen
693baae1ba C++: Add test cases with false positives due to missing range analysis in 'cpp/overrunning-write'. 2021-11-04 21:13:28 +00:00