hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,671 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

5724 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
c86fc223b9 C++: Fix comment and prevent false positives on chiOnlyPartiallyUpdatesLocation when Alias::getEndBitOffset doesn't have known value. 2021-03-05 08:53:24 +01:00
Mathias Vorreiter Pedersen
bd842403c8 C++: Add testcase 2021-03-05 08:06:22 +01:00
Marcono1234
5a8ffa5a85 Use .inc.qhelp extension for included help files 2021-03-04 22:04:48 +01:00
Mathias Vorreiter Pedersen
b399246d7f C++/C#: Sync identical files. 2021-03-04 16:34:35 +01:00
Mathias Vorreiter Pedersen
23876cb581 C++: Only allow taint to a FieldAddressInstruction if it's a union type. 2021-03-04 16:29:44 +01:00
Mathias Vorreiter Pedersen
31690dee58 Fix comment. 2021-03-04 16:11:47 +01:00
Mathias Vorreiter Pedersen
6c14288fa7 C++: Use new predicate and accept test changes. 2021-03-04 16:05:38 +01:00
CodeQL CI
ad4b9372bd Merge pull request #5302 from RasmusWL/expectation-tests-allow-str-prefix 
Approved by MathiasVP, tausbn
 2021-03-04 06:48:57 -08:00
Mathias Vorreiter Pedersen
8a4cc3b5c2 C++: Sync identical files. 2021-03-04 15:38:36 +01:00
Mathias Vorreiter Pedersen
200d94777a C++: Add isPartialUpdate member predicate to ChiInstructions. 2021-03-04 15:37:47 +01:00
ihsinme
cadb1d6554 Add files via upload 2021-03-04 16:21:34 +03:00
ihsinme
633fc92efc Add files via upload 2021-03-04 16:20:22 +03:00
Anders Schack-Mulligen
45f52289ea Merge branch 'main' into java/merge-5226 2021-03-04 11:36:16 +01:00
Anders Schack-Mulligen
fe07630e40 Merge pull request #5219 from smowton/smowton/feature/backward-dataflow-for-fluent-methods 
Java: Add backward dataflow edges through fluent function invocations.
 2021-03-04 11:13:32 +01:00
Marcono1234
b9c0193022 Sync .qhelp file renaming to other languages 2021-03-03 15:38:08 +01:00
Mathias Vorreiter Pedersen
721ba5e2c5 Merge pull request #4825 from rdmarsh2/rdmarsh2/cpp/operand-reuse 
C++: share `TOperand` across IR stages
 2021-03-03 08:55:44 +01:00
Robert Marsh
dbd8432884 C++: autoformat 2021-03-02 12:11:12 -08:00
Andrew Eisenberg
9982112b61 Documentation: Update C/C++ Element::fromSource() docs 
The previous documentation was not correct. This
documentation is adapted from File::fromSource().
 2021-03-02 08:57:17 -08:00
Mathias Vorreiter Pedersen
eb4f1e1ba0 C++: Restore some of the lost test results by doing operand -> instruction taint steps in IR TaintTracking. 2021-03-02 15:45:40 +01:00
Mathias Vorreiter Pedersen
23d3109071 C++: Use taintedWithPath in more tests. This is the predicate that's currently hooked up to the new IR taint tracking library. 2021-03-02 13:40:39 +01:00
Mathias Vorreiter Pedersen
6ba35f4aac C++: Fix function renaming and accept test change. 2021-03-02 11:31:24 +01:00
Mathias Vorreiter Pedersen
9f02c144a8 C++: Remove files that were incorrectly added when resolving merge conflicts. 2021-03-02 11:14:49 +01:00
Mathias Vorreiter Pedersen
ffc6af73b7 C++: Accept test changes. 2021-03-02 11:00:43 +01:00
Mathias Vorreiter Pedersen
748f5344ff Merge branch 'main' into rdmarsh/cpp/use-taint-configuration-dtt 2021-03-02 10:43:37 +01:00
Robert Marsh
2b382d588a C++: autoformat Operand.qll 2021-03-01 11:13:04 -08:00
Chris Smowton
cdccc1a064 Remove needless typecasts 2021-03-01 16:47:34 +00:00
Rasmus Wriedt Larsen
0874712c97 C++/Java/Python: Allow Python string prefix in InlineExpectationsTest 
I've been writing tests for crypto libraries in Python, and have wanted to write
code along the lines of

```py
md5.hash(b"some message") # $ HashInput=b"some message"
```

which didn't work before this commit, forcing me to store my text in a variable
like below. This turned out to be really annoying when dealing with more complex
examples, so therefore I'm adding this new functionality to allow this behavior.

```py
msg = b"some message"
md5.hash(msg) # $ HashInput=msg
```
 2021-03-01 13:44:28 +01:00
Chris Smowton
c32514bf66 Sync dataflow library files 2021-03-01 10:27:28 +00:00
Jonas Jensen
208a374c58 Merge pull request #5256 from MathiasVP/promote-insecure-memset-query 
C++: Promote insecure removal of memset query
 2021-03-01 08:30:16 +01:00
Mathias Vorreiter Pedersen
0f7256752a Update cpp/ql/src/Security/CWE/CWE-014/MemsetMayBeDeleted.qhelp 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2021-02-26 19:16:28 +01:00
Mathias Vorreiter Pedersen
42d2a673c7 C++: Respond to review comments. 2021-02-26 10:06:05 +01:00
Mathias Vorreiter Pedersen
72daf2eef9 C++: Make the tests more realistic by actually using the local variable for something. Otherwise it looks like a zero-initialization of a buffer, which the query now tries to exclude. 2021-02-26 09:19:05 +01:00
Robert Marsh
290b1c624e C++: cache the IR stage Operand class 2021-02-25 13:10:39 -08:00
Mathias Vorreiter Pedersen
faadcd913e C++: Exclude memsets that clear a variable that has no other uses. 2021-02-25 21:27:12 +01:00
Mathias Vorreiter Pedersen
2777ca445e Update cpp/ql/src/Security/CWE/CWE-014/MemsetMayBeDeleted.ql 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2021-02-25 19:49:58 +01:00
Dave Bartolomeo
2e02625f22 C++: Summary metrics queries 
This is a first attempt at implementing, for C++, the set of summary queries that we expect all languages to implement to help diagnose extraction failures and build configuration problems. See the spec in [this document](https://docs.google.com/document/d/1V3zpkj0OGh8GEUVwACRx7fiafE5zklujAftZaYUyf9s/edit?usp=sharing). The five queries are:

- Total number of source files (including .c/.cpp and header files)
- Total number of lines of text across all text files
- Total number of lines of code across all text files
- Number of lines of text in each source file
- Number of lines of code in each source file

I've added some simple unit tests that cover all five of these.
 2021-02-25 12:53:39 -05:00
Mathias Vorreiter Pedersen
9e7c9d0ea0 C++: Respond to review comments. Relax the escaping requirements on the local variable being used in memset. 2021-02-25 18:22:48 +01:00
Mathias Vorreiter Pedersen
3f26b2940d Update cpp/ql/src/Security/CWE/CWE-014/MemsetMayBeDeleted.ql 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2021-02-25 15:48:48 +01:00
Mathias Vorreiter Pedersen
d33209388d C++: Fix test annotations. Also exclude static locals from the query and add a testcase for this. 2021-02-25 13:25:11 +01:00
Mathias Vorreiter Pedersen
ef8b734863 C++: Move tests out of experimental and merge with old existing tests from the other memset PRs. 2021-02-24 18:02:16 +01:00
Mathias Vorreiter Pedersen
c44fbaaf3c C++: Promote memset query out of experimental. 2021-02-24 18:01:41 +01:00
Geoffrey White
358a8fee7d C++: 'side-effect free'. 2021-02-24 09:25:11 +00:00
Geoffrey White
431a004127 C++: QLDoc. 2021-02-23 19:10:03 +00:00
Robert Marsh
0b2daf7679 C++: filter operands of removed IR instructions 2021-02-22 14:41:21 -08:00
Geoffrey White
362c12caea Merge pull request #5217 from MathiasVP/model-bsd-sockets-part-3 
C++: Implement models for poll, accept and select
 2021-02-22 18:34:59 +00:00
Mathias Vorreiter Pedersen
f908d2f1de C++: Remove hasTaintFlow from poll and select functions. 2021-02-22 08:54:43 +01:00
Mathias Vorreiter Pedersen
576a872316 C++: Address review comments. 2021-02-19 20:24:02 +01:00
Mathias Vorreiter Pedersen
299f371715 C++: Accept more test changes. 2021-02-19 16:01:31 +01:00
Geoffrey White
79338052ad C++: Add CWE-676 tag. 2021-02-19 14:55:31 +00:00
Mathias Vorreiter Pedersen
4f23c3546f C++: Don't generate WriteSideEffect instructions for const parameter indirections. 2021-02-19 15:15:51 +01:00