hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
36,895 Commits 1,671 Branches 157 Tags
4f54bb66b807ee4b22f6be28cfbb71d21b901b10
Commit Graph

3366 Commits

Author SHA1 Message Date
Jeroen Ketema
a546e6e01c C++: Update test to run with C++14 
The test uses an `auto` return type without a trailing return type, which is
a C++14 feature.
 2022-04-25 21:13:24 +02:00
Jeroen Ketema
b9e7045a2f C++: Update vector type test to reflect it uses old-clang features 
These features are no longer available and the frontend does stricter checking
on this.
 2022-04-25 21:13:04 +02:00
Robert Marsh
d0fc348ad9 C++: autoformat 2022-04-25 14:17:49 -04:00
Jeroen Ketema
97d4a12fb2 C++: Add non-returning function test case using __builtin_expect 2022-04-22 17:10:54 +02:00
Geoffrey White
d859a91a14 C++: Add support for createLSParser. 2022-04-22 12:24:01 +01:00
Erik Krogh Kristensen
ff73dbc35c delete redundant imports 2022-04-22 12:55:28 +02:00
Geoffrey White
79aba67036 Merge branch 'main' into xxe 2022-04-22 11:50:41 +01:00
Geoffrey White
40da7a1055 C++: Add a test of NoCheckBeforeUnsafePutUser.ql. 2022-04-21 16:55:50 +01:00
Jeroen Ketema
8139e1a2a8 C++: Fix tests after extractor changes that improve using position accuracy 2022-04-21 17:36:11 +02:00
Robert Marsh
f94fcf11cd C++: accept dataflow test changes 2022-04-19 13:32:19 -04:00
Porcupiney Hairs
85c751cb7f CPP: PAM Authorization Bypass 
This PR is similar to my other PRs for
[Python](https://github.com/github/codeql/pull/8595) and
[Golang](https://github.com/github/codeql-go/pull/709).

This PR aims to detect instances were an initiated PAM Transaction invokes the `pam_authenticate` method but does not invoke a call to the pam_acct_mgmt` method. This is bad as a call to `pam_authenticate` only verifies the users credentials. It does not check if the user account is still is a valid state.

If only a call to `pam_authenticate` is used to verify the user, a user with an expired account password would still be able to login. This can be prevented by calling the `pam_acct_mgmt` function after a `pam_authenticate` function.
 2022-04-19 18:24:19 +05:30
Geoffrey White
3326fd5400 C++: Update test .expected. 2022-04-19 13:43:17 +01:00
Robert Marsh
cae08c505f Merge branch 'main' into rdmarsh2/ir-global-vars 2022-04-18 15:25:03 -04:00
Robert Marsh
b5c8413f5c Merge branch 'main' into rdmarsh2/ir-global-vars 2022-04-18 15:19:25 -04:00
Geoffrey White
27b6b99cd0 C++: Correct and improve some comments and naming. 2022-04-13 18:34:15 +01:00
Geoffrey White
be0df1662c C++: Rename the query file. 2022-04-13 13:20:02 +01:00
Robert Marsh
0e3e35f233 C++: don't dump global vars without initializers 2022-04-12 11:21:41 -04:00
Geoffrey White
8d1e8e9ecb C++: Flow states and transformers. 2022-04-08 17:19:18 +01:00
Geoffrey White
3aaa058308 C++: Get the simplest part of the query working, disable the rest for now, fix metadata, formatting etc. 2022-04-07 19:01:30 +01:00
Geoffrey White
9a0880f516 C++: Clean up the tests, make them a bit more realistic, and add many more test cases. 2022-04-07 19:00:30 +01:00
Geoffrey White
e2eda65fe1 C++: Rename test, add .expected. 2022-04-07 18:59:51 +01:00
Jeroen Ketema
bfe9fb1721 Revert "Revert "Merge pull request #8592 from jketema/implied-cctor-source"" 
This reverts commit b1d9a070f4.
 2022-04-07 12:29:43 +02:00
Jeroen Ketema
b1d9a070f4 Revert "Merge pull request #8592 from jketema/implied-cctor-source" 
This reverts commit d4834cb7ff, reversing
changes made to 268a3fd1c5.
 2022-04-07 12:02:37 +02:00
Mathias Vorreiter Pedersen
d4834cb7ff Merge pull request #8592 from jketema/implied-cctor-source 
C++: Add tests for copy constructor calls with implied source
 2022-04-07 11:00:40 +01:00
Robert Marsh
3a35a40062 WIP: start on CWE-611 tests 2022-04-06 12:55:56 +01:00
ihsinme
275b29a288 Update DangerousUseOfExceptionBlocks.expected 2022-04-05 22:48:11 +03:00
Jeroen Ketema
d19504fca2 C++: Add cpp/unused-local-variable test case with switch initializer 
This is similar to the test case with the `if` initializer, and we should
not forget about it once we support `if` initialization.
 2022-04-05 18:27:53 +02:00
Geoffrey White
04b8306f06 C++: Add some more patterns. 2022-04-04 16:57:00 +01:00
Geoffrey White
d42ee7d279 C++: Extend tests. 2022-04-04 16:46:56 +01:00
Jeroen Ketema
e91c04234e C++: Update tests for copy constructor calls with implied source 2022-04-04 12:48:02 +02:00
Jeroen Ketema
e710cf7921 C++: Add tests for copy constructor direct initializations 2022-04-04 12:48:01 +02:00
Jeroen Ketema
e1fa58a6f2 C++: Update tests after generating reference conversion 2022-04-01 18:32:46 +02:00
Jeroen Ketema
1d51b618d1 C++: Update tests for handling op bitwise copy in lambda captures 2022-04-01 18:32:46 +02:00
Jeroen Ketema
3fed59fd13 C++: Add more lambda capture IR tests 2022-04-01 18:32:45 +02:00
Geoffrey White
b296b0150a C++: Some enhancements to SensitiveExprs.qll as well, inspired by csharp. 2022-03-31 10:24:17 +01:00
Geoffrey White
146318dbc1 Merge pull request #8580 from geoffw0/privdata 
C++: Port PrivateData.qll from C# and use it in cpp/cleartext-transmission
 2022-03-31 10:12:46 +01:00
Robert Marsh
3ce7c521d1 C++: fix IR global var init for string constants 2022-03-30 14:01:59 -04:00
Robert Marsh
e01799827a C++: add test for string global var inits in IR 2022-03-30 13:38:25 -04:00
Robert Marsh
fb0a848e5a C++: fix inconsistency with global var constructor 2022-03-30 13:32:02 -04:00
Robert Marsh
9d4aac61fd C++: add IR tests for global var with constructor 2022-03-30 13:20:26 -04:00
Robert Marsh
417b0b5353 C++: accept test changes for updated extractor 2022-03-30 10:23:17 -04:00
Dave Bartolomeo
e2396a5e03 Remove PrintIR tests for range analysis 
These were only used for debugging, and don't actually make good tests.
 2022-03-30 06:45:28 -04:00
Dave Bartolomeo
19789fa738 Merge remote-tracking branch 'upstream/main' into semantic-scratch 2022-03-30 06:39:14 -04:00
Jeroen Ketema
d1857a9e37 C++: Remove debugging options from library tests 2022-03-29 17:24:18 +02:00
Geoffrey White
cf5c6baadd C++: More test cases for salary. 2022-03-29 15:05:27 +01:00
Geoffrey White
b94ade3bdd C++: Improve the regexps. 2022-03-29 10:03:58 +01:00
Robert Marsh
3c1ec5a595 Merge branch 'main' into rdmarsh2/ir-global-vars 2022-03-28 16:06:17 -04:00
Robert Marsh
5811d0b2ad C++: add AliasedDefinition to IR global var inits 2022-03-28 14:53:43 -04:00
Geoffrey White
18f80eb3e3 C++: Loosen a few constraints slightly. 2022-03-28 11:16:57 +01:00
Geoffrey White
3fed7bf6d0 C++: Extend cpp/cleartext-transmission using PrivateData.qll. 2022-03-28 11:16:56 +01:00