hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
50,320 Commits 1,671 Branches 157 Tags
7e3e10c34b855d5423007358780e96e02cb1577a
Commit Graph

8762 Commits

Author SHA1 Message Date
turbo
1e5426fca2 Create security-experimental suite helper and all language suite implementations 2022-12-18 15:44:08 +01:00
Henry Mercer
30451ee950 Merge pull request #11681 from github/henrymercer/mergeback-3.8 
Merge `rc/3.8` back to `main`
 2022-12-16 17:43:12 +00:00
Jeroen Ketema
32800bca96 Merge pull request #11680 from jketema/predefined-typedef-for-float 
C++: Update tests after frontend changes
 2022-12-16 15:21:58 +01:00
Tom Hvitved
e45edcc159 Merge pull request #11674 from hvitved/dataflow/param-context 
Data flow: Track callable in flow-through pruning
 2022-12-16 09:25:15 +01:00
Mathias Vorreiter Pedersen
7d5e215a93 Merge pull request #11600 from geoffw0/offsetrangecheck 
C++: Fix cpp/offset-use-before-range-check performance.
 2022-12-15 16:44:49 +00:00
Geoffrey White
cca0722a2b Merge pull request #11710 from geoffw0/qldocalloc 
C++: Clarify Allocation.qll and Deallocation.qll
 2022-12-15 15:36:48 +00:00
Tom Hvitved
f8571dd0b6 Data flow: Work around functionality-induced misoptimization 2022-12-15 15:29:14 +01:00
Tom Hvitved
6eda042229 Data flow: Sync files 2022-12-15 15:29:13 +01:00
Geoffrey White
e7ea0d7ee9 C++: Attempt to clarify the way Allocation.qll and Deallocation.qll should be used. 2022-12-15 13:05:56 +00:00
Jeroen Ketema
ef61d14e9c C++: Add change note 2022-12-15 12:57:13 +01:00
Jeroen Ketema
0b4c4fd580 C++: Simplify deallocation check 2022-12-15 12:46:32 +01:00
Jeroen Ketema
4fb43d56b3 C++: Exclude deallocation functions as scanf result accesses 2022-12-15 09:39:16 +01:00
turbo
4ec401a3f6 Tag all security queries in supported languages' experimental directories with an experimental tag 2022-12-14 17:15:50 +01:00
Erik Krogh Kristensen
7615668f92 Merge pull request #11662 from erik-krogh/c-useInstanceOf 
Swift/C++: Use instanceof in more places
 2022-12-14 14:30:21 +01:00
Henry Mercer
a3933fbf4f Bump minor versions of packs we regularly release 2022-12-13 18:59:24 +00:00
Jeroen Ketema
19fb73ce24 C++: Update tests after frontend changes 2022-12-13 19:52:59 +01:00
Henry Mercer
7167f078be Merge branch 'main' into henrymercer/mergeback-3.8 2022-12-13 18:40:53 +00:00
Tom Hvitved
cfcb3a60ba C++: Update expected test output 2022-12-13 09:53:01 +01:00
Tom Hvitved
bc58cbec8c C++: Implement ContentApprox 2022-12-13 09:53:01 +01:00
Tom Hvitved
0c2eee2a72 Data flow: Sync files 2022-12-13 09:52:55 +01:00
erik-krogh
92a7e787a8 C: do the minimal change to ValueNumberBound instead 2022-12-12 22:17:50 +01:00
erik-krogh
698e05f85a Swift/C++: Use instanceof in more places 2022-12-12 16:58:13 +01:00
github-actions[bot]
343b7b1c8b Post-release preparation for codeql-cli-2.11.6 2022-12-11 18:15:04 +00:00
Jeroen Ketema
beb66d027e C++: Use FlowSource in cpp/path-injection 2022-12-10 20:27:56 +01:00
Jeroen Ketema
d5acd310ce Merge pull request #11644 from jketema/lower-case-flow-source-description 
C++: Make all flow source descriptions start with a lower case letter
 2022-12-10 20:23:14 +01:00
github-actions[bot]
0b2fb4f70a Release preparation for version 2.11.6 2022-12-10 15:49:35 +00:00
Jeroen Ketema
ce92ba640a C++: Accept test changes 2022-12-09 23:38:03 +01:00
Jeroen Ketema
9dc2614012 C++: Make all flow source descriptions start with a lower case letter 
In every context where we use the description a lower case letter makes more
sense.
 2022-12-09 23:18:58 +01:00
Jeroen Ketema
1e1974c9fb C++: Add change note 2022-12-09 23:17:36 +01:00
Jeroen Ketema
331fab5ac0 C++: Generalize the ArgvSource flow source 
This matches `isUserInput` and handles cases where `argv` has a different name,
which is allowed.
 2022-12-09 23:12:31 +01:00
Mathias Vorreiter Pedersen
7d1f10bc78 Merge pull request #11627 from jketema/getaddrinfo 
C++: Model `getaddrinfo` as flow source
 2022-12-09 12:38:43 +00:00
Jeroen Ketema
2095f11b8c C++: Add change note 2022-12-08 23:35:32 +01:00
Jeroen Ketema
aabbafd2bf C++: Fix QL-for-QL warning 2022-12-08 19:33:11 +01:00
Jeroen Ketema
ec0ce56269 C++: Model getaddrinfo as flow source 2022-12-08 19:20:11 +01:00
Jeroen Ketema
89cd4790d5 Merge pull request #11610 from jketema/scanf 
C++: Model `scanf` and `fscanf` as flow sources
 2022-12-08 19:14:39 +01:00
Geoffrey White
f373b7fe7c Merge pull request #11596 from geoffw0/cleartextbufferwrite 
C++: Performance fix for cpp/cleartext-storage-buffer
 2022-12-08 17:18:10 +00:00
Jeroen Ketema
8f9a73ee09 C++: Address review comments 2022-12-08 16:14:12 +01:00
Jeroen Ketema
33fa76f911 C++: Add change note 2022-12-08 15:22:42 +01:00
Jeroen Ketema
b216c79992 C++: Accept test changes 2022-12-08 15:22:41 +01:00
Jeroen Ketema
f35b7f8fe8 C++: Model scanf and fscanf as flow sources 2022-12-08 15:22:41 +01:00
Mathias Vorreiter Pedersen
6897b20722 Merge pull request #11601 from MathiasVP/keep-std-string-iterator 2022-12-08 12:59:33 +00:00
Chris Smowton
49bc524fd0 Merge remote-tracking branch 'origin/rc/3.8' into smowton/admin/merge-rc38-into-main 2022-12-08 11:12:30 +00:00
Jeroen Ketema
a6bc9fd10f Merge pull request #11591 from jketema/getenv 
C++: Model `secure_getenv` and `_wgetenv` as local flow sources
 2022-12-08 10:44:28 +01:00
Jeroen Ketema
fc49ede33d C++: Add change note 2022-12-08 09:44:23 +01:00
Jeroen Ketema
a2dac3a41e C++: Move remote flow sink test and also handle local and remote sinks 2022-12-08 09:36:19 +01:00
Mathias Vorreiter Pedersen
54c12cd715 C++: Reintroduce 'StdBasicStringIterator'. 2022-12-07 18:21:52 +00:00
Geoffrey White
1d4631e231 C++: Better solution. 2022-12-07 18:00:38 +00:00
Geoffrey White
627162b343 C++: Fix cpp/offset-use-before-range-check performance. 2022-12-07 17:32:36 +00:00
Geoffrey White
a8b8b54f8d Update cpp/ql/src/Security/CWE/CWE-311/CleartextBufferWrite.ql 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2022-12-07 16:44:33 +00:00
Geoffrey White
4b8575bfc3 C++: Simplify the query slightly. 2022-12-07 15:35:45 +00:00