hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
61,679 Commits 1,673 Branches 157 Tags
4e84c84e2da0c656ceddc58b7e448eaf43d22813
Commit Graph

748 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
351caaccfe C++: Add GOOD and BAD comments to qhelp examples. 2023-11-29 09:44:54 +00:00
Mathias Vorreiter Pedersen
8afd9288cb Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2023-11-29 09:36:29 +00:00
Mathias Vorreiter Pedersen
2b36ba33f0 C++: Add support for 'data' in the query. 2023-11-28 12:57:59 +00:00
Mathias Vorreiter Pedersen
71ad7696c3 C++: Add qhelp. 2023-11-28 09:06:24 +00:00
Mathias Vorreiter Pedersen
204acbacc5 C++: Add a new query for detecting calls to 'c_str' on temporary objects. 2023-11-28 09:06:24 +00:00
Mathias Vorreiter Pedersen
73138f1913 C++: No need to exclude ExprNodes as sources now that #14903 is merged. 2023-11-24 16:58:30 +00:00
Mathias Vorreiter Pedersen
a7d820ce62 C++: Remove workaround for negated conditions in 'cpp/user-controlled-bypass'. 2023-11-24 15:17:45 +00:00
Mathias Vorreiter Pedersen
e438671846 Merge pull request #14896 from MathiasVP/no-dtt-in-user-controlled-bypass 
C++: Rewrite `cpp/user-controlled-bypass` away from `DefaultTaintTracking`
 2023-11-24 14:43:10 +00:00
Mathias Vorreiter Pedersen
2681617f28 C++: Undo the workaround in 'cpp/tainted-permissions-check'. 2023-11-24 10:56:11 +00:00
Mathias Vorreiter Pedersen
5604fd7d80 C++: Rewrite 'cpp/user-controlled-bypass' away from 'DefaultTaintTracking'. 2023-11-23 17:35:54 +00:00
Mathias Vorreiter Pedersen
257d94be20 Merge pull request #14886 from jketema/rewrite-tainted-condition 
C++: Rewrite `cpp/tainted-permissions-check` to not use `DefaultTaintTracking`
 2023-11-23 16:18:03 +00:00
Mathias Vorreiter Pedersen
149fb7bbc2 Merge pull request #14881 from MathiasVP/no-dtt-in-user-controlled-null-termination-tainted 
C++: Rewrite `cpp/user-controlled-null-termination-tainted` away from `DefaultTaintTracking`
 2023-11-23 14:41:33 +00:00
Mathias Vorreiter Pedersen
b774ae07c8 Update cpp/ql/src/Security/CWE/CWE-170/ImproperNullTerminationTainted.ql 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2023-11-23 14:10:57 +00:00
Jeroen Ketema
7834626e26 C++: Rewrite cpp/tainted-permissions-check to not use DefaultTaintTracking 2023-11-23 14:52:53 +01:00
Jeroen Ketema
bb1945f899 C++: Rewrite cpp/tainted-format-string away from DefaultTaintTracking 2023-11-22 16:49:13 +01:00
Mathias Vorreiter Pedersen
306440ce6e C++: Convert 'cpp/user-controlled-null-termination-tainted' away from 'DefaultTaintTracking'. 2023-11-22 15:43:24 +00:00
Mathias Vorreiter Pedersen
c65c2489cf C++: Rewrite 'cpp/arithmetic-with-extreme-values' away from 'DefaultTaintTracking'. 2023-11-17 16:38:35 +00:00
Mathias Vorreiter Pedersen
c5d2866948 Merge pull request #14812 from MathiasVP/no-dtt-in-Integer-overflow-tainted 
C++: Convert `cpp/integer-overflow-tainted` away from DefaultTaintTracking
 2023-11-16 15:24:13 +00:00
Mathias Vorreiter Pedersen
078f223052 C++: Rewrite 'cpp/cpp/integer-overflow-tainted' away from DefaultTaintTracking. 2023-11-16 12:01:38 +00:00
Jeroen Ketema
afe318edbe C++: Delete cpp/tainted-format-string-through-global 2023-11-16 10:52:05 +01:00
Jeroen Ketema
46e6e72593 C++: Address review comments 2023-11-15 14:57:53 +01:00
Jeroen Ketema
92c18960c5 C++: Rewrite cpp/uncontrolled-process-operation to not use DefaultTaintTracking 2023-11-15 14:57:53 +01:00
Mathias Vorreiter Pedersen
1623bba18a Merge branch 'main' into no-dtt-in-tainted-arithmetic 2023-11-14 13:35:15 +00:00
Mathias Vorreiter Pedersen
c950e26b3e C++: Rewrite 'cpp/cpp/tainted-arithmetic' away from DefaultTaintTracking. 2023-11-14 12:19:12 +00:00
Mathias Vorreiter Pedersen
967bbbc1a7 C++: Block flow out of sinks that are qualifiers. This removes the new result duplication and keeps the new result. 2023-11-14 09:29:47 +00:00
Mathias Vorreiter Pedersen
cc6268339b C++: Fix failing test and accept test cases. 2023-11-13 15:57:22 +00:00
Mathias Vorreiter Pedersen
7048190929 Update cpp/ql/src/Security/CWE/CWE-120/UnboundedWrite.ql 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2023-11-09 12:39:10 +00:00
Mathias Vorreiter Pedersen
e90803a81c C++: Rewrite 'cpp/unbounded-write' away from DefaultTaintTracking. 2023-11-08 14:57:04 +00:00
Mathias Vorreiter Pedersen
37a536baf9 Merge pull request #14650 from jketema/invalid-experimental 
C++: Drop `experimental` tag from `cpp/invalid-pointer-deref`
 2023-10-31 20:14:25 +01:00
Jeroen Ketema
3478890090 C++: Drop experimental tag from cpp/invalid-pointer-deref 2023-10-31 19:46:22 +01:00
Mathias Vorreiter Pedersen
4a1bf95a87 C++: Expose a public memset model and use it in the exposure queries. 2023-10-31 11:17:51 +00:00
Jeroen Ketema
d56a9f0781 Merge pull request #14424 from jketema/rewrite-cgi-xss 
C++: Rewrite `cpp/cgi-xss` to not use default taint tracking
 2023-10-13 17:57:04 +02:00
Jeroen Ketema
61676277e8 C++: Fix barrier in cpp/cgi-xss 2023-10-13 14:05:47 +02:00
Mathias Vorreiter Pedersen
64fa6c8bbd C++: Remove the hacky flow state since this is no longer needed after #13717. 2023-10-12 13:58:36 +01:00
Jeroen Ketema
3b777c2764 C++: Rewrite cpp/cgi-xss to not use default taint tracking 
Also add a test that demonstrates that we need to look at inidrect expressions
and not direct ones.
 2023-10-10 11:56:39 +02:00
Jeroen Ketema
6ff8e06ace Revert "C++: Rewrite cpp/cgi-xss to not use default taint tracking" 
This reverts commit b6132d2a0f.
 2023-10-09 16:30:21 +02:00
Jeroen Ketema
b6132d2a0f C++: Rewrite cpp/cgi-xss to not use default taint tracking 2023-10-06 16:11:13 +02:00
Mathias Vorreiter Pedersen
3eb2da4c03 C++: No need to remove duplications manually. 2023-09-06 09:29:11 +01:00
Mathias Vorreiter Pedersen
20f501d1c7 C++: Change queries to use 'asExpr' instead of 'asConvertedExpr'. 2023-09-01 15:01:32 +01:00
Mathias Vorreiter Pedersen
d14ad92dbd Merge pull request #14006 from MathiasVP/promote-invalid-pointer-deref-out-of-experimental 
C++: Promote `cpp/invalid-pointer-deref` out of experimental
 2023-08-29 09:38:56 +01:00
Mathias Vorreiter Pedersen
89b91ec5c8 C++: Disable field flow from the 'cpp/invalid-pointer-deref' query. 2023-08-25 15:01:37 +01:00
Alex Eyers-Taylor
c43ba456e5 CPP: Remove old DeleteOrDeleteArrayExpr from a query. 2023-08-25 13:57:16 +01:00
Mathias Vorreiter Pedersen
123e58767b C++: Share RangeAnalysisUtil with 'cpp/overrun-write'. 2023-08-23 22:42:00 +01:00
Alex Eyers-Taylor
949b0a2613 CPP:Move import to start of file 2023-08-23 13:39:29 +01:00
Alex Eyers-Taylor
7d99d61662 CPP: Convert SQL tainted to IR dataflow. 2023-08-23 13:39:29 +01:00
Mathias Vorreiter Pedersen
530c950b41 C++: Fix formatting. 2023-08-22 13:40:00 +01:00
Mathias Vorreiter Pedersen
66f11d427b C++: Simplify description. 2023-08-22 13:39:38 +01:00
Mathias Vorreiter Pedersen
1c3a0d1632 Update cpp/ql/src/Security/CWE/CWE-193/InvalidPointerDeref.qhelp 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2023-08-22 13:03:07 +01:00
Mathias Vorreiter Pedersen
e88277bd3b Update cpp/ql/src/Security/CWE/CWE-193/InvalidPointerDeref.qhelp 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2023-08-22 13:02:37 +01:00
Mathias Vorreiter Pedersen
abe28cb106 Update cpp/ql/src/Security/CWE/CWE-193/InvalidPointerDeref.ql 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2023-08-22 13:02:29 +01:00