hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
50,611 Commits 1,672 Branches 157 Tags
ea4c2e432100cb15e4ad5448d02c36153a6f9f95
Commit Graph

593 Commits

Author SHA1 Message Date
Jeroen Ketema
05ecd2e015 Merge pull request #11958 from jketema/argv-if-tests 
C++: Add some additional uncontrolled format string tests
 2023-01-23 14:05:07 +01:00
Jeroen Ketema
cfc0dabad9 C++: Add some additional uncontrolled format string tests 
These duplicate the `i9` and `i91` tests slightly earlier in the same file, but
use an explicit `if` instead of the ternary operator.
 2023-01-23 11:50:45 +01:00
Geoffrey White
13ae15b867 C++: Add tests for more edge cases. 2023-01-13 18:38:29 +00:00
Geoffrey White
bb451f3911 C++: Fix result duplication. 2023-01-06 11:05:47 +00:00
Geoffrey White
2023abdc60 C++: Update the queries. 2023-01-05 11:33:58 +00:00
Geoffrey White
a9aa67177b C++: Add test cases for HeuristicAllocationExpr in queries. 2023-01-05 11:30:21 +00:00
Geoffrey White
10ca2dac19 C++: Remove unnecessary 'semmle' directory. 2023-01-05 11:30:15 +00:00
Jeroen Ketema
7549915773 C++: Accept test changes 2022-12-19 12:52:35 +01:00
Jeroen Ketema
2705aebbbc C++: Restrict CWE-119 semmle tests to have a single main function 2022-12-19 12:13:37 +01:00
Jeroen Ketema
beb66d027e C++: Use FlowSource in cpp/path-injection 2022-12-10 20:27:56 +01:00
Jeroen Ketema
ce92ba640a C++: Accept test changes 2022-12-09 23:38:03 +01:00
Jeroen Ketema
b216c79992 C++: Accept test changes 2022-12-08 15:22:41 +01:00
Jeroen Ketema
5637d573c1 C++: Add test case that is no longer detected after latest changes 2022-12-06 08:31:22 +01:00
Jeroen Ketema
6dbc59d5b5 C++: Simplify isSink based on reviewer comments 2022-12-05 23:23:08 +01:00
Jeroen Ketema
d3cccca7f1 C++: Filter duplicate (source, sink)-pairs 2022-11-29 11:17:39 +01:00
Jeroen Ketema
378206ae7d C++: Stop taint from flowing to arithmetic types 
These are not likely to give the user much control over what can be accessed.
 2022-11-29 11:15:28 +01:00
Jeroen Ketema
718663415b C++: Stop flow from going through another source 
Without this we get confusing results:
```
    char *userAndFile = argv[2];
    char *fileName = argv[1];
    fopen(fileName, "wb+"); // Both argv[1] and argv[2] marked as source without
                            // this change.
```

While here add some more test cases.
 2022-11-29 10:52:57 +01:00
Jeroen Ketema
63334764d7 C++: Rewrite cpp/path-injection to not use DefaultTaintTracking 2022-11-29 10:52:57 +01:00
Jeroen Ketema
4607f5990e C++: Add more tests that exercise the default taint barrier implementation 2022-11-25 10:19:45 +01:00
Tom Hvitved
a533c95640 C++: Update expected test output 2022-11-03 15:52:30 +01:00
Dave Bartolomeo
9d5e5e3ee7 ${workspace} all the things 2022-11-01 13:29:05 -04:00
Geoffrey White
fd571538fb Merge pull request #10706 from geoffw0/vaheuristic 
C++: Tune cpp/unterminated-variadic-call
 2022-10-10 13:39:40 +01:00
erik-krogh
66c9705502 fix some more style-guide violations in the alert-messages 2022-10-07 11:19:46 +02:00
Geoffrey White
3f78a244b9 C++: Make the tests use more repetitions. 2022-10-06 09:14:24 +01:00
Geoffrey White
9a365d83cf C++: Tighten up the heuristic in cpp/unterminated-variadic-call. 2022-10-06 09:14:16 +01:00
erik-krogh
96b46de7c8 update alert-messages based on review feedback 2022-09-23 14:53:54 +02:00
erik-krogh
edd03020c2 fix the casing in the alert-message of cpp/unclear-array-index-validation 2022-09-23 14:48:01 +02:00
erik-krogh
9e4843d53e update the alert-message of cpp/file-may-not-be-closed based on feedback 2022-09-23 14:46:00 +02:00
erik-krogh
2351884352 update some alert-messages based on review feedback 2022-09-23 14:45:59 +02:00
erik-krogh
33165f4f55 CPP: update expected output 2022-09-23 14:45:59 +02:00
Geoffrey White
946456acc2 C++: Apply the sanitizer improvement from cpp/cleartext-storage-buffer in cpp/cleartext-storage-file and cpp/cleartext-transmission. 2022-09-05 14:44:33 +01:00
Robert Marsh
813a8548d7 C++: accept test changes for globals in data flow 2022-06-22 16:42:42 -04:00
Robert Marsh
048e5d8474 C++: IR data flow through global variables 2022-06-20 15:15:45 -04:00
Geoffrey White
3dddc560a1 C++: Add LSParser specific transformer. 2022-05-11 11:02:01 +01:00
Geoffrey White
e3be7749ea C++: Repair the LSParser sinks. 2022-05-11 11:02:01 +01:00
Geoffrey White
8852043558 C++: Additional test cases. 2022-05-11 11:01:26 +01:00
Geoffrey White
6b5a1921dd C++: Support the SAX2XMLReader interface. 2022-05-05 16:35:21 +01:00
Geoffrey White
c4bc7050a9 C++: Additional test cases. 2022-05-05 16:26:09 +01:00
Geoffrey White
5aa862acfd C++: Fixup after merge. 2022-05-03 16:12:42 +01:00
Geoffrey White
fd5b4dfff2 Merge branch 'main' into xxe4 2022-05-03 16:08:54 +01:00
Geoffrey White
42a78a27e0 C++: Fixup spacing in tests. 2022-05-03 11:48:03 +01:00
Geoffrey White
9faa825304 C++: Add support for libxml2 in the query. 2022-05-03 11:19:13 +01:00
Geoffrey White
812a24fc18 C++: Add test cases for libxml2. 2022-04-29 13:23:29 +01:00
Geoffrey White
dd258781ed C++: More test cases. 2022-04-29 10:38:31 +01:00
Geoffrey White
1d71f042db C++: Turns out DOMLSParser is not an AbstractDOMParser and works a little differently than I'd thought. 2022-04-29 10:38:31 +01:00
Geoffrey White
c6deddb290 C++: For consistency. 2022-04-29 10:35:34 +01:00
Geoffrey White
4be3161891 C++: Move some stuff from tests3.cpp to common tests.h 2022-04-29 10:35:34 +01:00
Geoffrey White
397efd1648 C++: Split off the createLSParser tests into their own file. 2022-04-29 10:35:33 +01:00
Geoffrey White
b02519bf0b C++: Make the createLSParser test a bit closer to real life. 2022-04-29 10:33:47 +01:00
Geoffrey White
a1542322e2 C++: Add test cases for SAX2XMLReader. 2022-04-29 10:33:46 +01:00