codeql

mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00

Author	SHA1	Message	Date
Jeroen Ketema	89cd4790d5	Merge pull request #11610 from jketema/scanf C++: Model `scanf` and `fscanf` as flow sources	2022-12-08 19:14:39 +01:00
Geoffrey White	f373b7fe7c	Merge pull request #11596 from geoffw0/cleartextbufferwrite C++: Performance fix for cpp/cleartext-storage-buffer	2022-12-08 17:18:10 +00:00
Robert Marsh	f235b991db	Merge pull request #11374 from MathiasVP/indirect-outnodes-are-post-update-nodes C++: Field flow through reference-returning functions	2022-12-08 10:46:19 -05:00
Jeroen Ketema	8f9a73ee09	C++: Address review comments	2022-12-08 16:14:12 +01:00
Jeroen Ketema	33fa76f911	C++: Add change note	2022-12-08 15:22:42 +01:00
Jeroen Ketema	b216c79992	C++: Accept test changes	2022-12-08 15:22:41 +01:00
Jeroen Ketema	f35b7f8fe8	C++: Model `scanf` and `fscanf` as flow sources	2022-12-08 15:22:41 +01:00
Mathias Vorreiter Pedersen	f814ce7f10	Merge branch 'mathiasvp/replace-ast-with-ir-use-usedataflow' into refactor-isdef-isuse	2022-12-08 13:25:20 +00:00
Mathias Vorreiter Pedersen	0a1097d735	C++: Accept test changes to 'sources-and-sinks.cpp'.	2022-12-08 13:17:35 +00:00
Mathias Vorreiter Pedersen	4fd6ac5657	Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow	2022-12-08 13:10:18 +00:00
Mathias Vorreiter Pedersen	6897b20722	Merge pull request #11601 from MathiasVP/keep-std-string-iterator	2022-12-08 12:59:33 +00:00
Mathias Vorreiter Pedersen	36d0903733	C++: Simplify 'getSourceVariable'.	2022-12-08 12:29:15 +00:00
Chris Smowton	49bc524fd0	Merge remote-tracking branch 'origin/rc/3.8' into smowton/admin/merge-rc38-into-main	2022-12-08 11:12:30 +00:00
Jeroen Ketema	a6bc9fd10f	Merge pull request #11591 from jketema/getenv C++: Model `secure_getenv` and `_wgetenv` as local flow sources	2022-12-08 10:44:28 +01:00
Jeroen Ketema	fc49ede33d	C++: Add change note	2022-12-08 09:44:23 +01:00
Jeroen Ketema	a2dac3a41e	C++: Move remote flow sink test and also handle local and remote sinks	2022-12-08 09:36:19 +01:00
Mathias Vorreiter Pedersen	9f85175ee1	C++: Fix blowup in 'stripPointer'.	2022-12-07 22:35:37 +00:00
Mathias Vorreiter Pedersen	5ae3228928	C++: Fix TODO.	2022-12-07 22:34:10 +00:00
Mathias Vorreiter Pedersen	68f0997d87	C++: Generalize loads and stores.	2022-12-07 22:34:10 +00:00
Mathias Vorreiter Pedersen	589f7bdbcc	C++: Introduce BaseSourceVariableInstruction.	2022-12-07 22:34:03 +00:00
Mathias Vorreiter Pedersen	54c12cd715	C++: Reintroduce 'StdBasicStringIterator'.	2022-12-07 18:21:52 +00:00
Geoffrey White	1d4631e231	C++: Better solution.	2022-12-07 18:00:38 +00:00
Geoffrey White	627162b343	C++: Fix cpp/offset-use-before-range-check performance.	2022-12-07 17:32:36 +00:00
Geoffrey White	a8b8b54f8d	Update cpp/ql/src/Security/CWE/CWE-311/CleartextBufferWrite.ql Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>	2022-12-07 16:44:33 +00:00
Geoffrey White	4b8575bfc3	C++: Simplify the query slightly.	2022-12-07 15:35:45 +00:00
Geoffrey White	b3d838d678	C++: Define the sources more clearly and consistently (fixes performance issue).	2022-12-07 14:45:39 +00:00
Jeroen Ketema	01d8ad98f6	C++: Model `secure_getenv` and `_wgetenv` as local flow sources	2022-12-07 13:37:12 +01:00
Jeroen Ketema	b5147bbfb0	C++: Deprecate `DefaultTaintTracking` and `TaintTrackingImpl`	2022-12-06 17:45:16 +01:00
Mathias Vorreiter Pedersen	2c500142c7	Merge pull request #11435 from jketema/rewrite-tainted-path C++: Rewrite `cpp/path-injection` to not use `DefaultTaintTracking`	2022-12-06 14:54:57 +00:00
Mathias Vorreiter Pedersen	e71fbb1def	Merge pull request #11541 from MathiasVP/add-node0 C++: Introduce a pre-SSA `DataFlow::Node` class	2022-12-06 13:28:39 +00:00
Jeroen Ketema	995efef5da	C++: Add explanatory comment to `hasFilteredFlowPath`	2022-12-06 09:03:21 +01:00
Jeroen Ketema	5637d573c1	C++: Add test case that is no longer detected after latest changes	2022-12-06 08:31:22 +01:00
Jeroen Ketema	6dbc59d5b5	C++: Simplify `isSink` based on reviewer comments	2022-12-05 23:23:08 +01:00
Tom Hvitved	7972db68bc	C++: Update expected test output	2022-12-05 17:07:32 +01:00
Tom Hvitved	52f3a48638	Data flow: Sync files	2022-12-05 12:57:27 +01:00
Mathias Vorreiter Pedersen	c563ed3635	Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow	2022-12-05 10:27:55 +00:00
github-actions[bot]	5e35785fd0	Post-release preparation for codeql-cli-2.11.5	2022-12-02 11:37:44 +00:00
Mathias Vorreiter Pedersen	43adfe8893	C++: Fix QLDoc.	2022-12-02 11:30:46 +00:00
Mathias Vorreiter Pedersen	cef7224739	C++: Make QL-for-QL happy.	2022-12-02 10:12:25 +00:00
Mathias Vorreiter Pedersen	a245977075	C++: Change iterator models.	2022-12-02 10:11:20 +00:00
Mathias Vorreiter Pedersen	145dea0e9b	C++: Introduce a node class that exists before computing SSA.	2022-12-02 10:04:52 +00:00
github-actions[bot]	31ab22e3a0	Release preparation for version 2.11.5	2022-12-01 20:05:14 +00:00
Jeroen Ketema	3dfe18b565	C++: Introduce the coarse upper bound check from default taint tracking	2022-12-01 09:13:48 +01:00
Owen Mansel-Chan	55c4643b20	Dataflow: Sync.	2022-11-30 11:00:07 +00:00
Arthur Baars	cf7ebe2fa8	Merge pull request #11471 from github/rc/3.8 Merge rc/3.8 into main	2022-11-29 12:57:34 +01:00
Jeroen Ketema	d3cccca7f1	C++: Filter duplicate (source, sink)-pairs	2022-11-29 11:17:39 +01:00
Jeroen Ketema	378206ae7d	C++: Stop taint from flowing to arithmetic types These are not likely to give the user much control over what can be accessed.	2022-11-29 11:15:28 +01:00
Jeroen Ketema	718663415b	C++: Stop flow from going through another source Without this we get confusing results: ``` char userAndFile = argv[2]; char fileName = argv[1]; fopen(fileName, "wb+"); // Both argv[1] and argv[2] marked as source without // this change. ``` While here add some more test cases.	2022-11-29 10:52:57 +01:00
Jeroen Ketema	63334764d7	C++: Rewrite `cpp/path-injection` to not use `DefaultTaintTracking`	2022-11-29 10:52:57 +01:00
Jeroen Ketema	2ef13d1df7	Merge remote-tracking branch 'upstream/main' into mathiasvp/replace-ast-with-ir-use-usedataflow	2022-11-29 10:43:01 +01:00

... 24 25 26 27 28 ...

9968 Commits