hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,384 Commits 1,671 Branches 157 Tags
experimental/benjamin-button
Commit Graph

6803 Commits

Author SHA1 Message Date
Geoffrey White
e5e8a1b781 C++: Exclude integral types from SensitiveExprs. 2021-07-15 14:44:14 +01:00
Geoffrey White
dd95c53a3e C++: More test cases. 2021-07-15 14:39:56 +01:00
Geoffrey White
aabb2fc3a1 C++: Tune SensitiveExprs.qll based on real TP and FP results. 2021-07-15 14:25:29 +01:00
Arthur Baars
d059ec0c93 CPP: drop opaque-id properties 
The undocumented @opaque-id property takes precendence over the normal @id
property and causes the SARIF output produced by CodeQL to use that ID for
rules.
 2021-07-15 14:12:01 +02:00
Geoffrey White
e3e7b00986 Merge pull request #6004 from MathiasVP/path-sensitive-stack-variable-reachability-analysis 
C++: Add path-sensitivity to `StackVariableReachability`
 2021-07-15 12:34:33 +01:00
Anders Schack-Mulligen
8ccdd4fb9f Merge pull request #6211 from aschackmull/dataflow/refactor-call-context-check 
Dataflow: Refactor call context check
 2021-07-15 12:27:23 +02:00
Robert Marsh
4d8e882214 Merge pull request #6186 from geoffw0/formatarg 
C++: Fix FPs from cpp/wrong-type-format-argument
 2021-07-14 17:20:46 -07:00
Mathias Vorreiter Pedersen
1480ac7c1d C++: Potentially improve performance by restricting the size of the call-context relation. 2021-07-14 11:23:56 +02:00
Anders Schack-Mulligen
0ccb213ec5 Dataflow: Sync. 2021-07-14 10:36:09 +02:00
ihsinme
4d3666692b Update cpp/ql/src/experimental/Security/CWE/CWE-758/UndefinedOrImplementationDefinedBehavior.ql 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2021-07-14 10:17:53 +03:00
ihsinme
1e12ede9fa Apply suggestions from code review 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2021-07-14 10:11:28 +03:00
Geoffrey White
989633993b C++: Increase the query precision. 2021-07-13 18:38:30 +01:00
Geoffrey White
dd03828522 C++: Change note. 2021-07-13 18:08:34 +01:00
Robert Marsh
25dd29b24f Merge pull request #6158 from MathiasVP/call-ctx-for-function-ptr-resolution 
C++: Resolve function pointer calls using call contexts
 2021-07-13 10:00:44 -07:00
Geoffrey White
652f903457 C++: Add simple dataflow to the query. 2021-07-13 17:48:48 +01:00
Geoffrey White
7500d75b5b C++: Fix some easy FPs. 2021-07-13 17:36:41 +01:00
Geoffrey White
133953303b C++: More test cases. 2021-07-13 17:32:08 +01:00
Mathias Vorreiter Pedersen
7da7ec60d9 C++: Inline predicates from 'Bounded.qll'. 2021-07-12 19:09:33 +02:00
Mathias Vorreiter Pedersen
4fc60aedc6 C++: Relax the restrictions on when '%' is a barrier and accept test changes. 2021-07-12 17:39:12 +02:00
Mathias Vorreiter Pedersen
a6f1f8d3b6 C++: Add testcases demonstrating FPs from real code. 2021-07-12 17:39:12 +02:00
Mathias Vorreiter Pedersen
768b3c84c9 C++: Fix a bug that slipped into fd477383b0. 2021-07-12 17:13:21 +02:00
Mathias Vorreiter Pedersen
be06230b43 Merge branch 'main' into path-sensitive-stack-variable-reachability-analysis 2021-07-12 14:46:44 +02:00
Mathias Vorreiter Pedersen
dec747f6f0 Merge branch 'main' into more-random-sources-in-uncontrolled-arithmetic 2021-07-12 13:48:48 +02:00
Mathias Vorreiter Pedersen
04dcef5ec4 C++: Include ComplementExpr as a sanitizer. 2021-07-12 11:53:47 +02:00
Cornelius Riemenschneider
d34f7b941a C++: Address code review. 2021-07-12 11:43:43 +02:00
Cornelius Riemenschneider
e821b8be99 C++: Fix warning from compile-query. 2021-07-12 11:43:43 +02:00
Mathias Vorreiter Pedersen
d2cc0d3925 C++: Fix annotations. 2021-07-12 11:30:43 +02:00
ihsinme
eedcb0171d Add files via upload 2021-07-05 11:14:51 +03:00
ihsinme
b10bdf1475 Add files via upload 2021-07-05 11:13:05 +03:00
Geoffrey White
dc2cb9bd62 C++: Fix numbering. 2021-07-02 18:33:36 +01:00
Geoffrey White
bc3b347569 C++: Another test case to consider. 2021-07-02 18:32:46 +01:00
Geoffrey White
a53b161afb C++: Move some variant tests to a case we definitely do want to flag the base case of. 2021-07-02 18:18:11 +01:00
Geoffrey White
c3cd1359d6 C++: Mark the cases we're not sure about. 2021-07-02 18:18:10 +01:00
Geoffrey White
cf8fa830a9 C++: Clarify the note about file descriptors. 2021-07-02 18:18:10 +01:00
Geoffrey White
d86a0ab7a5 C++: Add test cases involving file descriptor versions. 2021-07-02 18:17:59 +01:00
Geoffrey White
cfbfe924ef C++: Replace cached with more efficient QL. 2021-07-02 13:03:46 +01:00
Geoffrey White
41a540e4e0 C++: Make isMicrosoft() faster. 2021-07-01 17:42:02 +01:00
Anders Schack-Mulligen
37f8794d01 Merge pull request #6165 from edoardopirovano/fix-regression 
Performance: Improve join order in data flow library
 2021-07-01 14:13:18 +02:00
ihsinme
02bf800b6d Update FindIncorrectlyUsedSwitch.ql 2021-07-01 08:50:46 +03:00
Geoffrey White
4a8299e5d0 C++: Change note. 2021-06-30 09:21:10 +01:00
Geoffrey White
dcc7a6360f C++: Simplify a bit and remove two noopts that don't seem to make a difference. 2021-06-29 19:05:13 +01:00
Edoardo Pirovano
8354f66c29 Performance: Improve join order in data flow library 2021-06-29 18:23:22 +01:00
Geoffrey White
5bf7e453e6 C++: Tidy up WrongTypeFormatArguments.ql somewhat. 2021-06-29 16:45:47 +01:00
Geoffrey White
6e49891ed9 C++: Accept Microsoft/non-Microsoft format specifiers on the opposite platform. 2021-06-29 16:45:46 +01:00
ihsinme
6e7644f529 Update FindIncorrectlyUsedExceptions.ql 2021-06-27 22:27:41 +03:00
Aditya Sharad
61e6dcb56d Ensure only one query per language is tagged lines-of-code 
Some languages have multiple `summary` queries for lines of code,
representing different forms of counting (user written, total, etc).
When Code Scanning sees results from multiple such summary queries in a single run,
it will need to choose one as the primary LoC count to display in the UI.

By ensuring only one query per language has the `lines-of-code` tag,
in future we can teach Code Scanning to look for this particular tag
to identify the primary LoC count.

If a "lines of user code" query is available, use that.
Otherwise use the total "lines of code".

(It is completely fine for multiple queries to be tagged with `summary`.)
 2021-06-25 16:45:37 -07:00
Mathias Vorreiter Pedersen
794d96e52c C++: Use call context information to perform function-pointer resolution. 2021-06-25 14:45:56 +02:00
Mathias Vorreiter Pedersen
fd477383b0 C++: Fix join order in 'bbSuccessorEntryReachesLoopInvariant'. 2021-06-25 10:49:33 +02:00
Anders Schack-Mulligen
2d24387e9e Merge pull request #6149 from edoardopirovano/fix-java-regression 
Performance: Fix bad join order in Java dataflow library
 2021-06-25 10:42:05 +02:00
Mathias Vorreiter Pedersen
a294fb07f5 C++: Add change-note. 2021-06-24 16:01:59 +02:00