hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
49,684 Commits 1,671 Branches 157 Tags
dd31be43e07d901bafb543c8f65be8e9b5abb364
Commit Graph

8731 Commits

Author SHA1 Message Date
Robert Marsh
65643515ba C++: inexact memory operands as SSA variables 
This makes inexact memory operands into their own SSA variables in the
Semantic interface, which resolves an issue with phi nodes losing
inexact operands (e.g. the unknown-size variable for parameter
indirections).
 2022-08-12 12:35:54 -04:00
Robert Marsh
3bbd333336 C++: fix missing bounds in exp range analysis 2022-08-12 12:33:45 -04:00
Robert Marsh
e6aa2de977 C++: semantic range analysis perf fixes 2022-08-12 12:28:04 -04:00
github-actions[bot]
21d0c78376 Post-release preparation for codeql-cli-2.10.3 2022-08-11 23:20:39 +00:00
github-actions[bot]
57c4f9145b Release preparation for version 2.10.3 2022-08-11 11:12:15 +00:00
Erik Krogh Kristensen
73df8e4c7d Merge pull request #9832 from erik-krogh/misspellings 
Fix lots of misspellings
 2022-08-11 12:43:26 +02:00
Jeroen Ketema
2a9af11727 Merge pull request #10021 from jketema/consistency 
C++: Add internal metrics query for IR consistency
 2022-08-11 12:39:22 +02:00
Geoffrey White
c62ae3b350 C++: First working. We now prefer flagging the cases where the variable was initialized, as in real world cases we haven't seen it done safely. 2022-08-11 12:27:48 +02:00
Geoffrey White
76ef779f60 C++: Add test and placeholder query. 2022-08-11 12:27:39 +02:00
Jeroen Ketema
c89592cda7 C++: Add internal metrics query for IR consistency 2022-08-11 11:39:52 +02:00
Jeroen Ketema
faaf1ec30d C++: Improve QLDoc based on earlier review 2022-08-11 11:31:21 +02:00
Erik Krogh Kristensen
887f6557ed fix common misspellings throughout github/codeql 2022-08-10 23:21:41 +02:00
Jeroen Ketema
32a2363f85 C++: Add change note 2022-08-10 21:11:59 +02:00
Jeroen Ketema
32db845af8 C++: Add DB scheme upgrade and downgrade scripts 2022-08-10 21:11:58 +02:00
Jeroen Ketema
bdd8f2bbe9 C++: Update DB scheme stats file 2022-08-10 21:11:58 +02:00
Jeroen Ketema
8528e6b8e1 C++: Update test results for exposing attribute arguments as proper constants 2022-08-10 21:11:58 +02:00
Jeroen Ketema
b20961a065 C++: Expose constant expressions as attribute arguments 2022-08-10 21:11:58 +02:00
Jeroen Ketema
553f1c496e C++: Update DB scheme to allow for constant expression as attribute arguments 2022-08-10 21:11:58 +02:00
Jeroen Ketema
9ae9b89529 C++: Improve accuracy of AttributeArgument.getValueText QLDoc 2022-08-10 21:11:58 +02:00
Jeroen Ketema
0e12c9d8b1 C++: Simplify this suppression for specifiers 2022-08-10 21:11:58 +02:00
Anders Schack-Mulligen
abad133ab5 Dataflow: Fix identification of source PathNodes in the presence of source-to-source flow. 2022-08-10 15:02:56 +02:00
Nora Dimitrijević
60f4049388 Re-autoformat StrncpyFlippedArgs.ql 2022-08-10 14:14:42 +02:00
Nora Dimitrijević
05f4f98aa0 Add change note 2022-08-10 13:42:21 +02:00
Nora Dimitrijević
8e60a4a478 Update StrncpyFlippedArgs.expected 
Add output lines for the newly implemented test case, test.cpp/test9().
 2022-08-10 13:42:21 +02:00
Nora Dimitrijević
df419003ad Use Strcpy.qll in StrncpyFlippedArgs.ql 
As a result, the query gets access to more types of strncpy-like
functions, as demonstrated by test.cpp, which now "fails" (i.e. works) for the new test
cases instroduced
in the previous commit.
 2022-08-10 13:42:21 +02:00
Nora Dimitrijević
554aea1bb8 New strcpy-variant in StrncpyFlippedArgs test 
Added wcsxfrm_l, which is not currently caught by the query,
meaning that in this case a successful
test implies missing functionality.
 2022-08-10 13:42:21 +02:00
Erik Krogh Kristensen
559ec7ba56 Merge branch 'main' into repeatedWord 2022-08-09 21:22:47 +02:00
Geoffrey White
db8a3107b3 Merge pull request #9089 from ihsinme/ihsinme-patch-87 
CPP: Add query for CWE-125 Out-of-bounds Read with different interpretation of the string when use mbtowc
 2022-08-09 09:31:32 +01:00
ihsinme
4fdf4b23bd Update DangerousWorksWithMultibyteOrWideCharacters.ql 2022-08-08 18:46:39 +03:00
ihsinme
212b1031b2 Update DangerousWorksWithMultibyteOrWideCharacters.qhelp 2022-08-08 18:42:54 +03:00
ihsinme
7cbf79b144 Rename DangerousUseMbtowc.ql to DangerousWorksWithMultibyteOrWideCharacters.ql 2022-08-08 18:39:41 +03:00
ihsinme
9b5154f878 Update and rename DangerousUseMbtowc.qlref to DangerousWorksWithMultibyteOrWideCharacters.qlref 2022-08-08 18:39:10 +03:00
ihsinme
bce395f201 Rename DangerousUseMbtowc.expected to DangerousWorksWithMultibyteOrWideCharacters.expected 2022-08-08 18:38:24 +03:00
ihsinme
ef04b8f5b3 Rename DangerousUseMbtowc.qhelp to DangerousWorksWithMultibyteOrWideCharacters.qhelp 2022-08-08 18:37:15 +03:00
ihsinme
5ee499389e Rename DangerousUseMbtowc.cpp to DangerousWorksWithMultibyteOrWideCharacters.cpp 2022-08-08 18:36:53 +03:00
ihsinme
02bea35da2 Update DangerousUseMbtowc.qhelp 2022-08-08 18:35:25 +03:00
Anders Schack-Mulligen
3d47875b60 Dataflow: Generate shorter RA/DIL names. 2022-08-05 11:00:56 +02:00
Anders Schack-Mulligen
d3dcc3ce3a Dataflow: Sync. 2022-08-05 11:00:56 +02:00
Jeroen Ketema
ba2cee07a9 Merge pull request #8596 from rdmarsh2/rdmarsh2/dataflow-global-vars 
C++: IR data flow through global variables
 2022-08-05 10:07:00 +02:00
Alex Ford
33fbec1174 Merge pull request #9917 from github/post-release-prep/codeql-cli-2.10.2 
Post-release preparation for codeql-cli-2.10.2
 2022-08-03 15:17:00 +01:00
intrigus-lgtm
c59e6586f7 Add additional reference to CERT C coding standard 2022-08-03 14:19:53 +02:00
Rasmus Wriedt Larsen
8fb85a98d8 Merge branch 'main' into post-release-prep/codeql-cli-2.10.2 2022-08-03 10:42:02 +02:00
Mathias Vorreiter Pedersen
c582d17350 Merge pull request #9952 from MathiasVP/speedup-return-stack-allocated-memory 
C++: Speedup `cpp/return-stack-allocated-memory`
 2022-08-03 09:41:38 +01:00
Alex Ford
8e3548efb3 Merge branch 'main' into post-release-prep/codeql-cli-2.10.2 2022-08-02 20:29:26 +01:00
Jeroen Ketema
a63df8fee9 Merge pull request #9930 from jketema/templ-var 
C++: Update test for indexing of static template variable template arguments
 2022-08-02 16:59:56 +02:00
Mathias Vorreiter Pedersen
f385041ab3 C++: Add change note. 2022-08-02 14:07:22 +01:00
Mathias Vorreiter Pedersen
5181cc1295 C++: Add a 'allowInterproceduralFlow' predicate to the 'MustFlow' library to and use it instead of checking the enclosing callables after computing the dataflow graph. 2022-08-02 13:43:01 +01:00
Robert Marsh
3007c96c72 C++: fix a nit 2022-08-01 15:34:03 -04:00
Robert Marsh
f0697ff28b C++: fix QL4QL warnings 2022-08-01 15:23:59 -04:00
Robert Marsh
6dbaae6bfc Merge branch 'main' into rdmarsh2/dataflow-global-vars 2022-08-01 14:56:24 -04:00