hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-27 22:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
20,489 Commits 1,673 Branches 157 Tags
15049ca85301412166478107f34bde76d3ac8ec4
Commit Graph

5662 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
45f52289ea Merge branch 'main' into java/merge-5226 2021-03-04 11:36:16 +01:00
Anders Schack-Mulligen
fe07630e40 Merge pull request #5219 from smowton/smowton/feature/backward-dataflow-for-fluent-methods 
Java: Add backward dataflow edges through fluent function invocations.
 2021-03-04 11:13:32 +01:00
Marcono1234
b9c0193022 Sync .qhelp file renaming to other languages 2021-03-03 15:38:08 +01:00
Tamás Vajk
73ad417757 Merge pull request #5132 from tamasvajk/feature/dotnet502 
C#: Upgrade projects to .net 5
 2021-03-03 12:47:08 +01:00
Mathias Vorreiter Pedersen
721ba5e2c5 Merge pull request #4825 from rdmarsh2/rdmarsh2/cpp/operand-reuse 
C++: share `TOperand` across IR stages
 2021-03-03 08:55:44 +01:00
Robert Marsh
dbd8432884 C++: autoformat 2021-03-02 12:11:12 -08:00
Andrew Eisenberg
9982112b61 Documentation: Update C/C++ Element::fromSource() docs 
The previous documentation was not correct. This
documentation is adapted from File::fromSource().
 2021-03-02 08:57:17 -08:00
Tamas Vajk
71f095d6d4 Upgrade projects to .net 5 2021-03-02 09:20:31 +01:00
Robert Marsh
2b382d588a C++: autoformat Operand.qll 2021-03-01 11:13:04 -08:00
Chris Smowton
5d2f3421d8 Add change notes 2021-03-01 16:59:20 +00:00
Chris Smowton
cdccc1a064 Remove needless typecasts 2021-03-01 16:47:34 +00:00
Chris Smowton
c32514bf66 Sync dataflow library files 2021-03-01 10:27:28 +00:00
Jonas Jensen
208a374c58 Merge pull request #5256 from MathiasVP/promote-insecure-memset-query 
C++: Promote insecure removal of memset query
 2021-03-01 08:30:16 +01:00
Mathias Vorreiter Pedersen
d4f7fab7df Update cpp/change-notes/2021-02-24-memset-may-be-deleted.md 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2021-02-26 19:17:13 +01:00
Mathias Vorreiter Pedersen
0f7256752a Update cpp/ql/src/Security/CWE/CWE-014/MemsetMayBeDeleted.qhelp 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2021-02-26 19:16:28 +01:00
Mathias Vorreiter Pedersen
42d2a673c7 C++: Respond to review comments. 2021-02-26 10:06:05 +01:00
Mathias Vorreiter Pedersen
4e4ffbd790 Update cpp/change-notes/2021-02-24-memset-may-be-deleted.md 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2021-02-26 09:48:21 +01:00
Mathias Vorreiter Pedersen
72daf2eef9 C++: Make the tests more realistic by actually using the local variable for something. Otherwise it looks like a zero-initialization of a buffer, which the query now tries to exclude. 2021-02-26 09:19:05 +01:00
Robert Marsh
290b1c624e C++: cache the IR stage Operand class 2021-02-25 13:10:39 -08:00
Mathias Vorreiter Pedersen
faadcd913e C++: Exclude memsets that clear a variable that has no other uses. 2021-02-25 21:27:12 +01:00
Mathias Vorreiter Pedersen
2777ca445e Update cpp/ql/src/Security/CWE/CWE-014/MemsetMayBeDeleted.ql 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2021-02-25 19:49:58 +01:00
Mathias Vorreiter Pedersen
9e7c9d0ea0 C++: Respond to review comments. Relax the escaping requirements on the local variable being used in memset. 2021-02-25 18:22:48 +01:00
Mathias Vorreiter Pedersen
3f26b2940d Update cpp/ql/src/Security/CWE/CWE-014/MemsetMayBeDeleted.ql 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2021-02-25 15:48:48 +01:00
Mathias Vorreiter Pedersen
d33209388d C++: Fix test annotations. Also exclude static locals from the query and add a testcase for this. 2021-02-25 13:25:11 +01:00
Jonas Jensen
2b54c33904 Merge pull request #5257 from MathiasVP/doh-its-2021-mathias 
C++: Turns out we're in 2021 and not 2020.
 2021-02-25 09:30:08 +01:00
Mathias Vorreiter Pedersen
70a953b633 C++: Add change-note. 2021-02-24 18:02:16 +01:00
Mathias Vorreiter Pedersen
ef8b734863 C++: Move tests out of experimental and merge with old existing tests from the other memset PRs. 2021-02-24 18:02:16 +01:00
Mathias Vorreiter Pedersen
c44fbaaf3c C++: Promote memset query out of experimental. 2021-02-24 18:01:41 +01:00
Mathias Vorreiter Pedersen
fc4162ba1a C++: Turns out we're in 2021 and not 2020. 2021-02-24 17:15:51 +01:00
Geoffrey White
358a8fee7d C++: 'side-effect free'. 2021-02-24 09:25:11 +00:00
Geoffrey White
431a004127 C++: QLDoc. 2021-02-23 19:10:03 +00:00
Robert Marsh
0b2daf7679 C++: filter operands of removed IR instructions 2021-02-22 14:41:21 -08:00
Geoffrey White
362c12caea Merge pull request #5217 from MathiasVP/model-bsd-sockets-part-3 
C++: Implement models for poll, accept and select
 2021-02-22 18:34:59 +00:00
Mathias Vorreiter Pedersen
f908d2f1de C++: Remove hasTaintFlow from poll and select functions. 2021-02-22 08:54:43 +01:00
Mathias Vorreiter Pedersen
576a872316 C++: Address review comments. 2021-02-19 20:24:02 +01:00
Geoffrey White
79338052ad C++: Add CWE-676 tag. 2021-02-19 14:55:31 +00:00
Mathias Vorreiter Pedersen
fef824c37a C++: Implement models for poll, accept and select. 2021-02-19 14:03:54 +01:00
Geoffrey White
c4cca83019 Merge pull request #5196 from MathiasVP/fix-dataflow-regression-const-member-function 
C++: Fix missing dataflow "out of" const member functions
 2021-02-18 16:43:38 +00:00
Mathias Vorreiter Pedersen
88263cb89e Merge pull request #5114 from geoffw0/codeqltestdoc 
Documentation: Make our policy for copied example code clear and visible.
 2021-02-18 10:43:17 +01:00
Mathias Vorreiter Pedersen
3082d70345 Merge branch 'main' into fix-dataflow-regression-const-member-function 2021-02-18 09:34:51 +01:00
Cornelius Riemenschneider
ebcecca9f1 Merge pull request #5157 from geoffw0/modelsbsl2 
C++: Improve Iterator models
 2021-02-17 18:04:07 +01:00
Mathias Vorreiter Pedersen
908f24d23f C++: Fix missing AST flow. 2021-02-17 14:33:58 +01:00
Mathias Vorreiter Pedersen
e0dca2be20 Merge pull request #5185 from MathiasVP/block-integral-types-in-cgixss-query 
C++: Add isBarrier to cpp/cgi-xss
 2021-02-17 12:44:45 +01:00
Geoffrey White
ec79094957 Merge pull request #5191 from MathiasVP/regression-test-const-member-function 
C++: Add test for missing flow due to const specifier
 2021-02-17 10:59:20 +00:00
Mathias Vorreiter Pedersen
25beadcb05 Update cpp/ql/test/query-tests/Security/CWE/CWE-079/semmle/CgiXss/search.c 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2021-02-17 11:54:24 +01:00
Geoffrey White
c07a60818c C++: Simplify IteratorAssignArithmeticOperator. 2021-02-17 10:49:28 +00:00
Mathias Vorreiter Pedersen
e1c4406fd4 Merge pull request #5187 from geoffw0/modelsbsl5 
C++: Support BSL in Allocation.qll, Deallocation.qll.
 2021-02-17 11:48:53 +01:00
Mathias Vorreiter Pedersen
6db75df943 Merge pull request #5186 from geoffw0/modelsbsl4 
C++: More models work
 2021-02-17 11:46:23 +01:00
Mathias Vorreiter Pedersen
1b148c4c90 C++: Add reduced testcase demonstrating the problem in codeql-c-analysis-team/issues/231. 2021-02-17 11:20:00 +01:00
Mathias Vorreiter Pedersen
f5d5460dde C++: Fix testcase. 2021-02-17 10:53:31 +01:00