hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
32,907 Commits 1,671 Branches 157 Tags
codeql-cli-2.8.2
Commit Graph

483 Commits

Author SHA1 Message Date
Geoffrey White
4908eaf5ec C++: Typos. 2022-02-22 14:33:11 +00:00
Jeroen Ketema
1f2865c7cc Merge pull request #7798 from jketema/missing-open-arg 
C++: Add query for missing mode argument in `open`/`openat` calls
 2022-02-07 12:01:44 +01:00
Geoffrey White
8031c3f699 Merge branch 'main' into clrtxt9 2022-02-03 17:01:59 +00:00
Geoffrey White
02b1774d7f C++: Switch from GVN to localFlow. 2022-02-03 16:00:26 +00:00
Geoffrey White
3cfd1b5052 C++: More test cases. 2022-02-03 15:11:59 +00:00
Geoffrey White
4048ba0a1c C++: Fix false positives around terminal output. 2022-02-02 17:59:28 +00:00
Geoffrey White
39a2ffd438 C++: Fix false positives around 'stdin'. 2022-02-02 17:39:14 +00:00
Jeroen Ketema
f32500306a Address review comments 2022-02-02 17:24:55 +01:00
Geoffrey White
cc20969bdd C++: Add test cases based on some remaining real world FPs. 2022-02-02 16:15:59 +00:00
Jeroen Ketema
92d9e51d2a Extract the value of O_CREAT and O_TMPFILE from the defining macro 
There are operating systems that define `O_CREAT` with a different
value than Linux, which uses `0x40`. For example, OpenBSD uses `0x0200`.
Hence, we cannot use a hardcoded value.

Also handle `O_TMPFILE` while here.
 2022-02-02 15:16:26 +01:00
Mathias Vorreiter Pedersen
1aa32b09be Merge pull request #7802 from geoffw0/clrtxt8 
C++: Recognize password struct fields.
 2022-02-02 14:10:40 +00:00
Jeroen Ketema
bd859d99bf Address review comments 2022-02-02 10:09:47 +01:00
Jeroen Ketema
ff1c971100 Add query for missing mode argument in open/openat calls 2022-02-01 14:52:22 +01:00
Geoffrey White
8a1b49f816 C++: Recognize password struct fields. 2022-01-28 19:10:46 +00:00
Geoffrey White
af09dd8af1 C++: Fixes to gets models. 2022-01-28 16:04:23 +00:00
Geoffrey White
036e1495b8 Merge branch 'main' into getslocal 2022-01-28 15:58:13 +00:00
Mathias Vorreiter Pedersen
b3f4357dc8 Merge pull request #7742 from geoffw0/clrtxt6 
C++: Upgrade cpp/cleartext-storage-buffer
 2022-01-27 14:40:40 +00:00
Geoffrey White
2e1b09fd75 C++: Modernize flow sources. 2022-01-27 13:19:09 +00:00
Geoffrey White
340b40e8f3 C++: Modernize cpp/cleartext-storage-buffer. 2022-01-25 13:54:42 +00:00
Geoffrey White
764f27f08e C++: Upgrade to path-problem. 2022-01-24 18:32:05 +00:00
Geoffrey White
bbaac556e2 C++: Reveal the FP to be an issue with dataflow / model of strcpy. 2022-01-24 17:53:37 +00:00
Geoffrey White
11929378c7 C++: Upgrade cpp/cleartext-storage-file to full taint flow. 2022-01-24 17:48:45 +00:00
Geoffrey White
4326e6f706 C++: Split 'gets' model and make it a local source. 2022-01-21 17:29:49 +00:00
Geoffrey White
79735f5ac5 C++: Add test case. 2022-01-21 17:29:48 +00:00
Geoffrey White
0b98397e9b C++: Catch another encryption clue. 2022-01-21 16:16:16 +00:00
Geoffrey White
97447d0b3a C++: Expand tests. 2022-01-21 16:16:15 +00:00
Geoffrey White
b230681bc8 Merge pull request #7650 from geoffw0/clrtxt3 
C++: Improve cpp/cleartext-transmission
 2022-01-20 13:21:54 +00:00
Geoffrey White
330b4c3704 C++: Generalize hasSocketInput a little to include fgets and friends. 2022-01-19 13:00:35 +00:00
Geoffrey White
9c2d961ae5 C++: Fix another expression of stdin / stdout we see in practice. 2022-01-19 13:00:34 +00:00
Geoffrey White
d77ba020f9 C++: Support more routines as proof-of-encryption in cpp/cleartext-transmission. 2022-01-19 12:40:32 +00:00
Geoffrey White
974a8b1a9a C++: Add a test case. 2022-01-19 12:33:21 +00:00
Anders Schack-Mulligen
5cfa3c7927 C++: Accept qltest expected changes. 2022-01-18 10:36:52 +01:00
Robert Marsh
9de63b2812 Merge branch 'main' into rdmarsh2/cpp/hex-format-range-analysis 
Accept test changes from query split
 2022-01-14 12:53:52 -05:00
Paolo Tranquilli
c117a1e21f C++: demote VeryLikelyOverrunWrite cast results 
There were some false positives where something like

    int x;
    // ...
    sprintf(buff, "%ld", (long)x);

was considered as if the parameter had a non-trivial range analysis only
because the range of `int` is smaller than the range for `long`, without
any non-trivial range analysis actually done on `x`.

These will now be reported by `OverrunWrite` instead.
 2022-01-13 11:59:48 +00:00
Paolo Tranquilli
9f811b2439 C++: remove unused variables and fix tests 2022-01-13 11:59:47 +00:00
Paolo Tranquilli
a0059202db C++: split cpp/overrunning-write into two 
This splits the `cpp/overruning-write` into two separate queries based
off on the reason for the estimation. If the overrun is detected based
on non-trivial range analysis, the results are now marked by the new
`cpp/very-likely-overruning-write` high precision query. If it is based
on less precise, usually type based bounds, then it will still be marked
by `cpp/overruning-write` which remains at medium precision.
 2022-01-13 11:59:47 +00:00
Robert Marsh
fe355a0bc9 C++: update test comments 2022-01-10 12:38:08 -05:00
Robert Marsh
67fb48fcc1 C++: use range analysis for hex format lengths 
The "new" result on line 189 is a tighter bound than was previously
established, not a newly introduced location.
 2022-01-07 16:16:22 -05:00
Robert Marsh
fa9242befe C++: Add tests for bounded hex format values 2022-01-07 16:08:53 -05:00
Robert Marsh
4322a39807 C++: fix typo in Overflow.qll abs handling 2022-01-07 14:09:47 -05:00
Robert Marsh
4f23cce63b C++: Accept more test output 2022-01-07 11:27:45 -05:00
Robert Marsh
355fc0ae63 C++: Use Guards library in Overflow.qll 
Replaces the ad-hoc guard handling with the Guards library. Fixes an
observed false positive pattern, and (hopefully) means some pragmas are
no longer necessary for performance.
 2022-01-06 12:15:37 -05:00
Robert Marsh
617bdbc5ba C++: test for guard-by-return in Overflow.qll 2022-01-06 12:15:37 -05:00
Mathias Vorreiter Pedersen
37c72cae3e Merge branch 'main' into promote-arithmetic-uncontrolled 2022-01-05 08:12:47 +00:00
Mathias Vorreiter Pedersen
5a38f81e23 C++: Accept test changes. 2021-12-21 08:08:59 +01:00
Mathias Vorreiter Pedersen
aa92fe8c90 Merge pull request #7338 from geoffw0/clrtxt2 
C++: Improvements to cpp/cleartext-transmission
 2021-12-20 16:05:12 +01:00
Geoffrey White
041c2c77b3 C++: Separate two test cases slightly so that we get clearer test coverage of the interprocedural / multi-path cases. 2021-12-13 18:18:29 +00:00
Andrew Eisenberg
66c1629974 Merge pull request #7285 from github/post-release-prep-2.7.3-ddd4ccbb 
Post-release preparation 2.7.3
 2021-12-10 09:59:45 -08:00
Geoffrey White
23d4d035e5 C++: Different approach to sensitive exprs. 2021-12-09 18:33:50 +00:00
Geoffrey White
65f4ccce28 C++: Another test case. 2021-12-09 18:20:52 +00:00