hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
49,684 Commits 1,671 Branches 157 Tags
dd31be43e07d901bafb543c8f65be8e9b5abb364
Commit Graph

8731 Commits

Author SHA1 Message Date
github-actions[bot]
3b4ad3c4f1 Post-release preparation for codeql-cli-2.10.4 2022-08-26 09:32:11 +00:00
erik-krogh
cc7a9ef97a rename more acronyms 2022-08-25 20:52:27 +02:00
Nora Dimitrijević
7d24d96d80 C++: Optimize MissingCheckScanf/bigStep() 2022-08-25 17:12:25 +02:00
Nora Dimitrijević
02772ed20c Revert changes to .gitignore and .clang-format 
because they are potentially too global, belong in a separate PR.
 2022-08-25 16:37:39 +02:00
Nora Dimitrijević
2bd866cc82 C++: improve change note and move to right place 2022-08-25 16:00:25 +02:00
Ian Lynagh
5e06277b38 Update cpp/ql/lib/change-notes/released/0.3.4.md 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2022-08-25 14:23:38 +01:00
Ian Lynagh
badb2b7f13 Update cpp/ql/lib/CHANGELOG.md 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2022-08-25 14:23:25 +01:00
Nora Dimitrijević
ad56274a73 C++: Small improvements to query qldoc and message 2022-08-25 15:22:41 +02:00
Erik Krogh Kristensen
06afe9c0f4 Merge pull request #9816 from erik-krogh/msgConsis 
Make alert messages consistent across languages
 2022-08-25 15:20:01 +02:00
Nora Dimitrijević
a6a30b3725 C++: clarify ScanfOutput.getMinimumGuardConstant() 2022-08-25 15:07:39 +02:00
github-actions[bot]
0f63bc077f Release preparation for version 2.10.4 2022-08-25 12:52:26 +00:00
Nora Dimitrijević
e39229d59e C++: Remove unique-Instruction kludge in ScanfOutput 
Passes tests.
 2022-08-25 14:38:58 +02:00
Nora Dimitrijević
d8800c03b6 C++: new helper predicates in ScanfFunctionCall 
Extract some of the logic from the `cpp/missing-check-scanf` query into
the more generally useful `getOutputArgument(int index)`, `getAnOutputArgument()`,
and `getNumberOfOutputArguments()` predicates.
 2022-08-25 14:32:15 +02:00
Nora Dimitrijević
5c894ae40b Merge branch 'main' into missing-check-scanf-squashed 2022-08-24 21:14:57 +02:00
Nora Dimitrijević
170d12bf5a Write MissingCheckScanf.qhelp 2022-08-24 19:58:19 +02:00
Ian Lynagh
501a9b3c6b Make *.qll non-executable 2022-08-24 16:36:15 +01:00
erik-krogh
1c0f2251e2 Merge branch 'main' into msgConsis 2022-08-24 14:38:57 +02:00
Nora Dimitrijević
ca162a4365 C++: complete initial implementation of cpp/missing-check-scanf 
There are still some remaining FPs (haven't fully tested them)
that should be ironed out in a follow-up to increase the precision, e.g.:

  * if scanf(&i) != 1 return
    if maybe() && scanf(&i) != 1 return
    use(i) // should be OK on both counts

  * The minimum guard constant for the *_s variants may not be right.

  * int i[2]
    scanf(i, i+1) // second i is flagged as a use of the first

  * Maybe loosen the "unguarded or badly guarded use() = bad" policy to
    "unguarded but already-initialized = good" and "badly guarded = bad",
    since a lot of FPs in MRVA fall into the "unguarded but already-
    initialized" bucket.
 2022-08-24 11:25:06 +02:00
Nora Dimitrijević
69911d4f36 .clang-format: do not autoformat test.cpp 2022-08-24 11:25:05 +02:00
erik-krogh
a50234adb0 apply suggestion from review 2022-08-23 15:41:37 +02:00
erik-krogh
1a7d3ee831 update expected output after changing queries 2022-08-23 12:35:32 +02:00
erik-krogh
afadcd9b45 use a more detailed alert message in bitwise-sign-check 2022-08-23 11:18:45 +02:00
erik-krogh
d96d6721ba change the alert message of unused-local-variable 2022-08-23 11:15:11 +02:00
erik-krogh
82d9180892 only have one deprecated alias for XmlDtd 2022-08-23 10:38:23 +02:00
erik-krogh
f7846a598e add change-notes 2022-08-23 07:54:01 +02:00
erik-krogh
78ba7650b3 change the change-notes 2022-08-23 07:28:46 +02:00
erik-krogh
7e0bd5bde4 update expected output of tests 2022-08-22 21:41:47 +02:00
erik-krogh
678e433013 update cpp/missing-case-in-switch to match java 2022-08-22 21:41:45 +02:00
erik-krogh
ea2777fa3e update {cs/cpp}/equality-on-floats to use the same alert-message/description 2022-08-22 21:41:45 +02:00
erik-krogh
39c1832995 update {cpp/js}/bitwise-sign-check to match java 2022-08-22 21:41:45 +02:00
erik-krogh
cc41a83a8d update {py/cpp}/commented-out-code to match csharp/java/javascript 2022-08-22 21:41:45 +02:00
erik-krogh
698ccd8850 update {cpp/java}/unused-local to match python 2022-08-22 21:41:45 +02:00
erik-krogh
5a312cd0da update cpp/complex-block to match java/csharp 2022-08-22 21:41:45 +02:00
erik-krogh
b1c9843d15 update {cs/cpp}/empty-block so they have the same alert message 2022-08-22 21:41:45 +02:00
erik-krogh
28083ebe09 run the implicit-this patch 2022-08-22 21:23:31 +02:00
erik-krogh
a593a52b5e add missing qldoc (that was already missing?) 2022-08-22 21:22:39 +02:00
erik-krogh
e89e0eb7fb make some acronyms camelCase 2022-08-22 21:22:35 +02:00
Mathias Vorreiter Pedersen
0ac8b7ce65 Merge pull request #10128 from MathiasVP/add-cleartext-sanitizer 
C++: Add a sanitizer to `cpp/cleartext-storage-buffer`
 2022-08-22 17:13:22 +01:00
erik-krogh
9c95dcc126 add change-note 2022-08-22 14:09:19 +02:00
erik-krogh
2ac5441aec rename the XMLDTD class to XmlDTD 2022-08-22 14:09:19 +02:00
erik-krogh
1a89ddae5d update some comments from XML to Xml 2022-08-22 14:09:19 +02:00
erik-krogh
ce9f69a639 rename all occurrences of XML to Xml 2022-08-22 14:08:31 +02:00
Mathias Vorreiter Pedersen
831f143fe6 C++: Add change note. 2022-08-22 12:40:08 +01:00
Jeroen Ketema
4c8926d880 Merge pull request #9720 from jketema/linkage 
C++: Support link targets for global and namespace variables
 2022-08-22 12:12:44 +02:00
Mathias Vorreiter Pedersen
65abb54a73 C++: Add a sanitizer to 'cpp/cleartext-storage-buffer' to improve the performance of the query. 2022-08-22 11:01:31 +01:00
Jeroen Ketema
284c8dd448 C++: Add change note 2022-08-22 11:25:40 +02:00
Jeroen Ketema
f00a9ac8fc Merge pull request #10112 from jketema/orphaned 
C++: Handle orphaned local variables
 2022-08-22 10:45:10 +02:00
Chris Smowton
f3ef8510d3 Merge pull request #10093 from smowton/smowton/feature/java-singular-locations 
Java: pick an arbitrary representative location when an entity has many candidate locations.
 2022-08-22 09:32:43 +01:00
Mathias Vorreiter Pedersen
d209231ff9 C++: Remove cartesian product in 'ExecTainted'. 2022-08-21 16:45:36 +01:00
Mathias Vorreiter Pedersen
b944005046 Merge pull request #10095 from MathiasVP/fix-joins-in-using-expired-stack-address 
C++: Fix joins in `cpp/using-expired-stack-address`
 2022-08-20 12:18:34 +01:00