hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
52,226 Commits 1,672 Branches 157 Tags
fec80973a9425632b51a46617b74628677af0da2
Commit Graph

9282 Commits

Author SHA1 Message Date
github-actions[bot]
5e35785fd0 Post-release preparation for codeql-cli-2.11.5 2022-12-02 11:37:44 +00:00
Mathias Vorreiter Pedersen
43adfe8893 C++: Fix QLDoc. 2022-12-02 11:30:46 +00:00
Mathias Vorreiter Pedersen
cef7224739 C++: Make QL-for-QL happy. 2022-12-02 10:12:25 +00:00
Mathias Vorreiter Pedersen
a245977075 C++: Change iterator models. 2022-12-02 10:11:20 +00:00
Mathias Vorreiter Pedersen
145dea0e9b C++: Introduce a node class that exists before computing SSA. 2022-12-02 10:04:52 +00:00
github-actions[bot]
31ab22e3a0 Release preparation for version 2.11.5 2022-12-01 20:05:14 +00:00
Jeroen Ketema
3dfe18b565 C++: Introduce the coarse upper bound check from default taint tracking 2022-12-01 09:13:48 +01:00
Owen Mansel-Chan
55c4643b20 Dataflow: Sync. 2022-11-30 11:00:07 +00:00
Arthur Baars
cf7ebe2fa8 Merge pull request #11471 from github/rc/3.8 
Merge rc/3.8 into main
 2022-11-29 12:57:34 +01:00
Jeroen Ketema
d3cccca7f1 C++: Filter duplicate (source, sink)-pairs 2022-11-29 11:17:39 +01:00
Jeroen Ketema
378206ae7d C++: Stop taint from flowing to arithmetic types 
These are not likely to give the user much control over what can be accessed.
 2022-11-29 11:15:28 +01:00
Jeroen Ketema
718663415b C++: Stop flow from going through another source 
Without this we get confusing results:
```
    char *userAndFile = argv[2];
    char *fileName = argv[1];
    fopen(fileName, "wb+"); // Both argv[1] and argv[2] marked as source without
                            // this change.
```

While here add some more test cases.
 2022-11-29 10:52:57 +01:00
Jeroen Ketema
63334764d7 C++: Rewrite cpp/path-injection to not use DefaultTaintTracking 2022-11-29 10:52:57 +01:00
Jeroen Ketema
2ef13d1df7 Merge remote-tracking branch 'upstream/main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2022-11-29 10:43:01 +01:00
Tom Hvitved
f3dca95958 Merge pull request #11087 from hvitved/dataflow/summary-ctx 
Data flow: Add summary/return context to pruning stages 2-4
 2022-11-29 10:36:53 +01:00
Felicity Chapman
59b6d657cc Apply suggestions from code review 
Co-authored-by: hubwriter <hubwriter@github.com>
 2022-11-28 15:45:05 +01:00
Felicity Chapman
c451fa8ad4 Update cpp/ql/src/Likely Bugs/RedundantNullCheckSimple.ql 
Co-authored-by: Taus <tausbn@github.com>
 2022-11-28 15:26:24 +01:00
Felicity Chapman
b5f849463b Update QL library references 2022-11-28 15:26:24 +01:00
Felicity Chapman
5f835da838 Update HTML comment in query 2022-11-28 15:25:38 +01:00
Tom Hvitved
cde05e1190 Data flow: Sync files 2022-11-28 12:11:38 +01:00
Jeroen Ketema
53b86fd53b Merge pull request #11428 from jketema/default-taint-tests 
C++: Add more tests that exercise the default taint barrier implementation
 2022-11-25 12:13:18 +01:00
Jeroen Ketema
4607f5990e C++: Add more tests that exercise the default taint barrier implementation 2022-11-25 10:19:45 +01:00
Jeroen Ketema
223eeb6921 C++: Fix upper bound detection in default taint flow 2022-11-24 14:38:36 +01:00
Jeroen Ketema
6fa5fdfeb2 C++: Fix CWE-611 XXE query to work with use-use dataflow - take 2 
This commit ensures stack allocated parsers are also handled.
 2022-11-23 23:59:04 +01:00
Erik Krogh Kristensen
1eec067474 Merge pull request #11294 from erik-krogh/fileDoc 
QL: improve the "this block-comment should have been a QLDoc"-query
 2022-11-23 22:23:36 +01:00
Jeroen Ketema
30bdd25228 C++: Fix CWE-611 XXE query to work with use-use dataflow 2022-11-23 16:14:28 +01:00
Tom Hvitved
8f3731fd42 C#: Split AutobuildOptions into C#/C++ specific classes 2022-11-23 12:57:16 +01:00
Mathias Vorreiter Pedersen
349c5cd800 Merge pull request #11254 from MathiasVP/fix-ssa-flow 
C++: Fix spurious reference flow
 2022-11-23 09:52:28 +00:00
Mathias Vorreiter Pedersen
623372238d C++: Better support for flow-through. 2022-11-22 13:54:44 +00:00
Jeroen Ketema
cfb8f282d1 Merge pull request #11369 from jketema/fun-typo 
C++: Fix typo flagged up by QL-for-QL
 2022-11-22 12:34:54 +01:00
Jeroen Ketema
6a68e7936f C++: Fix typo flagged up by QL-for-QL 2022-11-22 11:53:11 +01:00
Mathias Vorreiter Pedersen
98285393fe Merge pull request #11357 from MathiasVP/ignore-more-instructions 
C++: Ignore more instructions in dataflow
 2022-11-22 10:47:51 +00:00
Jeroen Ketema
4731f9222c Merge remote-tracking branch 'upstream/main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2022-11-22 10:53:24 +01:00
Mathias Vorreiter Pedersen
a2ce51fdf7 C++: Accept test changes. 2022-11-22 09:50:45 +00:00
ihsinme
5ceab40841 Update DivideByZeroUsingReturnValue.ql 2022-11-22 10:11:18 +03:00
Mathias Vorreiter Pedersen
320b5ca01a C++: Ignore more instructions for dataflow. 2022-11-21 21:39:19 +00:00
Mathias Vorreiter Pedersen
fc3d6a1847 Merge branch 'replace-ast-with-ir-use-usedataflow' into fix-ssa-flow 2022-11-21 20:57:24 +00:00
Mathias Vorreiter Pedersen
23d6eb67c3 C++: Fix comment. 2022-11-21 19:26:04 +00:00
Mathias Vorreiter Pedersen
c2ac60fc34 Merge pull request #11311 from MathiasVP/repair-mustflow 
C++: Repair `MustFlow` library for use-use flow
 2022-11-21 19:13:10 +00:00
Mathias Vorreiter Pedersen
d1274e2769 C++: Accept more test changes. 2022-11-21 18:33:14 +00:00
Edoardo Pirovano
6c33ddcd47 Merge pull request #11349 from github/edoardo/2.11.4-mergeback 
Merge `rc/3.8` into `main`
 2022-11-21 18:08:27 +00:00
Mathias Vorreiter Pedersen
231e2a8df3 C++: Reduce fan-in for 'readStep'. 2022-11-21 17:07:29 +00:00
Mathias Vorreiter Pedersen
7e80a57724 C++: Make ql-for-ql happy. 2022-11-21 15:13:19 +00:00
Mathias Vorreiter Pedersen
24542ec84a Merge branch 'main' into replace-ast-with-ir-use-usedataflow 2022-11-21 15:02:28 +00:00
Mathias Vorreiter Pedersen
fcd9dd0be4 Update cpp/ql/lib/change-notes/2022-11-16-must-flow.md 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2022-11-21 14:18:20 +00:00
Jeroen Ketema
78ad9ba60f Merge pull request #11262 from rdmarsh2/rdmarsh2/cpp/deprecate-ast-gvn 
C++: deprecate AST-based GVN
 2022-11-21 13:38:54 +01:00
Jeroen Ketema
752bc2e980 C++: Accept test changes after AST-based GVN deprecation 2022-11-21 11:45:09 +01:00
Mathias Vorreiter Pedersen
d361053e10 Update cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2022-11-21 10:37:03 +00:00
Mathias Vorreiter Pedersen
1e00e15c7b Update cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2022-11-21 10:36:57 +00:00
Jeroen Ketema
ffbe1e065a Merge pull request #11314 from MathiasVP/fix-flow-out-of-const-member-functions 
C++: Fix flow out of const member functions
 2022-11-21 10:36:59 +01:00