hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 13:15:21 +02:00
Code Issues Packages Projects Releases Wiki Activity
71,026 Commits 1,742 Branches 166 Tags
ca27785acebf7678babfcbb20239c80b75e36901
Commit Graph

6804 Commits

Author SHA1 Message Date
Geoffrey White
f931dab14a C++: Improve the cpp/cleartext-* query examples by using libsodium rather than pseudocode. 2024-07-22 11:17:33 +01:00
Geoffrey White
ffc61ae1bb C++: Make memset_s a clearer recommendation in the .qhelp for cpp/memset-may-be-deleted. 2024-07-22 09:51:22 +01:00
Mathias Vorreiter Pedersen
5f70c44270 C++: Add change note. 2024-07-17 11:44:38 +01:00
Mathias Vorreiter Pedersen
9dd43d8e6f C++: Promote 'cpp/unsigned-difference-expression-compared-zero' to Code Scanning. 2024-07-17 11:44:37 +01:00
Mathias Vorreiter Pedersen
4e916dedb1 C++: Add change note. 2024-07-16 13:17:31 +01:00
Mathias Vorreiter Pedersen
3d88f08264 C++: Include more expressions in the base case. 2024-07-16 13:04:45 +01:00
Mathias Vorreiter Pedersen
d539ce0a01 C++: Use GVN for base case. 2024-07-16 13:02:43 +01:00
Mathias Vorreiter Pedersen
575fbd2578 C++: Prepatory simplification. 2024-07-16 13:02:41 +01:00
Mathias Vorreiter Pedersen
5da3fb5e05 Merge pull request #16959 from MathiasVP/promote-iterator-to-expired-container-to-code-scanning 
C++: Promote `cp/iterator-to-expired-container` to Code Scanning
 2024-07-15 11:55:32 +01:00
am0o0
a10b5021b4 fix tests, it is not fixed 100% 2024-07-15 10:13:57 +02:00
Mathias Vorreiter Pedersen
64513fb6c2 C++: Add change note. 2024-07-11 14:26:47 +01:00
Mathias Vorreiter Pedersen
8012f3b2f7 C++: Increase the precision of 'cpp/iterator-to-expired-container' to high. 2024-07-11 14:26:05 +01:00
Geoffrey White
0344381120 Merge remote-tracking branch 'upstream/main' into docsforautofix 2024-07-10 11:17:52 +01:00
Geoffrey White
74384625f6 C++: Autoformat. 2024-07-10 11:17:44 +01:00
Mathias Vorreiter Pedersen
9cfd06c761 C++: Increase the precision of 'cpp/unsafe-strncat' to high. 2024-07-08 16:06:58 +01:00
Mathias Vorreiter Pedersen
962c73da16 C++: Promote 'cpp/unsafe-strncat' to Code Scanning. 2024-07-08 16:02:29 +01:00
Geoffrey White
8818f63ca7 C++: Add some practical details to the examples. 2024-07-08 14:32:05 +01:00
Geoffrey White
80af5b7725 C++: Add a third example for cpp/world-writable-file-creation. 2024-07-08 14:32:04 +01:00
Geoffrey White
4f0d725acd C++: Add a 'good' example as well. 2024-07-08 14:32:03 +01:00
Geoffrey White
d52210d565 C++: Improve the example for cpp/return-stack-allocated-memory. 2024-07-08 14:32:01 +01:00
Geoffrey White
3c70583aa2 C++: Add close calls to examples for cpp/toctou-race-condition. 2024-07-08 14:32:00 +01:00
Geoffrey White
0288499801 C++: Rephrase the alert message for cpp/wrong-type-format-argument to be less prescriptive. 2024-07-08 14:31:59 +01:00
github-actions[bot]
ae3aba061b Post-release preparation for codeql-cli-2.18.0 2024-07-08 13:30:13 +00:00
github-actions[bot]
b0d6778652 Release preparation for version 2.18.0 2024-07-08 09:10:51 +00:00
Geoffrey White
1343e4c9aa C++: Add another 'good' example for cpp/unsigned-difference-expression-compared-zero. 2024-07-04 17:11:10 +01:00
Geoffrey White
7abece46c7 C++: Add a 'good' example for cpp/unsigned-difference-expression-compared-zero. 2024-07-04 17:11:09 +01:00
Geoffrey White
f64743e91d C++: Fix mistake in example for cpp/incorrect-allocation-error-handling. 2024-07-04 16:19:32 +01:00
Arthur Baars
b12b33c8f9 Merge remote-tracking branch 'upstream/main' into 'rc/3.14' 2024-06-28 19:50:35 +02:00
am0o0
361ad6be6a use abstract class for decompression flow steps 2024-06-26 12:45:31 +02:00
am0o0
656dc4e276 use abstract class for decompression sinks 2024-06-25 18:09:27 +02:00
am0o0
13f697c056 relocate the query 2024-06-25 17:31:40 +02:00
Mathias Vorreiter Pedersen
921afb71e2 Update cpp/ql/src/Security/CWE/CWE-570/IncorrectAllocationErrorHandling.ql 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2024-06-25 10:03:53 +01:00
Mathias Vorreiter Pedersen
bb8b0d0bf5 C++: Use the unary version of 'comparesEq' to handle both disjuncts. 2024-06-25 09:30:53 +01:00
github-actions[bot]
fd385736e6 Post-release preparation for codeql-cli-2.17.6 2024-06-25 06:39:45 +00:00
github-actions[bot]
e32a587078 Release preparation for version 2.17.6 2024-06-24 14:33:10 +00:00
Porcupiney Hairs
a7cdf0e2fd CPP: Disabled SSL certificate verification 
Disable SSL certificate verification can expose the communication to MITM attacks.

This PR adds a query to detect the same. This also include the tests and qhelp for the same.
 2024-06-23 14:27:04 +05:30
am0o0
11a416ea7c add FlowSources as a common source for all sinks, so we don't need States anymore 2024-06-13 03:30:07 +02:00
github-actions[bot]
8a25081a0e Post-release preparation for codeql-cli-2.17.5 2024-06-10 15:33:08 +00:00
github-actions[bot]
877bfa2468 Release preparation for version 2.17.5 2024-06-10 13:40:39 +00:00
am0o0
273848c879 remove old comments 2024-06-07 05:40:17 +02:00
am0o0
a5363286f1 add implicit this 2024-06-07 05:37:58 +02:00
am0o0
184aa0480e Merge branch 'amammad-cpp-bombs' of https://github.com/amammad/codeql into amammad-cpp-bombs 2024-06-07 05:27:12 +02:00
Am
a5c9dc74bf Merge branch 'github:main' into amammad-cpp-bombs 2024-06-07 05:27:08 +02:00
am0o0
e37ceac3b1 merge all query files into one query file 2024-06-07 05:26:51 +02:00
Mathias Vorreiter Pedersen
9f4c1380e5 Merge pull request #16677 from MathiasVP/phi-input-nodes 
C++: Extend barrier guards to handle phi inputs
 2024-06-06 19:21:30 +01:00
Mathias Vorreiter Pedersen
05d46a6793 C++: Also ignore phi input edges in 'AllocaInLoop.ql'. 2024-06-05 09:58:44 +01:00
Jeroen Ketema
6f8449cf75 C++: Add change note 2024-06-05 10:05:13 +02:00
Jeroen Ketema
66077dc38d C++: Ignore gets'es with incorrect parameter counts 2024-06-04 11:15:07 +02:00
github-actions[bot]
906b65d09c Post-release preparation for codeql-cli-2.17.4 2024-05-28 18:02:25 +00:00
github-actions[bot]
33b4ae8bbb Release preparation for version 2.17.4 2024-05-28 15:44:32 +00:00