hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,405 Commits 1,671 Branches 157 Tags
remove-javascript
Commit Graph

6535 Commits

Author SHA1 Message Date
Geoffrey White
86ee5fea40 C++: More test cases and correct an existing one. 2021-07-22 15:47:06 +01:00
Mathias Vorreiter Pedersen
e34261accf Merge branch 'rc/3.2' into mergeback-2021-07-22 2021-07-22 14:40:22 +02:00
Geoffrey White
a4c137fae5 C++: Add '_fsopen' as well. 2021-07-22 11:31:41 +01:00
Mathias Vorreiter Pedersen
39144ee02b C++: Import 'GVN' in 'Overflow.qll' to prevent IR reevaluation. 2021-07-22 11:35:16 +02:00
Geoffrey White
fa0f5d08a2 Merge branch 'main' into toctou2 2021-07-21 16:21:29 +01:00
Mathias Vorreiter Pedersen
73ee7409f6 Merge pull request #6342 from MathiasVP/fix-fp-in-uninitialized-local 
C++: Fix FP in `cpp/uninitialized-local`
 2021-07-21 14:46:57 +02:00
Mathias Vorreiter Pedersen
e536cecefe C++: Fix FP caused by a variable missing type information. 2021-07-21 11:04:23 +02:00
Mathias Vorreiter Pedersen
6d0290809d Merge branch 'rc/3.2' into mergeback-2021-07-21 2021-07-21 10:23:58 +02:00
ihsinme
8aac5b339e Update FindIncorrectlyUsedExceptions.expected 2021-07-21 09:49:19 +03:00
ihsinme
4202759bcc Update test.cpp 2021-07-21 09:48:36 +03:00
ihsinme
2d1924ac0e Update test.cpp 2021-07-21 08:32:18 +03:00
ihsinme
cf689b83a9 Apply suggestions from code review 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-07-21 08:29:42 +03:00
Geoffrey White
473198a6ef C++: Accept any check followed by a 'sensitive' use such as 'chmod'. 2021-07-20 18:11:05 +01:00
Geoffrey White
c6d8abc9b1 C++: Add a couple more testcases. 2021-07-20 17:52:59 +01:00
Mathias Vorreiter Pedersen
a006a7fb24 Revert "Merge pull request #6004 from MathiasVP/path-sensitive-stack-variable-reachability-analysis" 
This reverts commit e3e7b00986, reversing
changes made to 8ccdd4fb9f.
 2021-07-20 18:06:49 +02:00
Geoffrey White
5d1c7841a6 C++: Change note. 2021-07-20 14:14:01 +01:00
Geoffrey White
ae944b268a C++: Restrict the 'check' to stat / access only as these are by far the more reliable results. 2021-07-20 11:18:00 +01:00
Geoffrey White
ab4b2c2342 C++: Fix 'rename'. 2021-07-19 18:58:39 +01:00
Geoffrey White
95ec8f5394 C++: Add support for '_wfsopen'. 2021-07-19 18:36:09 +01:00
Geoffrey White
c85edb6c03 C++: Use [, ] in the query. 2021-07-19 15:24:25 +01:00
Geoffrey White
7684796d63 C++: Fix handling of the 'stat' pointer argument. 2021-07-19 15:13:19 +01:00
Mathias Vorreiter Pedersen
7bc18abbb0 Merge pull request #6150 from geoffw0/toctou 
C++: Tests for cpp/toctou-race-condition
 2021-07-19 15:51:35 +02:00
Geoffrey White
0c029898bb C++: Autoformat. 2021-07-19 13:58:25 +01:00
Geoffrey White
49bbfefb4d C++: Fix uses of 'rename' in tests. 2021-07-19 13:57:16 +01:00
Robert Marsh
e0ff1d949b Merge pull request #6315 from MathiasVP/fix-off-by-one-in-rem-expr-range-analysis 
C++: Fix off–by-one in range analysis for `RemExpr`.
 2021-07-16 15:22:03 -07:00
ihsinme
4083da3218 Update cpp/ql/src/experimental/Security/CWE/CWE-561/FindIncorrectlyUsedSwitch.ql 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-07-16 23:18:58 +03:00
Mathias Vorreiter Pedersen
39d9395bc3 C++: Fix off-by-one in range analysis for 'RemExpr'. 2021-07-16 16:35:19 +02:00
Mathias Vorreiter Pedersen
81aa115838 C++: Fix range analysis bug for 'RemExpr'. 2021-07-16 16:28:08 +02:00
Mathias Vorreiter Pedersen
dc2eea59a3 C++: Add buggy testcase with 'RemExpr'. 2021-07-16 16:27:09 +02:00
Robert Marsh
59855de0ac Merge pull request #6301 from github/aibaars/drop-opaque-id 
CPP: drop opaque-id properties
 2021-07-15 16:36:11 -07:00
Geoffrey White
c5ed859cf5 C++: Update test comments to my best understanding. 2021-07-15 16:36:21 +01:00
Geoffrey White
c4322fdcd2 Merge pull request #6231 from ihsinme/ihsinme-patch-277 
Add query for CWE-758: Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
 2021-07-15 15:52:48 +01:00
Geoffrey White
e5e8a1b781 C++: Exclude integral types from SensitiveExprs. 2021-07-15 14:44:14 +01:00
Geoffrey White
dd95c53a3e C++: More test cases. 2021-07-15 14:39:56 +01:00
Geoffrey White
aabb2fc3a1 C++: Tune SensitiveExprs.qll based on real TP and FP results. 2021-07-15 14:25:29 +01:00
Arthur Baars
d059ec0c93 CPP: drop opaque-id properties 
The undocumented @opaque-id property takes precendence over the normal @id
property and causes the SARIF output produced by CodeQL to use that ID for
rules.
 2021-07-15 14:12:01 +02:00
Geoffrey White
e3e7b00986 Merge pull request #6004 from MathiasVP/path-sensitive-stack-variable-reachability-analysis 
C++: Add path-sensitivity to `StackVariableReachability`
 2021-07-15 12:34:33 +01:00
Anders Schack-Mulligen
8ccdd4fb9f Merge pull request #6211 from aschackmull/dataflow/refactor-call-context-check 
Dataflow: Refactor call context check
 2021-07-15 12:27:23 +02:00
Robert Marsh
4d8e882214 Merge pull request #6186 from geoffw0/formatarg 
C++: Fix FPs from cpp/wrong-type-format-argument
 2021-07-14 17:20:46 -07:00
Mathias Vorreiter Pedersen
1480ac7c1d C++: Potentially improve performance by restricting the size of the call-context relation. 2021-07-14 11:23:56 +02:00
Anders Schack-Mulligen
0ccb213ec5 Dataflow: Sync. 2021-07-14 10:36:09 +02:00
ihsinme
4d3666692b Update cpp/ql/src/experimental/Security/CWE/CWE-758/UndefinedOrImplementationDefinedBehavior.ql 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2021-07-14 10:17:53 +03:00
ihsinme
1e12ede9fa Apply suggestions from code review 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2021-07-14 10:11:28 +03:00
Geoffrey White
989633993b C++: Increase the query precision. 2021-07-13 18:38:30 +01:00
Geoffrey White
dd03828522 C++: Change note. 2021-07-13 18:08:34 +01:00
Robert Marsh
25dd29b24f Merge pull request #6158 from MathiasVP/call-ctx-for-function-ptr-resolution 
C++: Resolve function pointer calls using call contexts
 2021-07-13 10:00:44 -07:00
Geoffrey White
652f903457 C++: Add simple dataflow to the query. 2021-07-13 17:48:48 +01:00
Geoffrey White
7500d75b5b C++: Fix some easy FPs. 2021-07-13 17:36:41 +01:00
Geoffrey White
133953303b C++: More test cases. 2021-07-13 17:32:08 +01:00
Mathias Vorreiter Pedersen
7da7ec60d9 C++: Inline predicates from 'Bounded.qll'. 2021-07-12 19:09:33 +02:00