hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-24 02:43:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
81,830 Commits 1,693 Branches 161 Tags
74ce7cd188d45ff8eac3ea0fc6b21968dbe80b88
Commit Graph

13417 Commits

Author SHA1 Message Date
REDMOND\brodes
74ce7cd188 Crypto: Moving all data flow analyses to taint tracking. 2025-08-28 20:40:05 -04:00
REDMOND\brodes
7c8177de97 Crypto: Added missing ArtifactPassthrough.qll (forgot to add to merged in branch). Acronym casing fix. 2025-08-26 17:12:21 -04:00
REDMOND\brodes
938b47c2ad Crypto: Debug missing hashes associated with HMAC. EVP_PKEY_get1_RSA is now just a passthrough, it is not a known implicit operation call. Some final operations generating null outputs are now removed from possible final operartions (typically used to determine buffer lenghth and not actually performing the operation). Misc. false positive/error fixes and code clean up, and added missing models. 2025-08-26 16:07:04 -04:00
REDMOND\brodes
422352c632 Crypto: Continued refactoring of operation steps and bug fixes. 2025-08-26 11:49:26 -04:00
REDMOND\brodes
48dc280e6c Crypto: Fix issue with OAEP padding edges regressing. 2025-08-26 08:51:52 -04:00
REDMOND\brodes
5d29240f27 Crypto: OperationStep overhaul to account for errors and missing interproc flow. 2025-08-25 16:59:09 -04:00
REDMOND\brodes
b7ceeb399f Crypto: nodes.expected update and removed dead code from Language.qll 2025-08-22 14:50:31 -04:00
REDMOND\brodes
ec7e41cb30 Crypto: Fixed issues in CBOM representations (gaps in the underlying model) and simplified unit tests in terms of the graph complexity to aid visual assessments of model correctness. 2025-08-21 15:05:45 -04:00
Ben Rodes
65ff72719e Merge branch 'main' into signature_model_refactor 2025-08-20 12:34:06 -04:00
Mathias Vorreiter Pedersen
af00e46fc8 C++: Mark fprintf and friends as a partial write of the stream argument. 2025-08-18 18:15:14 +02:00
Mathias Vorreiter Pedersen
6a57da79de C++: Add a test with missing flow. 2025-08-18 18:12:52 +02:00
Mathias Vorreiter Pedersen
4551875e2e C++: Drive-by improvement: Use 'partialFlowFunc' since it is in scope anyway. 2025-08-18 18:10:35 +02:00
Ian Lynagh
fd020b52e4 Merge pull request #20232 from igfoo/igfoo/SloppyGlobal 
C++: SloppyGlobal: Don't alert on template instantiations, only the template
 2025-08-18 11:39:30 +01:00
Ian Lynagh
0870cc370b C++: Add a changenote for the change to cpp/short-global-name 2025-08-15 12:09:37 +01:00
Ian Lynagh
3157fcdf79 C++: Add some BAD annotations to SloppyGlobal test 2025-08-15 12:07:09 +01:00
Ian Lynagh
bfd4c41ed9 C++: SloppyGlobal: Accept test changes 
We no longer alert on template instantiations, just the template.
 2025-08-15 11:24:19 +01:00
Ian Lynagh
4b786061d6 C++: SloppyGlobal: Don't alert on template instantiations, only the template 2025-08-15 11:23:48 +01:00
Ian Lynagh
0b68c1c974 C++: Add some more tests for SloppyGlobal 2025-08-15 11:20:31 +01:00
Nora Dimitrijević
89788206d1 [DIFF-INFORMED] C++: TypeConfusion 2025-08-15 12:01:30 +02:00
Nora Dimitrijević
5b9e37cd8f [DIFF-INFORMED] C++: TaintedCondition 2025-08-15 12:01:28 +02:00
Nora Dimitrijević
0c636dd400 [DIFF-INFORMED] C++: UnsafeDaclSecurityDescriptor 2025-08-15 12:01:25 +02:00
Nora Dimitrijević
194d9a9f44 [DIFF-INFORMED] C++: UnsafeCreateProcessCall 2025-08-15 12:01:23 +02:00
Nora Dimitrijević
39b430aa7e [DIFF-INFORMED] C++: IteratorToExpiredContainer 2025-08-15 12:01:21 +02:00
Nora Dimitrijević
ec85e55069 [DIFF-INFORMED] C++: InsufficientKeySize 2025-08-15 12:01:19 +02:00
Nora Dimitrijević
c0c96eaf5b [DIFF-INFORMED] C++: UseOfHttp 2025-08-15 12:01:17 +02:00
Nora Dimitrijević
8560868e95 [DIFF-INFORMED] C++: CleartextSqliteDatabase 2025-08-15 12:01:15 +02:00
Nora Dimitrijević
05df2f2216 [DIFF-INFORMED] C++: CWE-311/Cleartext… 2025-08-15 12:01:13 +02:00
Nora Dimitrijević
21914030e8 [DIFF-INFORMED] C++: SSLResultConflation (has secondary config but passes test) 2025-08-15 12:01:11 +02:00
Nora Dimitrijević
87016f399c [DIFF-INFORMED] C++: AuthenticationBypass 2025-08-15 12:01:09 +02:00
Nora Dimitrijević
861a768b2c [DIFF-INFORMED] C++: CWE-190/ArithmeticTainted,etc. 2025-08-15 12:01:07 +02:00
Nora Dimitrijević
62fa7301c3 [DIFF-INFORMED] C++: ImproperNullTerminationTainted 2025-08-15 12:01:05 +02:00
Nora Dimitrijević
f3098e7695 [DIFF-INFORMED] C++: UnboundedWrite 2025-08-15 12:01:03 +02:00
Nora Dimitrijević
7df09f369f [DIFF-INFORMED] C++: SqlTainted 2025-08-15 12:01:01 +02:00
Nora Dimitrijević
36d43a4830 [DIFF-INFORMED] C++: CgiXss 2025-08-15 12:00:59 +02:00
Nora Dimitrijević
80da00b599 [DIFF-INFORMED] C++: ExecTainted 2025-08-15 12:00:57 +02:00
Nora Dimitrijević
a77cab6981 [DIFF-INFORMED] C++: TaintedPath 2025-08-15 12:00:54 +02:00
Nora Dimitrijević
91b9c3e647 [DIFF-INFORMED] C++: LeapYear 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/cpp/ql/src/Likely%20Bugs/Leap%20Year/UncheckedLeapYearAfterYearModification.ql#L57
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/cpp/ql/src/Likely%20Bugs/Leap%20Year/Adding365DaysPerYear.ql#L21
 2025-08-15 12:00:52 +02:00
Nora Dimitrijević
2f56baace2 [DIFF-INFORMED] C++: NonConstantFormat 2025-08-15 12:00:50 +02:00
Nora Dimitrijević
e382cb5696 [DIFF-INFORMED] C++: DecompressionBombs 2025-08-15 12:00:48 +02:00
Nora Dimitrijević
fabdf9923c [DIFF-INFORMED] C++: ConstantSizeArrayOffByOne 2025-08-15 12:00:46 +02:00
Nora Dimitrijević
448a1ea87a [DIFF-INFORMED] C++: OverflowDestination 2025-08-15 12:00:39 +02:00
Nora Dimitrijević
43e99d0872 [TEST] C++: CleartextSqliteDatabase: add new test 2025-08-15 12:00:26 +02:00
Mathias Vorreiter Pedersen
39f5e33dea C++: Accept more test changes. 2025-08-13 17:46:06 +02:00
Mathias Vorreiter Pedersen
9c3bb87b89 C++: Add change note. 2025-08-13 16:42:39 +02:00
Mathias Vorreiter Pedersen
9ee313ff0a C++: Remove code that is now subsumed. 2025-08-13 16:29:49 +02:00
Mathias Vorreiter Pedersen
bf4a84ba8f C++: Drive-by: Add forgotten disjuncts involving '__builtin_expect'. 2025-08-13 16:29:42 +02:00
Mathias Vorreiter Pedersen
e6cd27a992 C++: Skip non-Boolean instructions in the new inference step. 2025-08-13 16:20:21 +02:00
Mathias Vorreiter Pedersen
e67b6d6c9a C++: Add another inference step. 2025-08-13 16:20:19 +02:00
Mathias Vorreiter Pedersen
a27135495c C++: Add tests. 2025-08-13 12:54:23 +02:00
Mathias Vorreiter Pedersen
caa935d011 C++: Update the tests for guard conditions so that the tests print more detailed location information. 2025-08-13 09:41:28 +02:00