hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
52,961 Commits 1,672 Branches 157 Tags
aa337c72c25ea660f1feeb0e153911f83039ecab
Commit Graph

9357 Commits

Author SHA1 Message Date
Jeroen Ketema
0c710479ec C++: Update experimental test changes 2022-12-19 16:35:24 +01:00
Arthur Baars
c176606be5 AlertSuppression: allow //lgtm comments to scope over the next line 2022-12-19 16:10:26 +01:00
Arthur Baars
016c7a8ca7 Merge pull request #11719 from aibaars/alert-suppression-shared 
Shared AlertSuppression library
 2022-12-19 16:04:44 +01:00
Jeroen Ketema
949b61c635 Merge pull request #11729 from MathiasVP/fix-cleartext-sqlite-database 
C++: Prepare `cpp/cleartext-storage-database` for use-use flow
 2022-12-19 14:01:34 +01:00
Jeroen Ketema
edd29f4b0e C++: Add change note 2022-12-19 13:50:50 +01:00
Jeroen Ketema
ed33b905a6 C++: Simplify cpp/path-injection now argv sources are parameters 2022-12-19 12:54:16 +01:00
Jeroen Ketema
7549915773 C++: Accept test changes 2022-12-19 12:52:35 +01:00
Arthur Baars
ad80822a52 C/C++: use shared AlertSuppression.qll 2022-12-19 12:25:46 +01:00
Jeroen Ketema
a73bd050f7 C++: Define the argv flow source in terms the input parameter 2022-12-19 12:13:39 +01:00
Jeroen Ketema
2705aebbbc C++: Restrict CWE-119 semmle tests to have a single main function 2022-12-19 12:13:37 +01:00
Jeroen Ketema
88a1eead03 Merge pull request #11724 from MathiasVP/clear-text-transmission-dont-track-indirection 
C++: Use `asExpr` in `cpp/cleartext-transmission`
 2022-12-19 11:31:06 +01:00
turbo
d1d4163b79 Exclude cpp/wrong-use-of-the-umask 2022-12-18 15:55:04 +01:00
turbo
1e5426fca2 Create security-experimental suite helper and all language suite implementations 2022-12-18 15:44:08 +01:00
ihsinme
a2836dc72a Update test.cpp 2022-12-18 00:38:32 +03:00
ihsinme
945cdef18d Update DivideByZeroUsingReturnValue.expected 2022-12-18 00:35:28 +03:00
ihsinme
c790b0fed6 Update DivideByZeroUsingReturnValue.ql 2022-12-18 00:34:14 +03:00
Robert Marsh
df7a4ac093 Merge pull request #11722 from MathiasVP/make-buffer.qll-unique-again 
C++: Use `unique` in `getBufferSize`
 2022-12-16 15:00:18 -05:00
Henry Mercer
30451ee950 Merge pull request #11681 from github/henrymercer/mergeback-3.8 
Merge `rc/3.8` back to `main`
 2022-12-16 17:43:12 +00:00
Mathias Vorreiter Pedersen
1d80e94bb4 C++: Prepare 'CleartextSqliteDatabase.ql' for use-use flow. 2022-12-16 17:10:10 +00:00
Mathias Vorreiter Pedersen
c09ed10d33 Merge pull request #11727 from MathiasVP/fix-crement-and-assign-op-dataflow-mappings 
C++: Fix `DataFlow <-> Expr` mappings for `CrementOperation` and `AssignOperation`
 2022-12-16 17:05:13 +00:00
Mathias Vorreiter Pedersen
33649ed7d3 Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2022-12-16 17:02:06 +00:00
Mathias Vorreiter Pedersen
a7aa1a7d8b C++: Accept more test changes 2022-12-16 16:04:35 +00:00
Jeroen Ketema
32800bca96 Merge pull request #11680 from jketema/predefined-typedef-for-float 
C++: Update tests after frontend changes
 2022-12-16 15:21:58 +01:00
Mathias Vorreiter Pedersen
45f69be94c C++: Accept test changes 2022-12-16 14:14:58 +00:00
Mathias Vorreiter Pedersen
df526552a6 C++: Fix mapping between dataflow nodes and '{Crement, Assign}Operations'. 2022-12-16 14:14:48 +00:00
Mathias Vorreiter Pedersen
2de2887ebb C++: Accept test changes 2022-12-16 13:27:08 +00:00
Mathias Vorreiter Pedersen
4ace171447 C++: Don't track indirection expressions in 'cpp/cleartext-transmission'. Instead, just track the direct expression. 2022-12-16 13:26:53 +00:00
Mathias Vorreiter Pedersen
81de93da2d C++: Accept test changes 2022-12-16 12:58:53 +00:00
Mathias Vorreiter Pedersen
c06f7259cf C++: Make the 'getBufferSize' a lot more like the pre-use-use flow implementation. 2022-12-16 12:58:45 +00:00
Tom Hvitved
e45edcc159 Merge pull request #11674 from hvitved/dataflow/param-context 
Data flow: Track callable in flow-through pruning
 2022-12-16 09:25:15 +01:00
Mathias Vorreiter Pedersen
7d5e215a93 Merge pull request #11600 from geoffw0/offsetrangecheck 
C++: Fix cpp/offset-use-before-range-check performance.
 2022-12-15 16:44:49 +00:00
Geoffrey White
cca0722a2b Merge pull request #11710 from geoffw0/qldocalloc 
C++: Clarify Allocation.qll and Deallocation.qll
 2022-12-15 15:36:48 +00:00
Tom Hvitved
f8571dd0b6 Data flow: Work around functionality-induced misoptimization 2022-12-15 15:29:14 +01:00
Tom Hvitved
6eda042229 Data flow: Sync files 2022-12-15 15:29:13 +01:00
Mathias Vorreiter Pedersen
a36afc6bff C++: Accept more test changes. 2022-12-15 13:29:05 +00:00
Geoffrey White
e7ea0d7ee9 C++: Attempt to clarify the way Allocation.qll and Deallocation.qll should be used. 2022-12-15 13:05:56 +00:00
Jeroen Ketema
ef61d14e9c C++: Add change note 2022-12-15 12:57:13 +01:00
Mathias Vorreiter Pedersen
73b93be313 C++: Prevent non-termination in 'getTypeImpl' when a iterator defines itself as 'value_type'. 2022-12-15 11:55:25 +00:00
Mathias Vorreiter Pedersen
526b913f7d C++: Fix join orders. 2022-12-15 11:55:25 +00:00
Mathias Vorreiter Pedersen
cb47bdd9fd C++: Accept test changes. 2022-12-15 11:55:25 +00:00
Mathias Vorreiter Pedersen
f94ca0e087 C++: Add implicit defs and uses for iterators' underlying containers. 2022-12-15 11:55:21 +00:00
Mathias Vorreiter Pedersen
78b7e12b87 C++: Make 'DefImpl' and 'useImpl' abstract. 2022-12-15 11:54:32 +00:00
Mathias Vorreiter Pedersen
5d417d7a69 C++: Implement an 'Indirection' subtype for iterators. 2022-12-15 11:54:32 +00:00
Mathias Vorreiter Pedersen
ef110e77ff C++: Remove an unnecessary predicate from the 'Indirection' class. 2022-12-15 11:54:32 +00:00
Jeroen Ketema
0b4c4fd580 C++: Simplify deallocation check 2022-12-15 12:46:32 +01:00
Jeroen Ketema
4fb43d56b3 C++: Exclude deallocation functions as scanf result accesses 2022-12-15 09:39:16 +01:00
Jeroen Ketema
31b4dda7bd Merge pull request #11687 from jketema/tainted-path-use-use 
C++: Make `cpp/path-injection` work with use-use dataflow
 2022-12-14 18:06:05 +01:00
turbo
4ec401a3f6 Tag all security queries in supported languages' experimental directories with an experimental tag 2022-12-14 17:15:50 +01:00
Mathias Vorreiter Pedersen
22b04af0fa Merge pull request #11658 from MathiasVP/uncertain-writes 
C++: Flow through uncertain writes
 2022-12-14 15:26:28 +00:00
Jeroen Ketema
bb256514c0 Merge remote-tracking branch 'upstream/main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2022-12-14 15:52:20 +01:00