5418 Commits

Author	SHA1	Message	Date
Jeroen Ketema	d19504fca2	C++: Add cpp/unused-local-variable test case with switch initializer ... This is similar to the test case with the `if` initializer, and we should not forget about it once we support `if` initialization.	2022-04-05 18:27:53 +02:00
Jeroen Ketema	dea510ac95	C++: Add change note for cpp/unused-local-variable changes	2022-04-01 18:32:46 +02:00
Jeroen Ketema	4f49f9d6e1	C++: Remove exception from cpp/unused-local-variable that is no longer needed	2022-04-01 18:32:46 +02:00
Geoffrey White	146318dbc1	Merge pull request #8580 from geoffw0/privdata ... C++: Port PrivateData.qll from C# and use it in cpp/cleartext-transmission	2022-03-31 10:12:46 +01:00
Robert Marsh	8d21c8b7c5	Merge pull request #8423 from 4B5F5F4B/main ... [CPP][Linux Kernel]Add ql to detect CVE-2017-5123	2022-03-29 15:10:15 -04:00
Geoffrey White	0e3e145e53	C++: Add CWE-359 tag to cpp/cleartext-transmission.	2022-03-29 14:44:06 +01:00
4B5F5F4B	9358b824c0	modify select clause to make codeql happy:)	2022-03-29 10:41:12 +08:00
Geoffrey White	611b820cbc	C++: Change notes.	2022-03-28 14:27:21 +01:00
Geoffrey White	3fed7bf6d0	C++: Extend cpp/cleartext-transmission using PrivateData.qll.	2022-03-28 11:16:56 +01:00
4B5F5F4B	2d7b9c0c4f	modify a little cute typo	2022-03-26 22:55:27 +08:00
4B5F5F4B	7a091f808b	Create NoCheckBeforeUnsafePutUser.ql	2022-03-26 22:45:03 +08:00
4B5F5F4B	64863d493b	Delete cve-2017-5123.ql	2022-03-26 22:42:59 +08:00
Andrew Eisenberg	5fb84a774b	Merge pull request #8553 from github/aeisenberg/cpp-suites ... Suites: Remove self-referential `from` directives	2022-03-25 09:15:53 -07:00
Geoffrey White	9f3fd57534	Merge branch 'main' into cwe497b	2022-03-25 11:57:30 +00:00
Geoffrey White	e377eebdbc	C++: More 'adversary' -> 'malicious user' and related doc changes.	2022-03-25 11:34:37 +00:00
Geoffrey White	11074b6d77	Update cpp/ql/src/Security/CWE/CWE-497/PotentiallyExposedSystemData.ql ... Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>	2022-03-25 11:08:07 +00:00
Geoffrey White	6b6ee61d3f	Apply suggestions from code review ... Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>	2022-03-25 11:06:46 +00:00
Andrew Eisenberg	99f14af56a	Suites: Remove self-referential from directives ... Fixes https://github.com/github/codeql/issues/8412 See https://github.com/github/codeql/issues/8412#issuecomment-1078281668 for more detail.	2022-03-24 14:19:20 -07:00
Mathias Vorreiter Pedersen	61c944201f	Merge pull request #8461 from Paul1nh0/dev_cve_2016_6480 ... Add query for double-fetch vulnerability	2022-03-23 18:15:05 +00:00
Mathias Vorreiter Pedersen	0eab54d385	Merge pull request #8491 from jketema/command-line-injection-with-flow-state ... C++: Use flow states in `cpp/command-line-injection`	2022-03-23 11:03:29 +00:00
Mathias Vorreiter Pedersen	a84ee50af0	Update cpp/ql/src/change-notes/2022-03-21-command-line-injection-with-flow-states.md	2022-03-23 09:35:41 +00:00
Paul1nh0	5a1dc61d9d	modify arguments check logic ... As far as I can tell, root cause of double-fetech issue is read from the same user mode memory twice, so it makes sense that only check whether user mode pointer is same or not	2022-03-23 11:20:08 +08:00
Paul1nh0	6a6cd61d83	automated using CodeQL for VSCode extension	2022-03-23 09:37:45 +08:00
Paul1nh0	f2728f5284	delete some unused code	2022-03-22 23:20:30 +08:00
Paul1nh0	afe4a8435f	Using globalValueNumber to match same arguments	2022-03-22 21:14:07 +08:00
Paul1nh0	d476493c3e	Add double-fetch.ql under CWE-362 directory	2022-03-22 19:08:44 +08:00
Paul1nh0	dd4e82126c	remove to another directory	2022-03-22 19:06:53 +08:00
Paul1nh0	2dad2c477b	query description added	2022-03-22 19:06:03 +08:00
Mathias Vorreiter Pedersen	5cbd86519b	C++: Add internal extraction errors query and modify the 'code-scanning-selectors' to exclude internal queries.	2022-03-22 10:52:02 +00:00
Jeroen Ketema	2d9b630fa8	C++: Fix ExecTainted.ql formatting	2022-03-21 23:28:58 +01:00
Jeroen Ketema	b79eb6d10d	C++: Encode string value of data flow nodes in ExecState	2022-03-21 21:29:42 +01:00
Jeroen Ketema	e05227d3fe	C++: Add change note for the cpp/command-line-injection changes	2022-03-21 11:30:39 +01:00
Jeroen Ketema	f8198c3123	C++: Use flow states in cpp/command-line-injection	2022-03-18 20:06:45 +01:00
4B5F5F4B	d4c7314484	Delete cve-2016-6480.ql ... commit by mistake	2022-03-17 09:49:28 +08:00
Geoffrey White	95a63a69a5	Merge branch 'main' into cwe497b	2022-03-16 11:09:46 +00:00
Paul1nh0	85b22647ac	Add query for double-fetch vulnerability	2022-03-16 18:16:49 +08:00
4B5F5F4B	2a29c201ff	Merge branch 'github:main' into main	2022-03-16 18:06:16 +08:00
4B5F5F4B	baf1c8d76b	Create cve-2016-6480.ql	2022-03-16 17:49:05 +08:00
Mathias Vorreiter Pedersen	57922f56ee	Merge pull request #8424 from ihsinme/ihsinme-patch-fix077 ... Detection reduction on request	2022-03-15 16:17:47 +00:00
Geoffrey White	46f3f28a11	C++: Fix broken merge.	2022-03-15 14:53:25 +00:00
Geoffrey White	71e0da738d	Merge branch 'main' into cwe497b	2022-03-15 13:29:32 +00:00
Mathias Vorreiter Pedersen	9f014be7c7	Merge pull request #8447 from MathiasVP/add-missing-security-severity ... C++: Add missing `security-severity` tags	2022-03-15 11:29:28 +00:00
Geoffrey White	28315df405	Merge branch 'main' into cwe497b	2022-03-15 11:23:00 +00:00
Mathias Vorreiter Pedersen	7337ebd569	C++: Add missing 'security-severity' tags.	2022-03-15 10:54:36 +00:00
Mathias Vorreiter Pedersen	7e0e7d5004	Merge branch 'main' into use-taint-configuration-in-three-more-queries	2022-03-15 09:06:55 +00:00
Arthur Baars	6a74e761c8	Merge pull request #8398 from github/post-release-prep/codeql-cli-2.8.3 ... Post-release preparation for codeql-cli-2.8.3	2022-03-14 21:05:09 +01:00
Geoffrey White	73710e9edb	C++: Fix QLDoc.	2022-03-14 19:11:43 +00:00
Geoffrey White	7c93eb1eaf	C++: Fix large newtype.	2022-03-14 19:06:41 +00:00
Geoffrey White	d1b04b4e07	C++: Use asDefiningArgument() where appropriate.	2022-03-14 17:53:47 +00:00
Mathias Vorreiter Pedersen	7593ebaa62	C++: Use 'getAstVariable' now that 'getASTVariable' is deprecated.	2022-03-14 13:38:27 +00:00