hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,240 Commits 1,672 Branches 157 Tags
codeql-cli-2.7.6
Commit Graph

3057 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
25beadcb05 Update cpp/ql/test/query-tests/Security/CWE/CWE-079/semmle/CgiXss/search.c 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2021-02-17 11:54:24 +01:00
Mathias Vorreiter Pedersen
1b148c4c90 C++: Add reduced testcase demonstrating the problem in codeql-c-analysis-team/issues/231. 2021-02-17 11:20:00 +01:00
Mathias Vorreiter Pedersen
f5d5460dde C++: Fix testcase. 2021-02-17 10:53:31 +01:00
Mathias Vorreiter Pedersen
fa44cedd38 C++: Add isBarrier to CgiXss.ql. 2021-02-16 18:58:28 +01:00
Mathias Vorreiter Pedersen
0f9b044814 C++: Model vector versions of BSD-style reads and writes. 2021-02-15 12:04:51 +01:00
Geoffrey White
3cfb0a21fe C++: Fix Iterator.qll taint/data flows for operator+=. 2021-02-12 14:54:47 +00:00
Geoffrey White
61b0d6a0cd C++: Fix Iterator.qll non-member operator+= charpred. 2021-02-12 14:54:46 +00:00
Geoffrey White
7705fc4f98 C++: Add more test cases for iterator taint flow. 2021-02-12 14:54:45 +00:00
Mathias Vorreiter Pedersen
91627cbd88 C++: Add models for BSD-style send and recv functions. 2021-02-11 17:21:32 +01:00
Geoffrey White
d475e55ec0 Update cpp/ql/test/README.md 
Co-authored-by: hubwriter <hubwriter@github.com>
 2021-02-09 15:20:03 +00:00
Geoffrey White
07b263bb2f Typo. 2021-02-08 20:27:28 +00:00
Geoffrey White
cb16c64540 Call out the issue of copied code for C/C++ example code in the C/C++ CodeQL Tests README.md (where we talk about it for tests). 2021-02-08 19:58:36 +00:00
Geoffrey White
69c7c83bc2 Merge pull request #5094 from MathiasVP/promote-UnsignedDifferenceExpressionComparedZero 
Promote cpp/unsigned-difference-expression-compared-zero out of experimental
 2021-02-04 16:54:45 +00:00
Geoffrey White
7c54512859 Merge pull request #5010 from ihsinme/ihsinme-patch-220 
CPP: Add query for CWE-570 detect and handle memory allocation errors.
 2021-02-04 15:17:28 +00:00
Mathias Vorreiter Pedersen
fd596ebbbb C++: Move cpp/unsigned-difference-expression-compared-zero out of experimental. 2021-02-04 16:10:34 +01:00
Mathias Vorreiter Pedersen
c1c9f963b9 C++: Fix qhelp in cpp/unsigned-difference-expression-compared-zero. 2021-02-04 16:10:30 +01:00
Mathias Vorreiter Pedersen
d3d56fb0af Merge pull request #5011 from ihsinme/ihsinme-patch-221 
CPP: add query for CWE-788 Access of memory location after the end of a buffer using strlen.
 2021-02-04 14:25:27 +01:00
Mathias Vorreiter Pedersen
9b39163411 Merge pull request #5076 from MathiasVP/improve-UnsignedDifferenceExpressionComparedZero 
C++: Improve cpp/unsigned-difference-expression-compared-zero
 2021-02-04 14:05:30 +01:00
Geoffrey White
d41ea6c799 Merge pull request #5081 from MathiasVP/indirection-in-dataflow-models 
C++: Add more indirection flow in dataflow models
 2021-02-04 11:55:34 +00:00
Mathias Vorreiter Pedersen
47ab9ba81b C++: emplace and emplace_back takes its arguments by universal references, so they should also specify flow as indirections. 2021-02-04 11:16:27 +01:00
Jonas Jensen
e3bdebf7a0 Merge pull request #5077 from jbj/revert-nested-fields 
C++: Revert #4784
 2021-02-03 14:07:28 +01:00
Mathias Vorreiter Pedersen
691a316460 C++: Add tests to cpp/unsigned-difference-expression-compared-zero and remove a couple of classes of FPs. 2021-02-03 11:10:57 +01:00
Jonas Jensen
064568c36d Revert "Merge pull request #4784 from MathiasVP/mathiasvp/reverse-read-take-3" 
This reverts commit 1b3d69d617, reversing
changes made to 527c41520e.
 2021-02-03 08:49:37 +01:00
Mathias Vorreiter Pedersen
ff58d5a7c0 C++: Address review comments. 2021-02-02 17:06:38 +01:00
Mathias Vorreiter Pedersen
9e75a4be34 C++: Implement a model for _strnextc and its variants. 2021-02-02 16:42:39 +01:00
Mathias Vorreiter Pedersen
98d73bf474 Merge pull request #5072 from MathiasVP/strcrement-model-implementation 
C++: Implement model for _strinc and related functions
 2021-02-02 16:22:13 +01:00
Jonas Jensen
aa9ab41e30 Merge pull request #5059 from geoffw0/mswprintf 
C++: Exclude custom vprintf implementations from primitiveVariadicFormatter.
 2021-02-02 15:13:25 +01:00
Geoffrey White
708d3870ee C++: Actually it's more appropriate to remove the implementation of vswprintf. 2021-02-02 13:42:27 +00:00
Geoffrey White
4e904dd87d C++: Repair the test. 2021-02-02 13:08:46 +00:00
Mathias Vorreiter Pedersen
b54f74a68a C++: Implement model for _strinc and related functions. 2021-02-02 12:20:02 +01:00
Mathias Vorreiter Pedersen
5db1984315 Merge pull request #5070 from MathiasVP/strsep-model-implementation 
C++: Add strsep model implementation.
 2021-02-02 12:00:26 +01:00
Geoffrey White
eed2aee17d C++: Effect on tests. 2021-02-02 10:59:14 +00:00
Geoffrey White
9f50f67e6d Merge pull request #5065 from MathiasVP/scanf-model 
C++: Add sscanf and fscanf models
 2021-02-02 10:30:19 +00:00
Mathias Vorreiter Pedersen
6e71c68f33 C++: Add strsep model implementation. 2021-02-02 10:29:23 +01:00
Mathias Vorreiter Pedersen
c747914ef2 C++: Add sscanf and fscanf model implementations. 2021-02-01 12:54:59 +01:00
Mathias Vorreiter Pedersen
6c3f44bba8 C++: Add more memcpy, memset, strcat and strcpy models. Also refine which strcpy functions can live in the std namespace. 2021-02-01 08:44:10 +01:00
Mathias Vorreiter Pedersen
92a5a2a06a C++: Solve merge conflicts by merging the two test.c test files. 2021-01-29 13:34:19 +01:00
Mathias Vorreiter Pedersen
d5f1c19152 Merge branch 'main' into ihsinme-patch-221 2021-01-29 13:05:07 +01:00
Geoffrey White
7d9ebaf9d8 Merge pull request #5040 from MathiasVP/strset-and-strtok-models 
C++: Strset and strtok model implementations
 2021-01-28 18:34:06 +00:00
Mathias Vorreiter Pedersen
23eb4d2009 C++: Fix isParameterDeref typo. 2021-01-28 18:29:30 +01:00
ihsinme
8ed28157e1 Rename cpp/ql/test/experimental/query-tests/Security/CWE/CWE-788/semmle/tests/AccessOfMemoryLocationAfterEndOfBufferUsingStrlen.expected to cpp/ql/test/experimental/query-tests/Security/CWE/CWE-788/semmle/tests/AccessOfMemoryLocationAfterEndOfBufferUsingStrlen/AccessOfMemoryLocationAfterEndOfBufferUsingStrlen.expected 2021-01-28 15:28:52 +03:00
ihsinme
f65ec97ac2 Rename cpp/ql/test/experimental/query-tests/Security/CWE/CWE-788/semmle/tests/test.c to cpp/ql/test/experimental/query-tests/Security/CWE/CWE-788/semmle/tests/AccessOfMemoryLocationAfterEndOfBufferUsingStrlen/test.c 2021-01-28 15:28:34 +03:00
ihsinme
8880b38b1f Rename cpp/ql/test/experimental/query-tests/Security/CWE/CWE-788/semmle/tests/AccessOfMemoryLocationAfterEndOfBufferUsingStrlen.qlref to cpp/ql/test/experimental/query-tests/Security/CWE/CWE-788/semmle/tests/AccessOfMemoryLocationAfterEndOfBufferUsingStrlen/AccessOfMemoryLocationAfterEndOfBufferUsingStrlen.qlref 2021-01-28 15:28:15 +03:00
Mathias Vorreiter Pedersen
2c70106d2d Merge pull request #5009 from ihsinme/ihsinme-patch-219 
CPP: add query for CWE-788 Access of memory location after the end of a buffer using strncat.
 2021-01-28 11:10:30 +01:00
Mathias Vorreiter Pedersen
7affbfc6cb C++: Add tests. 2021-01-28 10:57:39 +01:00
Jonas Jensen
69ce24d4b8 Merge pull request #5035 from MathiasVP/implied-deref-flow 
C++: Implied dataflow models
 2021-01-28 09:35:58 +01:00
Mathias Vorreiter Pedersen
24f76f9a17 C++: Accept test changes. 2021-01-27 21:57:12 +01:00
Mathias Vorreiter Pedersen
52e2a69db9 C++: Accept test changes. 2021-01-27 16:56:37 +01:00
ihsinme
bec0064396 Update test.cpp 2021-01-27 14:54:47 +03:00
ihsinme
19b7d46099 Update test.c 2021-01-27 14:06:53 +03:00