hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,934 Commits 1,671 Branches 157 Tags
dbartol/draft-codeql-cli-2.7.5
Commit Graph

6890 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
c2e057def9 Merge pull request #7094 from geoffw0/non-https-url 
C++: New query 'Failure to use HTTPS URLs'
 2021-11-15 10:00:19 +00:00
Mathias Vorreiter Pedersen
982de28b89 Update cpp/ql/lib/semmle/code/cpp/commons/Printf.qll 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2021-11-11 13:19:13 +00:00
Geoffrey White
ea580cd9c0 C++: Add explanatory comments. 2021-11-11 11:49:51 +00:00
Mathias Vorreiter Pedersen
dbcd4d6d5d C++: Remove 'ReferenceToInstruction' from the list of instructions we interpret as a load. This makes use lose a bunch of flow, and we'll restore this flow in the next commit. 2021-11-11 10:38:52 +00:00
Anders Schack-Mulligen
7ffd9b4f9e Dataflow: Include read/store steps when finding non-hidden return. 2021-11-11 11:26:21 +01:00
Geoffrey White
901919f7ff C++: Add tests expanding on the issue with (global) variables. 2021-11-11 09:40:03 +00:00
Geoffrey White
43ff3b1c80 C++: Address review comment. 2021-11-11 09:39:59 +00:00
Mathias Vorreiter Pedersen
bf9b8cfff0 Merge pull request #6947 from ihsinme/ihsinme-patch-077 
CPP: Add query for CWE-377 Insecure Temporary File
 2021-11-11 09:02:04 +00:00
Geoffrey White
9a1b98e1d9 C++: Fix qhelp example link. 2021-11-10 17:54:05 +00:00
Geoffrey White
c29011a5cf C++: Add more sinks. 2021-11-10 16:43:28 +00:00
Geoffrey White
ae622bd482 C++: Use hasGlobalOrStdName. 2021-11-10 14:57:07 +00:00
Anders Schack-Mulligen
6d9fb3ca43 Dataflow: Sync. 2021-11-10 15:11:13 +01:00
Mathias Vorreiter Pedersen
ccdaf49464 C++: Fix the same bug in the test for ordered maps. 2021-11-10 13:24:27 +00:00
Mathias Vorreiter Pedersen
86d78b34aa C++: Use the correct variable in the 'test'. 2021-11-10 13:04:48 +00:00
Geoffrey White
2f39c64cc2 C++: Fix character in qhelp. 2021-11-10 11:23:57 +00:00
Mathias Vorreiter Pedersen
e2ab1c8c5e Merge branch 'main' into use-range-analysis-in-buffer-write 2021-11-10 08:28:43 +00:00
ihsinme
a0448240aa Update InsecureTemporaryFile.expected 2021-11-10 09:23:51 +03:00
ihsinme
7514fe2b45 Update test.cpp 2021-11-10 09:22:58 +03:00
ihsinme
289d58745a Update InsecureTemporaryFile.ql 2021-11-10 09:22:03 +03:00
Geoffrey White
26e9adcc34 C++: Change note. 2021-11-09 19:39:21 +00:00
Geoffrey White
ef21d1b512 C++: Add a model for curl as well. 2021-11-09 19:32:43 +00:00
Geoffrey White
6388ac5f1d C++: Add tests. 2021-11-09 18:41:57 +00:00
Geoffrey White
d2b18d952d C++: Add qhelp. 2021-11-09 18:41:56 +00:00
Geoffrey White
bd1e708c5d C++: First version of cpp/non-https-url. 2021-11-09 18:33:49 +00:00
Mathias Vorreiter Pedersen
10bca3544c C++: Change 'annotate_path_to_sink' so that you now annotate a ir-path with the previous node (instead of its source). This gives a better overview of the path. 2021-11-09 13:49:12 +00:00
ihsinme
55fe01018f Update InsecureTemporaryFile.ql 2021-11-09 09:33:33 +03:00
Mathias Vorreiter Pedersen
8e496f7121 C++: Pull in the latest changes to 'SsaImplCommon'. 2021-11-08 10:46:54 +00:00
Mathias Vorreiter Pedersen
fff5d293ff Merge branch 'main' into use-shared-ssa-in-ir-dataflow 2021-11-08 10:44:36 +00:00
Mathias Vorreiter Pedersen
021d9415b8 Merge branch 'main' into use-range-analysis-in-buffer-write 2021-11-08 08:22:49 +00:00
ihsinme
cedc5fd743 Update InsecureTemporaryFile.ql 2021-11-05 09:42:06 +03:00
Mathias Vorreiter Pedersen
34aa4981be Merge pull request #7018 from geoffw0/nullterm3 
C++: Further performance improvement for the null termination queries
 2021-11-04 21:37:58 +00:00
Mathias Vorreiter Pedersen
a9b7fed537 C++: Accept test changes. 2021-11-04 21:25:37 +00:00
Mathias Vorreiter Pedersen
ac90259906 C++: Teach 'getMaxConvertedLength' to use 'SimpleRangeAnalysis'. 2021-11-04 21:25:28 +00:00
Mathias Vorreiter Pedersen
693baae1ba C++: Add test cases with false positives due to missing range analysis in 'cpp/overrunning-write'. 2021-11-04 21:13:28 +00:00
Mathias Vorreiter Pedersen
58f6058a63 Merge pull request #7051 from MathiasVP/better-paths-in-tests 
C++: Better `InlineExpectation` tests for path-explanations
 2021-11-04 11:35:10 +00:00
Mathias Vorreiter Pedersen
0d1ff4d2ee C++: Respond to review comments and accept test changes. 2021-11-04 11:13:23 +00:00
Mathias Vorreiter Pedersen
ae4b6c54bc C++: Change the structure of the 'annotate_path_to_sink' tests to better test path-explanations. 2021-11-03 20:32:05 +00:00
Mathias Vorreiter Pedersen
e9b114630a Merge pull request #6948 from ihsinme/ihsinme-patch-076 
CPP: Add query for CWE-243 Creation of chroot Jail Without Changing Working Directory
 2021-11-03 18:50:13 +00:00
ihsinme
aef0275b3c Update IncorrectChangingWorkingDirectory.expected 2021-11-03 20:45:38 +03:00
ihsinme
a9dd868348 Update IncorrectChangingWorkingDirectory.qhelp 2021-11-03 18:38:30 +03:00
ihsinme
c94b64cbca Update IncorrectChangingWorkingDirectory.qhelp 2021-11-03 18:28:57 +03:00
Mathias Vorreiter Pedersen
4095c2012e C++: Add comments on why 'ReferenceToInstruction' is interpreted like a 'LoadInstruction' at certain places. 2021-11-03 13:27:26 +00:00
Mathias Vorreiter Pedersen
43a4795272 C++: Remove redundant conjunct. 2021-11-03 13:19:43 +00:00
Mathias Vorreiter Pedersen
1f89b4987b C++: Rename 'valueFlow' to 'conversionFlow' and add a QLDoc that explains its purpose. 2021-11-03 12:22:27 +00:00
Mathias Vorreiter Pedersen
dfbfbe4953 Merge branch 'main' into use-shared-ssa-in-ir-dataflow 2021-11-03 10:39:22 +00:00
Mathias Vorreiter Pedersen
ad5619ff07 Revert "C++: Don't count write operations as uses." 
This reverts commit 092beb8b73.
 2021-11-03 10:37:32 +00:00
ihsinme
c175f0aa9d Update IncorrectChangingWorkingDirectory.ql 2021-11-03 12:25:30 +03:00
Mathias Vorreiter Pedersen
4a2894a707 Merge pull request #7025 from MathiasVP/nomagic-parameterCand 
Dataflow: Replace a 'noinline' pragma with a 'nomagic' pragma
 2021-11-02 20:40:44 +00:00
ihsinme
62b3c3c9a0 Update IncorrectChangingWorkingDirectory.ql 2021-11-02 16:16:17 +03:00
ihsinme
738354b8e7 Update cpp/ql/src/experimental/Security/CWE/CWE-243/IncorrectChangingWorkingDirectory.ql 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-11-02 16:13:34 +03:00