hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-27 14:16:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
44,401 Commits 1,673 Branches 157 Tags
2f673efc6745f61a9e635fcc8bf662abcd107839
Commit Graph

143 Commits

Author SHA1 Message Date
erik-krogh
9e4843d53e update the alert-message of cpp/file-may-not-be-closed based on feedback 2022-09-23 14:46:00 +02:00
erik-krogh
2351884352 update some alert-messages based on review feedback 2022-09-23 14:45:59 +02:00
erik-krogh
40bea78186 remove more instances of the alert-loc being repeated as a link 2022-09-23 14:45:59 +02:00
erik-krogh
a30c38f38c CPP: make more alert messages follow the style-guide 2022-09-23 14:45:59 +02:00
Nora Dimitrijević
f5a30c7bbe C++: Add correctness tag 
As that seems to be appropriate for this query.
 2022-08-31 16:59:57 +02:00
Nora Dimitrijević
38f185bee4 C++: Correct CWE tags in metadata 2022-08-31 16:58:05 +02:00
Nora Dimitrijević
0729e42536 C++: Update metadata based on cwe-scores 
Though the codeql/cwe-scores update-queries.py script did not make any changes on its own,
I looked up the score of the CWEs that @geoffw0 suggested using the explain.py script.

As discussed elsewhere, this should be more of a warning than a recommendation.
 2022-08-31 15:50:37 +02:00
Nora Dimitrijević
e10042be7d C++: Improve docs based on doc-review 
Thanks to @mchammer01 and @geoffw0 for the suggestions latest.
 2022-08-30 11:14:57 +02:00
Nora Dimitrijević
7d24d96d80 C++: Optimize MissingCheckScanf/bigStep() 2022-08-25 17:12:25 +02:00
Nora Dimitrijević
ad56274a73 C++: Small improvements to query qldoc and message 2022-08-25 15:22:41 +02:00
Nora Dimitrijević
a6a30b3725 C++: clarify ScanfOutput.getMinimumGuardConstant() 2022-08-25 15:07:39 +02:00
Nora Dimitrijević
e39229d59e C++: Remove unique-Instruction kludge in ScanfOutput 
Passes tests.
 2022-08-25 14:38:58 +02:00
Nora Dimitrijević
d8800c03b6 C++: new helper predicates in ScanfFunctionCall 
Extract some of the logic from the `cpp/missing-check-scanf` query into
the more generally useful `getOutputArgument(int index)`, `getAnOutputArgument()`,
and `getNumberOfOutputArguments()` predicates.
 2022-08-25 14:32:15 +02:00
Nora Dimitrijević
170d12bf5a Write MissingCheckScanf.qhelp 2022-08-24 19:58:19 +02:00
Nora Dimitrijević
ca162a4365 C++: complete initial implementation of cpp/missing-check-scanf 
There are still some remaining FPs (haven't fully tested them)
that should be ironed out in a follow-up to increase the precision, e.g.:

  * if scanf(&i) != 1 return
    if maybe() && scanf(&i) != 1 return
    use(i) // should be OK on both counts

  * The minimum guard constant for the *_s variants may not be right.

  * int i[2]
    scanf(i, i+1) // second i is flagged as a use of the first

  * Maybe loosen the "unguarded or badly guarded use() = bad" policy to
    "unguarded but already-initialized = good" and "badly guarded = bad",
    since a lot of FPs in MRVA fall into the "unguarded but already-
    initialized" bucket.
 2022-08-24 11:25:06 +02:00
Geoffrey White
c62ae3b350 C++: First working. We now prefer flagging the cases where the variable was initialized, as in real world cases we haven't seen it done safely. 2022-08-11 12:27:48 +02:00
Geoffrey White
76ef779f60 C++: Add test and placeholder query. 2022-08-11 12:27:39 +02:00
Mathias Vorreiter Pedersen
7593ebaa62 C++: Use 'getAstVariable' now that 'getASTVariable' is deprecated. 2022-03-14 13:38:27 +00:00
Mathias Vorreiter Pedersen
f2676968f0 C++: Actally convert 'cpp/overflow-destination' to a path-problem query. 2022-03-09 13:49:52 +00:00
Mathias Vorreiter Pedersen
d7652f9742 C++: Use a 'TaintTracking::Configuration' for 'cpp/overflow-destination'. 2022-03-09 12:07:25 +00:00
Erik Krogh Kristensen
4e8e3a7420 simplify expressions that could be type-casts 2022-01-20 10:41:35 +01:00
Erik Krogh Kristensen
6ff8d4de5c add all remaining explicit this 2021-11-26 13:50:10 +01:00
Anders Fugmann
e0921ac983 C++: Increase precision of cpp/static-buffer-overflow to high 2021-09-27 09:06:36 +02:00
Anders Fugmann
032ac50034 C++: Do not warn on static buffer overflow using loop counters, if the loop counter has been widened 2021-09-24 08:31:36 +02:00
Anders Fugmann
3e5f7d0db5 C++: using buildin offsetof for an array member indexed after end is legal 2021-09-24 08:31:35 +02:00
Anders Fugmann
a4a9e2aa96 C++: Weaken wording on overflow static alert text 2021-09-24 08:31:35 +02:00
Calum Grant
771e686946 Update security-severity scores 2021-06-15 13:25:17 +01:00
Calum Grant
a594afb828 Add security-severity metadata 2021-06-10 20:11:08 +01:00
Ian Lynagh
f9ede97fcd C++: Update the ReturnValueIgnored.qhelp docs to match the code 2021-05-26 17:38:49 +01:00
Mathias Vorreiter Pedersen
741eed93b2 C++: Replace minimum(any(...)) with a min aggregate. Also removed the min aggregate further down since it's no longer needed. 2021-05-19 09:03:05 +02:00
Mathias Vorreiter Pedersen
26c4a66dc4 C++: Add range analysis to fix FPs. 2021-05-18 17:54:30 +02:00
Chris Smowton
455b840712 Fix all dead qhelp links 
For those documents with no obvious new home I've pointed the links to the Internet Archive.
 2021-04-23 15:20:21 +01:00
Robert Marsh
cac1bef6ea C++: deprecate cpp/return-stack-allocated-object 2021-04-21 15:17:31 -07:00
Marcono1234
5a8ffa5a85 Use .inc.qhelp extension for included help files 2021-03-04 22:04:48 +01:00
Geoffrey White
b5326b3937 C++: Give OperatorNewAllocationFunction, OperatorDeleteAllocationFunction proper interfaces. 2020-11-05 16:43:49 +00:00
Geoffrey White
12233e5874 Merge pull request #4533 from MathiasVP/mathiasvp/fix-broken-qhelp 
C++: Fix broken qhelp links
 2020-10-26 14:40:52 +00:00
Mathias Vorreiter Pedersen
056a553976 C++: Fix broken qhelp links 2020-10-21 17:26:46 +02:00
Geoffrey White
6d91d55669 C++: Use the AllocationExpr model. 2020-10-21 11:00:15 +01:00
Geoffrey White
17ff34267a C++: Resolve the overlap. 2020-10-20 17:47:49 +01:00
Geoffrey White
7db2b2ce37 C++: Make the two queries more alike. 2020-10-20 17:46:47 +01:00
Geoffrey White
488a55b9dd C++: Autoformat. 2020-10-05 10:39:32 +01:00
Geoffrey White
3536d84bdf C++: Use [, ...] syntax more widely. 2020-10-02 18:04:03 +01:00
Jonas Jensen
ab90f06ddf C++: Rename Block -> BlockStmt 2020-09-08 08:40:20 +02:00
Arthur Baars
aedfa47cb4 Add missing QHelp files 2020-09-01 12:46:57 +02:00
Jonas Jensen
aa8f30cd83 Merge pull request #3268 from MathiasVP/ql-doc-negativitiy 
C++: Add QLDoc to public predicates in Negativity.qll
 2020-04-15 15:12:07 +02:00
Mathias Vorreiter Pedersen
3d0ac53266 Apply suggestions from code review 
Co-Authored-By: Jonas Jensen <jbj@github.com>
 2020-04-15 14:01:49 +02:00
Mathias Vorreiter Pedersen
a2fbe9e9da C++: Add QLDoc to public predicates in Negativity 2020-04-15 08:18:03 +02:00
Mathias Vorreiter Pedersen
092145d571 Update cpp/ql/src/Critical/FileClosed.qll 
Co-Authored-By: Jonas Jensen <jbj@github.com>
 2020-04-14 18:38:33 +02:00
Mathias Vorreiter Pedersen
419b511ddb C++: Format 2020-04-14 11:39:44 +02:00
Mathias Vorreiter Pedersen
d8dcbe3cbd C++: QLDoc for FileClosed, LoopBounds and MemoryFreed 2020-04-14 10:21:11 +02:00