hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
35,614 Commits 1,671 Branches 157 Tags
c20ee76826e10318f8f39c6fae901b743c2e8254
Commit Graph

7750 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
693eca2179 C++: Give 'cpp/unclear-array-index-validation' precision low. 2022-03-10 10:17:08 +00:00
Paolo Tranquilli
34829e92b1 C++: Remove uniqueness constraint from uuid 
Different class definitions can have the same uuid. This happens for
example when using `#import <msxml6.dll>` there will be several C++
classes generated in `msxml6.tlh` which will share uuids with
`extern "C"` struct declarations in the system header `msxml.h`.

Notice that as far as the standard cpp QL library and queries go, we
expose `getUuid()` on `UserType` and we never try to invert it, so we
only rely on uniqueness of the `id` column in the `usertype_uuid` table,
not the `uuid` column.

Closes github/codeql-c-team#893
 2022-03-10 10:33:37 +01:00
Erik Krogh Kristensen
fa766126e5 CPP: remove import of deleted deprecation 2022-03-10 10:25:03 +01:00
Erik Krogh Kristensen
53d557c037 CPP: delete file that that had been deprecated for over a year 2022-03-10 10:24:57 +01:00
Geoffrey White
9e3156dd1c Merge branch 'main' into cwe497c 2022-03-10 09:05:58 +00:00
ihsinme
4b451cfee6 Update ImproperCheckReturnValueScanf.expected 2022-03-10 10:13:04 +03:00
ihsinme
5e23615be7 Update test.cpp 2022-03-10 10:12:29 +03:00
Erik Krogh Kristensen
34c7bcadde CPP: delete LocalScopeVariableReachability.qll 2022-03-09 18:28:13 +01:00
Erik Krogh Kristensen
9c4fcf4c6d fix typo in change-note 
Co-authored-by: Stephan Brandauer <kaeluka@github.com>
 2022-03-09 18:28:13 +01:00
Erik Krogh Kristensen
e140548547 C++: reintroduce deprecated predicates that affect an internal test 2022-03-09 18:28:12 +01:00
Erik Krogh Kristensen
9e46239928 CPP: remove 13 month old deprecation that override an even older deprecation 2022-03-09 18:28:12 +01:00
Erik Krogh Kristensen
91af2f14b1 CPP: update expected output after deleting deprecated things 2022-03-09 18:28:12 +01:00
Erik Krogh Kristensen
5312e4a8b5 add change note that all old deprecations were deleted 2022-03-09 18:28:11 +01:00
Erik Krogh Kristensen
6dd3f7f113 CPP: remove old deprecated predicate that was recently updated by an automated patch of mine 2022-03-09 18:28:11 +01:00
Erik Krogh Kristensen
1e445856e7 CPP: remove leftover line comment 2022-03-09 18:28:11 +01:00
Erik Krogh Kristensen
a86f0afb3c delete all deprecations that are over 14 months old 2022-03-09 18:28:07 +01:00
Mathias Vorreiter Pedersen
dfb20f7721 Merge pull request #8368 from MathiasVP/add-must-flow-lib 
C++: Factor must-flow predicates out of two queries
 2022-03-09 17:07:23 +00:00
Taus
7b877fb317 Merge pull request #8336 from tausbn/python-fix-a-bunch-of-ql-warnings 
Python: Fix a bunch of QL warnings
 2022-03-09 16:31:28 +01:00
Mathias Vorreiter Pedersen
f2676968f0 C++: Actally convert 'cpp/overflow-destination' to a path-problem query. 2022-03-09 13:49:52 +00:00
Mathias Vorreiter Pedersen
8a8fb692a3 C++: Use a 'TaintTracking::Configuration' for 'cpp/uncontrolled-allocation-size'. 2022-03-09 12:09:32 +00:00
Mathias Vorreiter Pedersen
2328898b19 C++: Use a 'TaintTracking::Configuration' for 'cpp/unclear-array-index-validation'. 2022-03-09 12:09:27 +00:00
Mathias Vorreiter Pedersen
d7652f9742 C++: Use a 'TaintTracking::Configuration' for 'cpp/overflow-destination'. 2022-03-09 12:07:25 +00:00
Geoffrey White
9ebdb2ac1d C++: QLDoc. 2022-03-08 16:12:58 +00:00
Mathias Vorreiter Pedersen
d8bad778ed C++: Fix QLDoc 2022-03-08 14:38:39 +00:00
Taus
063a8bbc43 Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2022-03-08 15:20:35 +01:00
Mathias Vorreiter Pedersen
69417e150a C++: Address review comments. 2022-03-08 13:15:02 +00:00
Mathias Vorreiter Pedersen
1bf430529b Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/MustFlow.qll 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2022-03-08 13:07:17 +00:00
Mathias Vorreiter Pedersen
edf629f5aa Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/MustFlow.qll 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2022-03-08 13:07:09 +00:00
Mathias Vorreiter Pedersen
bfa0714577 Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/MustFlow.qll 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2022-03-08 13:06:53 +00:00
Jeroen Ketema
3877598c12 C++: Remove cpp/duplicated-lines-in-files which was deprecated over a year ago 2022-03-08 12:58:19 +01:00
Mathias Vorreiter Pedersen
7106fe35aa C++: Accept test changes. This is just a change in the names of the path nodes. These names are actually better as they don't refer to the name of IR instructions. 2022-03-08 11:40:56 +00:00
Mathias Vorreiter Pedersen
8c5b3368e1 C++: Make the two must-flow queries use the new must-flow library 2022-03-08 11:40:56 +00:00
Mathias Vorreiter Pedersen
ee9c0dcb83 C++: Add library for must-flow. 2022-03-08 11:40:56 +00:00
Jeroen Ketema
b039b91fd8 C++: Add change note 2022-03-08 12:36:11 +01:00
Jeroen Ketema
df1e810f13 C++: Remove duplicate code queries that were deprecated over a year ago 2022-03-08 12:28:41 +01:00
Jeroen Ketema
d2e2866276 C++: Also deprecate TDuplicationOrSimilarity 2022-03-08 12:26:07 +01:00
Jeroen Ketema
55351ce835 Update cpp/ql/src/external/CodeDuplication.qll 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2022-03-08 11:57:05 +01:00
Jeroen Ketema
2e73e35747 Update cpp/ql/src/external/CodeDuplication.qll 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2022-03-08 11:56:55 +01:00
Jeroen Ketema
81783e828e C++: Mark everything in CodeDuplication.qll as deprecated 
Although we earlier added a comment to the classes in noting that
they are deprecated, we did not properly mark the classes as actually
being deprecated.

All predicates - except for 3 - depend on the classes being functional,
which they no longer are, so mark those a deprecated as well. The three
remaining predicates (`FunctionDeclarationEntry`, `numberOfSourceMethods`,
and `whitelistedLineForDuplication`) seem to be helpers, and are likely
not used when the library is not used, so mark those as deprecated as
well.
 2022-03-08 11:38:01 +01:00
ihsinme
8335778e20 Update ImproperCheckReturnValueScanf.qhelp 2022-03-08 07:45:07 +03:00
ihsinme
c0c7748c5e Apply suggestions from code review 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2022-03-08 07:42:35 +03:00
Taus
af7f532212 Python: Fix up a bunch of function QLDoc 2022-03-07 18:59:49 +00:00
Geoffrey White
c793699562 C++: Change note. 2022-03-07 17:41:00 +00:00
Geoffrey White
fc6f42296a C++: Upgrade cpp/system-data-exposure. 2022-03-07 17:39:04 +00:00
Geoffrey White
cb33ed4fc2 C++: Only look for sensitive strings in appropriate parameters. 2022-03-07 11:29:09 +00:00
Mathias Vorreiter Pedersen
c7d624d314 Merge pull request #8247 from ihsinme/ihsinme-patch-80 
CPP: Add query for CWE-190: Integer Overflow or Wraparound when using transform after operation
 2022-03-07 11:00:29 +00:00
Geoffrey White
e7dca435a9 Merge pull request #6950 from ihsinme/ihsinme-patch-078 
CPP: Add query for CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
 2022-03-07 10:55:29 +00:00
Geoffrey White
f1d6234483 C++: Add more information about registry query parameters. 2022-03-07 09:45:31 +00:00
Mathias Vorreiter Pedersen
027c8247ae Merge pull request #8310 from jketema/update-stats 
C++: Update the DB scheme stats file
 2022-03-07 09:11:53 +00:00
Geoffrey White
4316026720 C++: VariableAccess -> Expr. 2022-03-04 18:00:54 +00:00