6404 Commits

Author	SHA1	Message	Date
Geoffrey White	6e184f2438	C++: Rename variables 'a' and 'b'.	2022-04-19 10:57:42 +01:00
Geoffrey White	da38c9041c	C++: Improvements from PR comments.	2022-04-19 10:25:00 +01:00
Geoffrey White	50c7e47dd9	C++: Improve QLDoc.	2022-04-19 10:15:12 +01:00
Geoffrey White	da454128ed	Update cpp/ql/src/Security/CWE/CWE-611/XXE.ql ... Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>	2022-04-19 10:08:07 +01:00
Geoffrey White	2ac21d6932	C++: Use isBarrier rather than isBarrierOut (which is going away).	2022-04-14 09:21:57 +01:00
Geoffrey White	27b6b99cd0	C++: Correct and improve some comments and naming.	2022-04-13 18:34:15 +01:00
Geoffrey White	2ad81e63a5	C++: Change note.	2022-04-13 16:11:14 +01:00
Geoffrey White	dfd846bb7b	C++: Changes to the qhelp.	2022-04-13 15:53:13 +01:00
Geoffrey White	d83aea5ea3	C++: Copy the qhelp from Javascript.	2022-04-13 15:16:01 +01:00
Geoffrey White	b149666f45	C++: Query metadata (precision is provisional, might up it to 'high' later).	2022-04-13 15:15:28 +01:00
Geoffrey White	be0df1662c	C++: Rename the query file.	2022-04-13 13:20:02 +01:00
Geoffrey White	ffbe724040	C++: Remove unfinished parts for now.	2022-04-13 13:18:23 +01:00
Geoffrey White	cb211f8844	Merge pull request #8599 from 4B5F5F4B/main ... C++: refactor some code, and add access_ok cases	2022-04-11 15:57:27 +01:00
Jeroen Ketema	4cfe04567f	Merge pull request #8702 from jketema/command-line-sanitizer ... C++: Use `isSanitizerOut(DataFlow::Node node)` in `cpp/command-line-injection`	2022-04-08 23:42:35 +02:00
Geoffrey White	8d1e8e9ecb	C++: Flow states and transformers.	2022-04-08 17:19:18 +01:00
Edoardo Pirovano	f25618eed6	Bump minor version of all packs	2022-04-08 15:38:58 +01:00
Edoardo Pirovano	ce82c54b94	Merge branch 'main' into edoardo/3.5-mergeback	2022-04-08 15:30:58 +01:00
Jeroen Ketema	83d35a9a96	C++: Use isSanitizerOut(DataFlow::Node node) in cpp/command-line-injection	2022-04-08 11:28:17 +02:00
Geoffrey White	3aaa058308	C++: Get the simplest part of the query working, disable the rest for now, fix metadata, formatting etc.	2022-04-07 19:01:30 +01:00
Robert Marsh	3a35a40062	WIP: start on CWE-611 tests	2022-04-06 12:55:56 +01:00
Robert Marsh	370dd057dc	C++: more WIP on Xerces XXE query	2022-04-06 12:55:54 +01:00
Robert Marsh	9b6c1bc691	WIP: Xerces XXE	2022-04-06 12:55:52 +01:00
4B5F5F4B	04538d0599	Autoformated to make CodeQL happy	2022-04-06 11:59:26 +08:00
Jeroen Ketema	d19504fca2	C++: Add cpp/unused-local-variable test case with switch initializer ... This is similar to the test case with the `if` initializer, and we should not forget about it once we support `if` initialization.	2022-04-05 18:27:53 +02:00
ihsinme	73de757f39	Update DangerousUseOfExceptionBlocks.ql	2022-04-04 21:38:03 +03:00
ihsinme	61860c9ae9	Update DangerousUseOfExceptionBlocks.ql	2022-04-02 13:44:40 +03:00
Jeroen Ketema	dea510ac95	C++: Add change note for cpp/unused-local-variable changes	2022-04-01 18:32:46 +02:00
Jeroen Ketema	4f49f9d6e1	C++: Remove exception from cpp/unused-local-variable that is no longer needed	2022-04-01 18:32:46 +02:00
github-actions[bot]	6af568b16d	Post-release preparation for codeql-cli-2.8.5	2022-04-01 16:22:14 +00:00
github-actions[bot]	ee746d20df	Release preparation for version 2.8.5	2022-04-01 10:39:31 +00:00
Geoffrey White	146318dbc1	Merge pull request #8580 from geoffw0/privdata ... C++: Port PrivateData.qll from C# and use it in cpp/cleartext-transmission	2022-03-31 10:12:46 +01:00
ihsinme	b95094235c	Apply suggestions from code review ... Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>	2022-03-30 10:51:38 +03:00
4B5F5F4B	9ab773422a	refactor some code, and add access_ok cases	2022-03-30 12:25:32 +08:00
Robert Marsh	8d21c8b7c5	Merge pull request #8423 from 4B5F5F4B/main ... [CPP][Linux Kernel]Add ql to detect CVE-2017-5123	2022-03-29 15:10:15 -04:00
Geoffrey White	0e3e145e53	C++: Add CWE-359 tag to cpp/cleartext-transmission.	2022-03-29 14:44:06 +01:00
4B5F5F4B	9358b824c0	modify select clause to make codeql happy:)	2022-03-29 10:41:12 +08:00
Geoffrey White	611b820cbc	C++: Change notes.	2022-03-28 14:27:21 +01:00
Geoffrey White	3fed7bf6d0	C++: Extend cpp/cleartext-transmission using PrivateData.qll.	2022-03-28 11:16:56 +01:00
4B5F5F4B	2d7b9c0c4f	modify a little cute typo	2022-03-26 22:55:27 +08:00
4B5F5F4B	7a091f808b	Create NoCheckBeforeUnsafePutUser.ql	2022-03-26 22:45:03 +08:00
4B5F5F4B	64863d493b	Delete cve-2017-5123.ql	2022-03-26 22:42:59 +08:00
Andrew Eisenberg	5fb84a774b	Merge pull request #8553 from github/aeisenberg/cpp-suites ... Suites: Remove self-referential `from` directives	2022-03-25 09:15:53 -07:00
Geoffrey White	9f3fd57534	Merge branch 'main' into cwe497b	2022-03-25 11:57:30 +00:00
Geoffrey White	e377eebdbc	C++: More 'adversary' -> 'malicious user' and related doc changes.	2022-03-25 11:34:37 +00:00
Geoffrey White	11074b6d77	Update cpp/ql/src/Security/CWE/CWE-497/PotentiallyExposedSystemData.ql ... Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>	2022-03-25 11:08:07 +00:00
Geoffrey White	6b6ee61d3f	Apply suggestions from code review ... Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>	2022-03-25 11:06:46 +00:00
Andrew Eisenberg	99f14af56a	Suites: Remove self-referential from directives ... Fixes https://github.com/github/codeql/issues/8412 See https://github.com/github/codeql/issues/8412#issuecomment-1078281668 for more detail.	2022-03-24 14:19:20 -07:00
Mathias Vorreiter Pedersen	61c944201f	Merge pull request #8461 from Paul1nh0/dev_cve_2016_6480 ... Add query for double-fetch vulnerability	2022-03-23 18:15:05 +00:00
Mathias Vorreiter Pedersen	0eab54d385	Merge pull request #8491 from jketema/command-line-injection-with-flow-state ... C++: Use flow states in `cpp/command-line-injection`	2022-03-23 11:03:29 +00:00
Mathias Vorreiter Pedersen	a84ee50af0	Update cpp/ql/src/change-notes/2022-03-21-command-line-injection-with-flow-states.md	2022-03-23 09:35:41 +00:00