hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,347 Commits 1,672 Branches 157 Tags
hmac-cli-injection-from-library-inputs
Commit Graph

3192 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
dfb20f7721 Merge pull request #8368 from MathiasVP/add-must-flow-lib 
C++: Factor must-flow predicates out of two queries
 2022-03-09 17:07:23 +00:00
Taus
7b877fb317 Merge pull request #8336 from tausbn/python-fix-a-bunch-of-ql-warnings 
Python: Fix a bunch of QL warnings
 2022-03-09 16:31:28 +01:00
Taus
063a8bbc43 Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2022-03-08 15:20:35 +01:00
Mathias Vorreiter Pedersen
69417e150a C++: Address review comments. 2022-03-08 13:15:02 +00:00
Mathias Vorreiter Pedersen
7106fe35aa C++: Accept test changes. This is just a change in the names of the path nodes. These names are actually better as they don't refer to the name of IR instructions. 2022-03-08 11:40:56 +00:00
Taus
af7f532212 Python: Fix up a bunch of function QLDoc 2022-03-07 18:59:49 +00:00
Mathias Vorreiter Pedersen
c7d624d314 Merge pull request #8247 from ihsinme/ihsinme-patch-80 
CPP: Add query for CWE-190: Integer Overflow or Wraparound when using transform after operation
 2022-03-07 11:00:29 +00:00
Geoffrey White
e7dca435a9 Merge pull request #6950 from ihsinme/ihsinme-patch-078 
CPP: Add query for CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
 2022-03-07 10:55:29 +00:00
Mathias Vorreiter Pedersen
624795cbbf Merge pull request #8059 from rdmarsh2/rdmarsh2/cpp/insufficient-key-strength 
C++: new query for insufficient key strength
 2022-03-04 17:11:44 +00:00
Robert Marsh
280fdbfc1b C++: accept test output from perf improvement 
The last commit removed some source nodes from the dataflow graph, which
changed the test expectations slightly. No result changes occurred.
 2022-03-04 11:39:10 -05:00
Geoffrey White
17cd4d86f1 Fix tests. 2022-03-04 12:27:48 +00:00
Mathias Vorreiter Pedersen
9a91e66714 Merge pull request #8321 from MathiasVP/improve-using-expired-address-query 
C++: More TPs from `cpp/using-expired-stack-address`
 2022-03-04 12:07:55 +00:00
ihsinme
467136c173 Create ExposureSensitiveInformationUnauthorizedActor.expected 2022-03-04 00:02:44 +03:00
ihsinme
77bc26681d Create ExposureSensitiveInformationUnauthorizedActor.expected 2022-03-04 00:02:26 +03:00
ihsinme
5d1dee24d4 Create ExposureSensitiveInformationUnauthorizedActor.qlref 2022-03-03 20:04:54 +03:00
ihsinme
7b3546ea30 Create ExposureSensitiveInformationUnauthorizedActor.qlref 2022-03-03 20:04:17 +03:00
ihsinme
625f74e9be Rename cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/semmle/tests/test2.cpp to cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/test3/test.cpp 2022-03-03 20:01:24 +03:00
ihsinme
8eec20644f Rename cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/semmle/tests/test1.cpp to cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/test2/test.cpp 2022-03-03 20:00:54 +03:00
ihsinme
6e951f74ed Rename cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/semmle/tests/test.cpp to cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/test1/test.cpp 2022-03-03 20:00:18 +03:00
ihsinme
9c04bd12f5 Update and rename cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/semmle/tests/ExposureSensitiveInformationUnauthorizedActor.expected to cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/test1/ExposureSensitiveInformationUnauthorizedActor.expected 2022-03-03 19:59:36 +03:00
ihsinme
e1c1f80f28 Rename cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/semmle/tests/ExposureSensitiveInformationUnauthorizedActor.qlref to cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/test1/ExposureSensitiveInformationUnauthorizedActor.qlref 2022-03-03 19:58:16 +03:00
ihsinme
b32be69e0a Update DangerousUseOfTransformationAfterOperation.expected 2022-03-03 19:55:30 +03:00
Mathias Vorreiter Pedersen
bf10456bf5 C++: Add a path explanation to the 'cpp/using-expired-stack-address' query. 2022-03-03 13:55:00 +00:00
Mathias Vorreiter Pedersen
9df923a7c8 C++: Catch more true positives by stepping into calls in the 'cpp/using-expired-stack-address' query. 2022-03-03 13:53:09 +00:00
Geoffrey White
5402b02fd7 Merge branch 'main' into cwe497 2022-03-01 11:58:24 +00:00
ihsinme
be11e4fc2d Apply suggestions from code review 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2022-03-01 12:25:57 +03:00
ihsinme
bc22b9b208 Update test.cpp 2022-03-01 09:43:15 +03:00
Jeroen Ketema
4ffbc2d148 C++: Ensure we use lvalue reference types for structured bindings 
This also adds a test for rvalue reference uses in the tuple
structured binding case.
 2022-02-27 21:13:48 +01:00
Jeroen Ketema
074577b539 C++: Refactor IR structured binding tuple test 2022-02-27 21:13:48 +01:00
Jeroen Ketema
6515e77c0e C++: Generate additional loads for non-reference structured bindings 2022-02-27 21:13:48 +01:00
Jeroen Ketema
eebfbc12a0 C++: Add structured bindings struct as data member test case 2022-02-27 21:13:48 +01:00
Jeroen Ketema
5814349fd8 C++: Give names in structured binding declarations correct IR types 2022-02-27 21:13:48 +01:00
Jeroen Ketema
73f0366dc6 C++: Add typedef'ed reference structured binding test 2022-02-27 21:13:48 +01:00
Jeroen Ketema
91659af4d4 C++: Add array data member structured binding test 2022-02-27 21:13:48 +01:00
Jeroen Ketema
ec05942693 C++: Use unnamed_local_variable in array structured binding test 2022-02-27 21:13:48 +01:00
Jeroen Ketema
437a85dec7 C++: Add pointer related structured binding tests 2022-02-27 21:13:48 +01:00
Mathias Vorreiter Pedersen
dfd30e46b0 Merge pull request #8227 from geoffw0/319improve 
C++: Promote cpp/non-https-url
 2022-02-25 08:48:44 +00:00
ihsinme
ffdca61f9a Add files via upload 2022-02-25 11:20:23 +03:00
Geoffrey White
899ae90ba4 C++: Add GVN. 2022-02-24 17:22:37 +00:00
Geoffrey White
0bb9a95563 C++: Extend tests. 2022-02-24 17:15:29 +00:00
Geoffrey White
6c40cda68d C++: Pragmatic solution to include more sinks (plus autoformat changes). 2022-02-24 12:10:34 +00:00
Mathias Vorreiter Pedersen
e4af34253a C++: Actually fix incorrect annotation 2022-02-24 11:06:57 +00:00
Geoffrey White
c16302be13 C++: Fix the FP. 2022-02-24 10:54:08 +00:00
Mathias Vorreiter Pedersen
ef5f16ddd3 Merge branch 'main' into add-using-expired-stack-address-query 2022-02-24 08:41:27 +00:00
Geoffrey White
326dfa5bc2 C++: Add test cases. 2022-02-23 18:37:58 +00:00
Mathias Vorreiter Pedersen
033edc24f4 C++: Respond to review comments. 2022-02-23 16:23:49 +00:00
Jeroen Ketema
99dd049c1b Add IR test for tuple structured bindings 2022-02-23 16:15:19 +01:00
Jeroen Ketema
caf0f28547 Add IR test for data member structured bindings 2022-02-23 15:55:19 +01:00
Jeroen Ketema
ec2567b64b Add IR test for array structured bindings 2022-02-23 15:10:10 +01:00
Mathias Vorreiter Pedersen
53299d61eb C++: Add more tests. 2022-02-23 11:38:01 +00:00