hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,624 Commits 1,671 Branches 157 Tags
codeql-cli-2.7.3
Commit Graph

3029 Commits

Author SHA1 Message Date
Geoffrey White
fa0f5d08a2 Merge branch 'main' into toctou2 2021-07-21 16:21:29 +01:00
Mathias Vorreiter Pedersen
6d0290809d Merge branch 'rc/3.2' into mergeback-2021-07-21 2021-07-21 10:23:58 +02:00
ihsinme
8aac5b339e Update FindIncorrectlyUsedExceptions.expected 2021-07-21 09:49:19 +03:00
ihsinme
4202759bcc Update test.cpp 2021-07-21 09:48:36 +03:00
ihsinme
2d1924ac0e Update test.cpp 2021-07-21 08:32:18 +03:00
Geoffrey White
473198a6ef C++: Accept any check followed by a 'sensitive' use such as 'chmod'. 2021-07-20 18:11:05 +01:00
Geoffrey White
c6d8abc9b1 C++: Add a couple more testcases. 2021-07-20 17:52:59 +01:00
Mathias Vorreiter Pedersen
a006a7fb24 Revert "Merge pull request #6004 from MathiasVP/path-sensitive-stack-variable-reachability-analysis" 
This reverts commit e3e7b00986, reversing
changes made to 8ccdd4fb9f.
 2021-07-20 18:06:49 +02:00
Geoffrey White
ae944b268a C++: Restrict the 'check' to stat / access only as these are by far the more reliable results. 2021-07-20 11:18:00 +01:00
Geoffrey White
ab4b2c2342 C++: Fix 'rename'. 2021-07-19 18:58:39 +01:00
Geoffrey White
7684796d63 C++: Fix handling of the 'stat' pointer argument. 2021-07-19 15:13:19 +01:00
Mathias Vorreiter Pedersen
7bc18abbb0 Merge pull request #6150 from geoffw0/toctou 
C++: Tests for cpp/toctou-race-condition
 2021-07-19 15:51:35 +02:00
Geoffrey White
49bbfefb4d C++: Fix uses of 'rename' in tests. 2021-07-19 13:57:16 +01:00
Robert Marsh
e0ff1d949b Merge pull request #6315 from MathiasVP/fix-off-by-one-in-rem-expr-range-analysis 
C++: Fix off–by-one in range analysis for `RemExpr`.
 2021-07-16 15:22:03 -07:00
Mathias Vorreiter Pedersen
39d9395bc3 C++: Fix off-by-one in range analysis for 'RemExpr'. 2021-07-16 16:35:19 +02:00
Mathias Vorreiter Pedersen
81aa115838 C++: Fix range analysis bug for 'RemExpr'. 2021-07-16 16:28:08 +02:00
Mathias Vorreiter Pedersen
dc2eea59a3 C++: Add buggy testcase with 'RemExpr'. 2021-07-16 16:27:09 +02:00
Geoffrey White
c5ed859cf5 C++: Update test comments to my best understanding. 2021-07-15 16:36:21 +01:00
Geoffrey White
c4322fdcd2 Merge pull request #6231 from ihsinme/ihsinme-patch-277 
Add query for CWE-758: Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
 2021-07-15 15:52:48 +01:00
Geoffrey White
e5e8a1b781 C++: Exclude integral types from SensitiveExprs. 2021-07-15 14:44:14 +01:00
Geoffrey White
dd95c53a3e C++: More test cases. 2021-07-15 14:39:56 +01:00
Geoffrey White
aabb2fc3a1 C++: Tune SensitiveExprs.qll based on real TP and FP results. 2021-07-15 14:25:29 +01:00
Geoffrey White
e3e7b00986 Merge pull request #6004 from MathiasVP/path-sensitive-stack-variable-reachability-analysis 
C++: Add path-sensitivity to `StackVariableReachability`
 2021-07-15 12:34:33 +01:00
Robert Marsh
4d8e882214 Merge pull request #6186 from geoffw0/formatarg 
C++: Fix FPs from cpp/wrong-type-format-argument
 2021-07-14 17:20:46 -07:00
Geoffrey White
652f903457 C++: Add simple dataflow to the query. 2021-07-13 17:48:48 +01:00
Geoffrey White
7500d75b5b C++: Fix some easy FPs. 2021-07-13 17:36:41 +01:00
Geoffrey White
133953303b C++: More test cases. 2021-07-13 17:32:08 +01:00
Mathias Vorreiter Pedersen
4fc60aedc6 C++: Relax the restrictions on when '%' is a barrier and accept test changes. 2021-07-12 17:39:12 +02:00
Mathias Vorreiter Pedersen
a6f1f8d3b6 C++: Add testcases demonstrating FPs from real code. 2021-07-12 17:39:12 +02:00
Mathias Vorreiter Pedersen
be06230b43 Merge branch 'main' into path-sensitive-stack-variable-reachability-analysis 2021-07-12 14:46:44 +02:00
Mathias Vorreiter Pedersen
d2cc0d3925 C++: Fix annotations. 2021-07-12 11:30:43 +02:00
ihsinme
eedcb0171d Add files via upload 2021-07-05 11:14:51 +03:00
Geoffrey White
dc2cb9bd62 C++: Fix numbering. 2021-07-02 18:33:36 +01:00
Geoffrey White
bc3b347569 C++: Another test case to consider. 2021-07-02 18:32:46 +01:00
Geoffrey White
a53b161afb C++: Move some variant tests to a case we definitely do want to flag the base case of. 2021-07-02 18:18:11 +01:00
Geoffrey White
c3cd1359d6 C++: Mark the cases we're not sure about. 2021-07-02 18:18:10 +01:00
Geoffrey White
d86a0ab7a5 C++: Add test cases involving file descriptor versions. 2021-07-02 18:17:59 +01:00
Geoffrey White
6e49891ed9 C++: Accept Microsoft/non-Microsoft format specifiers on the opposite platform. 2021-06-29 16:45:46 +01:00
Mathias Vorreiter Pedersen
38c487abf9 Merge branch 'main' into more-random-sources-in-uncontrolled-arithmetic 2021-06-24 15:56:15 +02:00
Mathias Vorreiter Pedersen
5bfb78b583 C++: Block flow through all bitwise 'and' and 'or' operations. This seems to be a common source of false positives on LGTM. 2021-06-24 15:53:59 +02:00
Mathias Vorreiter Pedersen
e8bba78825 C++: Convert 'cpp/uncontrolled-arithmetic' to use a 'TaintTracking::Configuration'. 2021-06-24 15:51:44 +02:00
Anders Schack-Mulligen
95ad8b55fe Merge pull request #6107 from aschackmull/dataflow/implicit-reads 
Dataflow: Add support for implicit reads
 2021-06-24 15:38:35 +02:00
Mathias Vorreiter Pedersen
2938ad5f8f C++: Add testcase demonstrating the fix from a8c57ec4aa. 2021-06-23 23:01:49 +02:00
Geoffrey White
eeb84d4209 C++: Add more test cases for the toctou query. 2021-06-23 17:12:53 +01:00
Mathias Vorreiter Pedersen
295e022df3 Merge branch 'main' into improve-tainted-arithmetic 2021-06-23 15:45:18 +02:00
Ian Lynagh
089e4e2e1e Merge pull request #6147 from AlexDenisov/adjust_test_expectation 
C++: Adjust test expectations after frontend upgrade
 2021-06-23 14:43:47 +01:00
Alex Denisov
653afc8448 C++: Adjust test expectations after frontend upgrade 2021-06-23 14:39:16 +02:00
Mathias Vorreiter Pedersen
90633b9ce1 C++: Make the new SQL abstract classes extend 'Function' instead. This is more in line with how we model RemoteFlowFunction. 2021-06-23 11:49:51 +02:00
Mathias Vorreiter Pedersen
6379463bcf Merge branch 'main' into improve-tainted-arithmetic 2021-06-23 11:42:45 +02:00
Geoffrey White
298f70f082 Merge pull request #6120 from MathiasVP/not-overflow-is-barrier-in-cwe-190 
C++: Recognize any non-overflowing arithmetic expression as a barrier for `cpp/uncontrolled-arithmetic`
 2021-06-23 10:35:33 +01:00