hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
35,614 Commits 1,671 Branches 157 Tags
c20ee76826e10318f8f39c6fae901b743c2e8254
Commit Graph

7750 Commits

Author SHA1 Message Date
Jeroen Ketema
f32500306a Address review comments 2022-02-02 17:24:55 +01:00
Geoffrey White
cc20969bdd C++: Add test cases based on some remaining real world FPs. 2022-02-02 16:15:59 +00:00
Jeroen Ketema
0773ab37a5 Use matches to check for 0x prefix 2022-02-02 15:26:46 +01:00
Jeroen Ketema
92d9e51d2a Extract the value of O_CREAT and O_TMPFILE from the defining macro 
There are operating systems that define `O_CREAT` with a different
value than Linux, which uses `0x40`. For example, OpenBSD uses `0x0200`.
Hence, we cannot use a hardcoded value.

Also handle `O_TMPFILE` while here.
 2022-02-02 15:16:26 +01:00
Mathias Vorreiter Pedersen
1aa32b09be Merge pull request #7802 from geoffw0/clrtxt8 
C++: Recognize password struct fields.
 2022-02-02 14:10:40 +00:00
Arthur Baars
33b97f3e0c Update synchronized files 2022-02-02 13:30:45 +01:00
Jeroen Ketema
bd859d99bf Address review comments 2022-02-02 10:09:47 +01:00
Jeroen Ketema
5b8f56dcc6 Add change notes 2022-02-02 10:07:38 +01:00
Geoffrey White
d864af3622 C++: Change note. 2022-02-01 19:00:40 +00:00
Jeroen Ketema
ff1c971100 Add query for missing mode argument in open/openat calls 2022-02-01 14:52:22 +01:00
Jeroen Ketema
dbac927721 Take into account that the 4th argument of openat may be omitted 
This matches what is done for `open`.
 2022-02-01 11:41:07 +01:00
Mathias Vorreiter Pedersen
a59a9ba82b C++: Autoformat. 2022-02-01 08:28:53 +00:00
BACK Yonah
46c1744204 C/C++: getFullyConverted replaced by getConversion* 2022-01-31 18:51:18 +01:00
BACK Yonah
56941dba6b C/C++ : Fixed select issue in Useless Test 2022-01-31 16:56:12 +01:00
BACK Yonah
ca2ff6f9fb C/C++: Fixing minor issues in Useless Test query 2022-01-31 16:04:56 +01:00
Tom Hvitved
f2352d8272 Data flow: Inline local(Expr|Instruction)?(Flow|Taint) 
Computing a full transitive closure is often bad; by inlining all calls we are
providing more context to the QL optimizer.
 2022-01-31 14:33:41 +01:00
BACK Yonah
d7313f3a82 C/C++ : Useless test 2022-01-30 14:33:32 +01:00
Mathias Vorreiter Pedersen
bb2feda8fb Merge pull request #7703 from geoffw0/getslocal 2022-01-28 19:35:15 +00:00
Geoffrey White
8a1b49f816 C++: Recognize password struct fields. 2022-01-28 19:10:46 +00:00
Mathias Vorreiter Pedersen
0f239e315c Merge pull request #7782 from geoffw0/clrtxt7 
C++: Fix FPs for cpp/cleartext-storage-file
 2022-01-28 17:24:05 +00:00
Geoffrey White
0396a84c3c C++: Remove empty predicate / extends. 2022-01-28 17:11:38 +00:00
Geoffrey White
af09dd8af1 C++: Fixes to gets models. 2022-01-28 16:04:23 +00:00
Geoffrey White
036e1495b8 Merge branch 'main' into getslocal 2022-01-28 15:58:13 +00:00
Geoffrey White
a695f02af4 C++: Add change note. 2022-01-28 12:38:27 +00:00
Geoffrey White
b73dc98191 C++: Exclude write to stdout etc. 2022-01-28 11:57:31 +00:00
Dave Bartolomeo
cca74e925f Merge pull request #7724 from github/aeisenberg/examples-groups 
Add new groups for examples packs
 2022-01-27 12:11:26 -05:00
Mathias Vorreiter Pedersen
b3f4357dc8 Merge pull request #7742 from geoffw0/clrtxt6 
C++: Upgrade cpp/cleartext-storage-buffer
 2022-01-27 14:40:40 +00:00
Geoffrey White
2e1b09fd75 C++: Modernize flow sources. 2022-01-27 13:19:09 +00:00
Geoffrey White
47528dd8c0 C++: Autoformat. 2022-01-27 12:56:16 +00:00
Geoffrey White
1bf9c19638 C++: Autoformat. 2022-01-27 11:26:18 +00:00
Geoffrey White
f090a3b440 C++: Add to and clarify some taint library QLDoc. 2022-01-27 11:26:00 +00:00
Geoffrey White
d9a2347178 C++: Switch back to IR taint. 2022-01-27 10:50:22 +00:00
github-actions[bot]
634134f283 Release preparation for version 2.8.0 2022-01-27 10:40:20 +00:00
Andrew Eisenberg
a7f755cf12 Add new groups for examples packs 
Also, remove version numbers. Will make it easier to avoid publishing
the examples packs.
 2022-01-26 14:49:18 -08:00
Dave Bartolomeo
d069d91bf5 Merge pull request #6601 from dbartol/dbartol/side-effect-reorder/work 
Fix order of IR call side effects
 2022-01-26 17:02:02 -05:00
Mathias Vorreiter Pedersen
647d4d028e Merge pull request #7758 from jketema/unnamed-variable-fix 
C++: Do not report "Declaration hides variable" for unnamed variables
 2022-01-26 15:36:04 +00:00
Jeroen Ketema
ee78cc731d Add change note 2022-01-26 15:59:17 +01:00
Jeroen Ketema
9194af9b15 Do not report "Declaration hides variable" for unnamed variables 2022-01-26 15:10:37 +01:00
Jeroen Ketema
10a94cfa45 Add test for structured binding declaration hiding variable 2022-01-26 15:08:50 +01:00
Jeroen Ketema
b380ba0d8f Add semmle-extractor-options: -std=c++17 to test 2022-01-26 15:05:21 +01:00
Dave Bartolomeo
4c42013836 Update test expectations 2022-01-25 15:22:13 -05:00
Edoardo Pirovano
662675ebf0 Merge pull request #7739 from github/edoardo/3.4-mergeback 
Merge `rc/3.4` into `main`
 2022-01-25 17:44:13 +00:00
Edoardo Pirovano
1b539eb4dc Merge branch rc/3.4 into main 2022-01-25 16:22:01 +00:00
Geoffrey White
63ff17b3c1 Merge pull request #7737 from geoffw0/clrtxt5 
C++: Upgrade cpp/cleartext-storage-file
 2022-01-25 15:09:13 +00:00
Geoffrey White
e4a3e9ee23 C++: Change note. 2022-01-25 13:55:01 +00:00
Geoffrey White
340b40e8f3 C++: Modernize cpp/cleartext-storage-buffer. 2022-01-25 13:54:42 +00:00
Mathias Vorreiter Pedersen
72241886bf C++: Add security-severity to 'cpp/return-stack-allocated-memory'. 2022-01-25 08:49:00 +00:00
Harry Maclean
517f2d0823 Add optional results to InlineExpectationsTest 
The idea behind optional results is that there may be instances where
each line of source code has many results and you don't want to annotate
all of them, but you still want to ensure that any annotations you do
have are correct.

This change makes that possible by exposing a new predicate
`hasOptionalResult`, which has the same signature as `hasResult`.

Results produced by `hasOptionalResult` will be matched against any
annotations, but the lack of a matching annotation will not cause a
failure.

We will use this in the inline tests for the API edge getASubclass,
because for each API path that uses getASubclass there is always a
shorter path that does not use it, and thus we can't use the normal
shortest-path matching approach that works for other API Graph tests.
 2022-01-25 16:41:49 +13:00
Dave Bartolomeo
9183a4d7e7 Merge remote-tracking branch 'upstream/main' into dbartol/side-effect-reorder/work 2022-01-24 15:56:38 -05:00
Robert Marsh
6d3381cb89 Merge pull request #7718 from MathiasVP/move-return-stack-allocated-memory-into-code-scanning 
C++: Add `security` tag to `cpp/return-stack-allocated-memory`
 2022-01-24 14:52:23 -05:00