hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
42,094 Commits 1,672 Branches 157 Tags
dabccd8686b0d77debd6993edd7101de48a978b4
Commit Graph

8049 Commits

Author SHA1 Message Date
intrigus
dabccd8686 Add query for tainted wordexp calls. 2022-08-16 23:56:50 +02:00
Robert Marsh
9e0c82eabb Merge pull request #10039 from rdmarsh2/rdmarsh2/cpp/sem-range-analysis-perf 
C++: Fix missing bounds and performance issues in semantic range analysis
 2022-08-16 12:27:02 -04:00
Robert Marsh
818bdcf3ab C++: autoformat a test 2022-08-16 11:31:28 -04:00
Jeroen Ketema
31aa6692cb Sync files 2022-08-16 16:38:37 +02:00
Jeroen Ketema
243dda79d2 C++: Expose PresentIRFunction and override in cpp/count-ir-inconsistencies 
The `toString` implementtion that `PresentIRFunction` uses may result in very
long strings that may crash the evaluator. Overriding allows is to limit the
string size and still suffices when just counting the number of inconsistencies.
 2022-08-16 16:30:38 +02:00
Sid Shankar
1e1e2318b7 Merge pull request #10052 from github/task/fix-broken-links 
Docs: Replace HTTP broken links to equivalent HTTPS resources
 2022-08-16 08:45:08 -04:00
Alex Ford
d02ad51d74 Merge pull request #10032 from github/post-release-prep/codeql-cli-2.10.3 
Post-release preparation for codeql-cli-2.10.3
 2022-08-16 12:04:07 +01:00
Sid Shankar
69de832f76 Replace invalid link to blogs.msdn.com 
Replace with link to the same article on devblogs.microsoft.com. Unfortunately, blogs.msdn.com does not automatically redirect to the new location, making this replacement necessary.
 2022-08-15 14:39:26 -04:00
Jeroen Ketema
6c4685e538 C++: Fix block assignment evaluation order comment in IR translation 2022-08-15 11:58:57 +02:00
Mathias Vorreiter Pedersen
dfde5712a3 Merge pull request #10031 from jketema/block-assign 
C++: Handle block assignments
 2022-08-15 10:29:23 +01:00
Anders Schack-Mulligen
a3fb54c9de Merge pull request #10007 from aschackmull/dataflow/source-node-identity 
Dataflow: Fix identification of source PathNodes in the presence of source-to-source flow
 2022-08-15 10:39:17 +02:00
Jeroen Ketema
40334a21ce C++: add upgrade and downgrade scripts 2022-08-13 15:09:06 +02:00
Jeroen Ketema
cac6bd57ab C++: Update DB scheme stats file 2022-08-13 01:01:30 +02:00
Robert Marsh
5450681ade C++: Autoformat and fix a test 2022-08-12 13:49:16 -04:00
Jeroen Ketema
0449d914c4 C++: Add change note 2022-08-12 18:43:24 +02:00
Jeroen Ketema
4d76fd198e C++: Handle block assignments in the IR 2022-08-12 18:43:23 +02:00
Jeroen Ketema
5c905b76b4 C++: Expose block assignment operations in the QL library 2022-08-12 18:43:23 +02:00
Jeroen Ketema
ebf8161f1b C++: Add block assignment expression to the database schema 
These can under some circumstances be generated by the frontend as part
of compiler generated copy constructors and assignment operators.
 2022-08-12 18:43:23 +02:00
Jeroen Ketema
e1b1657cdd C++: Remove unused abstract predicate 2022-08-12 18:43:23 +02:00
Jeroen Ketema
de142b276d C++: Add IR test that exposes a gap in the extractor output 2022-08-12 18:43:23 +02:00
Robert Marsh
65643515ba C++: inexact memory operands as SSA variables 
This makes inexact memory operands into their own SSA variables in the
Semantic interface, which resolves an issue with phi nodes losing
inexact operands (e.g. the unknown-size variable for parameter
indirections).
 2022-08-12 12:35:54 -04:00
Robert Marsh
3bbd333336 C++: fix missing bounds in exp range analysis 2022-08-12 12:33:45 -04:00
Robert Marsh
e6aa2de977 C++: semantic range analysis perf fixes 2022-08-12 12:28:04 -04:00
github-actions[bot]
21d0c78376 Post-release preparation for codeql-cli-2.10.3 2022-08-11 23:20:39 +00:00
github-actions[bot]
57c4f9145b Release preparation for version 2.10.3 2022-08-11 11:12:15 +00:00
Erik Krogh Kristensen
73df8e4c7d Merge pull request #9832 from erik-krogh/misspellings 
Fix lots of misspellings
 2022-08-11 12:43:26 +02:00
Jeroen Ketema
2a9af11727 Merge pull request #10021 from jketema/consistency 
C++: Add internal metrics query for IR consistency
 2022-08-11 12:39:22 +02:00
Jeroen Ketema
c89592cda7 C++: Add internal metrics query for IR consistency 2022-08-11 11:39:52 +02:00
Jeroen Ketema
faaf1ec30d C++: Improve QLDoc based on earlier review 2022-08-11 11:31:21 +02:00
Erik Krogh Kristensen
887f6557ed fix common misspellings throughout github/codeql 2022-08-10 23:21:41 +02:00
Jeroen Ketema
32a2363f85 C++: Add change note 2022-08-10 21:11:59 +02:00
Jeroen Ketema
32db845af8 C++: Add DB scheme upgrade and downgrade scripts 2022-08-10 21:11:58 +02:00
Jeroen Ketema
bdd8f2bbe9 C++: Update DB scheme stats file 2022-08-10 21:11:58 +02:00
Jeroen Ketema
8528e6b8e1 C++: Update test results for exposing attribute arguments as proper constants 2022-08-10 21:11:58 +02:00
Jeroen Ketema
b20961a065 C++: Expose constant expressions as attribute arguments 2022-08-10 21:11:58 +02:00
Jeroen Ketema
553f1c496e C++: Update DB scheme to allow for constant expression as attribute arguments 2022-08-10 21:11:58 +02:00
Jeroen Ketema
9ae9b89529 C++: Improve accuracy of AttributeArgument.getValueText QLDoc 2022-08-10 21:11:58 +02:00
Jeroen Ketema
0e12c9d8b1 C++: Simplify this suppression for specifiers 2022-08-10 21:11:58 +02:00
Anders Schack-Mulligen
abad133ab5 Dataflow: Fix identification of source PathNodes in the presence of source-to-source flow. 2022-08-10 15:02:56 +02:00
Nora Dimitrijević
60f4049388 Re-autoformat StrncpyFlippedArgs.ql 2022-08-10 14:14:42 +02:00
Nora Dimitrijević
05f4f98aa0 Add change note 2022-08-10 13:42:21 +02:00
Nora Dimitrijević
8e60a4a478 Update StrncpyFlippedArgs.expected 
Add output lines for the newly implemented test case, test.cpp/test9().
 2022-08-10 13:42:21 +02:00
Nora Dimitrijević
df419003ad Use Strcpy.qll in StrncpyFlippedArgs.ql 
As a result, the query gets access to more types of strncpy-like
functions, as demonstrated by test.cpp, which now "fails" (i.e. works) for the new test
cases instroduced
in the previous commit.
 2022-08-10 13:42:21 +02:00
Nora Dimitrijević
554aea1bb8 New strcpy-variant in StrncpyFlippedArgs test 
Added wcsxfrm_l, which is not currently caught by the query,
meaning that in this case a successful
test implies missing functionality.
 2022-08-10 13:42:21 +02:00
Erik Krogh Kristensen
559ec7ba56 Merge branch 'main' into repeatedWord 2022-08-09 21:22:47 +02:00
Geoffrey White
db8a3107b3 Merge pull request #9089 from ihsinme/ihsinme-patch-87 
CPP: Add query for CWE-125 Out-of-bounds Read with different interpretation of the string when use mbtowc
 2022-08-09 09:31:32 +01:00
ihsinme
4fdf4b23bd Update DangerousWorksWithMultibyteOrWideCharacters.ql 2022-08-08 18:46:39 +03:00
ihsinme
212b1031b2 Update DangerousWorksWithMultibyteOrWideCharacters.qhelp 2022-08-08 18:42:54 +03:00
ihsinme
7cbf79b144 Rename DangerousUseMbtowc.ql to DangerousWorksWithMultibyteOrWideCharacters.ql 2022-08-08 18:39:41 +03:00
ihsinme
9b5154f878 Update and rename DangerousUseMbtowc.qlref to DangerousWorksWithMultibyteOrWideCharacters.qlref 2022-08-08 18:39:10 +03:00