hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,275 Commits 1,671 Branches 157 Tags
tausbn/python-refine-location-of-flask-request-sources
Commit Graph

5690 Commits

Author SHA1 Message Date
Robert Marsh
7bcc4379fc C++: accept loops with arbitrary labels or cases 2018-10-22 09:59:49 -07:00
Raul Garcia
2f4da8841f Changing the name (file & tags) to match the JS version. 2018-10-19 15:21:56 -07:00
Geoffrey White
5158984613 CPP: Fix the issue. 2018-10-19 22:51:35 +01:00
Geoffrey White
c97a5ed292 CPP: Add tests of AV Rule 114.ql with non-trivial return types. 2018-10-19 22:49:53 +01:00
Geoffrey White
e9499b59e4 CPP: Exclude switch statements. 2018-10-19 10:24:29 +01:00
Geoffrey White
298ead162d CPP: Add more test cases for HResultBooleanConversion.ql. 2018-10-19 10:24:29 +01:00
Raul Garcia
e2fcaa9e20 Fixing typos & implementing the PR feedback 2018-10-18 14:44:24 -07:00
Ian Lynagh
ef1552339e C++: Enhance MagicConstantsNumbers test 2018-10-18 12:36:42 +01:00
Ian Lynagh
894a37ccda C++: Accept test changes 2018-10-18 12:36:42 +01:00
Ian Lynagh
1b7961367a C++: Enhance a test 2018-10-18 12:36:42 +01:00
Raul Garcia
739804acb2 CPP : Ill-defined for-loop (C6293) 
Superset of C6293, it looks for a mismatch between the initialization statement && condition and the direction of the iteration expression in a for loop.
 2018-10-17 16:24:34 -07:00
Robert Marsh
17537bb88b C++: respond to doc comments 2018-10-17 11:57:54 -07:00
Tom Hvitved
58a0815033 Merge remote-tracking branch 'upstream/master' into mergeback-2018-10-17 2018-10-17 13:24:37 +02:00
Robert Marsh
73cae5390e C++: new query for dead code after goto or break 2018-10-16 15:37:06 -07:00
Raul Garcia
7ab723ae79 Fixing typos & incorporating feedback. 
(MSFT feedback) Adding a new tag in the header @msrc.severity important
 2018-10-16 10:00:51 -07:00
Raul Garcia
22d54801e5 Removed one false-positive scenario (no space on lpCommandLine) 
Improved the query to avoid multiple calls to hasGlobalName
Fixed typos
Simplified the test case file
 2018-10-15 15:53:02 -07:00
Raul Garcia
242d40369b Merge branch 'master' into users/raulga/c6277 2018-10-12 15:59:54 -07:00
Raul Garcia
85283d63ce C++ : NULL application name with an unquoted path in call to CreateProcess 
Calling a function of the CreatePorcess* family of functions, which may result in a security vulnerability if the path contains spaces.
 2018-10-12 15:57:01 -07:00
Jonas Jensen
a10c3bcffb C++: Suppress UnsignedGEZero in template inst. 
It still runs on uninstantiated templates because its underlying
libraries do. It's not clear whether that leads to other false
positives, but that's independent of the change I'm making here.
 2018-10-10 17:06:24 +02:00
Jonas Jensen
383dafac5c C++: Test for UnsignedGEZero with templates 2018-10-10 17:04:35 +02:00
Tom Hvitved
49644bfb47 Merge remote-tracking branch 'upstream/master' into mergeback-2018-10-08 2018-10-08 11:48:56 +02:00
Geoffrey White
99816d77e3 CPP: Additional test case fixed in combination with typedef work. 2018-10-05 17:13:50 +01:00
Geoffrey White
94ff2e5693 CPP: Lets just not report when we're not sure. 2018-10-05 16:40:54 +01:00
Geoffrey White
2841897e3a CPP: Make getAFormatterWideType more general and move it into FormattingFunction.qll. 2018-10-05 16:40:54 +01:00
Geoffrey White
89c56486b5 CPP: Test getDefaultCharType etc. 2018-10-05 16:40:54 +01:00
Geoffrey White
e2be19b555 CPP: New mechanism for string types in printf.qll. 2018-10-05 16:40:54 +01:00
Geoffrey White
1af6c10888 CPP: Add a test where different word sizes are present. 2018-10-05 16:40:54 +01:00
Geoffrey White
800555865a CPP: More test cases. 2018-10-05 16:40:54 +01:00
Geoffrey White
2af56b89b1 CPP: Add a test where different wide types are present. 2018-10-05 15:32:36 +01:00
Geoffrey White
39f030b8f7 CPP: Annotate test. 2018-10-05 15:32:36 +01:00
Geoffrey White
e74721e3a4 CPP: Test fixes as a result of changes. 2018-10-05 15:32:36 +01:00
Robert Marsh
a3459ddf08 C++: add support for custom wide character sizes 
Certain Microsoft projects, such as CoreCLR and ChakraCore, use a
library called the PAL, which enables two-byte strings in the printf
family of functions, even when built on a platform with four-byte
strings. This adds support for determining the size of a wide character
from the definitions of such functions, rather than assuming that they
match the compiler's wchar_t.
 2018-10-05 15:32:35 +01:00
Jonas Jensen
4720c5ab60 Merge pull request #264 from raulgarciamsft/users/raulga/c6276 
C++: incorrect string type conversion
 2018-10-04 21:06:07 +02:00
Jonas Jensen
364c9a6961 C++: Suppress pointless compare in template inst. 
It still runs on uninstantiated templates because its underlying
libraries do. It's not clear whether that leads to other false
positives, but that's independent of the change I'm making here.
 2018-10-03 14:48:11 +02:00
Jonas Jensen
2eea359f79 C++: Test for PointlessComparison with templates 2018-10-03 14:47:00 +02:00
Jonas Jensen
4ad4b19911 Merge pull request #189 from geoffw0/wrongtypedef 
CPP: Permit more typedefs in WrongTypeFormatArguments.ql
 2018-10-03 09:40:06 +02:00
Raul Garcia
492b511cdf Merge operation 2018-10-02 11:27:39 -07:00
Raul Garcia
230724c085 Updates based on feedback 2018-10-02 11:17:23 -07:00
Tobias Smolka
51dcdeff59 C++: support Decltype in suspicious-call-to-memset 2018-10-02 16:47:04 +02:00
Raul Garcia
99e6708b2b Merge branch 'master' into users/raulga/c6276 2018-10-01 10:28:54 -07:00
Raul Garcia
253b8d1287 C++ : cpp/incorrect-string-type-conversion 
Cast between semantically different string types: char* from/to wchar_t*
NOTE: Please let me know if you want to use a different CWE than CWE-704
 2018-10-01 10:25:49 -07:00
Aditya Sharad
337defdf3d Merge master into next. 2018-10-01 17:39:27 +01:00
Aditya Sharad
0882eb7bb3 Merge rc/1.18 into master. 2018-10-01 12:08:16 +01:00
Dave Bartolomeo
37091953dc C++: Fix test expectations after rebase 2018-09-30 08:25:42 -07:00
Jonas Jensen
16004facd9 Merge pull request #197 from rdmarsh2/rdmarsh/cpp/ir-guards 
IR-based guards library
 2018-09-28 21:14:08 +02:00
Robert Marsh
93732d8b5a C++: Combine IR guard tests into one ql file 
This is motivated by test performance; IR compilation happens separately
for each test and takes a bit over a minute, so combining these 8 tests
saves about 10 minutes of test running.
 2018-09-27 13:53:02 -07:00
Pavel Avgustinov
c7137cee75 Merge pull request #245 from adityasharad/merge/1.18-next-270918 
Merge rc/1.18 into next.
 2018-09-27 21:51:44 +01:00
Robert Marsh
b6cc6a3b23 C++: Fix BinaryLogicalOperators always being guards 2018-09-27 13:09:15 -07:00
Robert Marsh
f323fa1df8 C++: test changes from previous commit 
The IR for the conversion to bool results in a comparison where the left
hand side is not the result of any expression in the AST, so they can't
be usefully converted back to the AST
 2018-09-27 13:06:57 -07:00
Nick Rolfe
a55d6d7631 C++: CRLF -> LF in .expected file 2018-09-27 17:03:31 +01:00