hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,874 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.5
Commit Graph

13844 Commits

Author SHA1 Message Date
Tom Hvitved
58a0815033 Merge remote-tracking branch 'upstream/master' into mergeback-2018-10-17 2018-10-17 13:24:37 +02:00
Robert Marsh
61f338449c C++: Change note and precision for DeadCodeGoto.ql 2018-10-16 15:40:59 -07:00
Robert Marsh
73cae5390e C++: new query for dead code after goto or break 2018-10-16 15:37:06 -07:00
Raul Garcia
7ab723ae79 Fixing typos & incorporating feedback. 
(MSFT feedback) Adding a new tag in the header @msrc.severity important
 2018-10-16 10:00:51 -07:00
semmle-qlci
6172c95e60 Merge pull request #320 from geoffw0/deprecated 
Approved by yh-semmle
 2018-10-16 15:45:06 +01:00
Raul Garcia
22d54801e5 Removed one false-positive scenario (no space on lpCommandLine) 
Improved the query to avoid multiple calls to hasGlobalName
Fixed typos
Simplified the test case file
 2018-10-15 15:53:02 -07:00
Raul Garcia
cd5e788aa7 Update UnsafeCreateProcessCall.ql 2018-10-15 13:41:21 -07:00
Raul Garcia
1d853691eb Update UnsafeCreateProcessCall.qhelp 2018-10-15 13:40:40 -07:00
Raul Garcia
b8f8c99529 Update UnsafeCreateProcessCall.qhelp 2018-10-15 13:39:46 -07:00
Geoffrey White
ff34ae2a46 CPP: Add deprecated metadata. 2018-10-15 08:56:49 +01:00
Raul Garcia
242d40369b Merge branch 'master' into users/raulga/c6277 2018-10-12 15:59:54 -07:00
Raul Garcia
85283d63ce C++ : NULL application name with an unquoted path in call to CreateProcess 
Calling a function of the CreatePorcess* family of functions, which may result in a security vulnerability if the path contains spaces.
 2018-10-12 15:57:01 -07:00
semmle-qlci
a8be7f2434 Merge pull request #312 from aschackmull/java/autoformat-libs 
Approved by yh-semmle
 2018-10-12 20:02:52 +01:00
Geoffrey White
a9b55534b4 CPP: Speed up phi_node > frontier_phi_node > ssa_defn recursion. 2018-10-12 18:11:53 +01:00
Anders Schack-Mulligen
f341aa79a3 Java/C: Sync dataflow copies. 2018-10-12 13:40:32 +02:00
Geoffrey White
6fc5ff53d7 CPP: Speed up getBufferSize. 2018-10-12 12:34:22 +01:00
Geoffrey White
3b8c72bf1e Merge pull request #303 from jbj/UnsignedGEZero-templates 
C++: Suppress UnsignedGEZero.ql in template instantiations
 2018-10-12 09:43:48 +01:00
Geoffrey White
9d5e674fc5 CPP: Fix hasXMacro performance. 2018-10-11 16:42:36 +01:00
Tom Hvitved
b29b314f4e Merge remote-tracking branch 'upstream/master' into mergeback-2018-10-11 2018-10-11 14:36:44 +02:00
Felicity Chapman
e2629728ba Merge pull request #235 from jbj/hresult-boolean-qhelp 
C++: Finalise docs for cpp/hresult-boolean-conversion and cpp/unsafe-dacl-security-descriptor
 2018-10-11 11:02:17 +01:00
Jonas Jensen
a10c3bcffb C++: Suppress UnsignedGEZero in template inst. 
It still runs on uninstantiated templates because its underlying
libraries do. It's not clear whether that leads to other false
positives, but that's independent of the change I'm making here.
 2018-10-10 17:06:24 +02:00
Jonas Jensen
383dafac5c C++: Test for UnsignedGEZero with templates 2018-10-10 17:04:35 +02:00
Jonas Jensen
3e022ad36f Merge pull request #270 from geoffw0/negindex 
CPP: Improvements to Buffer.qll
 2018-10-10 14:59:41 +02:00
Jonas Jensen
4b59c0cb80 Merge branch 'master' into hresult-boolean-qhelp 2018-10-09 14:56:58 +02:00
Geoffrey White
8163def3ae CPP: Alter the dataflow case. 2018-10-08 15:45:17 +01:00
Geoffrey White
8ab830f21c CPP: Allow multiple dataflow sources. 2018-10-08 15:45:17 +01:00
Geoffrey White
fe6c9f9ea2 CPP: Stricter dataflow in getBufferSize. 2018-10-08 15:45:17 +01:00
Geoffrey White
beb21f92d3 CPP: Separate the dataflow case from dynamic allocation. 2018-10-08 15:45:17 +01:00
Geoffrey White
ef8ca5de58 CPP: Replace def-use with dataflow in getBufferSize. 2018-10-08 15:45:17 +01:00
Geoffrey White
c747f24b39 CPP: Fix the initialized array case in getBufferSize. 2018-10-08 15:45:17 +01:00
Tom Hvitved
ccebd5eb11 Merge remote-tracking branch 'upstream/master' into mergeback-2018-10-08 2018-10-08 16:23:29 +02:00
Pavel Avgustinov
2904ebb8a3 Merge pull request #291 from jbj/mergeback-20181008 
Mergeback rc/1.18 to master
 2018-10-08 13:56:50 +01:00
Jonas Jensen
4e25929f82 Merge pull request #288 from geoffw0/widechartype 
CPP: Address Widechartype / WChar_t
 2018-10-08 13:46:28 +02:00
Tom Hvitved
49644bfb47 Merge remote-tracking branch 'upstream/master' into mergeback-2018-10-08 2018-10-08 11:48:56 +02:00
Jonas Jensen
799c034a5e Merge pull request #282 from rdmarsh2/rdmarsh/cpp/simple-range-analysis-caching 
C++: add cached module to SimpleRangeAnalysis
 2018-10-08 11:44:35 +02:00
Jonas Jensen
628540cf7b Merge remote-tracking branch 'upstream/rc/1.18' into mergeback-20181008 2018-10-08 09:55:31 +02:00
Geoffrey White
e2a001f925 Merge pull request #285 from jbj/primitive-bb-joinorder 
C++: Speed up primitive basic block calculation
 2018-10-06 19:47:49 +01:00
Geoffrey White
e0140f9112 CPP: Change some uses of WideCharType to Wchar_t. 2018-10-05 22:03:47 +01:00
Geoffrey White
ecf8e5d936 CPP: Add backticks. 2018-10-05 21:42:16 +01:00
Geoffrey White
d649835f45 CPP: Add an explanatory comment on WideCharType and Wchar_t. 2018-10-05 21:41:35 +01:00
Robert Marsh
c0cf16ab2e C++: move expr predicactes to cached module 2018-10-05 09:34:16 -07:00
Geoffrey White
99816d77e3 CPP: Additional test case fixed in combination with typedef work. 2018-10-05 17:13:50 +01:00
Geoffrey White
67a7b75b84 CPP: Simplify getAFormatterWideType. 2018-10-05 16:40:54 +01:00
Geoffrey White
605db444a6 CPP: Fix for consistency. 2018-10-05 16:40:54 +01:00
Geoffrey White
94ff2e5693 CPP: Lets just not report when we're not sure. 2018-10-05 16:40:54 +01:00
Geoffrey White
2841897e3a CPP: Make getAFormatterWideType more general and move it into FormattingFunction.qll. 2018-10-05 16:40:54 +01:00
Geoffrey White
580471ab1d CPP: Replace stripTopLevelSpecifiers to emulate old behaviour. 2018-10-05 16:40:54 +01:00
Geoffrey White
89c56486b5 CPP: Test getDefaultCharType etc. 2018-10-05 16:40:54 +01:00
Geoffrey White
e2be19b555 CPP: New mechanism for string types in printf.qll. 2018-10-05 16:40:54 +01:00
Geoffrey White
1af6c10888 CPP: Add a test where different word sizes are present. 2018-10-05 16:40:54 +01:00