hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 03:36:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
74,211 Commits 1,672 Branches 157 Tags
e414b8c5be491c957f93526224b51a07c5a73f44
Commit Graph

6881 Commits

Author SHA1 Message Date
erik-krogh
ea2777fa3e update {cs/cpp}/equality-on-floats to use the same alert-message/description 2022-08-22 21:41:45 +02:00
erik-krogh
39c1832995 update {cpp/js}/bitwise-sign-check to match java 2022-08-22 21:41:45 +02:00
erik-krogh
cc41a83a8d update {py/cpp}/commented-out-code to match csharp/java/javascript 2022-08-22 21:41:45 +02:00
erik-krogh
698ccd8850 update {cpp/java}/unused-local to match python 2022-08-22 21:41:45 +02:00
erik-krogh
5a312cd0da update cpp/complex-block to match java/csharp 2022-08-22 21:41:45 +02:00
erik-krogh
b1c9843d15 update {cs/cpp}/empty-block so they have the same alert message 2022-08-22 21:41:45 +02:00
erik-krogh
a593a52b5e add missing qldoc (that was already missing?) 2022-08-22 21:22:39 +02:00
erik-krogh
e89e0eb7fb make some acronyms camelCase 2022-08-22 21:22:35 +02:00
Mathias Vorreiter Pedersen
831f143fe6 C++: Add change note. 2022-08-22 12:40:08 +01:00
Mathias Vorreiter Pedersen
65abb54a73 C++: Add a sanitizer to 'cpp/cleartext-storage-buffer' to improve the performance of the query. 2022-08-22 11:01:31 +01:00
Mathias Vorreiter Pedersen
d209231ff9 C++: Remove cartesian product in 'ExecTainted'. 2022-08-21 16:45:36 +01:00
Mathias Vorreiter Pedersen
c953b05cc2 Merge branch 'main' into fix-joins-in-using-expired-stack-address 2022-08-18 15:13:05 +01:00
Mathias Vorreiter Pedersen
5704995b62 C++: Fix joins in 'cpp/using-expired-stack-address'. 2022-08-18 13:23:39 +01:00
intrigus-lgtm
f978951cbe Explain command substitution 2022-08-17 22:30:43 +02:00
erik-krogh
ffb65d054e delete redundant inline casts 2022-08-17 13:34:22 +02:00
erik-krogh
2e44fba67d add explicit this 2022-08-17 13:33:31 +02:00
erik-krogh
b9823cf335 fix ql/could-be-cast 2022-08-17 13:33:31 +02:00
intrigus-lgtm
45f708bb58 Fix typo. 2022-08-17 00:00:32 +02:00
intrigus
dabccd8686 Add query for tainted wordexp calls. 2022-08-16 23:56:50 +02:00
Robert Marsh
56eacce320 C++: restrict to end-of-allocation pointers 2022-08-16 17:52:06 -04:00
Robert Marsh
93de8e2308 C++: fix missing bounds in exp range analysis 2022-08-16 17:44:51 -04:00
Robert Marsh
0ebd7d0de5 C++: respond to PR comments 2022-08-16 17:44:47 -04:00
Robert Marsh
e4d0e7431c C++: some experimental product flow queries 2022-08-16 17:44:46 -04:00
Jeroen Ketema
243dda79d2 C++: Expose PresentIRFunction and override in cpp/count-ir-inconsistencies 
The `toString` implementtion that `PresentIRFunction` uses may result in very
long strings that may crash the evaluator. Overriding allows is to limit the
string size and still suffices when just counting the number of inconsistencies.
 2022-08-16 16:30:38 +02:00
Sid Shankar
1e1e2318b7 Merge pull request #10052 from github/task/fix-broken-links 
Docs: Replace HTTP broken links to equivalent HTTPS resources
 2022-08-16 08:45:08 -04:00
Alex Ford
d02ad51d74 Merge pull request #10032 from github/post-release-prep/codeql-cli-2.10.3 
Post-release preparation for codeql-cli-2.10.3
 2022-08-16 12:04:07 +01:00
Sid Shankar
69de832f76 Replace invalid link to blogs.msdn.com 
Replace with link to the same article on devblogs.microsoft.com. Unfortunately, blogs.msdn.com does not automatically redirect to the new location, making this replacement necessary.
 2022-08-15 14:39:26 -04:00
github-actions[bot]
21d0c78376 Post-release preparation for codeql-cli-2.10.3 2022-08-11 23:20:39 +00:00
github-actions[bot]
57c4f9145b Release preparation for version 2.10.3 2022-08-11 11:12:15 +00:00
Erik Krogh Kristensen
73df8e4c7d Merge pull request #9832 from erik-krogh/misspellings 
Fix lots of misspellings
 2022-08-11 12:43:26 +02:00
Geoffrey White
c62ae3b350 C++: First working. We now prefer flagging the cases where the variable was initialized, as in real world cases we haven't seen it done safely. 2022-08-11 12:27:48 +02:00
Geoffrey White
76ef779f60 C++: Add test and placeholder query. 2022-08-11 12:27:39 +02:00
Jeroen Ketema
c89592cda7 C++: Add internal metrics query for IR consistency 2022-08-11 11:39:52 +02:00
Erik Krogh Kristensen
887f6557ed fix common misspellings throughout github/codeql 2022-08-10 23:21:41 +02:00
Nora Dimitrijević
60f4049388 Re-autoformat StrncpyFlippedArgs.ql 2022-08-10 14:14:42 +02:00
Nora Dimitrijević
05f4f98aa0 Add change note 2022-08-10 13:42:21 +02:00
Nora Dimitrijević
df419003ad Use Strcpy.qll in StrncpyFlippedArgs.ql 
As a result, the query gets access to more types of strncpy-like
functions, as demonstrated by test.cpp, which now "fails" (i.e. works) for the new test
cases instroduced
in the previous commit.
 2022-08-10 13:42:21 +02:00
Geoffrey White
db8a3107b3 Merge pull request #9089 from ihsinme/ihsinme-patch-87 
CPP: Add query for CWE-125 Out-of-bounds Read with different interpretation of the string when use mbtowc
 2022-08-09 09:31:32 +01:00
ihsinme
4fdf4b23bd Update DangerousWorksWithMultibyteOrWideCharacters.ql 2022-08-08 18:46:39 +03:00
ihsinme
212b1031b2 Update DangerousWorksWithMultibyteOrWideCharacters.qhelp 2022-08-08 18:42:54 +03:00
ihsinme
7cbf79b144 Rename DangerousUseMbtowc.ql to DangerousWorksWithMultibyteOrWideCharacters.ql 2022-08-08 18:39:41 +03:00
ihsinme
ef04b8f5b3 Rename DangerousUseMbtowc.qhelp to DangerousWorksWithMultibyteOrWideCharacters.qhelp 2022-08-08 18:37:15 +03:00
ihsinme
5ee499389e Rename DangerousUseMbtowc.cpp to DangerousWorksWithMultibyteOrWideCharacters.cpp 2022-08-08 18:36:53 +03:00
ihsinme
02bea35da2 Update DangerousUseMbtowc.qhelp 2022-08-08 18:35:25 +03:00
Alex Ford
33fbec1174 Merge pull request #9917 from github/post-release-prep/codeql-cli-2.10.2 
Post-release preparation for codeql-cli-2.10.2
 2022-08-03 15:17:00 +01:00
intrigus-lgtm
c59e6586f7 Add additional reference to CERT C coding standard 2022-08-03 14:19:53 +02:00
Rasmus Wriedt Larsen
8fb85a98d8 Merge branch 'main' into post-release-prep/codeql-cli-2.10.2 2022-08-03 10:42:02 +02:00
Alex Ford
8e3548efb3 Merge branch 'main' into post-release-prep/codeql-cli-2.10.2 2022-08-02 20:29:26 +01:00
Mathias Vorreiter Pedersen
5181cc1295 C++: Add a 'allowInterproceduralFlow' predicate to the 'MustFlow' library to and use it instead of checking the enclosing callables after computing the dataflow graph. 2022-08-02 13:43:01 +01:00
Mathias Vorreiter Pedersen
e3cb7cf9fe C++: Remove internal 'microsoft' tags from queries. 2022-08-01 17:30:23 +01:00