hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,294 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.3
Commit Graph

1929 Commits

Author SHA1 Message Date
semmle-qlci
cfe0b8803a Merge pull request #332 from raulgarciamsft/users/raulga/c6293a 
Approved by dave-bartolomeo
 2018-10-25 00:59:35 +01:00
Jonas Jensen
3c6bed4de6 C++: FP fix for "operator= doesn't return *this" 2018-10-24 15:44:00 +02:00
Jonas Jensen
47a548f564 C++: FP test for "operator= doesn't return *this" 
This rule should not apply to functions that never return.
 2018-10-24 15:42:39 +02:00
Jonas Jensen
7affbe4a7d Merge pull request #341 from geoffw0/av_114 
CPP: Improve AV Rule 114.ql's understanding of return types.
 2018-10-24 09:39:51 +02:00
Jonas Jensen
640de0c947 Merge pull request #304 from geoffw0/resource-released 
CPP: Fix false positive in AV Rule 79.ql
 2018-10-23 20:24:23 +02:00
semmledocs-ac
1f390f2f77 Merge pull request #326 from rdmarsh2/rdmarsh/cpp/dead-code-goto 
C++: new query for dead code after goto or break
 2018-10-23 16:55:14 +01:00
Geoffrey White
dda7069890 CPP: Look for destructors in the template. 2018-10-23 13:05:43 +01:00
Geoffrey White
76a5072c8b CPP: Change in results presumed to result from discover_walk extractor changes. 2018-10-23 13:05:43 +01:00
Geoffrey White
b861df0887 CPP: Fix issue when destructor body is missing. 2018-10-23 13:05:42 +01:00
Geoffrey White
5931a978dc CPP: Add a test of a template instantiation where the destructor is never called. 2018-10-23 13:05:42 +01:00
Geoffrey White
f20af4906b CPP: Add a test of a Shutdown / Clear method. 2018-10-23 13:05:42 +01:00
Robert Marsh
7bcc4379fc C++: accept loops with arbitrary labels or cases 2018-10-22 09:59:49 -07:00
Raul Garcia
2f4da8841f Changing the name (file & tags) to match the JS version. 2018-10-19 15:21:56 -07:00
Geoffrey White
5158984613 CPP: Fix the issue. 2018-10-19 22:51:35 +01:00
Geoffrey White
c97a5ed292 CPP: Add tests of AV Rule 114.ql with non-trivial return types. 2018-10-19 22:49:53 +01:00
Geoffrey White
e9499b59e4 CPP: Exclude switch statements. 2018-10-19 10:24:29 +01:00
Geoffrey White
298ead162d CPP: Add more test cases for HResultBooleanConversion.ql. 2018-10-19 10:24:29 +01:00
Raul Garcia
e2fcaa9e20 Fixing typos & implementing the PR feedback 2018-10-18 14:44:24 -07:00
Ian Lynagh
ef1552339e C++: Enhance MagicConstantsNumbers test 2018-10-18 12:36:42 +01:00
Ian Lynagh
894a37ccda C++: Accept test changes 2018-10-18 12:36:42 +01:00
Raul Garcia
739804acb2 CPP : Ill-defined for-loop (C6293) 
Superset of C6293, it looks for a mismatch between the initialization statement && condition and the direction of the iteration expression in a for loop.
 2018-10-17 16:24:34 -07:00
Robert Marsh
17537bb88b C++: respond to doc comments 2018-10-17 11:57:54 -07:00
Robert Marsh
73cae5390e C++: new query for dead code after goto or break 2018-10-16 15:37:06 -07:00
Raul Garcia
7ab723ae79 Fixing typos & incorporating feedback. 
(MSFT feedback) Adding a new tag in the header @msrc.severity important
 2018-10-16 10:00:51 -07:00
Raul Garcia
22d54801e5 Removed one false-positive scenario (no space on lpCommandLine) 
Improved the query to avoid multiple calls to hasGlobalName
Fixed typos
Simplified the test case file
 2018-10-15 15:53:02 -07:00
Raul Garcia
242d40369b Merge branch 'master' into users/raulga/c6277 2018-10-12 15:59:54 -07:00
Raul Garcia
85283d63ce C++ : NULL application name with an unquoted path in call to CreateProcess 
Calling a function of the CreatePorcess* family of functions, which may result in a security vulnerability if the path contains spaces.
 2018-10-12 15:57:01 -07:00
Jonas Jensen
a10c3bcffb C++: Suppress UnsignedGEZero in template inst. 
It still runs on uninstantiated templates because its underlying
libraries do. It's not clear whether that leads to other false
positives, but that's independent of the change I'm making here.
 2018-10-10 17:06:24 +02:00
Jonas Jensen
383dafac5c C++: Test for UnsignedGEZero with templates 2018-10-10 17:04:35 +02:00
Geoffrey White
99816d77e3 CPP: Additional test case fixed in combination with typedef work. 2018-10-05 17:13:50 +01:00
Geoffrey White
94ff2e5693 CPP: Lets just not report when we're not sure. 2018-10-05 16:40:54 +01:00
Geoffrey White
2841897e3a CPP: Make getAFormatterWideType more general and move it into FormattingFunction.qll. 2018-10-05 16:40:54 +01:00
Geoffrey White
89c56486b5 CPP: Test getDefaultCharType etc. 2018-10-05 16:40:54 +01:00
Geoffrey White
e2be19b555 CPP: New mechanism for string types in printf.qll. 2018-10-05 16:40:54 +01:00
Geoffrey White
1af6c10888 CPP: Add a test where different word sizes are present. 2018-10-05 16:40:54 +01:00
Geoffrey White
800555865a CPP: More test cases. 2018-10-05 16:40:54 +01:00
Geoffrey White
2af56b89b1 CPP: Add a test where different wide types are present. 2018-10-05 15:32:36 +01:00
Geoffrey White
39f030b8f7 CPP: Annotate test. 2018-10-05 15:32:36 +01:00
Geoffrey White
e74721e3a4 CPP: Test fixes as a result of changes. 2018-10-05 15:32:36 +01:00
Robert Marsh
a3459ddf08 C++: add support for custom wide character sizes 
Certain Microsoft projects, such as CoreCLR and ChakraCore, use a
library called the PAL, which enables two-byte strings in the printf
family of functions, even when built on a platform with four-byte
strings. This adds support for determining the size of a wide character
from the definitions of such functions, rather than assuming that they
match the compiler's wchar_t.
 2018-10-05 15:32:35 +01:00
Jonas Jensen
4720c5ab60 Merge pull request #264 from raulgarciamsft/users/raulga/c6276 
C++: incorrect string type conversion
 2018-10-04 21:06:07 +02:00
Jonas Jensen
364c9a6961 C++: Suppress pointless compare in template inst. 
It still runs on uninstantiated templates because its underlying
libraries do. It's not clear whether that leads to other false
positives, but that's independent of the change I'm making here.
 2018-10-03 14:48:11 +02:00
Jonas Jensen
2eea359f79 C++: Test for PointlessComparison with templates 2018-10-03 14:47:00 +02:00
Jonas Jensen
4ad4b19911 Merge pull request #189 from geoffw0/wrongtypedef 
CPP: Permit more typedefs in WrongTypeFormatArguments.ql
 2018-10-03 09:40:06 +02:00
Raul Garcia
230724c085 Updates based on feedback 2018-10-02 11:17:23 -07:00
Tobias Smolka
51dcdeff59 C++: support Decltype in suspicious-call-to-memset 2018-10-02 16:47:04 +02:00
Raul Garcia
253b8d1287 C++ : cpp/incorrect-string-type-conversion 
Cast between semantically different string types: char* from/to wchar_t*
NOTE: Please let me know if you want to use a different CWE than CWE-704
 2018-10-01 10:25:49 -07:00
Raul Garcia
54493eb990 Merge branch 'master' into master 2018-09-25 10:58:51 -07:00
Raul Garcia
d6d27df27b Removing all usage of single quotes 2018-09-25 10:50:34 -07:00
Jonas Jensen
8f19efe2e8 Merge pull request #211 from raulgarciamsft/users/raulga/HESULT 
Cast between semantically different integer types: HRESULT to/from bool
 2018-09-25 09:01:35 +02:00