hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
65,003 Commits 1,673 Branches 157 Tags
fc55567d908193ebbc9f1b402b13fb16343fd26a
Commit Graph

6504 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
b944f3b411 C++: Fix FP. 2024-03-18 15:57:20 +00:00
Mathias Vorreiter Pedersen
7b6accd33a Update cpp/ql/src/experimental/Security/CWE/CWE-416/IteratorToExpiredContainer.ql 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2024-03-18 12:01:51 +00:00
Mathias Vorreiter Pedersen
457d71d7bc Update cpp/ql/src/experimental/Security/CWE/CWE-416/IteratorToExpiredContainer.ql 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2024-03-18 12:01:44 +00:00
Mathias Vorreiter Pedersen
a8718f99a1 C++: Add qhelp for 'cpp/iterator-to-expired-container'. 2024-03-15 17:35:47 +00:00
Mathias Vorreiter Pedersen
23cf99734a C++: Add a new experimental query ' cpp/iterator-to-expired-container'. 2024-03-15 14:29:29 +00:00
Mathias Vorreiter Pedersen
2fc0922b29 Merge branch 'main' into bring-back-type-barriers-in-non-constant-format 2024-03-13 22:46:35 +00:00
Mathias Vorreiter Pedersen
61597f5ac7 C++: This commit does two things: 
1. It fixes a logic error in the cannotContainString predicate.
2. It reverts the changes to the `isSource` predicate that required the external
function to be within the source root.

The change to `isSource` was meant to fix the a performance problem that occurred
because of the logic error in the cannotContainString predicate. However, now that
the logic error is fixed this is no longer necessary 🎉
 2024-03-13 22:40:06 +00:00
Mathias Vorreiter Pedersen
465c3c18e3 C++: Add change note. 2024-03-13 11:49:26 +00:00
Mathias Vorreiter Pedersen
51f5740707 C++: Exclude functions that aren't declared inside the source root. This fixes performance on ImageMagick. 2024-03-12 14:20:16 +00:00
Mathias Vorreiter Pedersen
6a563c161e C++: Simplify the definition of 'isNonConst'. On ImageMagick I get the same exact sources before and after. 2024-03-12 14:20:09 +00:00
Mathias Vorreiter Pedersen
179a7d500e C++: Handle 'wchar_t' types that may be defined as unsigned short in C. This brings back SAMATE results. 2024-03-12 14:19:48 +00:00
Mathias Vorreiter Pedersen
9854ed4b89 C++: Delete comment. 2024-03-11 18:54:53 +00:00
Mathias Vorreiter Pedersen
2345907a52 C++: Reintroduce the 'cannotContainString' optimization that was removed in #15516. 2024-03-11 18:49:03 +00:00
Mathias Vorreiter Pedersen
f97b6e2848 C++: Stop conflating pointers and indirections in the query. 2024-03-11 18:48:19 +00:00
Mathias Vorreiter Pedersen
32e532ff3c C++: Some cleanup to avoid conflating the case of a function returning something as a return value, and a function updating one of its arguments. 2024-03-11 18:42:42 +00:00
Mathias Vorreiter Pedersen
7b0df57d7a C++: Remove the two configurations that depend on flow state to speed up performance on ChakraCore. 2024-03-11 13:56:22 +00:00
Mathias Vorreiter Pedersen
761f6d3a7e C++: Disable field flow from the 'cpp/type-confusion' query to fix performance on ChakraCore. 2024-03-07 15:24:04 -08:00
Mathias Vorreiter Pedersen
4f9bdca4f0 C++: Optimize. 2024-03-07 13:08:26 -08:00
Mathias Vorreiter Pedersen
cedbfbe7ea C++: Use a more generous definition of compatible types. 2024-03-07 10:50:20 -08:00
Mathias Vorreiter Pedersen
9e77b89885 Update TypeConfusion.qhelp 
Co-authored-by: hubwriter <hubwriter@github.com>
 2024-03-07 08:33:49 -08:00
Mathias Vorreiter Pedersen
b876117ecc C++: Add more QLDoc. 2024-03-06 22:25:04 -08:00
Mathias Vorreiter Pedersen
3295d5cb9f C++: Add more QLDoc. 2024-03-06 21:17:57 -08:00
Mathias Vorreiter Pedersen
cd57cd0d8a C++: Add qhelp reference. 2024-03-06 21:15:27 -08:00
Mathias Vorreiter Pedersen
6dc0fa515d C++: Add change note. 2024-03-06 21:11:36 -08:00
Mathias Vorreiter Pedersen
8ae6fa5366 C++: Add a new query 'cpp/type-confusion' for detecting type confusion vulnerabilities. 2024-03-06 21:11:32 -08:00
Mathias Vorreiter Pedersen
4e913592fa Merge branch 'main' into cpp-non-constant-format-as-path-query 2024-03-01 09:26:00 +00:00
Mathias Vorreiter Pedersen
1466f11a92 C++: Add change note. 2024-02-29 18:39:59 +00:00
Mathias Vorreiter Pedersen
0bf29f0a62 Merge branch 'main' into model-experiments 2024-02-22 15:05:53 +00:00
Ben Rodes
47f94e2ebe Merge branch 'main' into cpp-non-constant-format-as-path-query 2024-02-22 06:24:18 -08:00
Benjamin Rodes
8d35db0fe6 Making argv filter positional. 2024-02-21 12:25:35 -05:00
github-actions[bot]
37f8fa3413 Post-release preparation for codeql-cli-2.16.3 2024-02-20 16:50:47 +00:00
github-actions[bot]
6d061fbc35 Release preparation for version 2.16.3 2024-02-20 14:26:23 +00:00
Mathias Vorreiter Pedersen
b927968e88 Merge pull request #15516 from microsoft/51-2cppnon-constant-format-alter-not-const-source 
C++: Change sources in `NonConstantFormat.ql`
 2024-02-17 00:01:58 +01:00
Benjamin Rodes
639642fb67 Formatting. 2024-02-16 11:19:02 -05:00
Benjamin Rodes
0410ed734b Adding exclusion for main's argv (I believe this and other changes were accidentally removed in prior merge with other non-const branches) 2024-02-16 11:18:06 -05:00
Benjamin Rodes
9f3dd6300f Fixing query to use path graph. 2024-02-16 11:11:48 -05:00
Benjamin Rodes
aa7c677e13 Merge branch '51-2cppnon-constant-format-alter-not-const-source' into cpp-non-constant-format-as-path-query 
# Conflicts:
#	cpp/ql/src/Likely Bugs/Format/NonConstantFormat.ql
 2024-02-16 10:49:05 -05:00
Benjamin Rodes
c38376a264 Merge branch '51-2cppnon-constant-format-alter-not-const-source' of https://github.com/microsoft/codeql into 51-2cppnon-constant-format-alter-not-const-source 2024-02-16 10:42:04 -05:00
Mathias Vorreiter Pedersen
096073d295 C++: Add change note. 2024-02-16 16:29:34 +01:00
Benjamin Rodes
93f2e856af Formatting update. 2024-02-16 10:28:14 -05:00
Benjamin Rodes
4a9b2d5027 Comment change. 2024-02-16 10:18:07 -05:00
Benjamin Rodes
5b0a3dcdbe Accidental removal of an and. 2024-02-16 10:15:21 -05:00
Benjamin Rodes
95ebbb1bbd Ql alterations for cleanup as part of merge suggestions. 2024-02-16 10:13:50 -05:00
Ben Rodes
1fb7f089ca Update cpp/ql/src/Likely Bugs/Format/NonConstantFormat.ql 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2024-02-16 10:06:34 -05:00
Mathias Vorreiter Pedersen
497592a4d4 C++: Add change note. 2024-02-16 13:36:25 +01:00
Benjamin Rodes
d6b0746b30 The non-constant format query is now a path query. Minor changes to the output alert to be more precise on what is being alerted. Minor changes to the query itself to avoid redundancies with argv. 2024-02-15 12:14:52 -05:00
Benjamin Rodes
caf2ee27fa Adding false negative tests for future work. 2024-02-15 09:43:26 -05:00
Benjamin Rodes
5c508553f3 Efficiency improvement (force a better join order) 2024-02-13 09:42:08 -08:00
Benjamin Rodes
091416131b Removing 'const' specifier filtering after discussions with the team. We will test if this causes undesirable cases in DCA and then choose which approach is best. 2024-02-12 09:38:00 -05:00
Benjamin Rodes
d4bc2ceb37 Minor efficiency improvements and comments. 2024-02-08 10:11:50 -05:00