hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
35,614 Commits 1,671 Branches 157 Tags
c20ee76826e10318f8f39c6fae901b743c2e8254
Commit Graph

3350 Commits

Author SHA1 Message Date
Geoffrey White
28dca3fa9f Merge pull request #8245 from ihsinme/ihsinme-patch-67 
CPP: Add query for CWE-476: NULL Pointer Dereference when using exception handling blocks
 2022-05-09 12:26:20 +01:00
ihsinme
6dec1182bf Update DangerousUseOfExceptionBlocks.expected 2022-05-05 19:17:31 +03:00
ihsinme
185a60f034 Update test.cpp 2022-05-05 19:16:54 +03:00
Geoffrey White
5aa862acfd C++: Fixup after merge. 2022-05-03 16:12:42 +01:00
Geoffrey White
fd5b4dfff2 Merge branch 'main' into xxe4 2022-05-03 16:08:54 +01:00
Mathias Vorreiter Pedersen
b8fd07c0ac Merge pull request #9018 from geoffw0/xxe5 
C++: Support libxml2 in the XXE query
 2022-05-03 16:00:52 +01:00
Geoffrey White
42a78a27e0 C++: Fixup spacing in tests. 2022-05-03 11:48:03 +01:00
Geoffrey White
9faa825304 C++: Add support for libxml2 in the query. 2022-05-03 11:19:13 +01:00
Geoffrey White
034c4faf19 Merge branch 'main' into xxe3 2022-04-29 21:06:16 +01:00
Geoffrey White
614a7650a6 Merge pull request #8775 from porcupineyhairs/cpam 
CPP: PAM Authorization Bypass
 2022-04-29 14:55:33 +01:00
Geoffrey White
812a24fc18 C++: Add test cases for libxml2. 2022-04-29 13:23:29 +01:00
Geoffrey White
dd258781ed C++: More test cases. 2022-04-29 10:38:31 +01:00
Geoffrey White
1d71f042db C++: Turns out DOMLSParser is not an AbstractDOMParser and works a little differently than I'd thought. 2022-04-29 10:38:31 +01:00
Geoffrey White
c6deddb290 C++: For consistency. 2022-04-29 10:35:34 +01:00
Geoffrey White
4be3161891 C++: Move some stuff from tests3.cpp to common tests.h 2022-04-29 10:35:34 +01:00
Geoffrey White
397efd1648 C++: Split off the createLSParser tests into their own file. 2022-04-29 10:35:33 +01:00
Geoffrey White
b02519bf0b C++: Make the createLSParser test a bit closer to real life. 2022-04-29 10:33:47 +01:00
Geoffrey White
a1542322e2 C++: Add test cases for SAX2XMLReader. 2022-04-29 10:33:46 +01:00
Geoffrey White
7fb1069d69 C++: Use GVN on the values passed into set* functions. 2022-04-29 10:09:52 +01:00
Geoffrey White
2ccd5a5531 C++: Add support for SAXParser in the query. 2022-04-28 16:13:21 +01:00
Geoffrey White
4e2344c488 C++: Add test cases for SAXParser. 2022-04-28 16:11:08 +01:00
Mathias Vorreiter Pedersen
2517371a37 Merge pull request #8933 from MathiasVP/revert-globals 
C++: Revert #8515
 2022-04-28 10:38:08 +01:00
Mathias Vorreiter Pedersen
dc96d55943 Merge pull request #8888 from geoffw0/xxe2 
C++: Add support for createLSParser to the CWE-611 XXE query.
 2022-04-27 16:24:27 +01:00
Mathias Vorreiter Pedersen
75c1e56bbd Revert "Merge pull request #8515 from rdmarsh2/rdmarsh2/ir-global-vars" 
This reverts commit 800e4ea7df, reversing
changes made to 7ce040f331.
 2022-04-27 16:04:28 +01:00
Geoffrey White
6ada1bd05b C++: Match createLSParser more precisely. 2022-04-27 11:51:17 +01:00
Erik Krogh Kristensen
e1c7d369be Merge pull request #8796 from erik-krogh/redundantImport 
Remove redundant imports
 2022-04-27 12:39:51 +02:00
Mathias Vorreiter Pedersen
800e4ea7df Merge pull request #8515 from rdmarsh2/rdmarsh2/ir-global-vars 
C++: generate IR for global variables with initializers
 2022-04-26 18:17:13 +01:00
Geoffrey White
7ce040f331 Merge pull request #8736 from geoffw0/xxe 
C++: New query for CWE-611 / XML External Entity Expansion (XXE)
 2022-04-26 17:21:06 +01:00
Erik Krogh Kristensen
d389012b75 Merge branch 'main' into redundantImport 2022-04-26 14:24:51 +02:00
Jeroen Ketema
73e4f0c044 C++: Set clang_version to the default from previous frontend version 
This ensures that `__atomic_fetch_min` parses and that the number of
builtins does not changed compared to the previous version of the
frontend.
 2022-04-25 21:15:28 +02:00
Jeroen Ketema
ccd545336c C++: Fix tests where float128 error message has changed 2022-04-25 21:14:20 +02:00
Jeroen Ketema
8e7066600a C++: Fix test failures where location of reference dereference in lambda changed 2022-04-25 21:14:17 +02:00
Jeroen Ketema
6c1e21cd91 C++: Fix test where variable access position is more accurate in frontend 2022-04-25 21:14:06 +02:00
Jeroen Ketema
5b0603a5b9 C++: Artificial block insertion for loops and switches has changed in frontend 
There are now more artificial blocks containing more than one instruction
(artificial blocks containing a single instruction have the extractor only
emit that instruction and not the block). The second instruction in each case
is the label for breaking out of a loop or switch.
 2022-04-25 21:13:52 +02:00
Jeroen Ketema
d43ae9b7ed C++: More artificially inserted blocks carry location information in frontend 2022-04-25 21:13:29 +02:00
Jeroen Ketema
a546e6e01c C++: Update test to run with C++14 
The test uses an `auto` return type without a trailing return type, which is
a C++14 feature.
 2022-04-25 21:13:24 +02:00
Jeroen Ketema
b9e7045a2f C++: Update vector type test to reflect it uses old-clang features 
These features are no longer available and the frontend does stricter checking
on this.
 2022-04-25 21:13:04 +02:00
Robert Marsh
d0fc348ad9 C++: autoformat 2022-04-25 14:17:49 -04:00
Jeroen Ketema
97d4a12fb2 C++: Add non-returning function test case using __builtin_expect 2022-04-22 17:10:54 +02:00
Geoffrey White
d859a91a14 C++: Add support for createLSParser. 2022-04-22 12:24:01 +01:00
Erik Krogh Kristensen
ff73dbc35c delete redundant imports 2022-04-22 12:55:28 +02:00
Geoffrey White
79aba67036 Merge branch 'main' into xxe 2022-04-22 11:50:41 +01:00
Jeroen Ketema
8139e1a2a8 C++: Fix tests after extractor changes that improve using position accuracy 2022-04-21 17:36:11 +02:00
Robert Marsh
f94fcf11cd C++: accept dataflow test changes 2022-04-19 13:32:19 -04:00
Porcupiney Hairs
85c751cb7f CPP: PAM Authorization Bypass 
This PR is similar to my other PRs for
[Python](https://github.com/github/codeql/pull/8595) and
[Golang](https://github.com/github/codeql-go/pull/709).

This PR aims to detect instances were an initiated PAM Transaction invokes the `pam_authenticate` method but does not invoke a call to the pam_acct_mgmt` method. This is bad as a call to `pam_authenticate` only verifies the users credentials. It does not check if the user account is still is a valid state.

If only a call to `pam_authenticate` is used to verify the user, a user with an expired account password would still be able to login. This can be prevented by calling the `pam_acct_mgmt` function after a `pam_authenticate` function.
 2022-04-19 18:24:19 +05:30
Geoffrey White
3326fd5400 C++: Update test .expected. 2022-04-19 13:43:17 +01:00
Robert Marsh
cae08c505f Merge branch 'main' into rdmarsh2/ir-global-vars 2022-04-18 15:25:03 -04:00
Robert Marsh
b5c8413f5c Merge branch 'main' into rdmarsh2/ir-global-vars 2022-04-18 15:19:25 -04:00
Geoffrey White
27b6b99cd0 C++: Correct and improve some comments and naming. 2022-04-13 18:34:15 +01:00
Geoffrey White
be0df1662c C++: Rename the query file. 2022-04-13 13:20:02 +01:00