hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
52,226 Commits 1,672 Branches 157 Tags
fec80973a9425632b51a46617b74628677af0da2
Commit Graph

9282 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
2de2887ebb C++: Accept test changes 2022-12-16 13:27:08 +00:00
Mathias Vorreiter Pedersen
4ace171447 C++: Don't track indirection expressions in 'cpp/cleartext-transmission'. Instead, just track the direct expression. 2022-12-16 13:26:53 +00:00
Mathias Vorreiter Pedersen
81de93da2d C++: Accept test changes 2022-12-16 12:58:53 +00:00
Mathias Vorreiter Pedersen
c06f7259cf C++: Make the 'getBufferSize' a lot more like the pre-use-use flow implementation. 2022-12-16 12:58:45 +00:00
Tom Hvitved
e45edcc159 Merge pull request #11674 from hvitved/dataflow/param-context 
Data flow: Track callable in flow-through pruning
 2022-12-16 09:25:15 +01:00
Mathias Vorreiter Pedersen
7d5e215a93 Merge pull request #11600 from geoffw0/offsetrangecheck 
C++: Fix cpp/offset-use-before-range-check performance.
 2022-12-15 16:44:49 +00:00
Geoffrey White
cca0722a2b Merge pull request #11710 from geoffw0/qldocalloc 
C++: Clarify Allocation.qll and Deallocation.qll
 2022-12-15 15:36:48 +00:00
Tom Hvitved
f8571dd0b6 Data flow: Work around functionality-induced misoptimization 2022-12-15 15:29:14 +01:00
Tom Hvitved
6eda042229 Data flow: Sync files 2022-12-15 15:29:13 +01:00
Mathias Vorreiter Pedersen
a36afc6bff C++: Accept more test changes. 2022-12-15 13:29:05 +00:00
Geoffrey White
e7ea0d7ee9 C++: Attempt to clarify the way Allocation.qll and Deallocation.qll should be used. 2022-12-15 13:05:56 +00:00
Jeroen Ketema
ef61d14e9c C++: Add change note 2022-12-15 12:57:13 +01:00
Mathias Vorreiter Pedersen
73b93be313 C++: Prevent non-termination in 'getTypeImpl' when a iterator defines itself as 'value_type'. 2022-12-15 11:55:25 +00:00
Mathias Vorreiter Pedersen
526b913f7d C++: Fix join orders. 2022-12-15 11:55:25 +00:00
Mathias Vorreiter Pedersen
cb47bdd9fd C++: Accept test changes. 2022-12-15 11:55:25 +00:00
Mathias Vorreiter Pedersen
f94ca0e087 C++: Add implicit defs and uses for iterators' underlying containers. 2022-12-15 11:55:21 +00:00
Mathias Vorreiter Pedersen
78b7e12b87 C++: Make 'DefImpl' and 'useImpl' abstract. 2022-12-15 11:54:32 +00:00
Mathias Vorreiter Pedersen
5d417d7a69 C++: Implement an 'Indirection' subtype for iterators. 2022-12-15 11:54:32 +00:00
Mathias Vorreiter Pedersen
ef110e77ff C++: Remove an unnecessary predicate from the 'Indirection' class. 2022-12-15 11:54:32 +00:00
Jeroen Ketema
0b4c4fd580 C++: Simplify deallocation check 2022-12-15 12:46:32 +01:00
Jeroen Ketema
4fb43d56b3 C++: Exclude deallocation functions as scanf result accesses 2022-12-15 09:39:16 +01:00
Jeroen Ketema
31b4dda7bd Merge pull request #11687 from jketema/tainted-path-use-use 
C++: Make `cpp/path-injection` work with use-use dataflow
 2022-12-14 18:06:05 +01:00
turbo
4ec401a3f6 Tag all security queries in supported languages' experimental directories with an experimental tag 2022-12-14 17:15:50 +01:00
Mathias Vorreiter Pedersen
22b04af0fa Merge pull request #11658 from MathiasVP/uncertain-writes 
C++: Flow through uncertain writes
 2022-12-14 15:26:28 +00:00
Jeroen Ketema
bb256514c0 Merge remote-tracking branch 'upstream/main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2022-12-14 15:52:20 +01:00
Erik Krogh Kristensen
7615668f92 Merge pull request #11662 from erik-krogh/c-useInstanceOf 
Swift/C++: Use instanceof in more places
 2022-12-14 14:30:21 +01:00
Jeroen Ketema
c18cfa7a7a C++: Fix itemization in QLDoc 2022-12-14 13:46:07 +01:00
Jeroen Ketema
4075f693bd C++: Make cpp/path-injection work with use-use dataflow 2022-12-14 13:38:55 +01:00
Mathias Vorreiter Pedersen
973aad5c17 Merge pull request #11677 from jketema/argv-flow-source 
C++: Recognize indirect `argv` accesses as flow sources for use-use dataflow
 2022-12-14 12:36:18 +00:00
Henry Mercer
a3933fbf4f Bump minor versions of packs we regularly release 2022-12-13 18:59:24 +00:00
Jeroen Ketema
19fb73ce24 C++: Update tests after frontend changes 2022-12-13 19:52:59 +01:00
Henry Mercer
7167f078be Merge branch 'main' into henrymercer/mergeback-3.8 2022-12-13 18:40:53 +00:00
Jeroen Ketema
628f92a9fb C++: Fix QL-for-QL warnings 2022-12-13 16:24:55 +01:00
Jeroen Ketema
3be0b3e6c7 C++: Recognize indirect argv accesses as flow sources for use-use dataflow 
This fixes the test regression on `cpp/command-line-injection`.
 2022-12-13 16:18:17 +01:00
Jeroen Ketema
b10ed976cc Update cpp/ql/src/Likely Bugs/Memory Management/AllocaInLoop.ql 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2022-12-13 10:57:34 +01:00
Tom Hvitved
cfcb3a60ba C++: Update expected test output 2022-12-13 09:53:01 +01:00
Tom Hvitved
bc58cbec8c C++: Implement ContentApprox 2022-12-13 09:53:01 +01:00
Tom Hvitved
0c2eee2a72 Data flow: Sync files 2022-12-13 09:52:55 +01:00
erik-krogh
92a7e787a8 C: do the minimal change to ValueNumberBound instead 2022-12-12 22:17:50 +01:00
Jeroen Ketema
18dea55071 C++: Fix cpp/alloca-in-loop regressions with use-use dataflow 2022-12-12 19:15:50 +01:00
erik-krogh
698e05f85a Swift/C++: Use instanceof in more places 2022-12-12 16:58:13 +01:00
Mathias Vorreiter Pedersen
a161dddbbf C++: Accept test changes. These happen because these remote flow sources specify that the remote source is both 'isReturnValue' and 'isReturnValueDeref'. 2022-12-12 13:39:09 +00:00
Mathias Vorreiter Pedersen
8722fb2cf5 C++: Accept test changes. 2022-12-12 10:54:40 +00:00
Mathias Vorreiter Pedersen
ad522651ec C++: Flow through uncertain writes. 2022-12-12 10:54:26 +00:00
Mathias Vorreiter Pedersen
2999243e34 C++: Add failing IR dataflow testcase. 2022-12-12 10:42:59 +00:00
Jeroen Ketema
b2091e8632 Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2022-12-12 11:40:36 +01:00
Jeroen Ketema
cb1dacfef1 C++: Fix QL-for-QL warnings 2022-12-12 11:23:29 +01:00
github-actions[bot]
343b7b1c8b Post-release preparation for codeql-cli-2.11.6 2022-12-11 18:15:04 +00:00
Jeroen Ketema
beb66d027e C++: Use FlowSource in cpp/path-injection 2022-12-10 20:27:56 +01:00
Jeroen Ketema
d5acd310ce Merge pull request #11644 from jketema/lower-case-flow-source-description 
C++: Make all flow source descriptions start with a lower case letter
 2022-12-10 20:23:14 +01:00