hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,908 Commits 1,671 Branches 157 Tags
z80coder/ATM-feature-optimisation
Commit Graph

6882 Commits

Author SHA1 Message Date
Geoffrey White
90bc138049 CPP: Fix QLDoc comments. 2021-09-17 14:12:04 +01:00
Geoffrey White
a3de94e868 C++: Assign precision and severity; medium for now, since there are FPs in SAMATE Juliet. 2021-09-17 10:05:06 +01:00
ihsinme
b6bcf9fa44 Add files via upload 2021-09-16 19:18:19 +03:00
ihsinme
b393c6a285 Add files via upload 2021-09-16 19:16:54 +03:00
Anders Schack-Mulligen
236ffc8972 Merge pull request #6700 from aschackmull/dataflow/subpaths-joinorder 
Dataflow: Fix bad joinorder in subpaths
 2021-09-16 08:22:59 +02:00
Robert Marsh
c85cc1455b C++: accept changes to new ExecTainted test 2021-09-15 11:27:13 -07:00
Robert Marsh
a3e1f54e33 C++: Refactor models to prevent IR reevaluation 2021-09-15 10:55:56 -07:00
Robert Marsh
509a3493b6 C++: support new subpaths predicate in ExecTainted 2021-09-15 10:55:56 -07:00
Robert Marsh
09ef8f639e C++: Improve performance by restricting isSource 2021-09-15 10:55:55 -07:00
Robert Marsh
83cc098412 C++: accept test output 2021-09-15 10:55:55 -07:00
Robert Marsh
3cd08bc724 C++: autoformat Printf.qll 2021-09-15 10:55:55 -07:00
Robert Marsh
fe1f9878ba C++: add GVN import to fix reevaluation 2021-09-15 10:55:54 -07:00
Robert Marsh
e874fbbea2 C++: Add path stitching in ExecTainted.ql 2021-09-15 10:55:54 -07:00
Robert Marsh
5dc6e13ab5 C++: use TaintTracking2 in ExecTainted.ql 2021-09-15 10:55:53 -07:00
Robert Marsh
4d2036fa26 C++: change note for cpp/command-line-injection 2021-09-15 10:55:53 -07:00
Robert Marsh
c30e7ec41a C++: raise precision of cpp/command-line-injection 2021-09-15 10:55:53 -07:00
Robert Marsh
181eb803e1 C++: Add QLDoc for getOutputArgument 2021-09-15 10:55:52 -07:00
Robert Marsh
37c92178a5 C++: exclude int/string conversion in ExecTainted 2021-09-15 10:55:52 -07:00
Robert Marsh
5e265f45e1 C++: ExecTainted tests for int/string conversions 2021-09-15 10:55:51 -07:00
Robert Marsh
9926892c8a C++: remove debugging predicates 2021-09-15 10:55:51 -07:00
Robert Marsh
9c478c502e C++: add some more tests for ExecTainted 2021-09-15 10:55:50 -07:00
Robert Marsh
562c8b97ad C++: add comment explaining concatenation logic 2021-09-15 10:55:50 -07:00
Robert Marsh
6f408f949c C++: Refactor ExecTainted.ql to need concatenation 
This makes ExecTainted report results only when the tainted value does
not become the start of the string which is eventually run as a shell
command. The theory is that those cases are likely to be deliberate, and
part of the expected threat model of the program (e.g. $CC in make).
This lines up better with the results I considered fixable true
positives in LGTM testing
 2021-09-15 10:55:49 -07:00
Robert Marsh
8f4df8603a C++: more tests for command injection 2021-09-15 10:55:49 -07:00
Nick Rolfe
f76ce8b33b Merge pull request #6686 from hvitved/cpp/files-folders-drop-columns 
C++: Drop redundant columns from `files` and `folders` relations
 2021-09-15 18:33:20 +01:00
Mathias Vorreiter Pedersen
33ef634ea8 Merge pull request #6679 from andersfugmann/relax_memberMayBeVarSize 
Improve precision on OverflowStatic query.
 2021-09-15 17:24:10 +01:00
Anders Schack-Mulligen
c0fd44c909 Dataflow: Sync. 2021-09-15 16:10:54 +02:00
Geoffrey White
c4714b55a3 Merge pull request #6588 from ihsinme/ihsinme-patch-069 
CPP: Add query for CWE-675: Duplicate Operations on Resource
 2021-09-15 15:10:03 +01:00
Jonas Jensen
65f4ec403f Merge pull request #6593 from geoffw0/samate-move 
C++: Add test cases with SAMATE Juliet code snippets to the codeql test suite.
 2021-09-15 14:18:08 +02:00
Mathias Vorreiter Pedersen
947ab8a14d Make the QLDoc on 'getAnSqlParameter' more clear. 2021-09-15 13:15:05 +01:00
Geoffrey White
0e7afb24cf Merge pull request #6643 from MathiasVP/add-frontend-and-extractor-diagnostic-query 
C++: Add uninterpreted query for obtaining frontend and extraction time
 2021-09-15 11:17:58 +01:00
Geoffrey White
9ad51fbc02 C++: Fix the correct test this time. 2021-09-15 11:03:09 +01:00
Jordy Zomer
0f6e845418 Merge branch 'main' of https://github.com/JordyZomer/codeql into main 2021-09-15 10:41:31 +02:00
Jordy Zomer
01a06d1f5c Add filter and format the query 2021-09-15 10:37:40 +02:00
Anders Fugmann
e49cd83868 C++: update change note per suggestion from peer review 2021-09-15 10:31:15 +02:00
Geoffrey White
8fd848701e C++: Fix test failure. 2021-09-14 16:38:11 +01:00
Mathias Vorreiter Pedersen
44dca68463 Merge branch 'main' into promote-sql-pqxx 2021-09-14 15:29:37 +01:00
Anders Fugmann
bc22e0d9aa C++: Update comments on memberMayBeVarSize 2021-09-14 16:04:39 +02:00
Tom Hvitved
b69033f4ff C++: Upgrade script 2021-09-14 13:14:04 +02:00
Tom Hvitved
6c32b92929 C++: Drop redundant columns from files and folders relations 2021-09-14 13:14:04 +02:00
Anders Fugmann
3f5ab60fb4 C++: Add DEPRECATED to documentation block 2021-09-14 09:55:19 +02:00
ihsinme
8fa3cefb8c Update DoubleRelease.ql 2021-09-14 10:31:20 +03:00
ihsinme
d150c9a6be Update DoubleRelease.ql 2021-09-14 08:51:13 +03:00
Mathias Vorreiter Pedersen
a714966e9b Import 'cpp' and add more description. 2021-09-13 18:43:34 +01:00
Mathias Vorreiter Pedersen
034899367d C++: Exclude uninstantiated templates from AV Rule 114. 2021-09-13 18:08:51 +01:00
Anders Fugmann
f202ddc5aa C++: Add changenote 2021-09-13 16:31:06 +02:00
Geoffrey White
67c6b35845 C++: We get many more real world results using taint tracking. 2021-09-13 15:03:28 +01:00
Geoffrey White
0e8064dbf9 C++: Add a test demonstrating taint. 2021-09-13 15:00:31 +01:00
Anders Fugmann
8e9ac18026 C++: Deprecate RangeSSA::isGuardPhi/3 2021-09-13 15:35:05 +02:00
Geoffrey White
902fa7d44a C++: Subsection header. 2021-09-13 14:10:17 +01:00