hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-24 08:26:51 +01:00
Code Issues Packages Projects Releases Wiki Activity
24,081 Commits 1,715 Branches 163 Tags
be06230b435b74dc19bab8b2f18ebb2b44064d77
Commit Graph

6238 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
be06230b43 Merge branch 'main' into path-sensitive-stack-variable-reachability-analysis 2021-07-12 14:46:44 +02:00
Cornelius Riemenschneider
d34f7b941a C++: Address code review. 2021-07-12 11:43:43 +02:00
Cornelius Riemenschneider
e821b8be99 C++: Fix warning from compile-query. 2021-07-12 11:43:43 +02:00
Anders Schack-Mulligen
37f8794d01 Merge pull request #6165 from edoardopirovano/fix-regression 
Performance: Improve join order in data flow library
 2021-07-01 14:13:18 +02:00
Edoardo Pirovano
8354f66c29 Performance: Improve join order in data flow library 2021-06-29 18:23:22 +01:00
Aditya Sharad
61e6dcb56d Ensure only one query per language is tagged lines-of-code 
Some languages have multiple `summary` queries for lines of code,
representing different forms of counting (user written, total, etc).
When Code Scanning sees results from multiple such summary queries in a single run,
it will need to choose one as the primary LoC count to display in the UI.

By ensuring only one query per language has the `lines-of-code` tag,
in future we can teach Code Scanning to look for this particular tag
to identify the primary LoC count.

If a "lines of user code" query is available, use that.
Otherwise use the total "lines of code".

(It is completely fine for multiple queries to be tagged with `summary`.)
 2021-06-25 16:45:37 -07:00
Mathias Vorreiter Pedersen
fd477383b0 C++: Fix join order in 'bbSuccessorEntryReachesLoopInvariant'. 2021-06-25 10:49:33 +02:00
Anders Schack-Mulligen
2d24387e9e Merge pull request #6149 from edoardopirovano/fix-java-regression 
Performance: Fix bad join order in Java dataflow library
 2021-06-25 10:42:05 +02:00
Anders Schack-Mulligen
95ad8b55fe Merge pull request #6107 from aschackmull/dataflow/implicit-reads 
Dataflow: Add support for implicit reads
 2021-06-24 15:38:35 +02:00
Anders Schack-Mulligen
01fc3e6559 C++/C#/Java/Python: Add change notes. 2021-06-24 14:29:34 +02:00
Anders Schack-Mulligen
cd0efbe7ce Dataflow: Sync. 2021-06-24 14:19:17 +02:00
Mathias Vorreiter Pedersen
c8c77396fa C++: Get rid of the trivial 'True' condition. Turns out it's not actually needed. 2021-06-24 09:57:54 +02:00
Mathias Vorreiter Pedersen
656ff4aee9 C++: Add more QLDoc. 2021-06-24 09:57:25 +02:00
Mathias Vorreiter Pedersen
d70ea5f6e0 Update cpp/ql/src/semmle/code/cpp/controlflow/StackVariableReachability.qll 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2021-06-24 09:27:11 +02:00
Edoardo Pirovano
0909c9ff22 Performance: Fix bad join order in dataflow library 2021-06-24 08:24:17 +01:00
Mathias Vorreiter Pedersen
2938ad5f8f C++: Add testcase demonstrating the fix from a8c57ec4aa. 2021-06-23 23:01:49 +02:00
Mathias Vorreiter Pedersen
43bbd4f7ad C++: Fix join order with 'pragma[noopt]'. 2021-06-23 18:34:04 +02:00
Mathias Vorreiter Pedersen
295e022df3 Merge branch 'main' into improve-tainted-arithmetic 2021-06-23 15:45:18 +02:00
Ian Lynagh
089e4e2e1e Merge pull request #6147 from AlexDenisov/adjust_test_expectation 
C++: Adjust test expectations after frontend upgrade
 2021-06-23 14:43:47 +01:00
Mathias Vorreiter Pedersen
a8c57ec4aa C++: Prevent false negatives caused by incorrectly concluding that a loop variant condition refutes itself across loop iterations. 2021-06-23 15:08:16 +02:00
Alex Denisov
653afc8448 C++: Adjust test expectations after frontend upgrade 2021-06-23 14:39:16 +02:00
Mathias Vorreiter Pedersen
c44475458e Update cpp/ql/src/Security/CWE/CWE-190/Bounded.qll 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2021-06-23 14:38:36 +02:00
Mathias Vorreiter Pedersen
d308dd2f40 Update cpp/ql/src/semmle/code/cpp/controlflow/StackVariableReachability.qll 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2021-06-23 11:54:56 +02:00
Mathias Vorreiter Pedersen
6379463bcf Merge branch 'main' into improve-tainted-arithmetic 2021-06-23 11:42:45 +02:00
Geoffrey White
298f70f082 Merge pull request #6120 from MathiasVP/not-overflow-is-barrier-in-cwe-190 
C++: Recognize any non-overflowing arithmetic expression as a barrier for `cpp/uncontrolled-arithmetic`
 2021-06-23 10:35:33 +01:00
Mathias Vorreiter Pedersen
9b94f3a650 Merge branch 'main' into improve-tainted-arithmetic 2021-06-23 11:04:08 +02:00
Mathias Vorreiter Pedersen
a611e76ed2 C++: Respond to review comments. 2021-06-23 10:28:00 +02:00
Mathias Vorreiter Pedersen
3bc6b11ae5 C++: Share the 'bounded' predicate from 'cpp/uncontrolled-arithmetic' and use it in 'cpp/tainted-arithmetic'. 2021-06-21 16:38:17 +02:00
Mathias Vorreiter Pedersen
05389bb9d4 Merge pull request #6099 from geoffw0/weak-crypto3 
Further improvements to cpp/weak-cryptographic-algorithm
 2021-06-21 15:46:50 +02:00
Geoffrey White
05ed4ed739 Update cpp/change-notes/2021-06-21-weak-cryptographic-algorithm.md 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-06-21 14:22:56 +01:00
Anders Schack-Mulligen
810de73246 C/C++: Update qltest expected output. 2021-06-21 14:47:31 +02:00
Anders Schack-Mulligen
65ac8be5ac Java: Add defaultImplicitTaintRead and sync. 2021-06-21 14:42:47 +02:00
Anders Schack-Mulligen
38319a4832 C/C++: Make Content public as DataFlow::Content. 2021-06-21 14:42:47 +02:00
Anders Schack-Mulligen
80880320d5 Dataflow: Sync. 2021-06-21 14:42:47 +02:00
Mathias Vorreiter Pedersen
238c483e5b C++: Make any non-overflowing arithmetic operation a barrier. 2021-06-21 14:05:34 +02:00
Mathias Vorreiter Pedersen
18e5d3cce8 C++: Add false positive with multiplication. 2021-06-21 14:04:27 +02:00
Geoffrey White
6f808c9e4c C++: Update change note. 2021-06-21 12:32:48 +01:00
Geoffrey White
79198974dc Merge branch 'main' into weak-crypto3 2021-06-21 11:55:29 +01:00
Anders Schack-Mulligen
9110dfaeb3 Merge pull request #6095 from hvitved/dataflow/local-cc-join 
Data flow: Fix `getLocalCallContext` join-order
 2021-06-21 12:53:38 +02:00
Geoffrey White
90e2a2d222 C++: Change note. 2021-06-21 11:30:12 +01:00
Mathias Vorreiter Pedersen
17df8e44d0 C++: Convert 'cpp/tainted-arithmetic' to a 'path-problem' query. 2021-06-18 14:56:17 +02:00
Calum Grant
32f6a465b0 Merge pull request #6080 from github/calumgrant/security-severities 
Update security-severity scores
 2021-06-18 09:40:40 +01:00
Tom Hvitved
eb86bceb4d Address review comments 2021-06-18 10:18:47 +02:00
Geoffrey White
b4cbe6dce8 C++: Increase query precision to high. 2021-06-17 14:33:17 +01:00
Geoffrey White
b5c71fd1d7 C++: Repair funcion call in a function call. 2021-06-17 14:33:16 +01:00
Geoffrey White
e5147c2a1f C++: Exclude functions that don't involve buffers. 2021-06-17 14:33:16 +01:00
Geoffrey White
a481e5c292 C++: Exclude template code. 2021-06-17 12:36:14 +01:00
Geoffrey White
8efdf359dc C++: Fix some incorrect uses of 'const' in the tests. 2021-06-17 12:36:13 +01:00
Geoffrey White
3641cdcc1f C++: Add a test case involving an array. 2021-06-17 12:36:09 +01:00
Geoffrey White
23db21cd90 C++: Test spacing. 2021-06-17 12:33:31 +01:00