hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
48,321 Commits 1,673 Branches 157 Tags
b248b44983d66abc00c347e40f3ea69c61ba0788
Commit Graph

5847 Commits

Author SHA1 Message Date
erik-krogh
698e05f85a Swift/C++: Use instanceof in more places 2022-12-12 16:58:13 +01:00
Jeroen Ketema
beb66d027e C++: Use FlowSource in cpp/path-injection 2022-12-10 20:27:56 +01:00
Jeroen Ketema
9dc2614012 C++: Make all flow source descriptions start with a lower case letter 
In every context where we use the description a lower case letter makes more
sense.
 2022-12-09 23:18:58 +01:00
Geoffrey White
f373b7fe7c Merge pull request #11596 from geoffw0/cleartextbufferwrite 
C++: Performance fix for cpp/cleartext-storage-buffer
 2022-12-08 17:18:10 +00:00
Chris Smowton
49bc524fd0 Merge remote-tracking branch 'origin/rc/3.8' into smowton/admin/merge-rc38-into-main 2022-12-08 11:12:30 +00:00
Geoffrey White
a8b8b54f8d Update cpp/ql/src/Security/CWE/CWE-311/CleartextBufferWrite.ql 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2022-12-07 16:44:33 +00:00
Geoffrey White
4b8575bfc3 C++: Simplify the query slightly. 2022-12-07 15:35:45 +00:00
Geoffrey White
b3d838d678 C++: Define the sources more clearly and consistently (fixes performance issue). 2022-12-07 14:45:39 +00:00
Jeroen Ketema
b5147bbfb0 C++: Deprecate DefaultTaintTracking and TaintTrackingImpl 2022-12-06 17:45:16 +01:00
Mathias Vorreiter Pedersen
2c500142c7 Merge pull request #11435 from jketema/rewrite-tainted-path 
C++: Rewrite `cpp/path-injection` to not use `DefaultTaintTracking`
 2022-12-06 14:54:57 +00:00
Jeroen Ketema
995efef5da C++: Add explanatory comment to hasFilteredFlowPath 2022-12-06 09:03:21 +01:00
Jeroen Ketema
6dbc59d5b5 C++: Simplify isSink based on reviewer comments 2022-12-05 23:23:08 +01:00
github-actions[bot]
5e35785fd0 Post-release preparation for codeql-cli-2.11.5 2022-12-02 11:37:44 +00:00
github-actions[bot]
31ab22e3a0 Release preparation for version 2.11.5 2022-12-01 20:05:14 +00:00
Jeroen Ketema
3dfe18b565 C++: Introduce the coarse upper bound check from default taint tracking 2022-12-01 09:13:48 +01:00
Arthur Baars
cf7ebe2fa8 Merge pull request #11471 from github/rc/3.8 
Merge rc/3.8 into main
 2022-11-29 12:57:34 +01:00
Jeroen Ketema
d3cccca7f1 C++: Filter duplicate (source, sink)-pairs 2022-11-29 11:17:39 +01:00
Jeroen Ketema
378206ae7d C++: Stop taint from flowing to arithmetic types 
These are not likely to give the user much control over what can be accessed.
 2022-11-29 11:15:28 +01:00
Jeroen Ketema
718663415b C++: Stop flow from going through another source 
Without this we get confusing results:
```
    char *userAndFile = argv[2];
    char *fileName = argv[1];
    fopen(fileName, "wb+"); // Both argv[1] and argv[2] marked as source without
                            // this change.
```

While here add some more test cases.
 2022-11-29 10:52:57 +01:00
Jeroen Ketema
63334764d7 C++: Rewrite cpp/path-injection to not use DefaultTaintTracking 2022-11-29 10:52:57 +01:00
Felicity Chapman
59b6d657cc Apply suggestions from code review 
Co-authored-by: hubwriter <hubwriter@github.com>
 2022-11-28 15:45:05 +01:00
Felicity Chapman
c451fa8ad4 Update cpp/ql/src/Likely Bugs/RedundantNullCheckSimple.ql 
Co-authored-by: Taus <tausbn@github.com>
 2022-11-28 15:26:24 +01:00
Felicity Chapman
b5f849463b Update QL library references 2022-11-28 15:26:24 +01:00
Felicity Chapman
5f835da838 Update HTML comment in query 2022-11-28 15:25:38 +01:00
Erik Krogh Kristensen
1eec067474 Merge pull request #11294 from erik-krogh/fileDoc 
QL: improve the "this block-comment should have been a QLDoc"-query
 2022-11-23 22:23:36 +01:00
Mathias Vorreiter Pedersen
c2ac60fc34 Merge pull request #11311 from MathiasVP/repair-mustflow 
C++: Repair `MustFlow` library for use-use flow
 2022-11-21 19:13:10 +00:00
Mathias Vorreiter Pedersen
7e80a57724 C++: Make ql-for-ql happy. 2022-11-21 15:13:19 +00:00
Mathias Vorreiter Pedersen
b748ed8f43 C++: Repair the 'MustFlow' library. 2022-11-18 16:41:32 +00:00
github-actions[bot]
5b14ebf22a Post-release preparation for codeql-cli-2.11.4 2022-11-18 11:26:00 +00:00
github-actions[bot]
e105c13e77 Release preparation for version 2.11.4 2022-11-17 16:40:45 +00:00
erik-krogh
20c4699478 CPP: convert some block-comments that could be QLDoc to QLDoc 2022-11-16 13:39:22 +01:00
Geoffrey White
55a7adff20 C++: Make the message clearer. 2022-11-07 16:32:45 +00:00
github-actions[bot]
fca754bddd Post-release preparation for codeql-cli-2.11.3 2022-11-05 14:30:48 +00:00
github-actions[bot]
508327235a Release preparation for version 2.11.3 2022-11-04 20:16:23 +00:00
Mathias Vorreiter Pedersen
1ca7c5b97d Merge pull request #11091 from JarLob/assign 
Fix AV Rule 76
 2022-11-03 13:06:10 +00:00
Mathias Vorreiter Pedersen
ad0b36a0c9 C++: Add change note. 2022-11-03 11:41:38 +00:00
JarLob
3317223e19 Fix AV Rule 76 2022-11-02 22:50:25 +01:00
Dave Bartolomeo
9d5e5e3ee7 ${workspace} all the things 2022-11-01 13:29:05 -04:00
Geoffrey White
257748d82b C++: Rename predicate. 2022-10-25 14:52:22 +01:00
Geoffrey White
6f77e14aef C++: Fix rare performance issue on cpp/comma-before-misleading-indentation. 2022-10-24 18:21:10 +01:00
github-actions[bot]
be7693283b Post-release preparation for codeql-cli-2.11.2 2022-10-21 08:07:17 +00:00
github-actions[bot]
9a0848bbc4 Release preparation for version 2.11.2 2022-10-20 11:05:19 +00:00
Geoffrey White
73f977c98c Merge pull request #10510 from geoffw0/staticfn 
C++: Fix FPs for cpp/unused-static-function in files that were not extracted completely
 2022-10-18 14:53:49 +01:00
Geoffrey White
2b3ab180fa Merge pull request #10077 from intrigus-lgtm/cpp/wexpand-commmand-injection 
Add query for tainted `wordexp` calls.
 2022-10-17 11:18:38 +01:00
Josh Soref
360ce7bcf0 spelling: vulnerabilities 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-14 15:08:44 -04:00
Josh Soref
9a32aba581 spelling: themselves 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-14 15:08:44 -04:00
Josh Soref
1f8aaf7e07 spelling: supplemental 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-14 15:08:44 -04:00
Josh Soref
281bb0ec24 spelling: proposed 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-14 15:08:44 -04:00
Josh Soref
004f36720b spelling: predicate 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-14 15:08:44 -04:00
Josh Soref
f7a1647129 spelling: overrunning 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-14 15:08:44 -04:00