hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
46,831 Commits 1,672 Branches 157 Tags
c2035e85d2bef276a8da5d84e88e390fa1ceaf9c
Commit Graph

8505 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
2da46ad691 C++: Add two testcases demonstrating malformed IR from missing declaration entries from decl stmts. 2022-09-05 17:49:20 +01:00
Geoffrey White
b6d5b6731a C++: Make QLDoc meet style guide. 2022-09-05 17:17:57 +01:00
Geoffrey White
234da636a4 C++: Change note. 2022-09-05 17:01:25 +01:00
Geoffrey White
008d583da8 C++: Modernize cpp/cleartext-storage-database. 2022-09-05 16:47:14 +01:00
Geoffrey White
946456acc2 C++: Apply the sanitizer improvement from cpp/cleartext-storage-buffer in cpp/cleartext-storage-file and cpp/cleartext-transmission. 2022-09-05 14:44:33 +01:00
Tom Hvitved
9ebabd1e1f SSA: Strip shared from namespace and qlpack name 2022-09-05 11:17:30 +02:00
Tom Hvitved
ba62b9e822 Address review comments 2022-09-02 13:07:27 +02:00
Nora Dimitrijević
7584434b80 Merge pull request #10163 from d10c/missing-check-scanf-squashed 
C++: New Query: missing return-value check for scanf-like functions
 2022-09-01 23:43:21 +02:00
Robert Marsh
ca2694ae1d C++: exclude end pointers in iterator-style loops 2022-09-01 17:42:19 -04:00
Tom Hvitved
6b728acd9e Use specific codeql/shared-ssa pack for the SSA library 2022-09-01 21:23:33 +02:00
Mathias Vorreiter Pedersen
2223bc3d1f Merge pull request #10261 from MathiasVP/fix-join-in-sign-analysis 
C++: Fix join in sign analysis
 2022-09-01 16:49:05 +01:00
Robert Marsh
35701373ee C++: more semantic range analysis perf tweaks 2022-09-01 10:49:54 -04:00
Robert Marsh
b1de54e9aa C++: rewrite ProductFlow recursion for performance 2022-09-01 10:49:12 -04:00
Edoardo Pirovano
8f332714f4 Merge pull request #10260 from github/edoardo/3.7-mergeback 
Merge `rc/3.7` into `main`
 2022-09-01 15:44:17 +01:00
Mathias Vorreiter Pedersen
a65e585db1 C++: 'nomagic' on 'binaryExprOperands'. 2022-09-01 15:34:59 +01:00
Nora Dimitrijević
f956999891 Merge branch 'main' into missing-check-scanf-squashed 2022-09-01 12:08:50 +02:00
Tom Hvitved
8e5d6ba4f9 SSA: Create a new shared library pack and move implementation there 2022-09-01 09:36:49 +02:00
Nora Dimitrijević
f5a30c7bbe C++: Add correctness tag 
As that seems to be appropriate for this query.
 2022-08-31 16:59:57 +02:00
Nora Dimitrijević
38f185bee4 C++: Correct CWE tags in metadata 2022-08-31 16:58:05 +02:00
Nora Dimitrijević
0729e42536 C++: Update metadata based on cwe-scores 
Though the codeql/cwe-scores update-queries.py script did not make any changes on its own,
I looked up the score of the CWEs that @geoffw0 suggested using the explain.py script.

As discussed elsewhere, this should be more of a warning than a recommendation.
 2022-08-31 15:50:37 +02:00
Tom Hvitved
7a2d43432e C++: Adapt to parameterized SSA implementation 2022-08-31 11:56:24 +02:00
Tom Hvitved
760c7beb94 SSA: Sync files 2022-08-31 11:45:15 +02:00
Nora Dimitrijević
ce1e4ad422 Merge branch 'main' into missing-check-scanf-squashed 2022-08-30 11:34:00 +02:00
Nora Dimitrijević
e10042be7d C++: Improve docs based on doc-review 
Thanks to @mchammer01 and @geoffw0 for the suggestions latest.
 2022-08-30 11:14:57 +02:00
github-actions[bot]
3b4ad3c4f1 Post-release preparation for codeql-cli-2.10.4 2022-08-26 09:32:11 +00:00
erik-krogh
cc7a9ef97a rename more acronyms 2022-08-25 20:52:27 +02:00
Nora Dimitrijević
7d24d96d80 C++: Optimize MissingCheckScanf/bigStep() 2022-08-25 17:12:25 +02:00
Nora Dimitrijević
02772ed20c Revert changes to .gitignore and .clang-format 
because they are potentially too global, belong in a separate PR.
 2022-08-25 16:37:39 +02:00
Nora Dimitrijević
2bd866cc82 C++: improve change note and move to right place 2022-08-25 16:00:25 +02:00
Ian Lynagh
5e06277b38 Update cpp/ql/lib/change-notes/released/0.3.4.md 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2022-08-25 14:23:38 +01:00
Ian Lynagh
badb2b7f13 Update cpp/ql/lib/CHANGELOG.md 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2022-08-25 14:23:25 +01:00
Nora Dimitrijević
ad56274a73 C++: Small improvements to query qldoc and message 2022-08-25 15:22:41 +02:00
Erik Krogh Kristensen
06afe9c0f4 Merge pull request #9816 from erik-krogh/msgConsis 
Make alert messages consistent across languages
 2022-08-25 15:20:01 +02:00
Nora Dimitrijević
a6a30b3725 C++: clarify ScanfOutput.getMinimumGuardConstant() 2022-08-25 15:07:39 +02:00
github-actions[bot]
0f63bc077f Release preparation for version 2.10.4 2022-08-25 12:52:26 +00:00
Nora Dimitrijević
e39229d59e C++: Remove unique-Instruction kludge in ScanfOutput 
Passes tests.
 2022-08-25 14:38:58 +02:00
Nora Dimitrijević
d8800c03b6 C++: new helper predicates in ScanfFunctionCall 
Extract some of the logic from the `cpp/missing-check-scanf` query into
the more generally useful `getOutputArgument(int index)`, `getAnOutputArgument()`,
and `getNumberOfOutputArguments()` predicates.
 2022-08-25 14:32:15 +02:00
Nora Dimitrijević
5c894ae40b Merge branch 'main' into missing-check-scanf-squashed 2022-08-24 21:14:57 +02:00
Nora Dimitrijević
170d12bf5a Write MissingCheckScanf.qhelp 2022-08-24 19:58:19 +02:00
Ian Lynagh
501a9b3c6b Make *.qll non-executable 2022-08-24 16:36:15 +01:00
erik-krogh
1c0f2251e2 Merge branch 'main' into msgConsis 2022-08-24 14:38:57 +02:00
Nora Dimitrijević
ca162a4365 C++: complete initial implementation of cpp/missing-check-scanf 
There are still some remaining FPs (haven't fully tested them)
that should be ironed out in a follow-up to increase the precision, e.g.:

  * if scanf(&i) != 1 return
    if maybe() && scanf(&i) != 1 return
    use(i) // should be OK on both counts

  * The minimum guard constant for the *_s variants may not be right.

  * int i[2]
    scanf(i, i+1) // second i is flagged as a use of the first

  * Maybe loosen the "unguarded or badly guarded use() = bad" policy to
    "unguarded but already-initialized = good" and "badly guarded = bad",
    since a lot of FPs in MRVA fall into the "unguarded but already-
    initialized" bucket.
 2022-08-24 11:25:06 +02:00
Nora Dimitrijević
69911d4f36 .clang-format: do not autoformat test.cpp 2022-08-24 11:25:05 +02:00
erik-krogh
a50234adb0 apply suggestion from review 2022-08-23 15:41:37 +02:00
erik-krogh
1a7d3ee831 update expected output after changing queries 2022-08-23 12:35:32 +02:00
erik-krogh
afadcd9b45 use a more detailed alert message in bitwise-sign-check 2022-08-23 11:18:45 +02:00
erik-krogh
d96d6721ba change the alert message of unused-local-variable 2022-08-23 11:15:11 +02:00
erik-krogh
82d9180892 only have one deprecated alias for XmlDtd 2022-08-23 10:38:23 +02:00
erik-krogh
f7846a598e add change-notes 2022-08-23 07:54:01 +02:00
erik-krogh
78ba7650b3 change the change-notes 2022-08-23 07:28:46 +02:00