hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,671 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

4510 Commits

Author SHA1 Message Date
semmle-qlci
cfe0b8803a Merge pull request #332 from raulgarciamsft/users/raulga/c6293a 
Approved by dave-bartolomeo
 2018-10-25 00:59:35 +01:00
Raul Garcia
a04eb53189 Documentation bug fix. 
Encoding the "<" character
 2018-10-24 15:22:53 -07:00
Geoffrey White
ec205e995b CPP: Include sizeof(expr) expressions in isDynamicallyAllocatedWithDifferentSize. 2018-10-24 16:17:04 +01:00
Jonas Jensen
3c6bed4de6 C++: FP fix for "operator= doesn't return *this" 2018-10-24 15:44:00 +02:00
Jonas Jensen
7affbe4a7d Merge pull request #341 from geoffw0/av_114 
CPP: Improve AV Rule 114.ql's understanding of return types.
 2018-10-24 09:39:51 +02:00
Dave Bartolomeo
f278f4fa47 C++: Operands as IPA types 
@rdmarsh2 has been working on various queries and libraries on top of the IR, and has pointed out that having to always refer to an operand of an instruction by the pair of (instruction, operandTag) makes using the IR a bit clunky. This PR adds a new `Operand` IPA type that represents an operand of an instruction. `OperandTag` still exists, but is now an internal type used only in the IR implementation.
 2018-10-23 14:58:44 -07:00
Jonas Jensen
640de0c947 Merge pull request #304 from geoffw0/resource-released 
CPP: Fix false positive in AV Rule 79.ql
 2018-10-23 20:24:23 +02:00
semmledocs-ac
1f390f2f77 Merge pull request #326 from rdmarsh2/rdmarsh/cpp/dead-code-goto 
C++: new query for dead code after goto or break
 2018-10-23 16:55:14 +01:00
Geoffrey White
dda7069890 CPP: Look for destructors in the template. 2018-10-23 13:05:43 +01:00
Geoffrey White
905336a625 CPP: Refine fix. 2018-10-23 13:05:42 +01:00
Geoffrey White
b861df0887 CPP: Fix issue when destructor body is missing. 2018-10-23 13:05:42 +01:00
Aditya Sharad
c88db424fa Merge pull request #343 from geoffw0/av-35-1.18 
CPP: Fix hasXMacro performance.
 2018-10-23 10:24:16 +01:00
Geoffrey White
de1556042a CPP: Fix hasXMacro performance. 2018-10-22 19:43:04 +01:00
Robert Marsh
f674d43ab1 Merge pull request #329 from geoffw0/overflowdest 
CPP: Improve Overflowdest.ql
 2018-10-22 10:51:41 -07:00
Robert Marsh
7bcc4379fc C++: accept loops with arbitrary labels or cases 2018-10-22 09:59:49 -07:00
Robert Marsh
4bed86f566 Merge pull request #313 from geoffw0/av-35 
CPP: Fix hasXMacro performance.
 2018-10-22 09:33:19 -07:00
semmle-qlci
c78f3f8edf Merge pull request #336 from aschackmull/java/dataflow-cleanup 
Approved by yh-semmle
 2018-10-20 03:43:49 +01:00
Raul Garcia
2f4da8841f Changing the name (file & tags) to match the JS version. 2018-10-19 15:21:56 -07:00
Geoffrey White
5158984613 CPP: Fix the issue. 2018-10-19 22:51:35 +01:00
Geoffrey White
e9499b59e4 CPP: Exclude switch statements. 2018-10-19 10:24:29 +01:00
Raul Garcia
e2fcaa9e20 Fixing typos & implementing the PR feedback 2018-10-18 14:44:24 -07:00
Robert Marsh
36a1ac52ac Merge pull request #331 from geoffw0/av-35b 
CPP: Speed up startsWithIfndef.
 2018-10-18 14:22:37 -07:00
Dave Bartolomeo
ce99f469a9 Update cpp/ql/src/Likely Bugs/Likely Typos/illDefinedForLoop.ql 2018-10-18 12:02:06 -07:00
Anders Schack-Mulligen
0b46ffa7d7 Java/CPP: Sync files. 2018-10-18 15:10:23 +02:00
Anders Schack-Mulligen
bf58b6c9ab Java: Remove self-ref tracking; improve AccessPath.toString on numbers. 2018-10-18 15:05:04 +02:00
Raul Garcia
739804acb2 CPP : Ill-defined for-loop (C6293) 
Superset of C6293, it looks for a mismatch between the initialization statement && condition and the direction of the iteration expression in a for loop.
 2018-10-17 16:24:34 -07:00
Robert Marsh
b40219bb01 C++: add good example for DeadCodeGoto 2018-10-17 11:58:51 -07:00
Robert Marsh
17537bb88b C++: respond to doc comments 2018-10-17 11:57:54 -07:00
Geoffrey White
6e10f39612 Merge pull request #319 from raulgarciamsft/users/raulga/c6277 
C++ : NULL application name with an unquoted path in call to CreateProcess
 2018-10-17 17:36:59 +01:00
Geoffrey White
b8d7292b46 CPP: Speed up startsWithIfndef. 2018-10-17 15:26:05 +01:00
Geoffrey White
757107660f CPP: Give the query a precision. 2018-10-17 13:25:44 +01:00
Geoffrey White
48c56cf744 CPP: Remove PointsTo. 2018-10-17 13:25:43 +01:00
Geoffrey White
99374301b8 CPP: Use taint library. 2018-10-17 13:25:43 +01:00
Geoffrey White
e77f3eb5b8 CPP: Simplify slightly. 2018-10-17 13:25:43 +01:00
Geoffrey White
939a836393 CPP: Add some comments. 2018-10-17 13:25:43 +01:00
Geoffrey White
f85889d052 CPP: Fix the example code. 2018-10-17 13:25:43 +01:00
Tom Hvitved
58a0815033 Merge remote-tracking branch 'upstream/master' into mergeback-2018-10-17 2018-10-17 13:24:37 +02:00
Robert Marsh
61f338449c C++: Change note and precision for DeadCodeGoto.ql 2018-10-16 15:40:59 -07:00
Robert Marsh
73cae5390e C++: new query for dead code after goto or break 2018-10-16 15:37:06 -07:00
Raul Garcia
7ab723ae79 Fixing typos & incorporating feedback. 
(MSFT feedback) Adding a new tag in the header @msrc.severity important
 2018-10-16 10:00:51 -07:00
semmle-qlci
6172c95e60 Merge pull request #320 from geoffw0/deprecated 
Approved by yh-semmle
 2018-10-16 15:45:06 +01:00
Raul Garcia
22d54801e5 Removed one false-positive scenario (no space on lpCommandLine) 
Improved the query to avoid multiple calls to hasGlobalName
Fixed typos
Simplified the test case file
 2018-10-15 15:53:02 -07:00
Raul Garcia
cd5e788aa7 Update UnsafeCreateProcessCall.ql 2018-10-15 13:41:21 -07:00
Raul Garcia
1d853691eb Update UnsafeCreateProcessCall.qhelp 2018-10-15 13:40:40 -07:00
Raul Garcia
b8f8c99529 Update UnsafeCreateProcessCall.qhelp 2018-10-15 13:39:46 -07:00
Geoffrey White
ff34ae2a46 CPP: Add deprecated metadata. 2018-10-15 08:56:49 +01:00
Raul Garcia
242d40369b Merge branch 'master' into users/raulga/c6277 2018-10-12 15:59:54 -07:00
Raul Garcia
85283d63ce C++ : NULL application name with an unquoted path in call to CreateProcess 
Calling a function of the CreatePorcess* family of functions, which may result in a security vulnerability if the path contains spaces.
 2018-10-12 15:57:01 -07:00
semmle-qlci
a8be7f2434 Merge pull request #312 from aschackmull/java/autoformat-libs 
Approved by yh-semmle
 2018-10-12 20:02:52 +01:00
Geoffrey White
a9b55534b4 CPP: Speed up phi_node > frontier_phi_node > ssa_defn recursion. 2018-10-12 18:11:53 +01:00