hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-06 19:20:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
60,605 Commits 1,675 Branches 157 Tags
5fc8a004877ed89b3f5ae6238fddd6f7bd8a60bb
Commit Graph

720 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
37a536baf9 Merge pull request #14650 from jketema/invalid-experimental 
C++: Drop `experimental` tag from `cpp/invalid-pointer-deref`
 2023-10-31 20:14:25 +01:00
Jeroen Ketema
3478890090 C++: Drop experimental tag from cpp/invalid-pointer-deref 2023-10-31 19:46:22 +01:00
Mathias Vorreiter Pedersen
4a1bf95a87 C++: Expose a public memset model and use it in the exposure queries. 2023-10-31 11:17:51 +00:00
Jeroen Ketema
d56a9f0781 Merge pull request #14424 from jketema/rewrite-cgi-xss 
C++: Rewrite `cpp/cgi-xss` to not use default taint tracking
 2023-10-13 17:57:04 +02:00
Jeroen Ketema
61676277e8 C++: Fix barrier in cpp/cgi-xss 2023-10-13 14:05:47 +02:00
Mathias Vorreiter Pedersen
64fa6c8bbd C++: Remove the hacky flow state since this is no longer needed after #13717. 2023-10-12 13:58:36 +01:00
Jeroen Ketema
3b777c2764 C++: Rewrite cpp/cgi-xss to not use default taint tracking 
Also add a test that demonstrates that we need to look at inidrect expressions
and not direct ones.
 2023-10-10 11:56:39 +02:00
Jeroen Ketema
6ff8e06ace Revert "C++: Rewrite cpp/cgi-xss to not use default taint tracking" 
This reverts commit b6132d2a0f.
 2023-10-09 16:30:21 +02:00
Jeroen Ketema
b6132d2a0f C++: Rewrite cpp/cgi-xss to not use default taint tracking 2023-10-06 16:11:13 +02:00
Mathias Vorreiter Pedersen
3eb2da4c03 C++: No need to remove duplications manually. 2023-09-06 09:29:11 +01:00
Mathias Vorreiter Pedersen
20f501d1c7 C++: Change queries to use 'asExpr' instead of 'asConvertedExpr'. 2023-09-01 15:01:32 +01:00
Mathias Vorreiter Pedersen
d14ad92dbd Merge pull request #14006 from MathiasVP/promote-invalid-pointer-deref-out-of-experimental 
C++: Promote `cpp/invalid-pointer-deref` out of experimental
 2023-08-29 09:38:56 +01:00
Mathias Vorreiter Pedersen
89b91ec5c8 C++: Disable field flow from the 'cpp/invalid-pointer-deref' query. 2023-08-25 15:01:37 +01:00
Alex Eyers-Taylor
c43ba456e5 CPP: Remove old DeleteOrDeleteArrayExpr from a query. 2023-08-25 13:57:16 +01:00
Mathias Vorreiter Pedersen
123e58767b C++: Share RangeAnalysisUtil with 'cpp/overrun-write'. 2023-08-23 22:42:00 +01:00
Alex Eyers-Taylor
949b0a2613 CPP:Move import to start of file 2023-08-23 13:39:29 +01:00
Alex Eyers-Taylor
7d99d61662 CPP: Convert SQL tainted to IR dataflow. 2023-08-23 13:39:29 +01:00
Mathias Vorreiter Pedersen
530c950b41 C++: Fix formatting. 2023-08-22 13:40:00 +01:00
Mathias Vorreiter Pedersen
66f11d427b C++: Simplify description. 2023-08-22 13:39:38 +01:00
Mathias Vorreiter Pedersen
1c3a0d1632 Update cpp/ql/src/Security/CWE/CWE-193/InvalidPointerDeref.qhelp 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2023-08-22 13:03:07 +01:00
Mathias Vorreiter Pedersen
e88277bd3b Update cpp/ql/src/Security/CWE/CWE-193/InvalidPointerDeref.qhelp 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2023-08-22 13:02:37 +01:00
Mathias Vorreiter Pedersen
abe28cb106 Update cpp/ql/src/Security/CWE/CWE-193/InvalidPointerDeref.ql 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2023-08-22 13:02:29 +01:00
Mathias Vorreiter Pedersen
e776178be5 C++: Add some whitespace to make stuff appear in the diff. 2023-08-21 10:23:41 +01:00
Mathias Vorreiter Pedersen
70fdfc2ae3 C++: Set precision to medium and add security severity. 2023-08-21 10:23:23 +01:00
Mathias Vorreiter Pedersen
4daabdae2b C++: Promote 'cpp/invalid-pointer-deref' out of experimental. 2023-08-21 10:23:22 +01:00
Jonas Jensen
a002f59f58 C++: Undo BadlyBoundedWrite change from #13929 
This rolls back the query change, ensuring that there is no need for a
change note.
 2023-08-18 13:48:58 +02:00
Jeroen Ketema
d0e7354a1b C++: Only consider the maximum buffer size for badly bounded write 2023-08-09 12:30:00 +02:00
Anders Schack-Mulligen
c01a494ea5 C/C++: Don't force-include XxeFlowStateTransformer steps in XXE.ql. 2023-07-19 11:41:15 +02:00
Jeroen Ketema
52ab215560 C++/Swift: Remove none() dataflow configuration predicates 
These now have default implementations that are also `none()`
 2023-07-12 23:49:29 +02:00
Jeroen Ketema
fa2ee26379 C++: Add more default predicates to product flow 2023-07-06 16:06:36 +02:00
Mathias Vorreiter Pedersen
f714de0040 Merge pull request #13610 from MathiasVP/promote-overrun-write-again 
C++: Move `cpp/overrun-write` back to `medium` precision
 2023-07-05 13:39:12 +01:00
Mathias Vorreiter Pedersen
95ddc01ccb Merge pull request #13502 from rvermeulen/rvermeulen/compare-using-integer-precision 
C++: Account for the signedness of the lesser operand in `cpp/comparison-with-wider-type`
 2023-06-30 17:44:28 +01:00
Mathias Vorreiter Pedersen
67e3ef7b09 C++: Revert the barrier added in #13623. 2023-06-30 09:39:37 +01:00
Mathias Vorreiter Pedersen
59d9c6e3f2 C++: Use the pruning stage in the product-flow configuration. 2023-06-29 16:50:57 +01:00
Mathias Vorreiter Pedersen
285112f4cd C++: Move 'cpp/overrun-write' back to medium precision. 2023-06-29 08:18:47 +01:00
Remco Vermeulen
c0884432e8 Format query 2023-06-20 10:38:08 -07:00
Remco Vermeulen
32d7faa3b8 Account for the signedness of the lesser operand 2023-06-19 16:57:36 -07:00
Jeroen Ketema
0bb67e45b3 C++: lower the precision of cpp/overrun-write to exclude it from our query suites 2023-06-16 19:07:56 +02:00
erik-krogh
a4ef8619c6 delete old deprecations 2023-06-08 10:10:21 +02:00
Mathias Vorreiter Pedersen
960e6521a4 Revert "C++: Whitespace commit to make qhelp show up in diff." 
This reverts commit ec192d621c.
 2023-05-25 15:21:09 -07:00
Mathias Vorreiter Pedersen
ec192d621c C++: Whitespace commit to make qhelp show up in diff. 2023-05-24 16:13:42 -07:00
Mathias Vorreiter Pedersen
e1223d0b21 C++: Add security severity. 2023-05-23 15:01:33 -07:00
Mathias Vorreiter Pedersen
0dfc9b996d C++: Promote 'cpp/overrun-write' out of experimental. 2023-05-23 14:57:42 -07:00
Kasper Svendsen
c46898cb75 C++: Make implicit this receivers explicit 2023-05-09 15:35:54 +02:00
Mathias Vorreiter Pedersen
8fef101432 C++: Fix missing result and accept test changes. 2023-04-06 10:41:08 +01:00
Anders Schack-Mulligen
72415c7c2c C++: Rename references. 2023-03-23 13:06:19 +01:00
Ed Minnix
2d5944fb0e Refactor DataFlow configurations to use "Config" naming convention 2023-03-19 17:44:07 -04:00
Mathias Vorreiter Pedersen
84a61d1e02 C++: No need for 'matches'. 2023-03-09 15:36:26 +00:00
Mathias Vorreiter Pedersen
2931e5dea8 C++: Reduce duplication by blocking flow into sources (since we'll already be considering flow starting at those sources) and out of sinks (since we'll already be alerting on this sink if it's relevant). 2023-03-09 14:59:13 +00:00
Mathias Vorreiter Pedersen
03ba7ea851 C++: Move the weird global property 'not sqlite_encryption_used()' from the sink definition to the source definition. The dataflow library starts tracking flow from the sources, so it's better to to rule out the entire database in the source definition than in the sink definition. 2023-03-09 14:59:13 +00:00