hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,334 Commits 1,671 Branches 157 Tags
ginsbach/OverlayLocalJava
Commit Graph

1884 Commits

Author SHA1 Message Date
Jeroen Ketema
05ecd2e015 Merge pull request #11958 from jketema/argv-if-tests 
C++: Add some additional uncontrolled format string tests
 2023-01-23 14:05:07 +01:00
Jeroen Ketema
cfc0dabad9 C++: Add some additional uncontrolled format string tests 
These duplicate the `i9` and `i91` tests slightly earlier in the same file, but
use an explicit `if` instead of the ternary operator.
 2023-01-23 11:50:45 +01:00
Jeroen Ketema
f628152be1 C++: In dataflow use the AST representation of IR Instructions and Operands 2023-01-20 10:39:50 +01:00
Jeroen Ketema
a892ae8764 C++: Fix spurious results in default taint tracking 2023-01-16 19:10:10 +01:00
Geoffrey White
13ae15b867 C++: Add tests for more edge cases. 2023-01-13 18:38:29 +00:00
Mathias Vorreiter Pedersen
8b01dfe696 Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2023-01-10 17:30:29 +00:00
Mathias Vorreiter Pedersen
0f93e5c907 Merge pull request #11781 from MathiasVP/as-expr-for-arrays 
C++: Map more expressions to `OperandNode`s
 2023-01-09 14:38:22 +00:00
Geoffrey White
bb451f3911 C++: Fix result duplication. 2023-01-06 11:05:47 +00:00
Geoffrey White
823c767aac C++: Undo changes to SizeCheck.ql, SizeCheck2.ql. 2023-01-05 12:34:12 +00:00
Geoffrey White
2023abdc60 C++: Update the queries. 2023-01-05 11:33:58 +00:00
Geoffrey White
a9aa67177b C++: Add test cases for HeuristicAllocationExpr in queries. 2023-01-05 11:30:21 +00:00
Geoffrey White
10ca2dac19 C++: Remove unnecessary 'semmle' directory. 2023-01-05 11:30:15 +00:00
Mathias Vorreiter Pedersen
e86e3ec3ec Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2022-12-22 11:29:43 +00:00
Mathias Vorreiter Pedersen
e453c7a36e C++: Accept test changes. 2022-12-22 10:57:54 +00:00
Arthur Baars
98c5b81456 Merge pull request #11723 from aibaars/alert-suppression 
CodeQL alert suppression
 2022-12-21 10:59:57 +01:00
Jeroen Ketema
0addae81cd Merge remote-tracking branch 'upstream/main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2022-12-20 11:34:41 +01:00
Mathias Vorreiter Pedersen
cbe330eb7b Merge pull request #11693 from jketema/argv-param-flowsource 
C++: Define the `argv` flow source in terms the input parameter
 2022-12-20 09:30:19 +00:00
Arthur Baars
0f313231bc AlertSuppression: add more tests 2022-12-19 16:43:11 +01:00
Arthur Baars
c176606be5 AlertSuppression: allow //lgtm comments to scope over the next line 2022-12-19 16:10:26 +01:00
Jeroen Ketema
7549915773 C++: Accept test changes 2022-12-19 12:52:35 +01:00
Arthur Baars
ad80822a52 C/C++: use shared AlertSuppression.qll 2022-12-19 12:25:46 +01:00
Jeroen Ketema
2705aebbbc C++: Restrict CWE-119 semmle tests to have a single main function 2022-12-19 12:13:37 +01:00
Jeroen Ketema
88a1eead03 Merge pull request #11724 from MathiasVP/clear-text-transmission-dont-track-indirection 
C++: Use `asExpr` in `cpp/cleartext-transmission`
 2022-12-19 11:31:06 +01:00
Robert Marsh
df7a4ac093 Merge pull request #11722 from MathiasVP/make-buffer.qll-unique-again 
C++: Use `unique` in `getBufferSize`
 2022-12-16 15:00:18 -05:00
Mathias Vorreiter Pedersen
c09ed10d33 Merge pull request #11727 from MathiasVP/fix-crement-and-assign-op-dataflow-mappings 
C++: Fix `DataFlow <-> Expr` mappings for `CrementOperation` and `AssignOperation`
 2022-12-16 17:05:13 +00:00
Mathias Vorreiter Pedersen
33649ed7d3 Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2022-12-16 17:02:06 +00:00
Mathias Vorreiter Pedersen
a7aa1a7d8b C++: Accept more test changes 2022-12-16 16:04:35 +00:00
Mathias Vorreiter Pedersen
45f69be94c C++: Accept test changes 2022-12-16 14:14:58 +00:00
Mathias Vorreiter Pedersen
2de2887ebb C++: Accept test changes 2022-12-16 13:27:08 +00:00
Mathias Vorreiter Pedersen
81de93da2d C++: Accept test changes 2022-12-16 12:58:53 +00:00
Jeroen Ketema
4fb43d56b3 C++: Exclude deallocation functions as scanf result accesses 2022-12-15 09:39:16 +01:00
Jeroen Ketema
31b4dda7bd Merge pull request #11687 from jketema/tainted-path-use-use 
C++: Make `cpp/path-injection` work with use-use dataflow
 2022-12-14 18:06:05 +01:00
Jeroen Ketema
bb256514c0 Merge remote-tracking branch 'upstream/main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2022-12-14 15:52:20 +01:00
Jeroen Ketema
4075f693bd C++: Make cpp/path-injection work with use-use dataflow 2022-12-14 13:38:55 +01:00
Jeroen Ketema
3be0b3e6c7 C++: Recognize indirect argv accesses as flow sources for use-use dataflow 
This fixes the test regression on `cpp/command-line-injection`.
 2022-12-13 16:18:17 +01:00
Jeroen Ketema
18dea55071 C++: Fix cpp/alloca-in-loop regressions with use-use dataflow 2022-12-12 19:15:50 +01:00
erik-krogh
698e05f85a Swift/C++: Use instanceof in more places 2022-12-12 16:58:13 +01:00
Jeroen Ketema
b2091e8632 Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2022-12-12 11:40:36 +01:00
Jeroen Ketema
beb66d027e C++: Use FlowSource in cpp/path-injection 2022-12-10 20:27:56 +01:00
Jeroen Ketema
ce92ba640a C++: Accept test changes 2022-12-09 23:38:03 +01:00
Jeroen Ketema
b216c79992 C++: Accept test changes 2022-12-08 15:22:41 +01:00
Mathias Vorreiter Pedersen
4fd6ac5657 Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2022-12-08 13:10:18 +00:00
Jeroen Ketema
5637d573c1 C++: Add test case that is no longer detected after latest changes 2022-12-06 08:31:22 +01:00
Jeroen Ketema
6dbc59d5b5 C++: Simplify isSink based on reviewer comments 2022-12-05 23:23:08 +01:00
Jeroen Ketema
d3cccca7f1 C++: Filter duplicate (source, sink)-pairs 2022-11-29 11:17:39 +01:00
Jeroen Ketema
378206ae7d C++: Stop taint from flowing to arithmetic types 
These are not likely to give the user much control over what can be accessed.
 2022-11-29 11:15:28 +01:00
Jeroen Ketema
718663415b C++: Stop flow from going through another source 
Without this we get confusing results:
```
    char *userAndFile = argv[2];
    char *fileName = argv[1];
    fopen(fileName, "wb+"); // Both argv[1] and argv[2] marked as source without
                            // this change.
```

While here add some more test cases.
 2022-11-29 10:52:57 +01:00
Jeroen Ketema
63334764d7 C++: Rewrite cpp/path-injection to not use DefaultTaintTracking 2022-11-29 10:52:57 +01:00
Jeroen Ketema
2ef13d1df7 Merge remote-tracking branch 'upstream/main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2022-11-29 10:43:01 +01:00
Jeroen Ketema
4607f5990e C++: Add more tests that exercise the default taint barrier implementation 2022-11-25 10:19:45 +01:00