hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-25 21:26:37 +01:00
Code Issues Packages Projects Releases Wiki Activity
34,206 Commits 1,673 Branches 157 Tags
bfb206c8105d66bbf7ffb6b2142190df0649ba12
Commit Graph

7504 Commits

Author SHA1 Message Date
Andrew Eisenberg
5fb84a774b Merge pull request #8553 from github/aeisenberg/cpp-suites 
Suites: Remove self-referential `from` directives
 2022-03-25 09:15:53 -07:00
Geoffrey White
2014599f88 Merge pull request #8318 from geoffw0/cwe497b 
C++: New query cpp/potential-system-data-exposure
 2022-03-25 14:55:00 +00:00
Geoffrey White
9f3fd57534 Merge branch 'main' into cwe497b 2022-03-25 11:57:30 +00:00
Mathias Vorreiter Pedersen
c115c68247 Merge pull request #8542 from MathiasVP/public-iterated-dominance-frontier 
C++: Use `iterated (post)dominance frontier` algorithm in `IRBlock`
 2022-03-25 11:51:15 +00:00
Geoffrey White
e377eebdbc C++: More 'adversary' -> 'malicious user' and related doc changes. 2022-03-25 11:34:37 +00:00
Geoffrey White
11074b6d77 Update cpp/ql/src/Security/CWE/CWE-497/PotentiallyExposedSystemData.ql 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-03-25 11:08:07 +00:00
Geoffrey White
6b6ee61d3f Apply suggestions from code review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-03-25 11:06:46 +00:00
Jeroen Ketema
94f014d948 C++: Update tests for handling of bitwise copies in copy constructors 2022-03-25 11:43:01 +01:00
Jeroen Ketema
b18b86b2e2 C++: Remove check for value-less literals in constructors 2022-03-25 11:43:01 +01:00
Andrew Eisenberg
99f14af56a Suites: Remove self-referential from directives 
Fixes https://github.com/github/codeql/issues/8412

See https://github.com/github/codeql/issues/8412#issuecomment-1078281668
for more detail.
 2022-03-24 14:19:20 -07:00
Mathias Vorreiter Pedersen
80630972b1 Merge branch 'main' into public-iterated-dominance-frontier 2022-03-24 12:50:29 +00:00
Mathias Vorreiter Pedersen
61c944201f Merge pull request #8461 from Paul1nh0/dev_cve_2016_6480 
Add query for double-fetch vulnerability
 2022-03-23 18:15:05 +00:00
Mathias Vorreiter Pedersen
c76a323246 C++/C#: Sync identical files. 2022-03-23 17:27:25 +00:00
Mathias Vorreiter Pedersen
1b4fb45089 C++: Use the iterated (post)dominance frontier algorithm in the public '(post)dominanceFrontier' predicate on 'IRBlocks'. 2022-03-23 17:27:16 +00:00
Mathias Vorreiter Pedersen
8b8f0ca6e5 Merge pull request #8479 from geoffw0/widecharperf 
C++: Fix expensive getWideCharType().
 2022-03-23 14:22:17 +00:00
Geoffrey White
9ae1ec69dc C++: Autoformat. 2022-03-23 13:37:39 +00:00
Mathias Vorreiter Pedersen
a81024a485 Merge pull request #8525 from MathiasVP/more-precise-is-before 
C++: Consider columns in `Location.isBefore`
 2022-03-23 11:04:34 +00:00
Mathias Vorreiter Pedersen
0eab54d385 Merge pull request #8491 from jketema/command-line-injection-with-flow-state 
C++: Use flow states in `cpp/command-line-injection`
 2022-03-23 11:03:29 +00:00
Mathias Vorreiter Pedersen
a84ee50af0 Update cpp/ql/src/change-notes/2022-03-21-command-line-injection-with-flow-states.md 2022-03-23 09:35:41 +00:00
Paul1nh0
5a1dc61d9d modify arguments check logic 
As far as I can tell, root cause of double-fetech issue is read from the same user mode memory twice, so it makes sense that only check whether user mode pointer is same or not
 2022-03-23 11:20:08 +08:00
Paul1nh0
6a6cd61d83 automated using CodeQL for VSCode extension 2022-03-23 09:37:45 +08:00
Mathias Vorreiter Pedersen
01929d484e Merge pull request #8526 from MathiasVP/internal-diagmetric-queries-ql 
C++: Add internal `ExtractionError` query
 2022-03-22 17:26:38 +00:00
Paul1nh0
f2728f5284 delete some unused code 2022-03-22 23:20:30 +08:00
Mathias Vorreiter Pedersen
c35b385383 C++: Fix 'implicit this' warning. 2022-03-22 13:32:46 +00:00
Paul1nh0
afe4a8435f Using globalValueNumber to match same arguments 2022-03-22 21:14:07 +08:00
Mathias Vorreiter Pedersen
93346a574f C++: Add a new 'Location.isBefore' predicate that also considers columns. 2022-03-22 12:16:53 +00:00
Mathias Vorreiter Pedersen
c6c3206031 C++: Add example of 'goto' on the same line as the destination label. 2022-03-22 12:11:29 +00:00
Mathias Vorreiter Pedersen
5cdf0b5ee2 Merge pull request #8507 from geoffw0/sde-perf 
C++: Make getUnderlyingType nomagic
 2022-03-22 11:12:44 +00:00
Paul1nh0
d476493c3e Add double-fetch.ql under CWE-362 directory 2022-03-22 19:08:44 +08:00
Paul1nh0
dd4e82126c remove to another directory 2022-03-22 19:06:53 +08:00
Paul1nh0
2dad2c477b query description added 2022-03-22 19:06:03 +08:00
Geoffrey White
5d5904d6c8 C++: Autoformat. 2022-03-22 10:55:04 +00:00
Mathias Vorreiter Pedersen
5cbd86519b C++: Add internal extraction errors query and modify the 'code-scanning-selectors' to exclude internal queries. 2022-03-22 10:52:02 +00:00
Jeroen Ketema
2d9b630fa8 C++: Fix ExecTainted.ql formatting 2022-03-21 23:28:58 +01:00
Jeroen Ketema
b79eb6d10d C++: Encode string value of data flow nodes in ExecState 2022-03-21 21:29:42 +01:00
Geoffrey White
97fef4b3a5 C++: Switch strategy to nomagic. 2022-03-21 12:58:06 +00:00
Geoffrey White
7f825c12eb C++: Make getUnderlyingType 'nomagic'. 2022-03-21 11:12:18 +00:00
Jeroen Ketema
e05227d3fe C++: Add change note for the cpp/command-line-injection changes 2022-03-21 11:30:39 +01:00
Jeroen Ketema
8b4c42dd07 C++: Add cpp/command-line-injection test using a wrapper macro 2022-03-21 11:19:54 +01:00
Jeroen Ketema
f8198c3123 C++: Use flow states in cpp/command-line-injection 2022-03-18 20:06:45 +01:00
Jeroen Ketema
d37ef1b5ca C++: Add command line injection test that currently results in a false positive 2022-03-18 16:12:09 +01:00
Jeroen Ketema
459870ac1e C++: Add additional command line injection tests 2022-03-18 13:42:27 +01:00
Geoffrey White
ff3bedcab9 C++: Fix expensive getWideCharType(). 2022-03-17 14:41:57 +00:00
Tom Hvitved
79ea2a3a9c Data flow: Sync files 2022-03-17 14:03:58 +01:00
Jeroen Ketema
7a9a9d833a Merge pull request #8435 from jketema/all-the-barriers 
Add flow state versions of isBarrierIn, isBarrierOut, and isBarrierGuard
 2022-03-16 15:50:19 +01:00
Dave Bartolomeo
e669ffa22e Merge pull request #8320 from jketema/structured-binding-array 
C++: Handle initialization of structured bindings via bitwise copy in extractor
 2022-03-16 09:41:31 -04:00
Geoffrey White
95a63a69a5 Merge branch 'main' into cwe497b 2022-03-16 11:09:46 +00:00
Paul1nh0
85b22647ac Add query for double-fetch vulnerability 2022-03-16 18:16:49 +08:00
Jeroen Ketema
d51cbe2525 C++: Update IR tests for handling of bitwise copy with explicit source 2022-03-15 23:22:37 +01:00
Jeroen Ketema
8be02b164c C++: Add IR tests exposing incorrect translation due to unhandled bitwise copy 
These tests are in addition to exisiting tests involving default copy
constructors, which suffer from the same problem, i.e., the extractor not
handling bitwise copies.
 2022-03-15 23:22:37 +01:00