hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-26 17:28:29 +01:00
Code Issues Packages Projects Releases Wiki Activity
34,439 Commits 1,721 Branches 163 Tags
da454128ed9ce54c1d57e0e99bf539ccdefaf52c
Commit Graph

539 Commits

Author SHA1 Message Date
Geoffrey White
da454128ed Update cpp/ql/src/Security/CWE/CWE-611/XXE.ql 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2022-04-19 10:08:07 +01:00
Geoffrey White
2ac21d6932 C++: Use isBarrier rather than isBarrierOut (which is going away). 2022-04-14 09:21:57 +01:00
Geoffrey White
27b6b99cd0 C++: Correct and improve some comments and naming. 2022-04-13 18:34:15 +01:00
Geoffrey White
dfd846bb7b C++: Changes to the qhelp. 2022-04-13 15:53:13 +01:00
Geoffrey White
d83aea5ea3 C++: Copy the qhelp from Javascript. 2022-04-13 15:16:01 +01:00
Geoffrey White
b149666f45 C++: Query metadata (precision is provisional, might up it to 'high' later). 2022-04-13 15:15:28 +01:00
Geoffrey White
be0df1662c C++: Rename the query file. 2022-04-13 13:20:02 +01:00
Geoffrey White
ffbe724040 C++: Remove unfinished parts for now. 2022-04-13 13:18:23 +01:00
Geoffrey White
8d1e8e9ecb C++: Flow states and transformers. 2022-04-08 17:19:18 +01:00
Geoffrey White
3aaa058308 C++: Get the simplest part of the query working, disable the rest for now, fix metadata, formatting etc. 2022-04-07 19:01:30 +01:00
Robert Marsh
3a35a40062 WIP: start on CWE-611 tests 2022-04-06 12:55:56 +01:00
Robert Marsh
370dd057dc C++: more WIP on Xerces XXE query 2022-04-06 12:55:54 +01:00
Robert Marsh
9b6c1bc691 WIP: Xerces XXE 2022-04-06 12:55:52 +01:00
Geoffrey White
146318dbc1 Merge pull request #8580 from geoffw0/privdata 
C++: Port PrivateData.qll from C# and use it in cpp/cleartext-transmission
 2022-03-31 10:12:46 +01:00
Geoffrey White
0e3e145e53 C++: Add CWE-359 tag to cpp/cleartext-transmission. 2022-03-29 14:44:06 +01:00
Geoffrey White
3fed7bf6d0 C++: Extend cpp/cleartext-transmission using PrivateData.qll. 2022-03-28 11:16:56 +01:00
Geoffrey White
9f3fd57534 Merge branch 'main' into cwe497b 2022-03-25 11:57:30 +00:00
Geoffrey White
e377eebdbc C++: More 'adversary' -> 'malicious user' and related doc changes. 2022-03-25 11:34:37 +00:00
Geoffrey White
11074b6d77 Update cpp/ql/src/Security/CWE/CWE-497/PotentiallyExposedSystemData.ql 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-03-25 11:08:07 +00:00
Geoffrey White
6b6ee61d3f Apply suggestions from code review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-03-25 11:06:46 +00:00
Jeroen Ketema
2d9b630fa8 C++: Fix ExecTainted.ql formatting 2022-03-21 23:28:58 +01:00
Jeroen Ketema
b79eb6d10d C++: Encode string value of data flow nodes in ExecState 2022-03-21 21:29:42 +01:00
Jeroen Ketema
f8198c3123 C++: Use flow states in cpp/command-line-injection 2022-03-18 20:06:45 +01:00
Geoffrey White
46f3f28a11 C++: Fix broken merge. 2022-03-15 14:53:25 +00:00
Geoffrey White
71e0da738d Merge branch 'main' into cwe497b 2022-03-15 13:29:32 +00:00
Mathias Vorreiter Pedersen
9f014be7c7 Merge pull request #8447 from MathiasVP/add-missing-security-severity 
C++: Add missing `security-severity` tags
 2022-03-15 11:29:28 +00:00
Geoffrey White
28315df405 Merge branch 'main' into cwe497b 2022-03-15 11:23:00 +00:00
Mathias Vorreiter Pedersen
7337ebd569 C++: Add missing 'security-severity' tags. 2022-03-15 10:54:36 +00:00
Geoffrey White
73710e9edb C++: Fix QLDoc. 2022-03-14 19:11:43 +00:00
Geoffrey White
7c93eb1eaf C++: Fix large newtype. 2022-03-14 19:06:41 +00:00
Geoffrey White
d1b04b4e07 C++: Use asDefiningArgument() where appropriate. 2022-03-14 17:53:47 +00:00
Mathias Vorreiter Pedersen
7593ebaa62 C++: Use 'getAstVariable' now that 'getASTVariable' is deprecated. 2022-03-14 13:38:27 +00:00
Mathias Vorreiter Pedersen
50b77761f1 C++: Port the 'predictable' barrier from 'DefaultTaintTracking' to 'cpp/unclear-array-index-validation' to prevent an explosion of new results. 2022-03-14 13:14:07 +00:00
Mathias Vorreiter Pedersen
0da5d91955 Merge branch 'main' into use-taint-configuration-in-three-more-queries 2022-03-14 11:12:23 +00:00
Erik Krogh Kristensen
69353bb014 patch upper-case acronyms to be PascalCase 2022-03-11 11:10:33 +01:00
Mathias Vorreiter Pedersen
272e096190 Merge branch 'main' into use-taint-configuration-in-three-more-queries 2022-03-11 09:24:03 +00:00
Mathias Vorreiter Pedersen
0d3e47bcae C++: Pick the offset expression as the sink in 'cpp/unclear-array-index-validation' (and not the array expression). 2022-03-10 10:57:51 +00:00
Mathias Vorreiter Pedersen
693eca2179 C++: Give 'cpp/unclear-array-index-validation' precision low. 2022-03-10 10:17:08 +00:00
Mathias Vorreiter Pedersen
8a8fb692a3 C++: Use a 'TaintTracking::Configuration' for 'cpp/uncontrolled-allocation-size'. 2022-03-09 12:09:32 +00:00
Mathias Vorreiter Pedersen
2328898b19 C++: Use a 'TaintTracking::Configuration' for 'cpp/unclear-array-index-validation'. 2022-03-09 12:09:27 +00:00
Geoffrey White
9ebdb2ac1d C++: QLDoc. 2022-03-08 16:12:58 +00:00
Geoffrey White
fc6f42296a C++: Upgrade cpp/system-data-exposure. 2022-03-07 17:39:04 +00:00
Geoffrey White
cb33ed4fc2 C++: Only look for sensitive strings in appropriate parameters. 2022-03-07 11:29:09 +00:00
Geoffrey White
f1d6234483 C++: Add more information about registry query parameters. 2022-03-07 09:45:31 +00:00
Geoffrey White
4316026720 C++: VariableAccess -> Expr. 2022-03-04 18:00:54 +00:00
Mathias Vorreiter Pedersen
624795cbbf Merge pull request #8059 from rdmarsh2/rdmarsh2/cpp/insufficient-key-strength 
C++: new query for insufficient key strength
 2022-03-04 17:11:44 +00:00
Robert Marsh
60532e631e C++: fix missing paren 2022-03-03 14:45:43 -05:00
Geoffrey White
6848b6095b C++: Autoformat. 2022-03-03 12:51:54 +00:00
Geoffrey White
5c6923c099 C++: Improve and differentiate the qhelp. 2022-03-03 11:04:55 +00:00
Geoffrey White
07b4bf7023 C++: Use the same trick as in ExposedSystemData to catch a few more results. 2022-03-03 10:33:39 +00:00