hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 23:02:56 +01:00
Code Issues Packages Projects Releases Wiki Activity
32,981 Commits 1,684 Branches 159 Tags
e168da4c5fb14998d96f4388cd98a077d2f03d15
Commit Graph

3141 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
dfd30e46b0 Merge pull request #8227 from geoffw0/319improve 
C++: Promote cpp/non-https-url
 2022-02-25 08:48:44 +00:00
Geoffrey White
899ae90ba4 C++: Add GVN. 2022-02-24 17:22:37 +00:00
Geoffrey White
0bb9a95563 C++: Extend tests. 2022-02-24 17:15:29 +00:00
Mathias Vorreiter Pedersen
e4af34253a C++: Actually fix incorrect annotation 2022-02-24 11:06:57 +00:00
Geoffrey White
c16302be13 C++: Fix the FP. 2022-02-24 10:54:08 +00:00
Mathias Vorreiter Pedersen
ef5f16ddd3 Merge branch 'main' into add-using-expired-stack-address-query 2022-02-24 08:41:27 +00:00
Geoffrey White
326dfa5bc2 C++: Add test cases. 2022-02-23 18:37:58 +00:00
Mathias Vorreiter Pedersen
033edc24f4 C++: Respond to review comments. 2022-02-23 16:23:49 +00:00
Jeroen Ketema
99dd049c1b Add IR test for tuple structured bindings 2022-02-23 16:15:19 +01:00
Jeroen Ketema
caf0f28547 Add IR test for data member structured bindings 2022-02-23 15:55:19 +01:00
Jeroen Ketema
ec2567b64b Add IR test for array structured bindings 2022-02-23 15:10:10 +01:00
Mathias Vorreiter Pedersen
53299d61eb C++: Add more tests. 2022-02-23 11:38:01 +00:00
Mathias Vorreiter Pedersen
ea35f56212 C++: Add a query for detecting uses of expired stack pointers that escaped through global variables. 2022-02-22 19:12:08 +00:00
Geoffrey White
4908eaf5ec C++: Typos. 2022-02-22 14:33:11 +00:00
Jeroen Ketema
46821fe136 Update C++ variable hiding test 
Structured bindings are now handled better, so the false negative
related to structured bindings is now a true positive.
 2022-02-10 10:58:32 +01:00
Jeroen Ketema
1f2865c7cc Merge pull request #7798 from jketema/missing-open-arg 
C++: Add query for missing mode argument in `open`/`openat` calls
 2022-02-07 12:01:44 +01:00
Mathias Vorreiter Pedersen
2e2913b921 Merge pull request #7839 from rdmarsh2/rdmarsh2/ir-initializer-inheritance-fix 
C++: fix IR generation for constructor base inits when no constructor is present.
 2022-02-04 10:32:57 +00:00
Harry Maclean
ab7fd89653 Merge pull request #7663 from github/hmac/api-graph-subclass 
Ruby: Add basic subclassing support to API Graphs
 2022-02-04 10:19:07 +13:00
Robert Marsh
55cbff7614 C++: fix for constructor init without constructor 2022-02-03 13:44:02 -05:00
Robert Marsh
836c47abb3 C++: test for constructor init without constructor 2022-02-03 13:34:05 -05:00
Geoffrey White
8031c3f699 Merge branch 'main' into clrtxt9 2022-02-03 17:01:59 +00:00
Geoffrey White
02b1774d7f C++: Switch from GVN to localFlow. 2022-02-03 16:00:26 +00:00
Geoffrey White
3cfd1b5052 C++: More test cases. 2022-02-03 15:11:59 +00:00
Geoffrey White
4048ba0a1c C++: Fix false positives around terminal output. 2022-02-02 17:59:28 +00:00
Geoffrey White
39a2ffd438 C++: Fix false positives around 'stdin'. 2022-02-02 17:39:14 +00:00
Arthur Baars
6acf49d4da Merge pull request #7814 from aibaars/fix-ql-alerts 
Ruby: fix all QL-QL alerts
 2022-02-02 18:25:38 +01:00
Jeroen Ketema
f32500306a Address review comments 2022-02-02 17:24:55 +01:00
Geoffrey White
cc20969bdd C++: Add test cases based on some remaining real world FPs. 2022-02-02 16:15:59 +00:00
Jeroen Ketema
92d9e51d2a Extract the value of O_CREAT and O_TMPFILE from the defining macro 
There are operating systems that define `O_CREAT` with a different
value than Linux, which uses `0x40`. For example, OpenBSD uses `0x0200`.
Hence, we cannot use a hardcoded value.

Also handle `O_TMPFILE` while here.
 2022-02-02 15:16:26 +01:00
Mathias Vorreiter Pedersen
1aa32b09be Merge pull request #7802 from geoffw0/clrtxt8 
C++: Recognize password struct fields.
 2022-02-02 14:10:40 +00:00
Arthur Baars
33b97f3e0c Update synchronized files 2022-02-02 13:30:45 +01:00
Jeroen Ketema
bd859d99bf Address review comments 2022-02-02 10:09:47 +01:00
Jeroen Ketema
ff1c971100 Add query for missing mode argument in open/openat calls 2022-02-01 14:52:22 +01:00
Geoffrey White
8a1b49f816 C++: Recognize password struct fields. 2022-01-28 19:10:46 +00:00
Geoffrey White
af09dd8af1 C++: Fixes to gets models. 2022-01-28 16:04:23 +00:00
Geoffrey White
036e1495b8 Merge branch 'main' into getslocal 2022-01-28 15:58:13 +00:00
Mathias Vorreiter Pedersen
b3f4357dc8 Merge pull request #7742 from geoffw0/clrtxt6 
C++: Upgrade cpp/cleartext-storage-buffer
 2022-01-27 14:40:40 +00:00
Geoffrey White
2e1b09fd75 C++: Modernize flow sources. 2022-01-27 13:19:09 +00:00
Dave Bartolomeo
d069d91bf5 Merge pull request #6601 from dbartol/dbartol/side-effect-reorder/work 
Fix order of IR call side effects
 2022-01-26 17:02:02 -05:00
Jeroen Ketema
9194af9b15 Do not report "Declaration hides variable" for unnamed variables 2022-01-26 15:10:37 +01:00
Jeroen Ketema
10a94cfa45 Add test for structured binding declaration hiding variable 2022-01-26 15:08:50 +01:00
Jeroen Ketema
b380ba0d8f Add semmle-extractor-options: -std=c++17 to test 2022-01-26 15:05:21 +01:00
Dave Bartolomeo
4c42013836 Update test expectations 2022-01-25 15:22:13 -05:00
Geoffrey White
340b40e8f3 C++: Modernize cpp/cleartext-storage-buffer. 2022-01-25 13:54:42 +00:00
Harry Maclean
517f2d0823 Add optional results to InlineExpectationsTest 
The idea behind optional results is that there may be instances where
each line of source code has many results and you don't want to annotate
all of them, but you still want to ensure that any annotations you do
have are correct.

This change makes that possible by exposing a new predicate
`hasOptionalResult`, which has the same signature as `hasResult`.

Results produced by `hasOptionalResult` will be matched against any
annotations, but the lack of a matching annotation will not cause a
failure.

We will use this in the inline tests for the API edge getASubclass,
because for each API path that uses getASubclass there is always a
shorter path that does not use it, and thus we can't use the normal
shortest-path matching approach that works for other API Graph tests.
 2022-01-25 16:41:49 +13:00
Dave Bartolomeo
9183a4d7e7 Merge remote-tracking branch 'upstream/main' into dbartol/side-effect-reorder/work 2022-01-24 15:56:38 -05:00
Geoffrey White
764f27f08e C++: Upgrade to path-problem. 2022-01-24 18:32:05 +00:00
Geoffrey White
bbaac556e2 C++: Reveal the FP to be an issue with dataflow / model of strcpy. 2022-01-24 17:53:37 +00:00
Geoffrey White
11929378c7 C++: Upgrade cpp/cleartext-storage-file to full taint flow. 2022-01-24 17:48:45 +00:00
Geoffrey White
4c99d39acf Merge pull request #7701 from MathiasVP/remove-intentional-get-stack-pointer 
C++: Remove FPs from `cpp/return-stack-allocated-memory`
 2022-01-24 11:39:10 +00:00