hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,029 Commits 1,671 Branches 157 Tags
z80coder/query-pack-release-candidate-2
Commit Graph

6915 Commits

Author SHA1 Message Date
Anders Fugmann
c9c41252e3 C++: Update test results in SimpleRangeAnalysis 2021-09-24 12:23:48 +02:00
Anders Fugmann
3437cf2909 C++: only use upperbound if there are no overflows in the guard 2021-09-24 11:46:58 +02:00
Anders Fugmann
d7afd86a27 C++: Add test case exposing problem with overflows for upperBound predicate 2021-09-24 11:44:05 +02:00
Anders Fugmann
032ac50034 C++: Do not warn on static buffer overflow using loop counters, if the loop counter has been widened 2021-09-24 08:31:36 +02:00
Anders Fugmann
3e5f7d0db5 C++: using buildin offsetof for an array member indexed after end is legal 2021-09-24 08:31:35 +02:00
Anders Fugmann
b08eabec68 C++: Relax predicate memberMayBeVarSize to mark all members of size 0 or 1 as variable sized 2021-09-24 08:31:35 +02:00
Anders Fugmann
a4a9e2aa96 C++: Weaken wording on overflow static alert text 2021-09-24 08:31:35 +02:00
Robert Marsh
3189c578a4 C++: Add QLDoc to subpaths in DefaultTaintTracking 2021-09-23 22:42:38 -07:00
Robert Marsh
c2b356ab08 C++: add subpaths to DefaultTaintTracking 2021-09-23 21:00:45 -07:00
ihsinme
13741ba137 Update FindWrapperFunctions.ql 2021-09-23 12:55:03 +03:00
ihsinme
18de9f0aa3 Update FindWrapperFunctions.expected 2021-09-23 12:53:16 +03:00
Robert Marsh
49f8fd2164 C++: whitespace fix 2021-09-22 16:54:03 -07:00
Robert Marsh
0c5d642489 C++: Rename SystemFunction and restore QLDoc 2021-09-22 14:22:57 -07:00
Robert Marsh
6f03c3e252 C++: Accept command injection test changes 
Making the DefaultTaintTracking configurations inactive removed many
unneeded nodes and edges from the PathGraph predicates.
 2021-09-22 14:19:23 -07:00
Robert Marsh
8faeab18b9 C++: move ResolveCall.qll out of internal directory 2021-09-22 11:54:47 -07:00
Robert Marsh
21ed5c430d Merge branch 'main' into rdmarsh2/improve-exec-tainted 
Manual fix for conflict in Models.qll
 2021-09-22 11:51:18 -07:00
Mathias Vorreiter Pedersen
35baff8bac C#/C++: Sync identical files. 2021-09-22 13:32:29 +01:00
Mathias Vorreiter Pedersen
5969c227ab C++: Fix QLDoc on 'getAllocationAddressOperand' and 'getAllocationAddress'. 2021-09-22 13:32:20 +01:00
Robert Marsh
3108817717 C++: Add additional functions to the SQL models 2021-09-21 17:34:01 -07:00
Robert Marsh
d6fd83dd6c C++: move resolveCall to its own file for perf 
This avoids a performance issue in DataFlowImpl::localFlowStep when the
DataFlow::Configuration subclasses in DefaultTaintTracking are active
in the same query as other Configuration
subclasses.
ResolveCall.qll is kept internal for the moment.
 2021-09-21 16:32:09 -07:00
ihsinme
88a257fcdc Apply suggestions from code review 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-09-21 20:32:08 +03:00
Robert Marsh
d62f76afa6 Merge pull request #6133 from MathiasVP/promote-sql-pqxx 
C++: Promote `cpp/sql-injection-via-pqxx` out of experimental
 2021-09-21 10:13:57 -07:00
Robert Marsh
97c2917c16 Merge pull request #6409 from JordyZomer/main 
cpp: Add query to detect unsigned integer to signed integer conversio…
 2021-09-21 09:57:44 -07:00
Mathias Vorreiter Pedersen
478093aa89 Update cpp/ql/lib/semmle/code/cpp/models/interfaces/Sql.qll 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2021-09-21 17:51:24 +01:00
Mathias Vorreiter Pedersen
bd5edc7ae5 Respond to review comments. 2021-09-21 14:29:26 +01:00
Mathias Vorreiter Pedersen
dfe932d053 Add missing conjunct in PostgreSqlEscapeFunction's 'escapesSqlArgument' predicate. 2021-09-21 12:14:45 +01:00
Anders Schack-Mulligen
044623a360 Dataflow: Sync. 2021-09-20 14:58:28 +02:00
Mathias Vorreiter Pedersen
797966fd3d C++: Change the names of the new classes and predicates to match the upcoming 'CommandExecutionFunction' class. 2021-09-20 11:49:09 +01:00
Robert Marsh
a9add04ee3 C++: remove unneed import 2021-09-17 12:17:06 -07:00
Robert Marsh
d3d708bc68 C++: QLDoc for CommandExecution model 2021-09-17 12:16:20 -07:00
Geoffrey White
e7c82d7370 C++: Accept subpaths in tests. 2021-09-17 16:14:24 +01:00
Geoffrey White
24668b2281 Merge branch 'main' into cwe139 2021-09-17 16:04:51 +01:00
Geoffrey White
51243454c8 C++: Change note. 2021-09-17 15:10:55 +01:00
Geoffrey White
90bc138049 CPP: Fix QLDoc comments. 2021-09-17 14:12:04 +01:00
Geoffrey White
a3de94e868 C++: Assign precision and severity; medium for now, since there are FPs in SAMATE Juliet. 2021-09-17 10:05:06 +01:00
ihsinme
b6bcf9fa44 Add files via upload 2021-09-16 19:18:19 +03:00
ihsinme
b393c6a285 Add files via upload 2021-09-16 19:16:54 +03:00
Anders Schack-Mulligen
236ffc8972 Merge pull request #6700 from aschackmull/dataflow/subpaths-joinorder 
Dataflow: Fix bad joinorder in subpaths
 2021-09-16 08:22:59 +02:00
Robert Marsh
c85cc1455b C++: accept changes to new ExecTainted test 2021-09-15 11:27:13 -07:00
Robert Marsh
a3e1f54e33 C++: Refactor models to prevent IR reevaluation 2021-09-15 10:55:56 -07:00
Robert Marsh
509a3493b6 C++: support new subpaths predicate in ExecTainted 2021-09-15 10:55:56 -07:00
Robert Marsh
09ef8f639e C++: Improve performance by restricting isSource 2021-09-15 10:55:55 -07:00
Robert Marsh
83cc098412 C++: accept test output 2021-09-15 10:55:55 -07:00
Robert Marsh
3cd08bc724 C++: autoformat Printf.qll 2021-09-15 10:55:55 -07:00
Robert Marsh
fe1f9878ba C++: add GVN import to fix reevaluation 2021-09-15 10:55:54 -07:00
Robert Marsh
e874fbbea2 C++: Add path stitching in ExecTainted.ql 2021-09-15 10:55:54 -07:00
Robert Marsh
5dc6e13ab5 C++: use TaintTracking2 in ExecTainted.ql 2021-09-15 10:55:53 -07:00
Robert Marsh
4d2036fa26 C++: change note for cpp/command-line-injection 2021-09-15 10:55:53 -07:00
Robert Marsh
c30e7ec41a C++: raise precision of cpp/command-line-injection 2021-09-15 10:55:53 -07:00
Robert Marsh
181eb803e1 C++: Add QLDoc for getOutputArgument 2021-09-15 10:55:52 -07:00