hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,671 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

4510 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
9439ed49c1 Merge branch 'main' into better-path-explanation-for-this-indirection 2021-03-11 09:39:18 +01:00
Anders Schack-Mulligen
674886a17d Dataflow: Sync. 2021-03-10 16:53:51 +01:00
Mathias Vorreiter Pedersen
cc592b124b Merge branch 'main' into rdmarsh/cpp/use-taint-configuration-dtt 2021-03-10 15:59:48 +01:00
Geoffrey White
a2660e5996 Merge pull request #5326 from ihsinme/ihsinme-patch-244 
CPP: Add query for CWE-20 Improper Input Validation
 2021-03-10 13:53:26 +00:00
Tom Hvitved
fc5158c41c Merge pull request #5338 from hvitved/dataflow/performance-tweaks 
Data flow: Performance tweaks
 2021-03-10 13:56:57 +01:00
Cornelius Riemenschneider
16a3dfa30a C++: Update summary metrics query format. 2021-03-10 11:15:55 +00:00
Mathias Vorreiter Pedersen
0f6c56ad74 C++: Use names that better match the AST dataflow library. 2021-03-10 11:44:19 +01:00
ihsinme
c281820f0f Update LateCheckOfFunctionArgument.ql 2021-03-09 18:22:11 +03:00
Tom Hvitved
fe6efde449 Address review comments 2021-03-09 14:30:12 +01:00
Taus
19b74e6e01 Merge pull request #5367 from tausbn/mergeback-rc/3.1-to-main 
Merge rc/3.1 into main
 2021-03-09 12:46:24 +01:00
Mathias Vorreiter Pedersen
19d08d7b40 Merge branch 'main' into rdmarsh/cpp/use-taint-configuration-dtt 2021-03-09 12:35:44 +01:00
Mathias Vorreiter Pedersen
d14b993aba C++: Replace 'Argument -1 indirection' with 'This indirection'. 2021-03-09 10:22:21 +01:00
Jonas Jensen
2a9f7a966c Merge pull request #5361 from MathiasVP/arguments-in-path-explanations 
C++: Show arguments in path explanations
 2021-03-09 09:35:03 +01:00
Taus Brock-Nannestad
3d0d280972 Merge remote-tracking branch 'upstream/rc/3.1' into mergeback-rc/3.1-to-main 2021-03-08 22:15:10 +01:00
Anders Schack-Mulligen
aeb13146d2 Merge pull request #5275 from Marcono1234/marcono1234/included-qhelp-files 
Use `.inc.qhelp` extension for included help files
 2021-03-08 16:26:32 +01:00
Mathias Vorreiter Pedersen
e2c0bf3cc0 C++: Show arguments in path explanations and accept test changes. 2021-03-08 12:44:05 +01:00
ihsinme
921c41d710 Apply suggestions from code review 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2021-03-08 14:23:42 +03:00
Mathias Vorreiter Pedersen
bb53780ba9 C++: Add flow through unary instructions and pointer/indirection conflation for parameters. These rules are copy/pasted from DefaultTaintTracking. The conflation rules will hopefully be removed as part of #5089. 2021-03-08 09:42:47 +01:00
ihsinme
2b1b94835e Update LateCheckOfFunctionArgument.ql 2021-03-07 16:10:32 +03:00
Dave Bartolomeo
863497c695 C++: Update naming of queries and paths to use "summary" instead of "metrics" 2021-03-05 14:36:26 -05:00
Tom Hvitved
6e5af1a9f8 Data flow: Sync files 2021-03-05 14:56:40 +01:00
Jonas Jensen
32f1da7455 Merge pull request #5327 from MathiasVP/less-field-to-obj-flow 
C++: Remove more field-to-object flow
 2021-03-05 13:16:21 +01:00
Mathias Vorreiter Pedersen
2d7f15cc8a C++: Fix join-order in cpp/memset-may-be-deleted. 2021-03-05 11:38:15 +01:00
Mathias Vorreiter Pedersen
c86fc223b9 C++: Fix comment and prevent false positives on chiOnlyPartiallyUpdatesLocation when Alias::getEndBitOffset doesn't have known value. 2021-03-05 08:53:24 +01:00
Marcono1234
5a8ffa5a85 Use .inc.qhelp extension for included help files 2021-03-04 22:04:48 +01:00
Mathias Vorreiter Pedersen
b399246d7f C++/C#: Sync identical files. 2021-03-04 16:34:35 +01:00
Mathias Vorreiter Pedersen
23876cb581 C++: Only allow taint to a FieldAddressInstruction if it's a union type. 2021-03-04 16:29:44 +01:00
Mathias Vorreiter Pedersen
31690dee58 Fix comment. 2021-03-04 16:11:47 +01:00
Mathias Vorreiter Pedersen
6c14288fa7 C++: Use new predicate and accept test changes. 2021-03-04 16:05:38 +01:00
Mathias Vorreiter Pedersen
8a4cc3b5c2 C++: Sync identical files. 2021-03-04 15:38:36 +01:00
Mathias Vorreiter Pedersen
200d94777a C++: Add isPartialUpdate member predicate to ChiInstructions. 2021-03-04 15:37:47 +01:00
ihsinme
633fc92efc Add files via upload 2021-03-04 16:20:22 +03:00
Anders Schack-Mulligen
45f52289ea Merge branch 'main' into java/merge-5226 2021-03-04 11:36:16 +01:00
Anders Schack-Mulligen
fe07630e40 Merge pull request #5219 from smowton/smowton/feature/backward-dataflow-for-fluent-methods 
Java: Add backward dataflow edges through fluent function invocations.
 2021-03-04 11:13:32 +01:00
Marcono1234
b9c0193022 Sync .qhelp file renaming to other languages 2021-03-03 15:38:08 +01:00
Mathias Vorreiter Pedersen
721ba5e2c5 Merge pull request #4825 from rdmarsh2/rdmarsh2/cpp/operand-reuse 
C++: share `TOperand` across IR stages
 2021-03-03 08:55:44 +01:00
Robert Marsh
dbd8432884 C++: autoformat 2021-03-02 12:11:12 -08:00
Andrew Eisenberg
9982112b61 Documentation: Update C/C++ Element::fromSource() docs 
The previous documentation was not correct. This
documentation is adapted from File::fromSource().
 2021-03-02 08:57:17 -08:00
Mathias Vorreiter Pedersen
eb4f1e1ba0 C++: Restore some of the lost test results by doing operand -> instruction taint steps in IR TaintTracking. 2021-03-02 15:45:40 +01:00
Mathias Vorreiter Pedersen
748f5344ff Merge branch 'main' into rdmarsh/cpp/use-taint-configuration-dtt 2021-03-02 10:43:37 +01:00
Robert Marsh
2b382d588a C++: autoformat Operand.qll 2021-03-01 11:13:04 -08:00
Chris Smowton
cdccc1a064 Remove needless typecasts 2021-03-01 16:47:34 +00:00
Chris Smowton
c32514bf66 Sync dataflow library files 2021-03-01 10:27:28 +00:00
Jonas Jensen
208a374c58 Merge pull request #5256 from MathiasVP/promote-insecure-memset-query 
C++: Promote insecure removal of memset query
 2021-03-01 08:30:16 +01:00
Mathias Vorreiter Pedersen
0f7256752a Update cpp/ql/src/Security/CWE/CWE-014/MemsetMayBeDeleted.qhelp 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2021-02-26 19:16:28 +01:00
Mathias Vorreiter Pedersen
42d2a673c7 C++: Respond to review comments. 2021-02-26 10:06:05 +01:00
Robert Marsh
290b1c624e C++: cache the IR stage Operand class 2021-02-25 13:10:39 -08:00
Mathias Vorreiter Pedersen
faadcd913e C++: Exclude memsets that clear a variable that has no other uses. 2021-02-25 21:27:12 +01:00
Mathias Vorreiter Pedersen
2777ca445e Update cpp/ql/src/Security/CWE/CWE-014/MemsetMayBeDeleted.ql 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2021-02-25 19:49:58 +01:00
Dave Bartolomeo
2e02625f22 C++: Summary metrics queries 
This is a first attempt at implementing, for C++, the set of summary queries that we expect all languages to implement to help diagnose extraction failures and build configuration problems. See the spec in [this document](https://docs.google.com/document/d/1V3zpkj0OGh8GEUVwACRx7fiafE5zklujAftZaYUyf9s/edit?usp=sharing). The five queries are:

- Total number of source files (including .c/.cpp and header files)
- Total number of lines of text across all text files
- Total number of lines of code across all text files
- Number of lines of text in each source file
- Number of lines of code in each source file

I've added some simple unit tests that cover all five of these.
 2021-02-25 12:53:39 -05:00