hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
48,052 Commits 1,673 Branches 157 Tags
19fb73ce24f73c5499798bef3ed1a55bf9515f52
Commit Graph

8421 Commits

Author SHA1 Message Date
Jeroen Ketema
19fb73ce24 C++: Update tests after frontend changes 2022-12-13 19:52:59 +01:00
Jeroen Ketema
8f9a73ee09 C++: Address review comments 2022-12-08 16:14:12 +01:00
Jeroen Ketema
33fa76f911 C++: Add change note 2022-12-08 15:22:42 +01:00
Jeroen Ketema
b216c79992 C++: Accept test changes 2022-12-08 15:22:41 +01:00
Jeroen Ketema
f35b7f8fe8 C++: Model scanf and fscanf as flow sources 2022-12-08 15:22:41 +01:00
Mathias Vorreiter Pedersen
6897b20722 Merge pull request #11601 from MathiasVP/keep-std-string-iterator 2022-12-08 12:59:33 +00:00
Chris Smowton
49bc524fd0 Merge remote-tracking branch 'origin/rc/3.8' into smowton/admin/merge-rc38-into-main 2022-12-08 11:12:30 +00:00
Jeroen Ketema
a6bc9fd10f Merge pull request #11591 from jketema/getenv 
C++: Model `secure_getenv` and `_wgetenv` as local flow sources
 2022-12-08 10:44:28 +01:00
Jeroen Ketema
fc49ede33d C++: Add change note 2022-12-08 09:44:23 +01:00
Jeroen Ketema
a2dac3a41e C++: Move remote flow sink test and also handle local and remote sinks 2022-12-08 09:36:19 +01:00
Mathias Vorreiter Pedersen
54c12cd715 C++: Reintroduce 'StdBasicStringIterator'. 2022-12-07 18:21:52 +00:00
Jeroen Ketema
01d8ad98f6 C++: Model secure_getenv and _wgetenv as local flow sources 2022-12-07 13:37:12 +01:00
Jeroen Ketema
b5147bbfb0 C++: Deprecate DefaultTaintTracking and TaintTrackingImpl 2022-12-06 17:45:16 +01:00
Mathias Vorreiter Pedersen
2c500142c7 Merge pull request #11435 from jketema/rewrite-tainted-path 
C++: Rewrite `cpp/path-injection` to not use `DefaultTaintTracking`
 2022-12-06 14:54:57 +00:00
Jeroen Ketema
995efef5da C++: Add explanatory comment to hasFilteredFlowPath 2022-12-06 09:03:21 +01:00
Jeroen Ketema
5637d573c1 C++: Add test case that is no longer detected after latest changes 2022-12-06 08:31:22 +01:00
Jeroen Ketema
6dbc59d5b5 C++: Simplify isSink based on reviewer comments 2022-12-05 23:23:08 +01:00
Tom Hvitved
7972db68bc C++: Update expected test output 2022-12-05 17:07:32 +01:00
Tom Hvitved
52f3a48638 Data flow: Sync files 2022-12-05 12:57:27 +01:00
github-actions[bot]
5e35785fd0 Post-release preparation for codeql-cli-2.11.5 2022-12-02 11:37:44 +00:00
Mathias Vorreiter Pedersen
cef7224739 C++: Make QL-for-QL happy. 2022-12-02 10:12:25 +00:00
Mathias Vorreiter Pedersen
a245977075 C++: Change iterator models. 2022-12-02 10:11:20 +00:00
github-actions[bot]
31ab22e3a0 Release preparation for version 2.11.5 2022-12-01 20:05:14 +00:00
Jeroen Ketema
3dfe18b565 C++: Introduce the coarse upper bound check from default taint tracking 2022-12-01 09:13:48 +01:00
Owen Mansel-Chan
55c4643b20 Dataflow: Sync. 2022-11-30 11:00:07 +00:00
Arthur Baars
cf7ebe2fa8 Merge pull request #11471 from github/rc/3.8 
Merge rc/3.8 into main
 2022-11-29 12:57:34 +01:00
Jeroen Ketema
d3cccca7f1 C++: Filter duplicate (source, sink)-pairs 2022-11-29 11:17:39 +01:00
Jeroen Ketema
378206ae7d C++: Stop taint from flowing to arithmetic types 
These are not likely to give the user much control over what can be accessed.
 2022-11-29 11:15:28 +01:00
Jeroen Ketema
718663415b C++: Stop flow from going through another source 
Without this we get confusing results:
```
    char *userAndFile = argv[2];
    char *fileName = argv[1];
    fopen(fileName, "wb+"); // Both argv[1] and argv[2] marked as source without
                            // this change.
```

While here add some more test cases.
 2022-11-29 10:52:57 +01:00
Jeroen Ketema
63334764d7 C++: Rewrite cpp/path-injection to not use DefaultTaintTracking 2022-11-29 10:52:57 +01:00
Tom Hvitved
f3dca95958 Merge pull request #11087 from hvitved/dataflow/summary-ctx 
Data flow: Add summary/return context to pruning stages 2-4
 2022-11-29 10:36:53 +01:00
Felicity Chapman
59b6d657cc Apply suggestions from code review 
Co-authored-by: hubwriter <hubwriter@github.com>
 2022-11-28 15:45:05 +01:00
Felicity Chapman
c451fa8ad4 Update cpp/ql/src/Likely Bugs/RedundantNullCheckSimple.ql 
Co-authored-by: Taus <tausbn@github.com>
 2022-11-28 15:26:24 +01:00
Felicity Chapman
b5f849463b Update QL library references 2022-11-28 15:26:24 +01:00
Felicity Chapman
5f835da838 Update HTML comment in query 2022-11-28 15:25:38 +01:00
Tom Hvitved
cde05e1190 Data flow: Sync files 2022-11-28 12:11:38 +01:00
Jeroen Ketema
53b86fd53b Merge pull request #11428 from jketema/default-taint-tests 
C++: Add more tests that exercise the default taint barrier implementation
 2022-11-25 12:13:18 +01:00
Jeroen Ketema
4607f5990e C++: Add more tests that exercise the default taint barrier implementation 2022-11-25 10:19:45 +01:00
Erik Krogh Kristensen
1eec067474 Merge pull request #11294 from erik-krogh/fileDoc 
QL: improve the "this block-comment should have been a QLDoc"-query
 2022-11-23 22:23:36 +01:00
Mathias Vorreiter Pedersen
c2ac60fc34 Merge pull request #11311 from MathiasVP/repair-mustflow 
C++: Repair `MustFlow` library for use-use flow
 2022-11-21 19:13:10 +00:00
Edoardo Pirovano
6c33ddcd47 Merge pull request #11349 from github/edoardo/2.11.4-mergeback 
Merge `rc/3.8` into `main`
 2022-11-21 18:08:27 +00:00
Mathias Vorreiter Pedersen
7e80a57724 C++: Make ql-for-ql happy. 2022-11-21 15:13:19 +00:00
Mathias Vorreiter Pedersen
fcd9dd0be4 Update cpp/ql/lib/change-notes/2022-11-16-must-flow.md 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2022-11-21 14:18:20 +00:00
Jeroen Ketema
78ad9ba60f Merge pull request #11262 from rdmarsh2/rdmarsh2/cpp/deprecate-ast-gvn 
C++: deprecate AST-based GVN
 2022-11-21 13:38:54 +01:00
Jeroen Ketema
752bc2e980 C++: Accept test changes after AST-based GVN deprecation 2022-11-21 11:45:09 +01:00
Tom Hvitved
99e70e9a50 Data flow: Sync files 2022-11-20 10:19:23 +01:00
Mathias Vorreiter Pedersen
4478ac2c17 C++: Add change note. 2022-11-18 16:43:34 +00:00
Mathias Vorreiter Pedersen
ef6b85fa77 C++: Accept test changes. 2022-11-18 16:43:30 +00:00
Mathias Vorreiter Pedersen
b748ed8f43 C++: Repair the 'MustFlow' library. 2022-11-18 16:41:32 +00:00
github-actions[bot]
5b14ebf22a Post-release preparation for codeql-cli-2.11.4 2022-11-18 11:26:00 +00:00