hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-07 14:28:17 +02:00
Code Issues Packages Projects Releases Wiki Activity
87,738 Commits 1,777 Branches 169 Tags
dc0c7d7ec221af4b3e93dbfc71eac3133054da41
Commit Graph

234 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
a7405bddaa Merge pull request #21856 from MathiasVP/scanf-safe-functions 
C++: Model secure versions of `scanf` as flow sources
 2026-05-22 12:34:54 +01:00
Mathias Vorreiter Pedersen
25d20399f3 C++: Add models for _scanf_s_l, wscanf_s and _wscanf_s_l. 2026-05-20 18:43:07 +01:00
Mathias Vorreiter Pedersen
2c156994de C++: Add two more 'fopen'-like models. 2026-05-18 14:47:11 +01:00
Mathias Vorreiter Pedersen
16235d7aca C++: Add a 'call' column to 'hasRemoteFlowSource' and 'hasLocalFlowSource' to support modeling of 'scanf_s'. 2026-05-18 14:06:05 +01:00
Mathias Vorreiter Pedersen
4396e66f35 C++: Fix FP by providing an implementation of 'hasSocketInput'. 2026-05-15 21:12:34 +01:00
Jeroen Ketema
12868e5140 C++: Remove deprecated code added more than a year ago 2026-04-14 13:03:10 +02:00
Mathias Vorreiter Pedersen
16a7e39e95 C++: Fix pointer indirection. Currently, this does not have any effect because of a conflation bug in taint-tracking. 2026-03-31 15:26:15 +01:00
Mathias Vorreiter Pedersen
dc8dc61196 C++: Fix type name. 2026-03-31 13:54:30 +01:00
Mathias Vorreiter Pedersen
102221d0aa C++: Add lots of taint inheriting content related to '_HTTP_REQUEST'. 2026-03-31 11:30:39 +01:00
Owen Mansel-Chan
6769f08f93 Remove blank line at end of file 2026-03-26 14:10:15 +00:00
copilot-swe-agent[bot]
a6377145ac Convert C++ CSV models from QL files to .model.yml data extensions 
Migrate ZeroMQ models from ZMQ.qll and getc-family source models
from Gets.qll into new .model.yml files in the ext/ directory.

Agent-Logs-Url: https://github.com/github/codeql/sessions/da8f5e5b-35f7-47a4-afa0-750616e3df5b

Co-authored-by: owen-mc <62447351+owen-mc@users.noreply.github.com>
 2026-03-26 12:38:19 +00:00
Mathias Vorreiter Pedersen
092d25451f C++: Fix Copilot comments. 2026-02-03 11:45:30 +00:00
Mathias Vorreiter Pedersen
7ef96e3f3c C++: Add taint-inheriting reads from the Winhttp structs. 2026-02-03 11:30:31 +00:00
Jeroen Ketema
ecd247bf16 C++: Add MaD models for MySQL escaping 2026-01-23 14:15:27 +01:00
Mathias Vorreiter Pedersen
56b9566299 C++: Fix mistakes in models of internal strcat and strcpy functions. 2025-11-07 17:29:48 +00:00
Mathias Vorreiter Pedersen
f163d015d5 C++: Clean up comments. 2025-11-07 17:27:25 +00:00
Mathias Vorreiter Pedersen
f0da0d98a2 C++: Add a few more models I noticed while here. 2025-11-06 17:00:19 +00:00
Michael Nebel
83d53baf82 C++: Fix some Ql4Ql violations. 2025-09-03 08:19:18 +02:00
Mathias Vorreiter Pedersen
af00e46fc8 C++: Mark fprintf and friends as a partial write of the stream argument. 2025-08-18 18:15:14 +02:00
Jeroen Ketema
0038d0f17c C++: Deprecate ThrowingFunction and no longer use in IR 2025-06-13 16:30:20 +02:00
Mathias Vorreiter Pedersen
78697903fc C++: Move ATL models to ATL namespace. 2025-03-14 18:43:06 +00:00
Mathias Vorreiter Pedersen
7792839a25 C++: Add a 'isLocaleParameter' and clean up the model a bit. 2025-01-23 13:56:00 +00:00
Mathias Vorreiter Pedersen
67e3b69996 C++: Move comment. 2025-01-23 13:49:13 +00:00
Mathias Vorreiter Pedersen
fb12847360 Update cpp/ql/lib/semmle/code/cpp/models/implementations/Pure.qll 
Co-authored-by: Simon Friis Vindum <paldepind@github.com>
 2025-01-23 13:48:44 +00:00
Mathias Vorreiter Pedersen
12666848c0 C++: Fix conflation in 'Pure' models. 2025-01-21 20:43:53 +00:00
Mathias Vorreiter Pedersen
1266b244f5 Merge pull request #18136 from MathiasVP/model-active-template-library 
C++: Model Microsoft's "Active Template Library"
 2024-12-09 16:05:19 +00:00
Jeroen Ketema
9c4030ed45 Merge pull request #18014 from microsoft/brodes/seh_flow_phase1_throwing_models 
Brodes/seh flow phase1 throwing models
 2024-12-04 13:55:05 +01:00
REDMOND\brodes
e6641e7630 Code and comment simplifications 2024-12-03 11:06:08 -05:00
Mathias Vorreiter Pedersen
d69de0cc76 C++: Add a MaD model for 'CRegKey' and mark query calls as local flow sources. 2024-11-27 16:41:57 +00:00
Mathias Vorreiter Pedersen
33212da876 C++: Add a MaD model for 'CAtlTemporaryFile' and mark reads as local flow sources. 2024-11-27 16:41:53 +00:00
Mathias Vorreiter Pedersen
3709151353 C++: Add a MaD model for 'CAtlFileMappingBase' and mark reads as local flow sources. 2024-11-27 16:41:51 +00:00
Mathias Vorreiter Pedersen
74eae4a18d C++: Add a MaD model for 'CAtlFile' and mark reads as local flow sources. 2024-11-27 16:41:48 +00:00
Mathias Vorreiter Pedersen
c61395b973 C++: Add implicit read of the 'm_strPath' member. 2024-11-27 16:41:37 +00:00
Mathias Vorreiter Pedersen
948be09257 C++: Add an taint step from object to field for 'CComBSTR's. 2024-11-27 16:41:31 +00:00
Mathias Vorreiter Pedersen
763b991408 C++: Add models. 2024-11-27 16:41:18 +00:00
Mathias Vorreiter Pedersen
03ab74e07d C++: Add more 'CommandExecutionFunction's. 2024-11-25 13:43:20 +00:00
REDMOND\brodes
66cf736b4c printf formatting. 2024-11-21 12:44:28 -05:00
REDMOND\brodes
583651ba40 Missing NonCppThrowingFunction changes in Printf.qll 2024-11-21 12:41:26 -05:00
REDMOND\brodes
44126913cd Delaying deprecation of ThrowingFunction. 2024-11-21 12:08:04 -05:00
REDMOND\brodes
9b2590ec7a Updating PR per review comments. Moving more towards a simplified model. 2024-11-21 11:28:11 -05:00
REDMOND\brodes
4e777561f0 Changing terminology back to "throws" vs "rasis" for alwaysThrowsException to be consistent with other backward compatibility changes. 2024-11-19 15:10:15 -05:00
REDMOND\brodes
a69daa0d20 Missing change to 'mayThrowException' in StructuredExceptionHandling.qll 2024-11-19 13:35:45 -05:00
REDMOND\brodes
07847762e1 bringing back mayThrowException to make it cleaner/easier for backwards compatibility. 2024-11-19 13:17:10 -05:00
REDMOND\brodes
26d590a616 Putting back deleted file, and deprecating instead. Deprecating mayThrowException as well. 2024-11-19 12:57:50 -05:00
REDMOND\brodes
792231c949 Removing SEH default case for function calls as the logic to handle SEH is not yet part of the IR generation to make this logic work. 2024-11-18 14:43:44 -05:00
REDMOND\brodes
de05aee483 Adding model transition to using Throwing.qll. 2024-11-18 11:11:25 -05:00
Calum Grant
f37be68067 C++: Handle builtin FormattingFunctions better 2024-10-23 14:35:32 +01:00
Calum Grant
419780591a C++: Resolve firstFormatArgumentIndex in FormattingFunction CP 2024-10-18 14:52:54 +01:00
Calum Grant
4341fab794 C++: Reject invalid results from getFirstFormatArgumentIndex() 2024-10-17 10:50:44 +01:00
Calum Grant
853128c9c3 C++: Clean up false-positives 
C++: Change note
 2024-10-16 09:46:26 +01:00