hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
74,211 Commits 1,672 Branches 157 Tags
e414b8c5be491c957f93526224b51a07c5a73f44
Commit Graph

6881 Commits

Author SHA1 Message Date
Benjamin Rodes
da10e6ca5b Moving FlowAfterFree and UseAfterFree.qll as a general purpose lib. 2024-01-22 11:18:03 -05:00
erik-krogh
8be7eadace delete outdated deprecations 2024-01-22 09:11:35 +01:00
Geoffrey White
5127542677 C++: Rename the query file. 2024-01-19 16:31:34 +00:00
Geoffrey White
01ee61e5ea C++: Change note. 2024-01-19 15:56:54 +00:00
Geoffrey White
4691bf2cb5 C++: Be more optimistic about successfully scanned files. 2024-01-19 15:55:54 +00:00
Benjamin Rodes
833ef9d6d6 Further reorg of libraries and predicates to allow for more reusable and consistent libraries. 2024-01-18 11:17:24 -05:00
Benjamin Rodes
967526b285 Separating out use after free logic into a library and a ql so the query can be expanded easily. 2024-01-18 10:59:17 -05:00
Ben Rodes
67e43ecc44 Merge branch 'main' into 38-cpp-generalize-use-after-free-libraries 2024-01-17 08:05:41 -08:00
Mathias Vorreiter Pedersen
39dafd6f6a C++: Suggestions to #15343 (#39) 
* C++: Change the interface of 'FlowAfterFree' so that the module it takes
a single module as a parameter.

* C++: Add another predicate to the module signature.

* C++: Convert the use-after-free and double-free libraries to use new interface.

* C++: Accept test changes.
 2024-01-17 11:02:46 -05:00
Benjamin Rodes
a0ef7955b1 Updating FlowAfterFree to not enforce dominance of source/sink. DoubleFree and UseAfterFree queries now enforce dominance. 2024-01-16 13:15:36 -05:00
Alexander Eyers-Taylor
934474681d Merge pull request #15254 from github/post-release-prep/codeql-cli-2.16.0 
Post-release preparation for codeql-cli-2.16.0
 2024-01-16 14:50:40 +00:00
github-actions[bot]
57df8b92df Post-release preparation for codeql-cli-2.16.0 2024-01-15 15:00:50 +00:00
Ian Lynagh
ff2b40a53d Merge pull request #15315 from igfoo/igfoo/typo 
C++: Fix typo
 2024-01-12 18:28:32 +00:00
Ian Lynagh
e357d18d35 C++: Fix typo 2024-01-12 17:57:34 +00:00
Paolo Tranquilli
27160b8861 C++: add change note 2024-01-09 15:31:43 +01:00
Paolo Tranquilli
270df940ff C++: add .def to exceptions to AV rule 32 
This is used as textual includes in several projects for macro
metaprogramming, for example in `llvm-project` and in `swift` (and since
some time in our internal codebase as well).
 2024-01-09 15:18:13 +01:00
github-actions[bot]
a6c8cc9551 Release preparation for version 2.16.0 2024-01-08 13:11:26 +00:00
Aditya Sharad
b1803d0ac2 Merge rc/3.12 into main 2023-12-21 16:40:51 -08:00
Mathias Vorreiter Pedersen
44124158c4 Merge pull request #15078 from alexet/unique-pointer-temporary 
CPP: Add query for detecting invalid uses of temporary unique pointers.
 2023-12-20 11:16:01 +01:00
Mathias Vorreiter Pedersen
57e0804cef Update cpp/ql/src/Security/CWE/CWE-416/UseOfUniquePointerAfterLifetimeEnds.ql 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2023-12-20 10:52:42 +01:00
github-actions[bot]
8f72b0e4f7 Post-release preparation for codeql-cli-2.15.5 2023-12-19 10:32:57 +00:00
github-actions[bot]
19af35b29a Release preparation for version 2.15.5 2023-12-18 21:22:44 +00:00
Mathias Vorreiter Pedersen
aafde4d18d C++: Fix joins in 'cpp/use-after-free'. 2023-12-18 14:49:09 +01:00
Mathias Vorreiter Pedersen
8ed9fbb295 Merge pull request #15123 from MathiasVP/fix-fps-in-double-free 
C++: Fix FPs in `cpp/double-free` and `cpp/use-after-free`
 2023-12-18 10:44:18 +01:00
Mathias Vorreiter Pedersen
e88c6888bc Merge pull request #15121 from MathiasVP/fix-joins-in-av-rule-145 
C++: Fix joins in `AV Rule 145`
 2023-12-18 10:42:46 +01:00
Mathias Vorreiter Pedersen
ef916f0ba0 C++: Mitigate ODR violations. 2023-12-15 17:16:04 +00:00
Mathias Vorreiter Pedersen
0543ed115e C++: Add barrier for array lookups in 'cpp/double-free' and 'cpp/use-after-free'. 2023-12-15 14:57:17 +00:00
Mathias Vorreiter Pedersen
dc9c538fcc Merge pull request #15120 from MathiasVP/fix-joins-in-av-rule-79 
C++: Fix joins in `cpp/resource-not-released-in-destructor`
 2023-12-15 14:06:53 +00:00
Mathias Vorreiter Pedersen
1cbe01923d C++: Fix joins in 'AV Rule 145'. 2023-12-15 13:08:13 +00:00
Alex Eyers-Taylor
8e92fcc08f CPP: Format Temporaries 2023-12-15 12:00:44 +00:00
Mathias Vorreiter Pedersen
ce326a0f79 C++: Fix joins. 2023-12-15 11:37:28 +00:00
Alexander Eyers-Taylor
c68d3c5983 Update cpp/ql/src/Security/CWE/CWE-416/Temporaries.qll 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2023-12-15 11:23:11 +00:00
Alex Eyers-Taylor
49e1467581 CPP: Fix handling of ternary operators in tempory queries and add tests. 2023-12-15 11:03:23 +00:00
Jeroen Ketema
0b1b1be356 C++: Add change note 2023-12-15 11:13:52 +01:00
Jeroen Ketema
2065ecff66 C++: Only consider the maximum buffer size for badly bounded write 2023-12-15 10:46:13 +01:00
Jeroen Ketema
99e65df6ce Merge remote-tracking branch 'upstream/rc/3.12' into mb12 2023-12-13 15:43:39 +01:00
Alexander Eyers-Taylor
236a6a1bce CPP: Apply suggestions from code review 
Fix spelling in query id

Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2023-12-12 17:22:46 +00:00
Alex Eyers-Taylor
136a77b86e CPP: Add change note for cpp/use-of-uniwue-pointer-after-lifetime-ends 2023-12-12 16:47:55 +00:00
Alex Eyers-Taylor
e9bc5a54ea CPP: Add query for detecting invalid uses of temporary unique pointers. 2023-12-12 16:22:20 +00:00
Mathias Vorreiter Pedersen
3dea467dcc Merge pull request #15047 from MathiasVP/add-puns-for-addresses-of-arguments 
C++: Add `PostUpdateNode`s for addresses of outgoing arguments
 2023-12-12 13:55:13 +00:00
Mathias Vorreiter Pedersen
97f2be9b82 C++: Fix QLDoc. 2023-12-12 13:45:18 +00:00
Alexander Eyers-Taylor
e87b3911dc Merge pull request #14910 from alexet/incorrect-scanf 
CPP: Add query for detecteing incorrect error checking for scanf
 2023-12-12 11:57:17 +00:00
Mathias Vorreiter Pedersen
cec785c8cc C++: Respond to review comments. 2023-12-12 11:16:41 +00:00
Mathias Vorreiter Pedersen
f284fde93c C++: Update QLDoc. 2023-12-12 11:09:36 +00:00
Alexander Eyers-Taylor
c883ce8a5e Apply suggestions from code review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2023-12-11 13:50:35 +00:00
Geoffrey White
17cd22f9d0 Merge pull request #14972 from geoffw0/cryptoprimitives 
C++: Experimental query for implementation of a cryptographic primitive
 2023-12-11 09:47:46 +00:00
Mathias Vorreiter Pedersen
90b06c2046 C++: Switch the source of use-after-free and double-free to be post-update nodes. 2023-12-08 14:41:29 +00:00
Alex Eyers-Taylor
da5c2d9bad CPP: Use guard libraries to find equalities with zero. 2023-12-08 13:30:30 +00:00
Alexander Eyers-Taylor
df32e9556c Update cpp/ql/src/change-notes/2023-12-04-incorrectly-checked-scanf.md 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2023-12-08 13:29:13 +00:00
github-actions[bot]
92af5f5386 Post-release preparation for codeql-cli-2.15.4 2023-12-06 22:59:22 +00:00