hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-17 04:56:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,409 Commits 1,714 Branches 162 Tags
69353bb014fcbb3587da3bf7c2273ffc7d033bc6
Commit Graph

33 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
6ff8d4de5c add all remaining explicit this 2021-11-26 13:50:10 +01:00
Jonas Jensen
19ee64d9ad C++:Lower potentially-dangerous-function precision 
There have been multiple reports of false positives from this query over
time. Now that it has `@security-severity 10.0`, these false positives
look even worse.

The query looks purely for calls to functions with certain names, not
at whether the calls happen in a dangerous context. To justify a higher
precision, the query should only flag calls that happen in a thread or
another non-reentrant context.
 2021-08-24 17:14:42 +02:00
Calum Grant
a594afb828 Add security-severity metadata 2021-06-10 20:11:08 +01:00
Geoffrey White
79338052ad C++: Add CWE-676 tag. 2021-02-19 14:55:31 +00:00
Geoffrey White
493b80c44d C++: Fix incorrect translations to hasQualifiedName. 2020-10-08 17:56:57 +01:00
Geoffrey White
d93b37d5c5 C++: Autoformat some more files. 2020-10-05 15:11:23 +01:00
Geoffrey White
3536d84bdf C++: Use [, ...] syntax more widely. 2020-10-02 18:04:03 +01:00
Robert Marsh
03f72d207c C++: use Declaration.hasGlobalOrStdName 2019-10-02 11:37:37 -07:00
Jonas Jensen
4ef5c9af62 C++: Autoformat everything 
Some files that will change in #1736 have been spared.

    ./build -j4 target/jars/qlformat
    find ql/cpp/ql -name "*.ql"  -print0 | xargs -0 target/jars/qlformat --input
    find ql/cpp/ql -name "*.qll" -print0 | xargs -0 target/jars/qlformat --input
    (cd ql && git checkout 'cpp/ql/src/semmle/code/cpp/ir/implementation/**/*SSA*.qll')
    buildutils-internal/scripts/pr-checks/sync-identical-files.py --latest
 2019-09-09 11:25:53 +02:00
Jonas Jensen
95f53639b1 C++: Fixes to avoid confusing autoformat 
These issues were found by Geoffrey in PR review.
 2019-09-09 11:04:04 +02:00
Nick Rolfe
8e7521d6b8 C++: add missing close-paragraph tag to qhelp 2019-06-04 11:27:34 +01:00
Max Schaefer
5f32e1f637 CPP: Fix name of example file in qhelp. 
This seems to have been missed in https://github.com/Semmle/ql/pull/1315.
 2019-06-03 08:54:54 +01:00
Geoffrey White
6c267f4957 CPP: Fix qhelp. 2019-05-29 10:35:49 +01:00
Geoffrey White
76d18b42b8 CPP: Repair getQualifiedName changes from elsewhere. 2019-05-29 10:35:49 +01:00
Geoffrey White
eb880c3f9f CPP: Reference URLs. 2019-05-29 10:35:49 +01:00
Geoffrey White
dc44d686d4 CPP: Update CWE tag. 2019-05-29 10:35:49 +01:00
Geoffrey White
34444ace8b CPP: Update the query name and description. 2019-05-29 10:35:49 +01:00
Geoffrey White
2ae38a54af CPP: Adjust query tags. 2019-05-29 10:35:49 +01:00
Geoffrey White
88f363d564 CPP: Update the ql, qhelp and example. 2019-05-29 10:35:48 +01:00
Geoffrey White
1f80dea375 CPP: Clone PotentiallyDangerousFunction query as DangerousUseOfGets. 2019-05-29 10:35:48 +01:00
Jonas Jensen
64a87a863c C++: Remove uses of getQualifiedName 
This removes all uses of `Declaration.getQualifiedName` that I think can
be removed without changing any behaviour. The following uses in the
LGTM default suite remain:

* `cpp/ql/src/Security/CWE/CWE-121/UnterminatedVarargsCall.ql` (in `select`).
* `cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowDispatch.qll` (needs template args).
* `cpp/ql/src/semmle/code/cpp/security/FunctionWithWrappers.qll` (used for alert messages).
 2019-05-03 10:37:48 +02:00
Geoffrey White
7aee334baf CPP: Update the qhelp. 2019-04-04 16:48:14 +01:00
Geoffrey White
a437e6c103 CPP: Extend coverage. 2019-04-04 16:31:02 +01:00
Jonas Jensen
0ed1618824 C++: Use getQualifiedName() = "gets", not hasName 
This fixes false positives on
https://lgtm.com/projects/g/brandonpelfrey/Construct caused by a member
function named `gets` -- probably short for "get s".
 2019-03-04 09:01:20 +01:00
Geoffrey White
c05df6ea4c CPP: Add reference. 2019-02-05 17:58:30 +00:00
Geoffrey White
f73a3a6a24 CPP: Explain the danger of gets a bit more in qhelp. 2019-02-05 17:58:30 +00:00
Geoffrey White
f7e7737789 CPP: Update qhelp. 2019-02-05 17:58:30 +00:00
Geoffrey White
87a25f0cbe CPP: Update CWE tags. 2019-02-05 17:58:30 +00:00
Geoffrey White
429f53ed74 CPP: Move the 'gets' case. 2019-02-05 17:58:30 +00:00
Geoffrey White
bbc8e7886b CPP: Rearrange PotentiallyDangerousFunction.ql. 2019-02-05 17:58:30 +00:00
Geoffrey White
e0140f9112 CPP: Change some uses of WideCharType to Wchar_t. 2018-10-05 22:03:47 +01:00
Ole Herman Schumacher Elgesem
00c552fe2f Fixed error in gmtime example 
gmtime and gmtime_r take a time_t pointer, so have to store the value
of time(NULL) on the stack.

Signed-off-by: Ole Herman Schumacher Elgesem <oleherman93@gmail.com>
 2018-08-28 11:10:11 -07:00
Pavel Avgustinov
b55526aa58 QL code and tests for C#/C++/JavaScript. 2018-08-02 17:53:23 +01:00