codeql

mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00

Author	SHA1	Message	Date
Geoffrey White	e3e7b00986	Merge pull request #6004 from MathiasVP/path-sensitive-stack-variable-reachability-analysis C++: Add path-sensitivity to `StackVariableReachability`	2021-07-15 12:34:33 +01:00
Robert Marsh	4d8e882214	Merge pull request #6186 from geoffw0/formatarg C++: Fix FPs from cpp/wrong-type-format-argument	2021-07-14 17:20:46 -07:00
Geoffrey White	652f903457	C++: Add simple dataflow to the query.	2021-07-13 17:48:48 +01:00
Geoffrey White	7500d75b5b	C++: Fix some easy FPs.	2021-07-13 17:36:41 +01:00
Geoffrey White	133953303b	C++: More test cases.	2021-07-13 17:32:08 +01:00
Mathias Vorreiter Pedersen	4fc60aedc6	C++: Relax the restrictions on when '%' is a barrier and accept test changes.	2021-07-12 17:39:12 +02:00
Mathias Vorreiter Pedersen	a6f1f8d3b6	C++: Add testcases demonstrating FPs from real code.	2021-07-12 17:39:12 +02:00
Mathias Vorreiter Pedersen	be06230b43	Merge branch 'main' into path-sensitive-stack-variable-reachability-analysis	2021-07-12 14:46:44 +02:00
Mathias Vorreiter Pedersen	d2cc0d3925	C++: Fix annotations.	2021-07-12 11:30:43 +02:00
ihsinme	eedcb0171d	Add files via upload	2021-07-05 11:14:51 +03:00
Geoffrey White	dc2cb9bd62	C++: Fix numbering.	2021-07-02 18:33:36 +01:00
Geoffrey White	bc3b347569	C++: Another test case to consider.	2021-07-02 18:32:46 +01:00
Geoffrey White	a53b161afb	C++: Move some variant tests to a case we definitely do want to flag the base case of.	2021-07-02 18:18:11 +01:00
Geoffrey White	c3cd1359d6	C++: Mark the cases we're not sure about.	2021-07-02 18:18:10 +01:00
Geoffrey White	d86a0ab7a5	C++: Add test cases involving file descriptor versions.	2021-07-02 18:17:59 +01:00
Geoffrey White	6e49891ed9	C++: Accept Microsoft/non-Microsoft format specifiers on the opposite platform.	2021-06-29 16:45:46 +01:00
Mathias Vorreiter Pedersen	38c487abf9	Merge branch 'main' into more-random-sources-in-uncontrolled-arithmetic	2021-06-24 15:56:15 +02:00
Mathias Vorreiter Pedersen	5bfb78b583	C++: Block flow through all bitwise 'and' and 'or' operations. This seems to be a common source of false positives on LGTM.	2021-06-24 15:53:59 +02:00
Mathias Vorreiter Pedersen	e8bba78825	C++: Convert 'cpp/uncontrolled-arithmetic' to use a 'TaintTracking::Configuration'.	2021-06-24 15:51:44 +02:00
Anders Schack-Mulligen	95ad8b55fe	Merge pull request #6107 from aschackmull/dataflow/implicit-reads Dataflow: Add support for implicit reads	2021-06-24 15:38:35 +02:00
Mathias Vorreiter Pedersen	2938ad5f8f	C++: Add testcase demonstrating the fix from `a8c57ec4aa`.	2021-06-23 23:01:49 +02:00
Geoffrey White	eeb84d4209	C++: Add more test cases for the toctou query.	2021-06-23 17:12:53 +01:00
Mathias Vorreiter Pedersen	295e022df3	Merge branch 'main' into improve-tainted-arithmetic	2021-06-23 15:45:18 +02:00
Ian Lynagh	089e4e2e1e	Merge pull request #6147 from AlexDenisov/adjust_test_expectation C++: Adjust test expectations after frontend upgrade	2021-06-23 14:43:47 +01:00
Alex Denisov	653afc8448	C++: Adjust test expectations after frontend upgrade	2021-06-23 14:39:16 +02:00
Mathias Vorreiter Pedersen	90633b9ce1	C++: Make the new SQL abstract classes extend 'Function' instead. This is more in line with how we model RemoteFlowFunction.	2021-06-23 11:49:51 +02:00
Mathias Vorreiter Pedersen	6379463bcf	Merge branch 'main' into improve-tainted-arithmetic	2021-06-23 11:42:45 +02:00
Geoffrey White	298f70f082	Merge pull request #6120 from MathiasVP/not-overflow-is-barrier-in-cwe-190 C++: Recognize any non-overflowing arithmetic expression as a barrier for `cpp/uncontrolled-arithmetic`	2021-06-23 10:35:33 +01:00
Mathias Vorreiter Pedersen	9b94f3a650	Merge branch 'main' into improve-tainted-arithmetic	2021-06-23 11:04:08 +02:00
ihsinme	d61fcfc84b	Add files via upload	2021-06-23 10:46:03 +03:00
Mathias Vorreiter Pedersen	440793b5ff	C++: Move the example from the experimental CWE-089 query into a test.	2021-06-22 17:13:06 +02:00
Anders Schack-Mulligen	810de73246	C/C++: Update qltest expected output.	2021-06-21 14:47:31 +02:00
Mathias Vorreiter Pedersen	238c483e5b	C++: Make any non-overflowing arithmetic operation a barrier.	2021-06-21 14:05:34 +02:00
Mathias Vorreiter Pedersen	18e5d3cce8	C++: Add false positive with multiplication.	2021-06-21 14:04:27 +02:00
Geoffrey White	79198974dc	Merge branch 'main' into weak-crypto3	2021-06-21 11:55:29 +01:00
Mathias Vorreiter Pedersen	17df8e44d0	C++: Convert 'cpp/tainted-arithmetic' to a 'path-problem' query.	2021-06-18 14:56:17 +02:00
Geoffrey White	b5c71fd1d7	C++: Repair funcion call in a function call.	2021-06-17 14:33:16 +01:00
Geoffrey White	e5147c2a1f	C++: Exclude functions that don't involve buffers.	2021-06-17 14:33:16 +01:00
Geoffrey White	a481e5c292	C++: Exclude template code.	2021-06-17 12:36:14 +01:00
Geoffrey White	8efdf359dc	C++: Fix some incorrect uses of 'const' in the tests.	2021-06-17 12:36:13 +01:00
Geoffrey White	3641cdcc1f	C++: Add a test case involving an array.	2021-06-17 12:36:09 +01:00
Geoffrey White	23db21cd90	C++: Test spacing.	2021-06-17 12:33:31 +01:00
Geoffrey White	d590952aaa	C++: Add a test case involving nested function calls.	2021-06-17 12:23:18 +01:00
Geoffrey White	7632c9edb5	C++: Add test cases involving strings and comparisons.	2021-06-17 12:23:17 +01:00
Geoffrey White	2e236dd2a9	C++: Add a test case involving a harmless assert.	2021-06-17 12:23:17 +01:00
Geoffrey White	dca397dfb1	C++: Add a test case with a template class.	2021-06-17 12:23:16 +01:00
Chris Smowton	558813acf7	Inline expectation tests: accept // $MISSING: and // $SPURIOUS: Previously there had to be a space after the $ token, unlike ordinary expectations (i.e., // $xss was already accepted)	2021-06-17 09:44:39 +01:00
ihsinme	bf65044a0d	Update test.c	2021-06-17 10:42:25 +03:00
ihsinme	b118817fb8	Add files via upload	2021-06-15 16:52:39 +03:00
ihsinme	4f2703e0aa	Add files via upload	2021-06-15 16:43:57 +03:00

... 4 5 6 7 8 ...

3057 Commits