hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,708 Commits 1,671 Branches 157 Tags
henrymercer/js-atm-update-api-graphs-usage
Commit Graph

107 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
9f8326a3fa Merge pull request #7243 from geoffw0/sslquery2 
C++: New query for SSL certificates not checked
 2021-12-01 15:02:19 +00:00
Geoffrey White
f96968975b C++: Change note. 2021-11-25 15:49:41 +00:00
Geoffrey White
1d358c5f77 C++: Change note. 2021-11-25 14:04:47 +00:00
Geoffrey White
26e9adcc34 C++: Change note. 2021-11-09 19:39:21 +00:00
Jonas Jensen
93dfee866a C++: Add isFromSystemMacroDefinition predicate 2021-11-01 09:17:49 +01:00
Aditya Sharad
a517a05ca8 Merge pull request #6830 from github/henrymercer/report-extraction-errors-as-warnings 
C++: Improve SARIF severity level reporting of extractor diagnostics
 2021-10-12 09:59:27 -07:00
Henry Mercer
5b26d41d27 C++: Improve SARIF severity level reporting of extractor diagnostics 2021-10-08 17:53:55 +01:00
Geoffrey White
2c64fa50d2 Merge branch 'main' into impropnullfp 2021-10-04 16:51:21 +01:00
Geoffrey White
a62772c274 C++: Add change note. 2021-10-01 16:35:12 +01:00
Mathias Vorreiter Pedersen
a3cf721b9e Merge pull request #6713 from geoffw0/cwe139 
C++: New query for 'Cleartext transmission of sensitive information'
 2021-10-01 11:10:36 +02:00
Jonas Jensen
45cf6344cd Merge pull request #6184 from github/rdmarsh2/improve-exec-tainted 
C++: Refactor ExecTainted.ql to only report results after string concatenation
 2021-09-29 19:21:13 +02:00
Anders Peter Fugmann
49c656d904 C++: Apply documentation change suggestion 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2021-09-28 09:40:07 +02:00
Robert Marsh
d47c4732e2 C++: Update change note date 2021-09-27 17:36:14 -07:00
Anders Fugmann
e0921ac983 C++: Increase precision of cpp/static-buffer-overflow to high 2021-09-27 09:06:36 +02:00
Robert Marsh
21ed5c430d Merge branch 'main' into rdmarsh2/improve-exec-tainted 
Manual fix for conflict in Models.qll
 2021-09-22 11:51:18 -07:00
Robert Marsh
d62f76afa6 Merge pull request #6133 from MathiasVP/promote-sql-pqxx 
C++: Promote `cpp/sql-injection-via-pqxx` out of experimental
 2021-09-21 10:13:57 -07:00
Geoffrey White
24668b2281 Merge branch 'main' into cwe139 2021-09-17 16:04:51 +01:00
Geoffrey White
51243454c8 C++: Change note. 2021-09-17 15:10:55 +01:00
Robert Marsh
4d2036fa26 C++: change note for cpp/command-line-injection 2021-09-15 10:55:53 -07:00
Anders Fugmann
e49cd83868 C++: update change note per suggestion from peer review 2021-09-15 10:31:15 +02:00
Mathias Vorreiter Pedersen
44dca68463 Merge branch 'main' into promote-sql-pqxx 2021-09-14 15:29:37 +01:00
Anders Fugmann
f202ddc5aa C++: Add changenote 2021-09-13 16:31:06 +02:00
Anders Fugmann
ddbaf585ec Merge branch 'main' into andersfugmann/improve_upper_bound 2021-09-06 10:32:44 +02:00
Anders Fugmann
d962fc4ce1 C++: Improve predicate upperBound in SimpleRangeAnalysis 
If an expression has an immediate guardPhi node, this is used as a strict upper bound
 2021-09-02 21:46:18 +02:00
Jonas Jensen
abdf993e47 Merge pull request #6537 from andersfugmann/implicit_downcast_involving_references 
Implicit downcast involving references
 2021-08-25 09:45:32 +02:00
Anders Peter Fugmann
67a267d971 Update cpp/change-notes/2021-08-24-implicit-downcast-from-bitfield.md 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2021-08-25 08:58:44 +02:00
Jonas Jensen
19ee64d9ad C++:Lower potentially-dangerous-function precision 
There have been multiple reports of false positives from this query over
time. Now that it has `@security-severity 10.0`, these false positives
look even worse.

The query looks purely for calls to functions with certain names, not
at whether the calls happen in a dangerous context. To justify a higher
precision, the query should only flag calls that happen in a thread or
another non-reentrant context.
 2021-08-24 17:14:42 +02:00
Anders Fugmann
6b66f5dbb4 C++: Add change note for implicit downcasting involving references 2021-08-24 10:26:25 +02:00
Ian Lynagh
1e06808105 Update cpp/change-notes/2021-08-23-getPrimaryQlClasses.md 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2021-08-23 16:52:07 +01:00
Ian Lynagh
a9db1c52e5 All languages: Add getPrimaryQlClasses() 
This is a non-overridable predicate that concatenates all the
getAPrimaryQlClass() results into a comma-separated string.
 2021-08-23 15:49:10 +01:00
Alexandre Boulgakov
3ba308a69f C++: Allow querying for "C" language linkage on routine types. 2021-08-18 15:35:30 +01:00
Alexandre Boulgakov
490498899b C++: Expose trailing return type presence. 2021-08-11 16:04:07 +01:00
Mathias Vorreiter Pedersen
8ce6335383 Merge pull request #6372 from geoffw0/uncontrolledarith 2021-08-03 17:53:39 +02:00
Alexandre Boulgakov
e55bd4fb64 C++: Allow querying virtual, override, and final declaration specifiers. 2021-07-29 14:02:03 +01:00
Geoffrey White
5ac6b38380 C++: Change note. 2021-07-27 14:27:16 +01:00
Robert Marsh
fbb3f2e506 Merge pull request #6273 from geoffw0/cleartext-storage-file 
C++: Improve the CleartextFileWrite query
 2021-07-26 12:46:51 -07:00
Geoffrey White
fa0f5d08a2 Merge branch 'main' into toctou2 2021-07-21 16:21:29 +01:00
Mathias Vorreiter Pedersen
a006a7fb24 Revert "Merge pull request #6004 from MathiasVP/path-sensitive-stack-variable-reachability-analysis" 
This reverts commit e3e7b00986, reversing
changes made to 8ccdd4fb9f.
 2021-07-20 18:06:49 +02:00
Geoffrey White
5d1c7841a6 C++: Change note. 2021-07-20 14:14:01 +01:00
Geoffrey White
e3e7b00986 Merge pull request #6004 from MathiasVP/path-sensitive-stack-variable-reachability-analysis 
C++: Add path-sensitivity to `StackVariableReachability`
 2021-07-15 12:34:33 +01:00
Robert Marsh
4d8e882214 Merge pull request #6186 from geoffw0/formatarg 
C++: Fix FPs from cpp/wrong-type-format-argument
 2021-07-14 17:20:46 -07:00
Geoffrey White
dd03828522 C++: Change note. 2021-07-13 18:08:34 +01:00
Mathias Vorreiter Pedersen
be06230b43 Merge branch 'main' into path-sensitive-stack-variable-reachability-analysis 2021-07-12 14:46:44 +02:00
Geoffrey White
4a8299e5d0 C++: Change note. 2021-06-30 09:21:10 +01:00
Mathias Vorreiter Pedersen
a294fb07f5 C++: Add change-note. 2021-06-24 16:01:59 +02:00
Anders Schack-Mulligen
95ad8b55fe Merge pull request #6107 from aschackmull/dataflow/implicit-reads 
Dataflow: Add support for implicit reads
 2021-06-24 15:38:35 +02:00
Anders Schack-Mulligen
01fc3e6559 C++/C#/Java/Python: Add change notes. 2021-06-24 14:29:34 +02:00
Mathias Vorreiter Pedersen
90fe5c5aca C++: Add change-note. 2021-06-22 17:13:07 +02:00
Geoffrey White
05ed4ed739 Update cpp/change-notes/2021-06-21-weak-cryptographic-algorithm.md 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-06-21 14:22:56 +01:00
Geoffrey White
6f808c9e4c C++: Update change note. 2021-06-21 12:32:48 +01:00