hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-28 06:36:33 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,708 Commits 1,673 Branches 157 Tags
87ba9d55b60ea8a38e9bfdd2adc44280e3fee367
Commit Graph

19708 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tamás Vajk
87ba9d55b6 Merge pull request #4687 from tamasvajk/feature/csharp9-records 
C#: Extract record declarations
 2021-02-05 08:56:24 +01:00
Robert Marsh
649bd03db6 Merge pull request #5101 from NateD-MSFT/patch-1 
Add KeGetCurrentProcessorNumberEx to CWE-457 whitelist
 2021-02-04 16:59:07 -08:00
NateD-MSFT
9470a99092 Add KeGetCurrentProcessorNumberEx to CQE-457 whitelist 
Windows driver developers may call KeGetCurrentProcessorNumberEx in their driver.  This function optionally may initialize a provided structure, but this initialization always occurs.  The return value is the current processor being run on.  As such, this query incorrectly marks calls to KeGetCurrentProcessorNumberEx that initialize a structure that is later used as risky, even though in reality the initialization always succeeds.

See https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/ntddk/nf-ntddk-kegetcurrentprocessornumberex
 2021-02-04 13:32:09 -08:00
Tamas Vajk
83f0fad014 Fix expected test AST 2021-02-04 21:08:01 +01:00
Tamas Vajk
f555c0642e Add change note 2021-02-04 21:08:01 +01:00
Tamas Vajk
f0b0845f9f Add 'record' QL class 2021-02-04 21:08:01 +01:00
Tamas Vajk
9ffc38f5b1 Fix deterministic ordering of class members in PrintAst 2021-02-04 21:08:01 +01:00
Tamas Vajk
a6fd7a3203 C#: Extract record declarations 2021-02-04 21:08:01 +01:00
Taus
f0d5a91d59 Merge pull request #5093 from RasmusWL/fix-query-names-with-dunder 
Python: Fix query names with dunder (__)
 2021-02-04 18:47:45 +01:00
Geoffrey White
69c7c83bc2 Merge pull request #5094 from MathiasVP/promote-UnsignedDifferenceExpressionComparedZero 
Promote cpp/unsigned-difference-expression-compared-zero out of experimental
 2021-02-04 16:54:45 +00:00
Mathias Vorreiter Pedersen
cf0e464ab9 Merge branch 'promote-UnsignedDifferenceExpressionComparedZero' of github.com:MathiasVP/ql into promote-UnsignedDifferenceExpressionComparedZero 2021-02-04 17:24:59 +01:00
Mathias Vorreiter Pedersen
6a97d02247 C++: Address review comments. 2021-02-04 17:24:14 +01:00
Mathias Vorreiter Pedersen
161e5679a7 Apply suggestions from code review 
Co-authored-by: hubwriter <hubwriter@github.com>
 2021-02-04 16:47:45 +01:00
Mathias Vorreiter Pedersen
d9d82fc56a C++: Update change-notes 2021-02-04 16:24:56 +01:00
Geoffrey White
7c54512859 Merge pull request #5010 from ihsinme/ihsinme-patch-220 
CPP: Add query for CWE-570 detect and handle memory allocation errors.
 2021-02-04 15:17:28 +00:00
Mathias Vorreiter Pedersen
707f532e10 C++: Fix bad join-order using a poor man's unbind operator. 2021-02-04 16:11:34 +01:00
Mathias Vorreiter Pedersen
fd596ebbbb C++: Move cpp/unsigned-difference-expression-compared-zero out of experimental. 2021-02-04 16:10:34 +01:00
Mathias Vorreiter Pedersen
c1c9f963b9 C++: Fix qhelp in cpp/unsigned-difference-expression-compared-zero. 2021-02-04 16:10:30 +01:00
Rasmus Wriedt Larsen
b94658fd52 Python: Highlight that __slots__ query is only for Python 2 in qhelp 
Since I was already editing this file, it was easy to just add this extra bit of
info.
 2021-02-04 15:54:37 +01:00
Rasmus Wriedt Larsen
23d9e2646a Python: Fix name of class in example of __slots__ qhelp 2021-02-04 15:54:10 +01:00
Rasmus Wriedt Larsen
dcb185b659 Python: Fix trailing whitespace in a single qhelp file 
Since I edited already, why not get this little bonus? :D
 2021-02-04 15:53:23 +01:00
Rasmus Wriedt Larsen
32be53bf72 Python: Fix missing <code> in qhelp file 2021-02-04 15:53:04 +01:00
Rasmus Wriedt Larsen
3fe715abb6 Python: Fix query names that inclde __ (dunder) 
Without backticks, the text UNDERSCORE UNDERSCORE eq UNDERSCORE UNDERSCORE would
be considered to make things bold in our markdown output, making the query info
look strange.

Example https://codeql.github.com/codeql-query-help/python/py-slots-in-old-style-class/
 2021-02-04 15:49:37 +01:00
Anders Schack-Mulligen
35e620a19c Merge pull request #4854 from luchua-bc/java/insecure-ldap-auth 
Java: Insecure LDAP authentication
 2021-02-04 14:56:38 +01:00
Mathias Vorreiter Pedersen
d3d56fb0af Merge pull request #5011 from ihsinme/ihsinme-patch-221 
CPP: add query for CWE-788 Access of memory location after the end of a buffer using strlen.
 2021-02-04 14:25:27 +01:00
Mathias Vorreiter Pedersen
9b39163411 Merge pull request #5076 from MathiasVP/improve-UnsignedDifferenceExpressionComparedZero 
C++: Improve cpp/unsigned-difference-expression-compared-zero
 2021-02-04 14:05:30 +01:00
ihsinme
43045c1f03 Update WrongInDetectingAndHandlingMemoryAllocationErrors.ql 2021-02-04 15:47:16 +03:00
ihsinme
a43167faf7 Update WrongInDetectingAndHandlingMemoryAllocationErrors.qhelp 2021-02-04 15:44:28 +03:00
ihsinme
2131f35801 Update WrongInDetectingAndHandlingMemoryAllocationErrors.ql 2021-02-04 15:41:40 +03:00
Mathias Vorreiter Pedersen
b55921a391 Update cpp/ql/src/experimental/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2021-02-04 13:25:02 +01:00
Julian Tibble
a666a692f9 Merge pull request #5086 from github/update-codeql-workflow 
Update CodeQL workflow
 2021-02-04 12:02:53 +00:00
Taus
634041d2d7 Merge pull request #5047 from yoff/python-dataflow-unpacking-unifying-experiments 
Python: dataflow, unify iterated unpacking
 2021-02-04 12:57:43 +01:00
Taus
bc448fe067 Merge pull request #5088 from RasmusWL/fix-small-typo 
Python: Fix small typo in test-output
 2021-02-04 12:56:56 +01:00
Geoffrey White
d41ea6c799 Merge pull request #5081 from MathiasVP/indirection-in-dataflow-models 
C++: Add more indirection flow in dataflow models
 2021-02-04 11:55:34 +00:00
Julian Tibble
121ffbbfa8 Restrict triggers for CodeQL workflow 
Analysing all branches on both 'push' and 'pull request' events causes
duplicate analysis. It is only necessary to analyse the _target_
branches of pull requests on push.
 2021-02-04 11:49:15 +00:00
Julian Tibble
ecfad6b5c7 Update CodeQL workflow 
Bring the CodeQL workflow up to date with the latest recommended
configuration, which analyses the merge commit of pull requests (not the
head of the PR branch).
 2021-02-04 11:45:15 +00:00
Rasmus Wriedt Larsen
ac0f2d37db Python: Fix small typo in test-output 
Spotted by yoff in https://github.com/github/codeql/pull/5069#discussion_r570063207
 2021-02-04 12:11:20 +01:00
Mathias Vorreiter Pedersen
55615586ee C++: Address review comments. 2021-02-04 11:30:44 +01:00
Tamás Vajk
26288ad391 Merge pull request #5082 from tamasvajk/feature/initial-db 
C#: Add initial DB scheme
 2021-02-04 11:23:42 +01:00
Tamás Vajk
ca992f2d3c Merge pull request #5005 from tamasvajk/feature/follow-line 
C#: Follow line directives when getting element location
 2021-02-04 11:22:55 +01:00
Mathias Vorreiter Pedersen
47ab9ba81b C++: emplace and emplace_back takes its arguments by universal references, so they should also specify flow as indirections. 2021-02-04 11:16:27 +01:00
Tamás Vajk
1fd244923b Merge pull request #5052 from tamasvajk/feature/fnptr-df 
C#: Add data flow 'getARuntimeTarget' predicate to 'FunctionPointerCall'
 2021-02-04 08:51:03 +01:00
Tamas Vajk
543f5916c4 Fix expected test AST 2021-02-04 08:49:19 +01:00
Tamas Vajk
88d1539d43 Fix file read error log message 2021-02-04 08:42:39 +01:00
Tamas Vajk
7068a265a6 Fix XML comment processing 2021-02-04 08:42:39 +01:00
Tamas Vajk
d3244fe298 Add new .stats file 2021-02-04 08:42:39 +01:00
Tamas Vajk
dbe656fe6a Add DB upgrade folder for preprocessor directives 2021-02-04 08:42:39 +01:00
Tamas Vajk
fd09883bfe Add change notes for preprocessor directives 2021-02-04 08:42:39 +01:00
Tamas Vajk
899e52a68a Adjust getMappedLocation to not include line directives 2021-02-04 08:42:39 +01:00
Tamas Vajk
a1d227dbbb C#: Follow line directives when getting element location 2021-02-04 08:42:39 +01:00