hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 14:52:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
34,160 Commits 1,684 Branches 159 Tags
8bb58a3222878db7dfa48eba850ece30f87e7b47
Commit Graph

5400 Commits

Author SHA1 Message Date
Andrew Eisenberg
5fb84a774b Merge pull request #8553 from github/aeisenberg/cpp-suites 
Suites: Remove self-referential `from` directives
 2022-03-25 09:15:53 -07:00
Geoffrey White
9f3fd57534 Merge branch 'main' into cwe497b 2022-03-25 11:57:30 +00:00
Geoffrey White
e377eebdbc C++: More 'adversary' -> 'malicious user' and related doc changes. 2022-03-25 11:34:37 +00:00
Geoffrey White
11074b6d77 Update cpp/ql/src/Security/CWE/CWE-497/PotentiallyExposedSystemData.ql 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-03-25 11:08:07 +00:00
Geoffrey White
6b6ee61d3f Apply suggestions from code review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-03-25 11:06:46 +00:00
Andrew Eisenberg
99f14af56a Suites: Remove self-referential from directives 
Fixes https://github.com/github/codeql/issues/8412

See https://github.com/github/codeql/issues/8412#issuecomment-1078281668
for more detail.
 2022-03-24 14:19:20 -07:00
Mathias Vorreiter Pedersen
61c944201f Merge pull request #8461 from Paul1nh0/dev_cve_2016_6480 
Add query for double-fetch vulnerability
 2022-03-23 18:15:05 +00:00
Mathias Vorreiter Pedersen
0eab54d385 Merge pull request #8491 from jketema/command-line-injection-with-flow-state 
C++: Use flow states in `cpp/command-line-injection`
 2022-03-23 11:03:29 +00:00
Mathias Vorreiter Pedersen
a84ee50af0 Update cpp/ql/src/change-notes/2022-03-21-command-line-injection-with-flow-states.md 2022-03-23 09:35:41 +00:00
Paul1nh0
5a1dc61d9d modify arguments check logic 
As far as I can tell, root cause of double-fetech issue is read from the same user mode memory twice, so it makes sense that only check whether user mode pointer is same or not
 2022-03-23 11:20:08 +08:00
Paul1nh0
6a6cd61d83 automated using CodeQL for VSCode extension 2022-03-23 09:37:45 +08:00
Paul1nh0
f2728f5284 delete some unused code 2022-03-22 23:20:30 +08:00
Paul1nh0
afe4a8435f Using globalValueNumber to match same arguments 2022-03-22 21:14:07 +08:00
Paul1nh0
d476493c3e Add double-fetch.ql under CWE-362 directory 2022-03-22 19:08:44 +08:00
Paul1nh0
dd4e82126c remove to another directory 2022-03-22 19:06:53 +08:00
Paul1nh0
2dad2c477b query description added 2022-03-22 19:06:03 +08:00
Mathias Vorreiter Pedersen
5cbd86519b C++: Add internal extraction errors query and modify the 'code-scanning-selectors' to exclude internal queries. 2022-03-22 10:52:02 +00:00
Jeroen Ketema
2d9b630fa8 C++: Fix ExecTainted.ql formatting 2022-03-21 23:28:58 +01:00
Jeroen Ketema
b79eb6d10d C++: Encode string value of data flow nodes in ExecState 2022-03-21 21:29:42 +01:00
Jeroen Ketema
e05227d3fe C++: Add change note for the cpp/command-line-injection changes 2022-03-21 11:30:39 +01:00
Jeroen Ketema
f8198c3123 C++: Use flow states in cpp/command-line-injection 2022-03-18 20:06:45 +01:00
Geoffrey White
95a63a69a5 Merge branch 'main' into cwe497b 2022-03-16 11:09:46 +00:00
Paul1nh0
85b22647ac Add query for double-fetch vulnerability 2022-03-16 18:16:49 +08:00
Mathias Vorreiter Pedersen
57922f56ee Merge pull request #8424 from ihsinme/ihsinme-patch-fix077 
Detection reduction on request
 2022-03-15 16:17:47 +00:00
Geoffrey White
46f3f28a11 C++: Fix broken merge. 2022-03-15 14:53:25 +00:00
Geoffrey White
71e0da738d Merge branch 'main' into cwe497b 2022-03-15 13:29:32 +00:00
Mathias Vorreiter Pedersen
9f014be7c7 Merge pull request #8447 from MathiasVP/add-missing-security-severity 
C++: Add missing `security-severity` tags
 2022-03-15 11:29:28 +00:00
Geoffrey White
28315df405 Merge branch 'main' into cwe497b 2022-03-15 11:23:00 +00:00
Mathias Vorreiter Pedersen
7337ebd569 C++: Add missing 'security-severity' tags. 2022-03-15 10:54:36 +00:00
Mathias Vorreiter Pedersen
7e0e7d5004 Merge branch 'main' into use-taint-configuration-in-three-more-queries 2022-03-15 09:06:55 +00:00
Arthur Baars
6a74e761c8 Merge pull request #8398 from github/post-release-prep/codeql-cli-2.8.3 
Post-release preparation for codeql-cli-2.8.3
 2022-03-14 21:05:09 +01:00
Geoffrey White
73710e9edb C++: Fix QLDoc. 2022-03-14 19:11:43 +00:00
Geoffrey White
7c93eb1eaf C++: Fix large newtype. 2022-03-14 19:06:41 +00:00
Geoffrey White
d1b04b4e07 C++: Use asDefiningArgument() where appropriate. 2022-03-14 17:53:47 +00:00
Mathias Vorreiter Pedersen
7593ebaa62 C++: Use 'getAstVariable' now that 'getASTVariable' is deprecated. 2022-03-14 13:38:27 +00:00
Mathias Vorreiter Pedersen
50b77761f1 C++: Port the 'predictable' barrier from 'DefaultTaintTracking' to 'cpp/unclear-array-index-validation' to prevent an explosion of new results. 2022-03-14 13:14:07 +00:00
Mathias Vorreiter Pedersen
7c411b4bad C++: Respond to review comments 2022-03-14 11:57:28 +00:00
Mathias Vorreiter Pedersen
0da5d91955 Merge branch 'main' into use-taint-configuration-in-three-more-queries 2022-03-14 11:12:23 +00:00
Mathias Vorreiter Pedersen
31b1e4079f C++: Prevent join-on-enclosing-callable in 'cpp/return-stack-allocated-memory'. 2022-03-14 11:01:07 +00:00
Erik Krogh Kristensen
bbb2847ec1 Merge pull request #8323 from erik-krogh/acronyms 
Enforcing consistent casing of acronyms
 2022-03-14 11:38:25 +01:00
ihsinme
1db759cc4d Update InsecureTemporaryFile.ql 2022-03-14 09:33:08 +03:00
Jeroen Ketema
a8b2805aeb Merge pull request #8246 from ihsinme/ihsinme-patch-82 
CPP: Add query for CWE-754: Improper Check for Unusual or Exceptional Conditions when using functions scanf
 2022-03-11 12:54:49 +01:00
Erik Krogh Kristensen
69353bb014 patch upper-case acronyms to be PascalCase 2022-03-11 11:10:33 +01:00
Mathias Vorreiter Pedersen
272e096190 Merge branch 'main' into use-taint-configuration-in-three-more-queries 2022-03-11 09:24:03 +00:00
github-actions[bot]
3a5ebbb861 Post-release preparation for codeql-cli-2.8.3 2022-03-11 09:23:34 +00:00
Jeroen Ketema
007e33ad46 Fix C++ changelog heading and itemization 2022-03-10 23:11:07 +01:00
github-actions[bot]
6b194bc55f Release preparation for version 2.8.3 2022-03-10 19:43:58 +00:00
Mathias Vorreiter Pedersen
bff10e8ea1 C++: Add change note. 2022-03-10 10:59:04 +00:00
Mathias Vorreiter Pedersen
0d3e47bcae C++: Pick the offset expression as the sink in 'cpp/unclear-array-index-validation' (and not the array expression). 2022-03-10 10:57:51 +00:00
Mathias Vorreiter Pedersen
693eca2179 C++: Give 'cpp/unclear-array-index-validation' precision low. 2022-03-10 10:17:08 +00:00