hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,991 Commits 1,671 Branches 157 Tags
codeql-cli-2.7.4
Commit Graph

5096 Commits

Author SHA1 Message Date
Geoffrey White
3ba9e80635 C++: Support various functions / variants. 2021-09-13 09:50:03 +01:00
Geoffrey White
1707d67adb C++: Support 'send' as well. 2021-09-13 09:49:40 +01:00
Mathias Vorreiter Pedersen
44f477d552 C++: Add uninterpreted query for obtaining frontend and extraction time. 2021-09-08 14:32:50 +01:00
Geoffrey White
246302453f C++: Add CleartextTransmission query. 2021-09-06 18:11:19 +01:00
ihsinme
8b0d5a2e7b Update cpp/ql/src/experimental/Security/CWE/CWE-675/DoubleRelease.qhelp 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2021-09-05 22:46:37 +03:00
Andrew Eisenberg
6a47fcaf1f Packaging: Normalize all qlpack.yml files for all languages 
This commit ensures consistency among all of our qlpacks. Here are the
changes:

1. Ensure only modern references are used (codeql-{lang} is converted to
   codeql/{lang}-all or codeql/{lang}-queries where appropriate).
2. Use consistent version numbers. All languages are at 0.0.2 except
   javascript, which is 0.0.3.
3. Convert all `libraryPathDependencies` to `dependencies` with version
   constraints
4. Dependencies from query packs to other packs are always `"*"` since
   these dependencies are always from source and we should get the
   latest.
5. Dependencies from codeql/{lang}-lib to codeql/{lang}-upgrades must
   be strict since there is a tight connection between the libary
   and its relevant upgrades.
 2021-09-03 11:53:28 -07:00
ihsinme
9f4b7255aa Add files via upload 2021-09-02 10:21:07 +03:00
Jonas Jensen
abdf993e47 Merge pull request #6537 from andersfugmann/implicit_downcast_involving_references 
Implicit downcast involving references
 2021-08-25 09:45:32 +02:00
Jonas Jensen
19ee64d9ad C++:Lower potentially-dangerous-function precision 
There have been multiple reports of false positives from this query over
time. Now that it has `@security-severity 10.0`, these false positives
look even worse.

The query looks purely for calls to functions with certain names, not
at whether the calls happen in a dangerous context. To justify a higher
precision, the query should only flag calls that happen in a thread or
another non-reentrant context.
 2021-08-24 17:14:42 +02:00
Anders Fugmann
6d4b7c828c C++: Remove superfluous 'and any()' 2021-08-24 09:37:39 +02:00
Anders Fugmann
9324d8f348 C++: Fix case where implicit downcasts were not detected when using reference 2021-08-23 14:44:49 +02:00
Andrew Eisenberg
2b36378917 C++: Move file from src to lib 
Neglected to do this one earlier.
 2021-08-19 13:12:42 -07:00
Andrew Eisenberg
03d6b15401 Merge branch 'main' into aeisenberg/pack/cpp 2021-08-17 15:28:47 -07:00
Andrew Eisenberg
88ceb42356 Packaging: Migrate cpp experimental/semmle folder to lib 
Also, fix up some library path dependencies.
 2021-08-17 14:41:41 -07:00
Andrew Eisenberg
d8e4e25c1e Packaging: Fix query pack references 
We can't have recursive references to query packs.
 2021-08-17 13:03:40 -07:00
Andrew Eisenberg
2c5dd2dfa3 Packaging: Refactor the cpp libraries 
This PR separates the core cpp packs into `codeql/cpp-queries` and
`codeql/cpp-all`.

There are very few lines of code changed. Almost all changes are moving
files around.
 2021-08-17 11:22:36 -07:00
Andrew Eisenberg
e566fb9c5a Packaging: Update suite-helpers qlpack 
Uses new style naming scheme.
 2021-08-16 17:51:33 -07:00
ihsinme
6988912b72 Update UndefinedOrImplementationDefinedBehavior.ql 2021-08-16 15:20:00 +03:00
ihsinme
74f372d547 Update UndefinedOrImplementationDefinedBehavior.ql 2021-08-16 14:11:28 +03:00
Alexandre Boulgakov
00466e4bb0 Merge pull request #6464 from sashabu/sashabu/auto 
C++: Expose trailing return type presence.
 2021-08-11 18:43:39 +01:00
Alexandre Boulgakov
490498899b C++: Expose trailing return type presence. 2021-08-11 16:04:07 +01:00
Geoffrey White
3f72a1abea Merge pull request #6471 from MathiasVP/fix-fp-in-incorrect-allocation-error-handling 
C++: Fix false-positive in 'cpp/incorrect-allocation-error-handling'
 2021-08-11 15:56:55 +01:00
Mathias Vorreiter Pedersen
0d1884d7a6 C++: Fix FP and accept test changes. 2021-08-11 15:38:57 +02:00
Mathias Vorreiter Pedersen
89ce25f247 Merge pull request #6083 from ihsinme/ihsinme-patch-275 
CPP: Add query for CWE-783 Operator Precedence Logic Error When Use Bitwise Or Logical Operations
 2021-08-11 14:40:09 +02:00
ihsinme
6d24047626 Update OperatorPrecedenceLogicErrorWhenUseBitwiseOrLogicalOperations.ql 2021-08-11 14:34:20 +03:00
Jordy Zomer
a3bacc76f1 Update cpp/ql/src/experimental/Security/CWE/CWE-787/UnsignedToSignedPointerArith.ql 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2021-08-05 23:31:12 +02:00
Jordy Zomer
cf40d0ae4d Fix a typo unsiged -> unsigned 2021-08-05 16:40:49 +02:00
Jordy Zomer
489ac04f86 Remove author tag 2021-08-05 12:34:31 +02:00
Jordy Zomer
19bb8e8c17 Make requested changes 2021-08-03 21:54:04 +02:00
Jordy Zomer
e07516585a cpp: Add query to detect unsigned integer to signed integer conversions used in pointer arithmetics 2021-08-03 19:08:47 +02:00
Mathias Vorreiter Pedersen
8ce6335383 Merge pull request #6372 from geoffw0/uncontrolledarith 2021-08-03 17:53:39 +02:00
Geoffrey White
54253bc2eb C++: Resurrect underflow detection, but only on unsigned types. 2021-08-03 15:02:39 +01:00
Geoffrey White
23ba7dcf9c Merge pull request #6141 from ihsinme/ihsinme-patch-276 
CPP: Add a query to find incorrectly used exceptions. 2
 2021-08-03 14:46:39 +01:00
ihsinme
a1755b0b53 Update OperatorPrecedenceLogicErrorWhenUseBitwiseOrLogicalOperations.ql 2021-08-03 15:42:59 +03:00
ihsinme
e5c30c2edf Update OperatorPrecedenceLogicErrorWhenUseBitwiseOrLogicalOperations.ql 2021-08-03 15:29:51 +03:00
ihsinme
4f09545f24 Update OperatorPrecedenceLogicErrorWhenUseBitwiseOrLogicalOperations.ql 2021-08-03 15:12:39 +03:00
ihsinme
15e76d1a98 Update cpp/ql/src/experimental/Security/CWE/CWE-783/OperatorPrecedenceLogicErrorWhenUseBitwiseOrLogicalOperations.ql 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-08-03 15:11:22 +03:00
Mathias Vorreiter Pedersen
43044cd475 Merge pull request #6081 from ihsinme/ihsinme-patch-273 
CPP: Add a query to find incorrectly used switch
 2021-08-03 13:16:45 +02:00
Geoffrey White
904db788ec Merge branch 'main' into impropnull 2021-08-02 15:00:12 +01:00
Mathias Vorreiter Pedersen
bbbbeda7c3 Merge pull request #6385 from MathiasVP/more-FieldConfiguration-sources 
C++: Fix missing local flow in AST dataflow
 2021-08-02 15:22:07 +02:00
ihsinme
375a60194b Update OperatorPrecedenceLogicErrorWhenUseBitwiseOrLogicalOperations.ql 2021-08-01 16:44:54 +03:00
ihsinme
098773dd10 Update FindIncorrectlyUsedSwitch.ql 2021-08-01 15:04:30 +03:00
Geoffrey White
417edab126 C++: Simplify out the 'effect' string. 2021-07-29 15:44:53 +01:00
Geoffrey White
13823df5a1 C++: Remove underflow detection. 2021-07-29 15:22:18 +01:00
Alexandre Boulgakov
e55bd4fb64 C++: Allow querying virtual, override, and final declaration specifiers. 2021-07-29 14:02:03 +01:00
Mathias Vorreiter Pedersen
41d233f086 C++: Make the 'definition by reference'-node in 'foo(a.b);' a source in the 'FieldConfiguration' configuration. 2021-07-29 14:49:59 +02:00
Geoffrey White
ae35ae10e6 C++: Fix readlink FPs. 2021-07-28 17:45:18 +01:00
ihsinme
2d5a263799 Update FindIncorrectlyUsedExceptions.ql 2021-07-28 18:46:49 +03:00
Geoffrey White
c2ef58d29d C++: Support 'readlinkat'. 2021-07-28 16:15:28 +01:00
Geoffrey White
e7842b9625 C++: Autoformat. 2021-07-27 14:19:30 +01:00