hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-14 19:44:03 +02:00
Code Issues Packages Projects Releases Wiki Activity
61,398 Commits 1,736 Branches 164 Tags
f26330e6bd53313e7303ae9cd62ac7718e49ec18
Commit Graph

10563 Commits

Author SHA1 Message Date
Benjamin Rodes
f26330e6bd Removing redundant/bad string type check. 2023-12-19 09:41:29 -05:00
Benjamin Rodes
6fb01925d0 Updating test ql file and applying formatting. 2023-12-19 09:39:46 -05:00
Benjamin Rodes
48866e5358 Updates to address PR comments. 2023-12-19 09:33:07 -05:00
Ben Rodes
387eddadad Update cpp/ql/lib/semmle/code/cpp/commons/StringConcatenation.qll 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2023-12-19 08:48:51 -05:00
Ben Rodes
29a0da6cd9 Update cpp/ql/lib/semmle/code/cpp/commons/StringConcatenation.qll 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2023-12-19 08:48:20 -05:00
Ben Rodes
49728571cf Update cpp/ql/lib/semmle/code/cpp/commons/StringConcatenation.qll 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2023-12-19 08:47:58 -05:00
Ben Rodes
66f725dd05 Update cpp/ql/lib/semmle/code/cpp/commons/StringConcatenation.qll 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2023-12-19 08:47:48 -05:00
Benjamin Rodes
94a0420040 Updated getResultExpr to getResultNode. Added strlcat. Added tests. 2023-11-29 16:03:41 -05:00
Benjamin Rodes
4919c4a424 Added StringConcatenation.qll 2023-11-29 13:00:57 -05:00
Mathias Vorreiter Pedersen
1f9e2c71ce Merge pull request #14928 from MathiasVP/surprising-lifetimes-c_str 
C++: Add a new query for calling `c_str` on temporary objects
 2023-11-29 10:15:11 +00:00
Mathias Vorreiter Pedersen
351caaccfe C++: Add GOOD and BAD comments to qhelp examples. 2023-11-29 09:44:54 +00:00
Mathias Vorreiter Pedersen
8afd9288cb Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2023-11-29 09:36:29 +00:00
Jeroen Ketema
28ac46a73f C++: Add change note 2023-11-28 14:57:02 +01:00
Mathias Vorreiter Pedersen
2b36ba33f0 C++: Add support for 'data' in the query. 2023-11-28 12:57:59 +00:00
Mathias Vorreiter Pedersen
7b8d164692 C++: Add more good test cases. 2023-11-28 11:58:33 +00:00
Mathias Vorreiter Pedersen
62c432f3c7 C++: Tabs -> Spaces. 2023-11-28 11:52:17 +00:00
Jeroen Ketema
7dec819151 C++: Expose whether a function was prototyped or not 2023-11-28 10:24:43 +01:00
Mathias Vorreiter Pedersen
ff4c63f696 C++: Add change note. 2023-11-28 09:16:49 +00:00
Mathias Vorreiter Pedersen
e10caa68f6 C++: Add tests. 2023-11-28 09:06:24 +00:00
Mathias Vorreiter Pedersen
e94cde9b4b C++: Move the use-after-free tests to subdirectory. 2023-11-28 09:06:24 +00:00
Mathias Vorreiter Pedersen
71ad7696c3 C++: Add qhelp. 2023-11-28 09:06:24 +00:00
Mathias Vorreiter Pedersen
204acbacc5 C++: Add a new query for detecting calls to 'c_str' on temporary objects. 2023-11-28 09:06:24 +00:00
Mathias Vorreiter Pedersen
22a91d18b8 C++: Make the sequence container classes public. 2023-11-27 21:32:49 +00:00
Mathias Vorreiter Pedersen
73138f1913 C++: No need to exclude ExprNodes as sources now that #14903 is merged. 2023-11-24 16:58:30 +00:00
Mathias Vorreiter Pedersen
e89d8e2967 Merge pull request #14907 from MathiasVP/remove-workaround-in-authentication-bypass 
C++: Remove workaround for negated conditions in `cpp/user-controlled-bypass`
 2023-11-24 16:54:37 +00:00
Jeroen Ketema
ee35bfb290 C++: Do not use isReturnValue in getenv, gets, and fgets models 2023-11-24 16:38:15 +01:00
Mathias Vorreiter Pedersen
a7d820ce62 C++: Remove workaround for negated conditions in 'cpp/user-controlled-bypass'. 2023-11-24 15:17:45 +00:00
Mathias Vorreiter Pedersen
e438671846 Merge pull request #14896 from MathiasVP/no-dtt-in-user-controlled-bypass 
C++: Rewrite `cpp/user-controlled-bypass` away from `DefaultTaintTracking`
 2023-11-24 14:43:10 +00:00
Mathias Vorreiter Pedersen
6b48b3643e Merge branch 'main' into no-dtt-in-user-controlled-bypass 2023-11-24 12:50:45 +00:00
Mathias Vorreiter Pedersen
2681617f28 C++: Undo the workaround in 'cpp/tainted-permissions-check'. 2023-11-24 10:56:11 +00:00
Mathias Vorreiter Pedersen
0c924c2b27 C++: Taint-flow through integer to boolean casts. 2023-11-24 10:55:50 +00:00
Mathias Vorreiter Pedersen
5604fd7d80 C++: Rewrite 'cpp/user-controlled-bypass' away from 'DefaultTaintTracking'. 2023-11-23 17:35:54 +00:00
Mathias Vorreiter Pedersen
97319854e2 C++: Accept test changes. 2023-11-23 16:53:57 +00:00
Mathias Vorreiter Pedersen
6f5cfca84c C++: Sync identical files. 2023-11-23 16:53:57 +00:00
Mathias Vorreiter Pedersen
cc261bfabb C++: Recurse through 'LogicalNotInstruction' in 'getConstantValue'. 2023-11-23 16:53:57 +00:00
Mathias Vorreiter Pedersen
98bf748e64 C++: Accept test changes. 2023-11-23 16:53:57 +00:00
Mathias Vorreiter Pedersen
7364634a6b C++: No need to special-case negations in IRGuards. 2023-11-23 16:53:57 +00:00
Mathias Vorreiter Pedersen
3af3a72161 C++: Don't short-circuit negations in conditions. 2023-11-23 16:53:57 +00:00
Mathias Vorreiter Pedersen
257d94be20 Merge pull request #14886 from jketema/rewrite-tainted-condition 
C++: Rewrite `cpp/tainted-permissions-check` to not use `DefaultTaintTracking`
 2023-11-23 16:18:03 +00:00
Mathias Vorreiter Pedersen
149fb7bbc2 Merge pull request #14881 from MathiasVP/no-dtt-in-user-controlled-null-termination-tainted 
C++: Rewrite `cpp/user-controlled-null-termination-tainted` away from `DefaultTaintTracking`
 2023-11-23 14:41:33 +00:00
Mathias Vorreiter Pedersen
401a378598 C++: Accept test changes. 2023-11-23 14:12:16 +00:00
Mathias Vorreiter Pedersen
b774ae07c8 Update cpp/ql/src/Security/CWE/CWE-170/ImproperNullTerminationTainted.ql 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2023-11-23 14:10:57 +00:00
Jeroen Ketema
7834626e26 C++: Rewrite cpp/tainted-permissions-check to not use DefaultTaintTracking 2023-11-23 14:52:53 +01:00
Jeroen Ketema
257fe1ad6b Merge pull request #14801 from jketema/rewrite-tainted-format-string 
C++: Rewrite `cpp/tainted-format-string` away from `DefaultTaintTracking`
 2023-11-22 17:55:36 +01:00
Jeroen Ketema
1fbe23228e C++: Update test to reflect updated test results 2023-11-22 16:49:13 +01:00
Jeroen Ketema
bb1945f899 C++: Rewrite cpp/tainted-format-string away from DefaultTaintTracking 2023-11-22 16:49:13 +01:00
Mathias Vorreiter Pedersen
640e2f56d5 C++: Accept test changes. 2023-11-22 15:43:24 +00:00
Mathias Vorreiter Pedersen
306440ce6e C++: Convert 'cpp/user-controlled-null-termination-tainted' away from 'DefaultTaintTracking'. 2023-11-22 15:43:24 +00:00
Tom Hvitved
1a6886cf99 SSA: Add locations to ease debugging 2023-11-22 08:37:02 +01:00
Mathias Vorreiter Pedersen
75f860595a Merge pull request #14838 from MathiasVP/no-dtt-in-arithmetic-with-extreme-values 
C++: Convert `cpp/arithmetic-with-extreme-values` away from `DefaultTaintTracking`
 2023-11-20 16:39:58 +00:00