hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-07 08:06:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,840 Commits 1,703 Branches 162 Tags
eb93e8ed41c0eecd166cc228bd5e2248bbacfdf9
Commit Graph

7115 Commits

Author SHA1 Message Date
Nora Dimitrijević
a0975e7e19 Constrain location overrides to actual sources/sinks 2025-10-28 09:42:20 +01:00
Nora Dimitrijević
96e1536769 C++/SqlTainted 2025-10-28 09:42:17 +01:00
Nora Dimitrijević
ec63547925 C++/UseOfHttp 2025-10-28 09:42:03 +01:00
Nora Dimitrijević
a65d4d5997 C++/TaintedAllocationSize 2025-10-28 09:42:01 +01:00
Nora Dimitrijević
f3d51e0151 C++/ArithmeticUncontrolled 2025-10-28 09:41:57 +01:00
Nora Dimitrijević
1321cbb021 C++/DecompressionBombs 2025-10-28 09:41:55 +01:00
Nora Dimitrijević
bbe2bf2b7f C++/CleartextTransmission 2025-10-28 09:41:52 +01:00
Nora Dimitrijević
b0180409f4 C++/CleartextFileWrite 2025-10-28 09:41:49 +01:00
Nora Dimitrijević
d89aa0f19d C++/CleartextBufferWrite 2025-10-28 09:41:46 +01:00
Nora Dimitrijević
17b261a506 C++/AuthenticationBypass 2025-10-28 09:41:43 +01:00
Nora Dimitrijević
0ed27f4e81 C++/CleartextSqliteDatabase 2025-10-28 09:41:40 +01:00
Nora Dimitrijević
f7a1a4cf75 C++/NonConstantFormat 2025-10-28 09:41:38 +01:00
Nora Dimitrijević
2756e8255f C++/UnboundedWrite 2025-10-28 09:41:35 +01:00
Nora Dimitrijević
a4ac0392a6 C++/OverflowDestination 2025-10-28 09:41:32 +01:00
Nora Dimitrijević
65d79ff6fc C++/ExecTainted 2025-10-28 09:41:29 +01:00
Nora Dimitrijević
464f6cb096 C++/ConstantSizeArrayOffByOne 2025-10-28 09:41:26 +01:00
Nora Dimitrijević
ad31f1ab6d C++/WordexpTainted 
Same file usees source and sink as endpoints
 2025-10-28 09:39:19 +01:00
Owen Mansel-Chan
66f95bcbcd Merge pull request #20603 from owen-mc/update-broken-algo-qhelp 
Many languages: Update broken algo qhelp
 2025-10-17 12:30:43 +01:00
github-actions[bot]
6dd07790ac Post-release preparation for codeql-cli-2.23.3 2025-10-14 11:16:33 +00:00
github-actions[bot]
33542f7d40 Release preparation for version 2.23.3 2025-10-14 09:30:24 +00:00
Owen Mansel-Chan
0bcdb91639 Improve qhelp for broken crypto algo queries 
Previously it focussed too much on the risk of data being decrypted,
and didn't explain why using weak algorithms is a problem in other
contexts.
 2025-10-08 14:10:54 +01:00
Mathias Vorreiter Pedersen
b0e9238ddf Merge branch 'main' into use-shared-guards-library 2025-10-01 11:59:17 +01:00
github-actions[bot]
a7a4e43991 Post-release preparation for codeql-cli-2.23.2 2025-09-29 15:10:19 +00:00
github-actions[bot]
d2130a589b Release preparation for version 2.23.2 2025-09-29 10:28:45 +00:00
Mathias Vorreiter Pedersen
d8f34dba17 C++: Do not use the deprecated predicate in queries. 2025-09-18 12:16:23 +01:00
Mathias Vorreiter Pedersen
5e82eb9b24 C++: Fixup queries which assumes that a guard is always an expression. 2025-09-18 12:16:21 +01:00
github-actions[bot]
4e8343664f Post-release preparation for codeql-cli-2.23.1 2025-09-17 10:13:40 +00:00
github-actions[bot]
02a1b1efcb Release preparation for version 2.23.1 2025-09-16 14:14:42 +00:00
Mathias Vorreiter Pedersen
a4c845c418 C++: Fix barrier in 'cpp/unbounded-write'. 2025-09-15 16:34:05 +01:00
Ian Lynagh
050a9e155f C++: Add changenote for changes to some queries 
Queries affected:
    cpp/wrong-type-format-argument
    cpp/comparison-with-wider-type
    cpp/integer-multiplication-cast-to-long
    cpp/implicit-function-declaration
    cpp/suspicious-add-sizeof
 2025-09-11 15:56:41 +01:00
Ian Lynagh
b3f4c68a1d C++: Remove the BMN filter from some queries, but reduce precision to medium 
Remove the `not any(Compilation c).buildModeNone() and` clause from:
    cpp/wrong-type-format-argument
    cpp/comparison-with-wider-type
    cpp/integer-multiplication-cast-to-long
    cpp/implicit-function-declaration
    cpp/suspicious-add-sizeof
but reduce their precision to `medium`.
 2025-09-11 13:32:11 +01:00
Mathias Vorreiter Pedersen
72d7223fd0 C++: Small drive by cleanup. Delete unnecessary nested 'exists'. 2025-09-10 12:35:59 +01:00
Mathias Vorreiter Pedersen
d097946e1f C++: No need for this additional case. 2025-09-10 12:35:24 +01:00
Mathias Vorreiter Pedersen
a81989d2d8 C++: Simplify the 'SSLResultNotChecked' query. 2025-09-08 12:28:28 +01:00
Michael Nebel
61e8ad264f C++: Address review comments. 2025-09-04 12:52:46 +02:00
Michael Nebel
83d53baf82 C++: Fix some Ql4Ql violations. 2025-09-03 08:19:18 +02:00
github-actions[bot]
e8a2600a0c Post-release preparation for codeql-cli-2.23.0 2025-09-02 11:46:23 +00:00
github-actions[bot]
0bfa93828b Release preparation for version 2.23.0 2025-09-02 11:09:32 +00:00
Jeroen Ketema
75786e9a71 C++: Revert changes to cpp/constant-array-overflow 
It is not clear that this does what we want here, and the query is severly
broken in any case.
 2025-08-26 10:43:54 +02:00
Jeroen Ketema
a104600d4d Merge branch 'main' into cpp/use-flow-state-inout-barriers 2025-08-25 17:04:30 +02:00
Chris Smowton
1829060fab Merge remote-tracking branch 'origin/main' into smowton/admin/merge-rc319-into-main 2025-08-21 16:33:37 +01:00
Kristen Newbury
854a5b5871 Add changenotes customizations addition 2025-08-20 13:18:17 -04:00
github-actions[bot]
42e3d31c49 Post-release preparation for codeql-cli-2.22.4 2025-08-18 14:42:42 +00:00
github-actions[bot]
90d29994c8 Release preparation for version 2.22.4 2025-08-18 14:06:09 +00:00
Ian Lynagh
fd020b52e4 Merge pull request #20232 from igfoo/igfoo/SloppyGlobal 
C++: SloppyGlobal: Don't alert on template instantiations, only the template
 2025-08-18 11:39:30 +01:00
Ian Lynagh
0870cc370b C++: Add a changenote for the change to cpp/short-global-name 2025-08-15 12:09:37 +01:00
Ian Lynagh
4b786061d6 C++: SloppyGlobal: Don't alert on template instantiations, only the template 2025-08-15 11:23:48 +01:00
Nora Dimitrijević
89788206d1 [DIFF-INFORMED] C++: TypeConfusion 2025-08-15 12:01:30 +02:00
Nora Dimitrijević
5b9e37cd8f [DIFF-INFORMED] C++: TaintedCondition 2025-08-15 12:01:28 +02:00
Nora Dimitrijević
0c636dd400 [DIFF-INFORMED] C++: UnsafeDaclSecurityDescriptor 2025-08-15 12:01:25 +02:00