hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-23 10:23:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
43,085 Commits 1,693 Branches 161 Tags
e37848ec6db0999f4bf822ea0d4c4527f371404a
Commit Graph

397 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
e37848ec6d C++: Remove 'IRConfiguration' since we no longer generate bad IR for range analysis. 2022-09-07 16:39:45 +01:00
Mathias Vorreiter Pedersen
5ce47d97b2 Merge branch 'main' into rdmarsh2/cpp/product-flow 2022-09-07 11:14:42 +01:00
Robert Marsh
ca2694ae1d C++: exclude end pointers in iterator-style loops 2022-09-01 17:42:19 -04:00
Robert Marsh
35701373ee C++: more semantic range analysis perf tweaks 2022-09-01 10:49:54 -04:00
erik-krogh
ffb65d054e delete redundant inline casts 2022-08-17 13:34:22 +02:00
erik-krogh
b9823cf335 fix ql/could-be-cast 2022-08-17 13:33:31 +02:00
Robert Marsh
56eacce320 C++: restrict to end-of-allocation pointers 2022-08-16 17:52:06 -04:00
Robert Marsh
93de8e2308 C++: fix missing bounds in exp range analysis 2022-08-16 17:44:51 -04:00
Robert Marsh
0ebd7d0de5 C++: respond to PR comments 2022-08-16 17:44:47 -04:00
Robert Marsh
e4d0e7431c C++: some experimental product flow queries 2022-08-16 17:44:46 -04:00
Geoffrey White
db8a3107b3 Merge pull request #9089 from ihsinme/ihsinme-patch-87 
CPP: Add query for CWE-125 Out-of-bounds Read with different interpretation of the string when use mbtowc
 2022-08-09 09:31:32 +01:00
ihsinme
4fdf4b23bd Update DangerousWorksWithMultibyteOrWideCharacters.ql 2022-08-08 18:46:39 +03:00
ihsinme
212b1031b2 Update DangerousWorksWithMultibyteOrWideCharacters.qhelp 2022-08-08 18:42:54 +03:00
ihsinme
7cbf79b144 Rename DangerousUseMbtowc.ql to DangerousWorksWithMultibyteOrWideCharacters.ql 2022-08-08 18:39:41 +03:00
ihsinme
ef04b8f5b3 Rename DangerousUseMbtowc.qhelp to DangerousWorksWithMultibyteOrWideCharacters.qhelp 2022-08-08 18:37:15 +03:00
ihsinme
5ee499389e Rename DangerousUseMbtowc.cpp to DangerousWorksWithMultibyteOrWideCharacters.cpp 2022-08-08 18:36:53 +03:00
ihsinme
02bea35da2 Update DangerousUseMbtowc.qhelp 2022-08-08 18:35:25 +03:00
intrigus-lgtm
c59e6586f7 Add additional reference to CERT C coding standard 2022-08-03 14:19:53 +02:00
ihsinme
96e220588e Update DangerousUseMbtowc.ql 2022-07-31 13:44:50 +03:00
ihsinme
98af52fba5 Update DangerousUseMbtowc.ql 2022-07-12 20:19:59 +03:00
ihsinme
8967f57bbc Update DangerousUseMbtowc.ql 2022-07-04 11:17:12 +03:00
ihsinme
f53adca108 Update DangerousUseMbtowc.ql 2022-07-04 11:10:02 +03:00
Geoffrey White
20c3182437 Merge pull request #9087 from ihsinme/ihsinme-patch-88 
CPP: Add query for CWE-670: Always-Incorrect Control Flow Implementation when use SSL_shutdown
 2022-06-23 09:16:55 +01:00
ihsinme
9d12f1be53 Update DangerousUseMbtowc.ql 2022-06-02 14:34:38 +03:00
Geoffrey White
2bcf7e17c8 Understand syscalls better. 2022-05-26 14:01:09 +01:00
Geoffrey White
e3ea7751d1 C++: Define sources better so that we catch all the test cases. 2022-05-26 12:44:17 +01:00
ihsinme
57127a5343 Update cpp/ql/src/experimental/Security/CWE/CWE-125/DangerousUseMbtowc.qhelp 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2022-05-25 09:38:02 +03:00
Mathias Vorreiter Pedersen
358a8aba7a Merge pull request #8994 from HansmannThibaut/main 
C/C++ : Wrong Uint access
 2022-05-23 15:31:23 +01:00
Mathias Vorreiter Pedersen
ba28632c96 Update cpp/ql/src/experimental/Best Practices/WrongUintAccess.qhelp 2022-05-23 14:11:13 +01:00
Erik Krogh Kristensen
86e97c32d6 fix all ql/use-string-compare 2022-05-17 14:11:05 +02:00
Erik Krogh Kristensen
440e6214f0 CPP: correctly escape underscores in calls to .matches() 2022-05-17 13:21:02 +02:00
ihsinme
1a375ec653 Update cpp/ql/src/experimental/Security/CWE/CWE-670/DangerousUseSSL_shutdown.ql 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2022-05-16 19:55:33 +03:00
thibaut hansmann
e150a39fa0 C/C++ : fix name of cpp file + fix autoformat 2022-05-15 14:27:46 +02:00
ihsinme
f6ab338a16 Update DangerousUseSSL_shutdown.qhelp 2022-05-15 12:26:05 +03:00
ihsinme
a7c69ba6ab create new branchihsinme-patch-87 in fork 2022-05-09 13:15:27 +00:00
ihsinme
09cd168197 create new branchihsinme-patch-88 in fork 2022-05-09 13:05:06 +00:00
Geoffrey White
28dca3fa9f Merge pull request #8245 from ihsinme/ihsinme-patch-67 
CPP: Add query for CWE-476: NULL Pointer Dereference when using exception handling blocks
 2022-05-09 12:26:20 +01:00
thibaut hansmann
f3f2e59472 C/C++ : Fix remove the useless variable 2022-05-09 12:01:42 +02:00
ihsinme
b98ddc72f5 Update DangerousUseOfExceptionBlocks.ql 2022-05-05 21:05:22 +03:00
ihsinme
2d4d7aa094 Update DangerousUseOfExceptionBlocks.ql 2022-05-05 18:40:29 +03:00
thibaut hansmann
3006935141 C/C++ : FIx the research for UInt16, 32 and 64 + Fix 2 first line of the query 2022-05-05 15:22:50 +02:00
thibaut hansmann
c15c216c47 C/C++ : change Variable and ArrayType name + Add detection for Uint 32 and 64 2022-05-05 14:27:50 +02:00
ihsinme
75244effc5 Update DangerousUseOfExceptionBlocks.ql 2022-05-05 13:27:17 +03:00
thibaut hansmann
83e26f41c0 C/C++ : Wrong Uint access 2022-05-01 14:53:52 +02:00
Geoffrey White
614a7650a6 Merge pull request #8775 from porcupineyhairs/cpam 
CPP: PAM Authorization Bypass
 2022-04-29 14:55:33 +01:00
Erik Krogh Kristensen
ff73dbc35c delete redundant imports 2022-04-22 12:55:28 +02:00
Porcupiney Hairs
06edb3f3a1 fix formatting issues 2022-04-21 00:23:49 +05:30
Porcupiney Hairs
85c751cb7f CPP: PAM Authorization Bypass 
This PR is similar to my other PRs for
[Python](https://github.com/github/codeql/pull/8595) and
[Golang](https://github.com/github/codeql-go/pull/709).

This PR aims to detect instances were an initiated PAM Transaction invokes the `pam_authenticate` method but does not invoke a call to the pam_acct_mgmt` method. This is bad as a call to `pam_authenticate` only verifies the users credentials. It does not check if the user account is still is a valid state.

If only a call to `pam_authenticate` is used to verify the user, a user with an expired account password would still be able to login. This can be prevented by calling the `pam_acct_mgmt` function after a `pam_authenticate` function.
 2022-04-19 18:24:19 +05:30
Geoffrey White
cb211f8844 Merge pull request #8599 from 4B5F5F4B/main 
C++: refactor some code, and add access_ok cases
 2022-04-11 15:57:27 +01:00
4B5F5F4B
04538d0599 Autoformated to make CodeQL happy 2022-04-06 11:59:26 +08:00