hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 02:13:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,405 Commits 1,671 Branches 157 Tags
remove-javascript
Commit Graph

6535 Commits

Author SHA1 Message Date
Ian Lynagh
089e4e2e1e Merge pull request #6147 from AlexDenisov/adjust_test_expectation 
C++: Adjust test expectations after frontend upgrade
 2021-06-23 14:43:47 +01:00
Mathias Vorreiter Pedersen
a8c57ec4aa C++: Prevent false negatives caused by incorrectly concluding that a loop variant condition refutes itself across loop iterations. 2021-06-23 15:08:16 +02:00
Alex Denisov
653afc8448 C++: Adjust test expectations after frontend upgrade 2021-06-23 14:39:16 +02:00
Mathias Vorreiter Pedersen
c44475458e Update cpp/ql/src/Security/CWE/CWE-190/Bounded.qll 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2021-06-23 14:38:36 +02:00
Mathias Vorreiter Pedersen
d308dd2f40 Update cpp/ql/src/semmle/code/cpp/controlflow/StackVariableReachability.qll 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2021-06-23 11:54:56 +02:00
Mathias Vorreiter Pedersen
90633b9ce1 C++: Make the new SQL abstract classes extend 'Function' instead. This is more in line with how we model RemoteFlowFunction. 2021-06-23 11:49:51 +02:00
Mathias Vorreiter Pedersen
6379463bcf Merge branch 'main' into improve-tainted-arithmetic 2021-06-23 11:42:45 +02:00
Geoffrey White
298f70f082 Merge pull request #6120 from MathiasVP/not-overflow-is-barrier-in-cwe-190 
C++: Recognize any non-overflowing arithmetic expression as a barrier for `cpp/uncontrolled-arithmetic`
 2021-06-23 10:35:33 +01:00
Mathias Vorreiter Pedersen
9b94f3a650 Merge branch 'main' into improve-tainted-arithmetic 2021-06-23 11:04:08 +02:00
Mathias Vorreiter Pedersen
a611e76ed2 C++: Respond to review comments. 2021-06-23 10:28:00 +02:00
ihsinme
d61fcfc84b Add files via upload 2021-06-23 10:46:03 +03:00
ihsinme
460fde72ff Add files via upload 2021-06-23 10:44:27 +03:00
Mathias Vorreiter Pedersen
90fe5c5aca C++: Add change-note. 2021-06-22 17:13:07 +02:00
Mathias Vorreiter Pedersen
2e2673aff6 C++: Delete the experimental SqlPqxxTainted query. 2021-06-22 17:13:07 +02:00
Mathias Vorreiter Pedersen
440793b5ff C++: Move the example from the experimental CWE-089 query into a test. 2021-06-22 17:13:06 +02:00
Mathias Vorreiter Pedersen
222cd41aa3 C++: Use the new SQL interface in 'Security.qll' and 'SqlTainted.ql'. 2021-06-22 17:13:06 +02:00
Mathias Vorreiter Pedersen
092fbd60d9 C++: Create a new SQL interface. 2021-06-22 17:13:06 +02:00
ihsinme
94bd2a32f9 Update FindIncorrectlyUsedSwitch.qhelp 2021-06-22 10:39:37 +03:00
Mathias Vorreiter Pedersen
3bc6b11ae5 C++: Share the 'bounded' predicate from 'cpp/uncontrolled-arithmetic' and use it in 'cpp/tainted-arithmetic'. 2021-06-21 16:38:17 +02:00
Mathias Vorreiter Pedersen
05389bb9d4 Merge pull request #6099 from geoffw0/weak-crypto3 
Further improvements to cpp/weak-cryptographic-algorithm
 2021-06-21 15:46:50 +02:00
Geoffrey White
05ed4ed739 Update cpp/change-notes/2021-06-21-weak-cryptographic-algorithm.md 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-06-21 14:22:56 +01:00
Anders Schack-Mulligen
810de73246 C/C++: Update qltest expected output. 2021-06-21 14:47:31 +02:00
Anders Schack-Mulligen
65ac8be5ac Java: Add defaultImplicitTaintRead and sync. 2021-06-21 14:42:47 +02:00
Anders Schack-Mulligen
38319a4832 C/C++: Make Content public as DataFlow::Content. 2021-06-21 14:42:47 +02:00
Anders Schack-Mulligen
80880320d5 Dataflow: Sync. 2021-06-21 14:42:47 +02:00
Mathias Vorreiter Pedersen
238c483e5b C++: Make any non-overflowing arithmetic operation a barrier. 2021-06-21 14:05:34 +02:00
Mathias Vorreiter Pedersen
18e5d3cce8 C++: Add false positive with multiplication. 2021-06-21 14:04:27 +02:00
Geoffrey White
6f808c9e4c C++: Update change note. 2021-06-21 12:32:48 +01:00
Geoffrey White
79198974dc Merge branch 'main' into weak-crypto3 2021-06-21 11:55:29 +01:00
Anders Schack-Mulligen
9110dfaeb3 Merge pull request #6095 from hvitved/dataflow/local-cc-join 
Data flow: Fix `getLocalCallContext` join-order
 2021-06-21 12:53:38 +02:00
Geoffrey White
90e2a2d222 C++: Change note. 2021-06-21 11:30:12 +01:00
Mathias Vorreiter Pedersen
17df8e44d0 C++: Convert 'cpp/tainted-arithmetic' to a 'path-problem' query. 2021-06-18 14:56:17 +02:00
Calum Grant
32f6a465b0 Merge pull request #6080 from github/calumgrant/security-severities 
Update security-severity scores
 2021-06-18 09:40:40 +01:00
Tom Hvitved
eb86bceb4d Address review comments 2021-06-18 10:18:47 +02:00
Geoffrey White
b4cbe6dce8 C++: Increase query precision to high. 2021-06-17 14:33:17 +01:00
Geoffrey White
b5c71fd1d7 C++: Repair funcion call in a function call. 2021-06-17 14:33:16 +01:00
Geoffrey White
e5147c2a1f C++: Exclude functions that don't involve buffers. 2021-06-17 14:33:16 +01:00
Geoffrey White
a481e5c292 C++: Exclude template code. 2021-06-17 12:36:14 +01:00
Geoffrey White
8efdf359dc C++: Fix some incorrect uses of 'const' in the tests. 2021-06-17 12:36:13 +01:00
Geoffrey White
3641cdcc1f C++: Add a test case involving an array. 2021-06-17 12:36:09 +01:00
Geoffrey White
23db21cd90 C++: Test spacing. 2021-06-17 12:33:31 +01:00
Geoffrey White
d590952aaa C++: Add a test case involving nested function calls. 2021-06-17 12:23:18 +01:00
Geoffrey White
7632c9edb5 C++: Add test cases involving strings and comparisons. 2021-06-17 12:23:17 +01:00
Geoffrey White
2e236dd2a9 C++: Add a test case involving a harmless assert. 2021-06-17 12:23:17 +01:00
Geoffrey White
dca397dfb1 C++: Add a test case with a template class. 2021-06-17 12:23:16 +01:00
Anders Schack-Mulligen
b173b4141d Merge pull request #6096 from smowton/smowton/fix/inline-expectations-missing-prefix 
Inline expectation tests: accept // $MISSING: and // $SPURIOUS:
 2021-06-17 11:41:15 +02:00
Chris Smowton
558813acf7 Inline expectation tests: accept // $MISSING: and // $SPURIOUS: 
Previously there had to be a space after the $ token, unlike ordinary expectations (i.e., // $xss was already accepted)
 2021-06-17 09:44:39 +01:00
ihsinme
1cabaec0c3 Update cpp/ql/src/experimental/Security/CWE/CWE-561/FindIncorrectlyUsedSwitch.qhelp 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-06-17 11:09:36 +03:00
Tom Hvitved
ffb2350a54 Data flow: Fix getLocalCallContext join-order 2021-06-17 10:02:31 +02:00
Tom Hvitved
cc383e0f6a Data flow: Workaround for too clever compiler in consistency queries 2021-06-17 09:43:36 +02:00