hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-20 17:03:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
76,105 Commits 1,692 Branches 161 Tags
aff03bd72158e82bbaeffb403cf708698c929562
Commit Graph

686 Commits

Author SHA1 Message Date
Jeroen Ketema
d9b278de66 C++: Promote cpp/guarded-free 2024-11-26 11:45:55 +01:00
Jeroen Ketema
88be4b88ab C++: Address review comments 2024-11-18 14:27:01 +01:00
Jeroen Ketema
20685918bd C++: Silence ql-for-ql warning 2024-11-14 13:10:20 +01:00
Jeroen Ketema
b581723a63 C++: Ignore complex guards and the comma operator 2024-11-14 12:53:54 +01:00
Jeroen Ketema
176acabd9d C++: Ignore free calls that are macro defined or #if/#ifdef guarded 2024-11-14 12:51:04 +01:00
Jeroen Ketema
a31e983e9e C++: Also allow single statement blocks in cpp/guarded-free 2024-11-14 12:47:29 +01:00
Jeroen Ketema
c86bbbb063 C++: Fix cpp/guarded-free FPs when there are other blocks depending on the guard 2024-11-14 11:48:17 +01:00
Jeroen Ketema
a065434dd7 Merge pull request #16811 from porcupineyhairs/curlssl 
CPP: Disabled SSL certificate verification
 2024-09-19 20:02:17 +02:00
Porcupiney Hairs
ee41e65e90 Include changes from review 2024-09-19 22:52:20 +05:30
Porcupiney Hairs
57d1035acd Include changes from review 2024-09-19 03:32:34 +05:30
am0o0
401bb24fde remove redundent zStreamAccess in flow steps 2024-09-05 17:09:26 +02:00
Jeroen Ketema
3aa68b34bb C++: Fix zstd and clean up test 2024-09-04 22:25:44 +02:00
Jeroen Ketema
9b905d5e84 C++: Set precision to low 
There are no barriers, so the query as is will flag up any use of the
identified functions.
 2024-09-04 14:13:43 +02:00
Jeroen Ketema
238895e677 C++: Fix formatting 2024-09-04 14:10:24 +02:00
Jeroen Ketema
92c6170a76 C++: Simplify QLhelp 
One good and one bad example suffices to get the point across, and makes the
help more readable. The examples also do not have to be complete.
 2024-09-04 14:06:12 +02:00
Jeroen Ketema
2369b18ca6 C++: Make additional flow steps more uniform 2024-09-04 13:43:03 +02:00
Jeroen Ketema
8fe0d0a045 C++: Improve query output 2024-09-04 13:22:02 +02:00
Jeroen Ketema
8d22d147b8 C++: Clean up QLDoc 2024-09-04 13:16:56 +02:00
Jeroen Ketema
65fafbf4df C++: Fix QL-for-QL warnings 2024-09-04 11:57:10 +02:00
Jeroen Ketema
084dbc4e12 C++: Rename qhelp file to match ql file 2024-09-04 11:48:42 +02:00
Jeroen Ketema
50d9e77339 C++: Move experimental files into the correct locations 2024-09-04 09:33:27 +02:00
am0o0
386e45a11e delete bzip2 as it is not updated for more than three years so it is not in the priority 2024-09-03 15:33:14 +02:00
am0o0
81283d59ab remove more unused imports, add tests for zstd, add flow steps for zstd 
zstd is not finilized
 2024-09-03 15:26:38 +02:00
am0o0
4fc971dbcb remove xz(lzma) 2024-09-03 14:48:52 +02:00
am0o0
6c97096642 remove unused imports, add tests for libarchive 2024-09-03 14:16:25 +02:00
am0o0
9531701129 delete miniz support because there is no good documents and i don't have enough time as the library is not popular enough. add tests for minizip lib 2024-09-03 13:08:00 +02:00
am0o0
8c1c537150 finilize tests for zlib 2024-09-03 09:12:54 +02:00
am0o0
f97b1039cd update test files, add one more additional flow step for inflate function, fix gzopen additional flow step thanks to @jketema 2024-07-30 17:49:34 +02:00
am0o0
a10b5021b4 fix tests, it is not fixed 100% 2024-07-15 10:13:57 +02:00
am0o0
361ad6be6a use abstract class for decompression flow steps 2024-06-26 12:45:31 +02:00
am0o0
656dc4e276 use abstract class for decompression sinks 2024-06-25 18:09:27 +02:00
am0o0
13f697c056 relocate the query 2024-06-25 17:31:40 +02:00
Porcupiney Hairs
a7cdf0e2fd CPP: Disabled SSL certificate verification 
Disable SSL certificate verification can expose the communication to MITM attacks.

This PR adds a query to detect the same. This also include the tests and qhelp for the same.
 2024-06-23 14:27:04 +05:30
am0o0
11a416ea7c add FlowSources as a common source for all sinks, so we don't need States anymore 2024-06-13 03:30:07 +02:00
am0o0
273848c879 remove old comments 2024-06-07 05:40:17 +02:00
am0o0
a5363286f1 add implicit this 2024-06-07 05:37:58 +02:00
am0o0
184aa0480e Merge branch 'amammad-cpp-bombs' of https://github.com/amammad/codeql into amammad-cpp-bombs 2024-06-07 05:27:12 +02:00
Am
a5c9dc74bf Merge branch 'github:main' into amammad-cpp-bombs 2024-06-07 05:27:08 +02:00
am0o0
e37ceac3b1 merge all query files into one query file 2024-06-07 05:26:51 +02:00
Mathias Vorreiter Pedersen
00a940fd58 Merge pull request #16524 from catenacyber/deref-null-result 
Adds another rule for null deref
 2024-05-22 12:37:39 +01:00
Mathias Vorreiter Pedersen
eda815789b Update cpp/ql/src/experimental/Likely Bugs/DerefNullResult.ql 2024-05-22 11:21:04 +01:00
Philippe Antoine
ab4b823c2e fixup unique assignment 2024-05-21 22:10:00 +02:00
Philippe Antoine
8ace9da14a fixup dataflow path and formatting 2024-05-20 21:31:47 +02:00
Philippe Antoine
73d306c8c8 Adds another rule for null deref 2024-05-17 17:35:07 +02:00
Mathias Vorreiter Pedersen
a8f2cbc2b1 Merge pull request #16331 from mario-campos/mario-campos/guarded-free 
Cpp: new experimental query cpp/guarded-free
 2024-05-01 17:32:44 +01:00
Mario Campos
5a7a1dc92e C++: forgot to import semmle.code.cpp.controlflow.Guards 2024-05-01 11:00:19 -05:00
Mario Campos
c480431ec0 C++: simplify cpp/guarded-free 
This new form is more declarative by use of the `GuardCondition`. Thanks to the tireless effort of @MathiasVP!
 2024-05-01 10:59:16 -05:00
Mathias Vorreiter Pedersen
179270ffc1 C++: Move 'cpp/iterator-to-expired-container' out of experimental. 2024-04-29 11:07:55 +01:00
Mario Campos
3195f0c828 Use more specific hasGlobalName() for stdlib function free(3) 
Based on the CodeQL documentation's example of strncpy(3) and strlen(3): https://codeql.github.com/docs/codeql-language-guides/hash-consing-and-value-numbering/#example-query
 2024-04-26 09:10:40 -05:00
Mario Campos
d7c784ef2f Initial commit of experimental query cpp/guarded-free. 2024-04-25 16:29:37 -05:00