codeql

mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00

Author	SHA1	Message	Date
Jonas Jensen	45cf6344cd	Merge pull request #6184 from github/rdmarsh2/improve-exec-tainted C++: Refactor ExecTainted.ql to only report results after string concatenation	2021-09-29 19:21:13 +02:00
Anders Fugmann	ba98c0c1cb	Merge remote-tracking branch 'upstream/main' into relax_memberMayBeVarSize	2021-09-28 11:15:11 +02:00
Robert Marsh	dfb27d170c	C++ fix test compilation errors	2021-09-27 13:58:54 -07:00
Anders Fugmann	03bd7d7f96	C++: Update test results from OverflowStatic	2021-09-27 11:23:08 +02:00
Jonas Jensen	b0836a620c	Merge pull request #6757 from geoffw0/impropnulltest2 C++: Small improvement to cpp/improper-null-termination	2021-09-27 10:52:49 +02:00
Jonas Jensen	06b36f742e	Merge pull request #6745 from andersfugmann/handle_overflow_for_upperbound C++: Handle overflow for upperbound	2021-09-27 10:32:49 +02:00
Geoffrey White	7e7dfe2cc4	C++: Understand format arguments.	2021-09-24 19:25:43 +01:00
Geoffrey White	91a8b9fdd9	C++: Add suggested test (and a good variant).	2021-09-24 18:34:28 +01:00
Anders Fugmann	cbdabe35de	C++: Update test results to reflect changes	2021-09-24 12:29:28 +02:00
Anders Fugmann	c9c41252e3	C++: Update test results in SimpleRangeAnalysis	2021-09-24 12:23:48 +02:00
Anders Fugmann	d7afd86a27	C++: Add test case exposing problem with overflows for upperBound predicate	2021-09-24 11:44:05 +02:00
Robert Marsh	c2b356ab08	C++: add subpaths to DefaultTaintTracking	2021-09-23 21:00:45 -07:00
ihsinme	18de9f0aa3	Update FindWrapperFunctions.expected	2021-09-23 12:53:16 +03:00
Robert Marsh	6f03c3e252	C++: Accept command injection test changes Making the DefaultTaintTracking configurations inactive removed many unneeded nodes and edges from the PathGraph predicates.	2021-09-22 14:19:23 -07:00
Robert Marsh	21ed5c430d	Merge branch 'main' into rdmarsh2/improve-exec-tainted Manual fix for conflict in Models.qll	2021-09-22 11:51:18 -07:00
Robert Marsh	d62f76afa6	Merge pull request #6133 from MathiasVP/promote-sql-pqxx C++: Promote `cpp/sql-injection-via-pqxx` out of experimental	2021-09-21 10:13:57 -07:00
Geoffrey White	e7c82d7370	C++: Accept subpaths in tests.	2021-09-17 16:14:24 +01:00
Geoffrey White	24668b2281	Merge branch 'main' into cwe139	2021-09-17 16:04:51 +01:00
ihsinme	b6bcf9fa44	Add files via upload	2021-09-16 19:18:19 +03:00
Robert Marsh	c85cc1455b	C++: accept changes to new ExecTainted test	2021-09-15 11:27:13 -07:00
Robert Marsh	509a3493b6	C++: support new subpaths predicate in ExecTainted	2021-09-15 10:55:56 -07:00
Robert Marsh	83cc098412	C++: accept test output	2021-09-15 10:55:55 -07:00
Robert Marsh	37c92178a5	C++: exclude int/string conversion in ExecTainted	2021-09-15 10:55:52 -07:00
Robert Marsh	5e265f45e1	C++: ExecTainted tests for int/string conversions	2021-09-15 10:55:51 -07:00
Robert Marsh	9926892c8a	C++: remove debugging predicates	2021-09-15 10:55:51 -07:00
Robert Marsh	9c478c502e	C++: add some more tests for ExecTainted	2021-09-15 10:55:50 -07:00
Robert Marsh	6f408f949c	C++: Refactor ExecTainted.ql to need concatenation This makes ExecTainted report results only when the tainted value does not become the start of the string which is eventually run as a shell command. The theory is that those cases are likely to be deliberate, and part of the expected threat model of the program (e.g. $CC in make). This lines up better with the results I considered fixable true positives in LGTM testing	2021-09-15 10:55:49 -07:00
Robert Marsh	8f4df8603a	C++: more tests for command injection	2021-09-15 10:55:49 -07:00
Mathias Vorreiter Pedersen	33ef634ea8	Merge pull request #6679 from andersfugmann/relax_memberMayBeVarSize Improve precision on OverflowStatic query.	2021-09-15 17:24:10 +01:00
Geoffrey White	c4714b55a3	Merge pull request #6588 from ihsinme/ihsinme-patch-069 CPP: Add query for CWE-675: Duplicate Operations on Resource	2021-09-15 15:10:03 +01:00
Jonas Jensen	65f4ec403f	Merge pull request #6593 from geoffw0/samate-move C++: Add test cases with SAMATE Juliet code snippets to the codeql test suite.	2021-09-15 14:18:08 +02:00
Geoffrey White	9ad51fbc02	C++: Fix the correct test this time.	2021-09-15 11:03:09 +01:00
Geoffrey White	8fd848701e	C++: Fix test failure.	2021-09-14 16:38:11 +01:00
Mathias Vorreiter Pedersen	44dca68463	Merge branch 'main' into promote-sql-pqxx	2021-09-14 15:29:37 +01:00
Geoffrey White	67c6b35845	C++: We get many more real world results using taint tracking.	2021-09-13 15:03:28 +01:00
Geoffrey White	0e8064dbf9	C++: Add a test demonstrating taint.	2021-09-13 15:00:31 +01:00
Geoffrey White	902fa7d44a	C++: Subsection header.	2021-09-13 14:10:17 +01:00
Geoffrey White	acd1acd869	C++: Give it a section header.	2021-09-13 14:08:18 +01:00
Geoffrey White	befd1a7ccc	C++: Rename security tests readme.	2021-09-13 14:06:22 +01:00
Geoffrey White	ee7ccd7936	C++: Upgrade to path problem.	2021-09-13 13:52:12 +01:00
Anders Fugmann	9a35a699cb	C++: Update tests	2021-09-13 12:10:58 +02:00
Geoffrey White	f58177f292	C++: Full dataflow version.	2021-09-13 10:53:09 +01:00
Anders Fugmann	342b2df93f	C++: zero or one byte sized arrays in unions are considered as having the length of the union its a member of	2021-09-13 11:25:04 +02:00
Anders Fugmann	3172d5727a	C++: Relax constraints on Buffer::memberMayBeVarSize	2021-09-13 11:15:33 +02:00
Anders Fugmann	4ab9b81a9a	C++: Add tests exposing some FP's for OverflowStatic query	2021-09-13 11:09:56 +02:00
Geoffrey White	e696eaaa2f	C++: Fix false positives involving STDIN_FILENO.	2021-09-13 09:50:19 +01:00
Geoffrey White	3ba9e80635	C++: Support various functions / variants.	2021-09-13 09:50:03 +01:00
Geoffrey White	1707d67adb	C++: Support 'send' as well.	2021-09-13 09:49:40 +01:00
Geoffrey White	29ad3bf7f8	C++: Test dataflow and other slightly more complex cases.	2021-09-13 09:49:25 +01:00
Anders Peter Fugmann	1bbadb57a2	Merge pull request #6568 from andersfugmann/andersfugmann/improve_upper_bound C++: Improve predicate upperBound in SimpleRangeAnalysis	2021-09-10 09:49:48 +02:00

1 2 3 4 5 ...

3057 Commits