hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-23 02:13:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
49,615 Commits 1,693 Branches 161 Tags
ed75172bdd555587fd9b74ebc812c1c347c51ec1
Commit Graph

453 Commits

Author SHA1 Message Date
Nicky Mouha
ed75172bdd Update IfStatementAdditionOverflow.ql 2023-02-21 18:11:22 -05:00
Nicky Mouha
f577a04eab Update IfStatementAdditionOverflow.ql 2023-02-18 21:34:03 -05:00
Nicky Mouha
5a4a63f8a9 Create IfStatementAdditionOverflow.ql 2023-01-30 18:52:35 -05:00
Pierre
c3116b3f0f Merge branch 'main' into turbo/experimental/combined 2023-01-11 18:02:55 +01:00
Tony Torralba
3fcc99e5cb C++: Remove omittable exists variables 2023-01-10 13:36:01 +01:00
Geoffrey White
3b31da8a62 C++: Update the experimental query as well. 2023-01-05 12:48:17 +00:00
turbo
4ec401a3f6 Tag all security queries in supported languages' experimental directories with an experimental tag 2022-12-14 17:15:50 +01:00
Geoffrey White
2b3ab180fa Merge pull request #10077 from intrigus-lgtm/cpp/wexpand-commmand-injection 
Add query for tainted `wordexp` calls.
 2022-10-17 11:18:38 +01:00
Josh Soref
1f8aaf7e07 spelling: supplemental 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-14 15:08:44 -04:00
Josh Soref
1e34019bf9 spelling: obtain 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-14 15:08:44 -04:00
Josh Soref
0fc69a4d6f spelling: label 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-14 15:08:44 -04:00
Josh Soref
f92d763182 spelling: exception 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-14 15:08:43 -04:00
Josh Soref
ff6ce9c5b4 spelling: description 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-14 15:08:43 -04:00
Josh Soref
413fa3d566 spelling: access 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 19:57:32 -04:00
Josh Soref
86ee8c2d00 spelling: first 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:36 -04:00
Mathias Vorreiter Pedersen
a856bc8678 Merge pull request #10562 from rdmarsh2/rdmarsh2/cpp/field-off-by-one 
C++: prototype for off-by-one in array-typed field
 2022-10-06 11:04:12 +01:00
Mathias Vorreiter Pedersen
32d0b58923 C++: Fix qhelp example. 2022-10-06 10:19:53 +01:00
Robert Marsh
84f9c9b224 C++: query help for ConstantSizeArrayOffByOne.ql 2022-09-30 15:15:24 -04:00
Robert Marsh
159f11cd28 C++: fill in more query metadata 2022-09-30 15:07:08 -04:00
Robert Marsh
8972176242 C++: autoformat 2022-09-30 14:22:33 -04:00
Robert Marsh
8ac8101a75 C++: convert to path-problem 2022-09-30 11:35:02 -04:00
Robert Marsh
423e0bf99a C++: respond to style comments on PR 2022-09-30 11:27:14 -04:00
Mathias Vorreiter Pedersen
b0af4cba30 C++: Fix Code Scanning alert. 2022-09-30 10:05:45 +01:00
Robert Marsh
f17b563692 C++: handle interprocedural flows 
This currently copy-pastes some predicates from InvalidPointerDeref.ql.
Those should be moved to a library file in a followup
 2022-09-29 16:09:48 -04:00
Mathias Vorreiter Pedersen
2a514d60d4 C++: Add 'isBarrierIn' to prevent path duplication. 2022-09-29 19:55:58 +01:00
Mathias Vorreiter Pedersen
d12a76559a C++: Use the new class in 'cpp/invalid-pointer-deref'. 2022-09-29 19:54:03 +01:00
Robert Marsh
447c11cd07 C++: move ConstantSizeArrayOffByOne.ql to CWE-193 2022-09-29 10:56:29 -04:00
Robert Marsh
e46b215c9d C++: fix metadata and result format 2022-09-29 10:53:29 -04:00
Mathias Vorreiter Pedersen
70837dbd93 C++: Use range analysis to properly deduce the initial 'state2' instead of traversing the AST. Also fix state-passing related to negative states. 2022-09-29 13:32:39 +01:00
Mathias Vorreiter Pedersen
4ab676774e C++: Add qhelp to new query. 2022-09-28 15:17:08 +01:00
Mathias Vorreiter Pedersen
769ff5c6f3 C++: Add 'isAdditionalFlowStep' predicates for both configurations in the product dataflow library and use them to fix missing results in the 'cpp/overrun-write' query. 2022-09-28 15:17:04 +01:00
Mathias Vorreiter Pedersen
ccbbb5754e C++: Use range analysis in 'cpp/overrun-write' and accept test changes. 2022-09-28 15:14:29 +01:00
Mathias Vorreiter Pedersen
e4305948ef C++: Fix FP on CWE-193 by blocking flow through back-edges of phi nodes. 2022-09-27 16:28:03 +01:00
Erik Krogh Kristensen
c2b5c39436 Merge pull request #10507 from erik-krogh/cpp-followMsg 
CPP: Make more alert-messages follow the style guide
 2022-09-24 17:26:11 +02:00
Robert Marsh
b93a2b06bf C++: prototype for off-by-one in array-typed field 2022-09-23 14:38:06 -04:00
erik-krogh
96b46de7c8 update alert-messages based on review feedback 2022-09-23 14:53:54 +02:00
Mathias Vorreiter Pedersen
639aaff9c7 C++: Add more metadata. 2022-09-23 13:47:02 +01:00
erik-krogh
40bea78186 remove more instances of the alert-loc being repeated as a link 2022-09-23 14:45:59 +02:00
erik-krogh
a30c38f38c CPP: make more alert messages follow the style-guide 2022-09-23 14:45:59 +02:00
Mathias Vorreiter Pedersen
ce3654c6ec C++: Make ql-for-ql happy. 2022-09-23 13:07:07 +01:00
Mathias Vorreiter Pedersen
162ec2884e C++: Also fix 'OverrunWriteProductFlow.ql' 2022-09-23 12:59:27 +01:00
Mathias Vorreiter Pedersen
8056131901 C++: Autoformat. 2022-09-23 12:26:37 +01:00
Mathias Vorreiter Pedersen
c4afb3a2b5 Merge branch 'main' into further-work-on-buffer-over-queries 2022-09-22 16:35:52 +01:00
Robert Marsh
fcd0bb13b3 C++: add paths to ArrayAccessProductFlow 2022-09-21 12:37:31 -04:00
Mathias Vorreiter Pedersen
02076074ff C++: Add more comments. 2022-09-18 12:48:13 +01:00
Mathias Vorreiter Pedersen
78535dc70b C++: Autoformat. 2022-09-18 12:02:32 +01:00
Mathias Vorreiter Pedersen
dc00643ad1 C++: More QLDoc. 2022-09-16 17:14:29 +01:00
Mathias Vorreiter Pedersen
031f20a0eb C++: Respond to review comments. 2022-09-16 16:19:06 +01:00
Mathias Vorreiter Pedersen
4482669d7e C++: Add a new 'InvalidPointerDeref' query to experimental. 2022-09-15 17:47:15 +01:00
Robert Marsh
ededfaa40b C++: use-use flow in ArrayAccessProductFlow 2022-09-13 09:39:39 +01:00