hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,991 Commits 1,671 Branches 157 Tags
codeql-cli-2.7.4
Commit Graph

5096 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
be06230b43 Merge branch 'main' into path-sensitive-stack-variable-reachability-analysis 2021-07-12 14:46:44 +02:00
Mathias Vorreiter Pedersen
dec747f6f0 Merge branch 'main' into more-random-sources-in-uncontrolled-arithmetic 2021-07-12 13:48:48 +02:00
Mathias Vorreiter Pedersen
04dcef5ec4 C++: Include ComplementExpr as a sanitizer. 2021-07-12 11:53:47 +02:00
Cornelius Riemenschneider
d34f7b941a C++: Address code review. 2021-07-12 11:43:43 +02:00
Cornelius Riemenschneider
e821b8be99 C++: Fix warning from compile-query. 2021-07-12 11:43:43 +02:00
ihsinme
b10bdf1475 Add files via upload 2021-07-05 11:13:05 +03:00
Geoffrey White
cf8fa830a9 C++: Clarify the note about file descriptors. 2021-07-02 18:18:10 +01:00
Geoffrey White
cfbfe924ef C++: Replace cached with more efficient QL. 2021-07-02 13:03:46 +01:00
Geoffrey White
41a540e4e0 C++: Make isMicrosoft() faster. 2021-07-01 17:42:02 +01:00
Anders Schack-Mulligen
37f8794d01 Merge pull request #6165 from edoardopirovano/fix-regression 
Performance: Improve join order in data flow library
 2021-07-01 14:13:18 +02:00
ihsinme
02bf800b6d Update FindIncorrectlyUsedSwitch.ql 2021-07-01 08:50:46 +03:00
Geoffrey White
dcc7a6360f C++: Simplify a bit and remove two noopts that don't seem to make a difference. 2021-06-29 19:05:13 +01:00
Edoardo Pirovano
8354f66c29 Performance: Improve join order in data flow library 2021-06-29 18:23:22 +01:00
Geoffrey White
5bf7e453e6 C++: Tidy up WrongTypeFormatArguments.ql somewhat. 2021-06-29 16:45:47 +01:00
Geoffrey White
6e49891ed9 C++: Accept Microsoft/non-Microsoft format specifiers on the opposite platform. 2021-06-29 16:45:46 +01:00
ihsinme
6e7644f529 Update FindIncorrectlyUsedExceptions.ql 2021-06-27 22:27:41 +03:00
Aditya Sharad
61e6dcb56d Ensure only one query per language is tagged lines-of-code 
Some languages have multiple `summary` queries for lines of code,
representing different forms of counting (user written, total, etc).
When Code Scanning sees results from multiple such summary queries in a single run,
it will need to choose one as the primary LoC count to display in the UI.

By ensuring only one query per language has the `lines-of-code` tag,
in future we can teach Code Scanning to look for this particular tag
to identify the primary LoC count.

If a "lines of user code" query is available, use that.
Otherwise use the total "lines of code".

(It is completely fine for multiple queries to be tagged with `summary`.)
 2021-06-25 16:45:37 -07:00
Mathias Vorreiter Pedersen
794d96e52c C++: Use call context information to perform function-pointer resolution. 2021-06-25 14:45:56 +02:00
Mathias Vorreiter Pedersen
fd477383b0 C++: Fix join order in 'bbSuccessorEntryReachesLoopInvariant'. 2021-06-25 10:49:33 +02:00
Anders Schack-Mulligen
2d24387e9e Merge pull request #6149 from edoardopirovano/fix-java-regression 
Performance: Fix bad join order in Java dataflow library
 2021-06-25 10:42:05 +02:00
Mathias Vorreiter Pedersen
af56c782bf C++: Add QLDoc. 2021-06-24 15:57:01 +02:00
Mathias Vorreiter Pedersen
38c487abf9 Merge branch 'main' into more-random-sources-in-uncontrolled-arithmetic 2021-06-24 15:56:15 +02:00
Mathias Vorreiter Pedersen
5bfb78b583 C++: Block flow through all bitwise 'and' and 'or' operations. This seems to be a common source of false positives on LGTM. 2021-06-24 15:53:59 +02:00
Mathias Vorreiter Pedersen
e8bba78825 C++: Convert 'cpp/uncontrolled-arithmetic' to use a 'TaintTracking::Configuration'. 2021-06-24 15:51:44 +02:00
Anders Schack-Mulligen
95ad8b55fe Merge pull request #6107 from aschackmull/dataflow/implicit-reads 
Dataflow: Add support for implicit reads
 2021-06-24 15:38:35 +02:00
Anders Schack-Mulligen
cd0efbe7ce Dataflow: Sync. 2021-06-24 14:19:17 +02:00
Mathias Vorreiter Pedersen
c0ffd9027f C++: Add more random sources. 2021-06-24 13:40:00 +02:00
Mathias Vorreiter Pedersen
c8c77396fa C++: Get rid of the trivial 'True' condition. Turns out it's not actually needed. 2021-06-24 09:57:54 +02:00
Mathias Vorreiter Pedersen
656ff4aee9 C++: Add more QLDoc. 2021-06-24 09:57:25 +02:00
Mathias Vorreiter Pedersen
d70ea5f6e0 Update cpp/ql/src/semmle/code/cpp/controlflow/StackVariableReachability.qll 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2021-06-24 09:27:11 +02:00
Edoardo Pirovano
0909c9ff22 Performance: Fix bad join order in dataflow library 2021-06-24 08:24:17 +01:00
Geoffrey White
06591956ff C++: Rename some variables. 2021-06-23 17:54:47 +01:00
Mathias Vorreiter Pedersen
43bbd4f7ad C++: Fix join order with 'pragma[noopt]'. 2021-06-23 18:34:04 +02:00
Geoffrey White
a2c904d0c0 C++: Clarify the meanings of predicates. 2021-06-23 17:17:50 +01:00
Mathias Vorreiter Pedersen
a8c57ec4aa C++: Prevent false negatives caused by incorrectly concluding that a loop variant condition refutes itself across loop iterations. 2021-06-23 15:08:16 +02:00
Mathias Vorreiter Pedersen
c44475458e Update cpp/ql/src/Security/CWE/CWE-190/Bounded.qll 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2021-06-23 14:38:36 +02:00
Mathias Vorreiter Pedersen
d308dd2f40 Update cpp/ql/src/semmle/code/cpp/controlflow/StackVariableReachability.qll 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2021-06-23 11:54:56 +02:00
Mathias Vorreiter Pedersen
90633b9ce1 C++: Make the new SQL abstract classes extend 'Function' instead. This is more in line with how we model RemoteFlowFunction. 2021-06-23 11:49:51 +02:00
Mathias Vorreiter Pedersen
6379463bcf Merge branch 'main' into improve-tainted-arithmetic 2021-06-23 11:42:45 +02:00
Geoffrey White
298f70f082 Merge pull request #6120 from MathiasVP/not-overflow-is-barrier-in-cwe-190 
C++: Recognize any non-overflowing arithmetic expression as a barrier for `cpp/uncontrolled-arithmetic`
 2021-06-23 10:35:33 +01:00
Mathias Vorreiter Pedersen
9b94f3a650 Merge branch 'main' into improve-tainted-arithmetic 2021-06-23 11:04:08 +02:00
Mathias Vorreiter Pedersen
a611e76ed2 C++: Respond to review comments. 2021-06-23 10:28:00 +02:00
ihsinme
460fde72ff Add files via upload 2021-06-23 10:44:27 +03:00
Mathias Vorreiter Pedersen
2e2673aff6 C++: Delete the experimental SqlPqxxTainted query. 2021-06-22 17:13:07 +02:00
Mathias Vorreiter Pedersen
222cd41aa3 C++: Use the new SQL interface in 'Security.qll' and 'SqlTainted.ql'. 2021-06-22 17:13:06 +02:00
Mathias Vorreiter Pedersen
092fbd60d9 C++: Create a new SQL interface. 2021-06-22 17:13:06 +02:00
ihsinme
94bd2a32f9 Update FindIncorrectlyUsedSwitch.qhelp 2021-06-22 10:39:37 +03:00
Mathias Vorreiter Pedersen
3bc6b11ae5 C++: Share the 'bounded' predicate from 'cpp/uncontrolled-arithmetic' and use it in 'cpp/tainted-arithmetic'. 2021-06-21 16:38:17 +02:00
Mathias Vorreiter Pedersen
05389bb9d4 Merge pull request #6099 from geoffw0/weak-crypto3 
Further improvements to cpp/weak-cryptographic-algorithm
 2021-06-21 15:46:50 +02:00
Anders Schack-Mulligen
65ac8be5ac Java: Add defaultImplicitTaintRead and sync. 2021-06-21 14:42:47 +02:00