hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
36,895 Commits 1,671 Branches 157 Tags
4f54bb66b807ee4b22f6be28cfbb71d21b901b10
Commit Graph

7811 Commits

Author SHA1 Message Date
Jeroen Ketema
0b9b6d7b98 Address review comments 2022-02-03 12:09:18 +01:00
Jeroen Ketema
4d03082f16 Ensure that O_CREAT and O_TMPFILE are unique 2022-02-03 11:24:20 +01:00
Jeroen Ketema
e1ca5dd120 Simplify text in change note 2022-02-03 10:36:30 +01:00
Jeroen Ketema
5a2ce225f4 Check that all bits are set when checking for a flag 
The `O_...` macro definitions somtimes set multiple bits, while
the bits individually represent the values of different `O_...`
macros. This lead to false postives on codebases built against
Musl libc, which defines `O_TMPFILE` as `020200000` and
`O_DIRECTORY` as `0200000`.
 2022-02-03 10:29:13 +01:00
Tom Hvitved
6bb71f051b Merge pull request #7791 from hvitved/dataflow/inline-local-flow-star 
Data flow: Inline `local(Expr|Instruction)?(Flow|Taint)`
 2022-02-03 09:02:43 +01:00
Tom Hvitved
d7eeb1fec8 C#: Use .NET 6 2022-02-02 19:25:30 +01:00
Geoffrey White
708da8cd62 C++: Increase the query precision to 'high'. 2022-02-02 18:03:25 +00:00
Geoffrey White
4048ba0a1c C++: Fix false positives around terminal output. 2022-02-02 17:59:28 +00:00
Geoffrey White
39a2ffd438 C++: Fix false positives around 'stdin'. 2022-02-02 17:39:14 +00:00
Arthur Baars
6acf49d4da Merge pull request #7814 from aibaars/fix-ql-alerts 
Ruby: fix all QL-QL alerts
 2022-02-02 18:25:38 +01:00
Jeroen Ketema
aa4651312e Fix naming conflicts in cpp/world-writable-file-creation 2022-02-02 17:36:14 +01:00
Jeroen Ketema
f32500306a Address review comments 2022-02-02 17:24:55 +01:00
Geoffrey White
cc20969bdd C++: Add test cases based on some remaining real world FPs. 2022-02-02 16:15:59 +00:00
Jeroen Ketema
0773ab37a5 Use matches to check for 0x prefix 2022-02-02 15:26:46 +01:00
Jeroen Ketema
92d9e51d2a Extract the value of O_CREAT and O_TMPFILE from the defining macro 
There are operating systems that define `O_CREAT` with a different
value than Linux, which uses `0x40`. For example, OpenBSD uses `0x0200`.
Hence, we cannot use a hardcoded value.

Also handle `O_TMPFILE` while here.
 2022-02-02 15:16:26 +01:00
Mathias Vorreiter Pedersen
1aa32b09be Merge pull request #7802 from geoffw0/clrtxt8 
C++: Recognize password struct fields.
 2022-02-02 14:10:40 +00:00
Arthur Baars
33b97f3e0c Update synchronized files 2022-02-02 13:30:45 +01:00
Jeroen Ketema
bd859d99bf Address review comments 2022-02-02 10:09:47 +01:00
Jeroen Ketema
5b8f56dcc6 Add change notes 2022-02-02 10:07:38 +01:00
Geoffrey White
d864af3622 C++: Change note. 2022-02-01 19:00:40 +00:00
Jeroen Ketema
ff1c971100 Add query for missing mode argument in open/openat calls 2022-02-01 14:52:22 +01:00
Jeroen Ketema
dbac927721 Take into account that the 4th argument of openat may be omitted 
This matches what is done for `open`.
 2022-02-01 11:41:07 +01:00
Mathias Vorreiter Pedersen
a59a9ba82b C++: Autoformat. 2022-02-01 08:28:53 +00:00
BACK Yonah
46c1744204 C/C++: getFullyConverted replaced by getConversion* 2022-01-31 18:51:18 +01:00
BACK Yonah
56941dba6b C/C++ : Fixed select issue in Useless Test 2022-01-31 16:56:12 +01:00
BACK Yonah
ca2ff6f9fb C/C++: Fixing minor issues in Useless Test query 2022-01-31 16:04:56 +01:00
Tom Hvitved
f2352d8272 Data flow: Inline local(Expr|Instruction)?(Flow|Taint) 
Computing a full transitive closure is often bad; by inlining all calls we are
providing more context to the QL optimizer.
 2022-01-31 14:33:41 +01:00
BACK Yonah
d7313f3a82 C/C++ : Useless test 2022-01-30 14:33:32 +01:00
Mathias Vorreiter Pedersen
bb2feda8fb Merge pull request #7703 from geoffw0/getslocal 2022-01-28 19:35:15 +00:00
Geoffrey White
8a1b49f816 C++: Recognize password struct fields. 2022-01-28 19:10:46 +00:00
Mathias Vorreiter Pedersen
0f239e315c Merge pull request #7782 from geoffw0/clrtxt7 
C++: Fix FPs for cpp/cleartext-storage-file
 2022-01-28 17:24:05 +00:00
Geoffrey White
0396a84c3c C++: Remove empty predicate / extends. 2022-01-28 17:11:38 +00:00
Geoffrey White
af09dd8af1 C++: Fixes to gets models. 2022-01-28 16:04:23 +00:00
Geoffrey White
036e1495b8 Merge branch 'main' into getslocal 2022-01-28 15:58:13 +00:00
Geoffrey White
a695f02af4 C++: Add change note. 2022-01-28 12:38:27 +00:00
Geoffrey White
b73dc98191 C++: Exclude write to stdout etc. 2022-01-28 11:57:31 +00:00
Dave Bartolomeo
cca74e925f Merge pull request #7724 from github/aeisenberg/examples-groups 
Add new groups for examples packs
 2022-01-27 12:11:26 -05:00
Mathias Vorreiter Pedersen
b3f4357dc8 Merge pull request #7742 from geoffw0/clrtxt6 
C++: Upgrade cpp/cleartext-storage-buffer
 2022-01-27 14:40:40 +00:00
Geoffrey White
2e1b09fd75 C++: Modernize flow sources. 2022-01-27 13:19:09 +00:00
Geoffrey White
47528dd8c0 C++: Autoformat. 2022-01-27 12:56:16 +00:00
Geoffrey White
1bf9c19638 C++: Autoformat. 2022-01-27 11:26:18 +00:00
Geoffrey White
f090a3b440 C++: Add to and clarify some taint library QLDoc. 2022-01-27 11:26:00 +00:00
Geoffrey White
d9a2347178 C++: Switch back to IR taint. 2022-01-27 10:50:22 +00:00
github-actions[bot]
634134f283 Release preparation for version 2.8.0 2022-01-27 10:40:20 +00:00
Andrew Eisenberg
a7f755cf12 Add new groups for examples packs 
Also, remove version numbers. Will make it easier to avoid publishing
the examples packs.
 2022-01-26 14:49:18 -08:00
Dave Bartolomeo
d069d91bf5 Merge pull request #6601 from dbartol/dbartol/side-effect-reorder/work 
Fix order of IR call side effects
 2022-01-26 17:02:02 -05:00
Mathias Vorreiter Pedersen
647d4d028e Merge pull request #7758 from jketema/unnamed-variable-fix 
C++: Do not report "Declaration hides variable" for unnamed variables
 2022-01-26 15:36:04 +00:00
Jeroen Ketema
ee78cc731d Add change note 2022-01-26 15:59:17 +01:00
Jeroen Ketema
9194af9b15 Do not report "Declaration hides variable" for unnamed variables 2022-01-26 15:10:37 +01:00
Jeroen Ketema
10a94cfa45 Add test for structured binding declaration hiding variable 2022-01-26 15:08:50 +01:00