hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
50,611 Commits 1,672 Branches 157 Tags
ea4c2e432100cb15e4ad5448d02c36153a6f9f95
Commit Graph

24 Commits

Author SHA1 Message Date
Jeroen Ketema
7549915773 C++: Accept test changes 2022-12-19 12:52:35 +01:00
Jeroen Ketema
ce92ba640a C++: Accept test changes 2022-12-09 23:38:03 +01:00
erik-krogh
33165f4f55 CPP: update expected output 2022-09-23 14:45:59 +02:00
Jeroen Ketema
8b4c42dd07 C++: Add cpp/command-line-injection test using a wrapper macro 2022-03-21 11:19:54 +01:00
Jeroen Ketema
f8198c3123 C++: Use flow states in cpp/command-line-injection 2022-03-18 20:06:45 +01:00
Jeroen Ketema
d37ef1b5ca C++: Add command line injection test that currently results in a false positive 2022-03-18 16:12:09 +01:00
Jeroen Ketema
459870ac1e C++: Add additional command line injection tests 2022-03-18 13:42:27 +01:00
Mathias Vorreiter Pedersen
2cd23e5ee0 Accept test changes. 2021-10-28 12:36:36 +01:00
Mathias Vorreiter Pedersen
cc8b581c06 C++: Accept test changes. 2021-10-01 22:23:17 +02:00
Robert Marsh
6f03c3e252 C++: Accept command injection test changes 
Making the DefaultTaintTracking configurations inactive removed many
unneeded nodes and edges from the PathGraph predicates.
 2021-09-22 14:19:23 -07:00
Robert Marsh
c85cc1455b C++: accept changes to new ExecTainted test 2021-09-15 11:27:13 -07:00
Robert Marsh
509a3493b6 C++: support new subpaths predicate in ExecTainted 2021-09-15 10:55:56 -07:00
Robert Marsh
83cc098412 C++: accept test output 2021-09-15 10:55:55 -07:00
Robert Marsh
37c92178a5 C++: exclude int/string conversion in ExecTainted 2021-09-15 10:55:52 -07:00
Robert Marsh
5e265f45e1 C++: ExecTainted tests for int/string conversions 2021-09-15 10:55:51 -07:00
Robert Marsh
9926892c8a C++: remove debugging predicates 2021-09-15 10:55:51 -07:00
Robert Marsh
9c478c502e C++: add some more tests for ExecTainted 2021-09-15 10:55:50 -07:00
Robert Marsh
6f408f949c C++: Refactor ExecTainted.ql to need concatenation 
This makes ExecTainted report results only when the tainted value does
not become the start of the string which is eventually run as a shell
command. The theory is that those cases are likely to be deliberate, and
part of the expected threat model of the program (e.g. $CC in make).
This lines up better with the results I considered fixable true
positives in LGTM testing
 2021-09-15 10:55:49 -07:00
Robert Marsh
8f4df8603a C++: more tests for command injection 2021-09-15 10:55:49 -07:00
Geoffrey White
d73604d1c5 C++: Fix a few glitches and accept line number changes in expected files. 2021-09-02 17:34:47 +01:00
Geoffrey White
f755659f5d C++: More directory structure consistency / cleanup. 2021-09-02 17:34:47 +01:00
Geoffrey White
fdb4a2acdb C++: Clean up header comments. 2021-09-02 17:34:46 +01:00
Geoffrey White
75d367a6c5 C++: Add ad-hoc SAMATE Juliet test cases (that were previously internal). Directory structures cleaned up in a few places. 2021-09-02 17:34:45 +01:00
Geoffrey White
f034abc275 CPP: Add the Semmle security tests. 2018-11-26 17:52:34 +00:00