hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-05 15:16:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
51,797 Commits 1,700 Branches 161 Tags
codeql-cli/v2.12.5
Commit Graph

51797 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Max Schaefer
db4e6789bb Address doc review comment. 
Co-Authored-By: Shati Patel <shati@semmle.com>
 2019-11-25 10:44:41 +00:00
Tom Hvitved
a26efdf4c1 Java/C++/C#: Rename DataFlowErasedType back to DataFlowType 2019-11-25 11:43:58 +01:00
Jonas Jensen
5ee19c5a66 C++: Stricter loop-variant check 
The `loopVariant` predicate in `ComparisonWithWiderType.ql` is intended
to identify loop counters, but it was too much of a stretch to apply it
to any subexpression of the small side of the comparison.

This change fixes two false positives on arvidn/libtorrent and many
others seen in the wild (on Linux, CoreCLR, ffmpeg, ...).
 2019-11-25 11:31:41 +01:00
Erik Krogh Kristensen
c7235bb372 add sources and sinks for typeahead.js 2019-11-25 10:46:54 +01:00
Max Schaefer
e16a81cba9 Apply review suggestions. 2019-11-25 09:15:57 +00:00
Max Schaefer
cdb843516a Introduce DataFlow::Node.getBasicBlock() and use it. 2019-11-25 09:14:15 +00:00
Jonas Jensen
8f3998915b Merge pull request #2376 from geoffw0/qhelpms2 
CPP: Recommendations and examples for TlsSettingsMisconfiguration.qhelp and UseOfDeprecatedHardCodedProtocol.qhelp
 2019-11-25 08:17:32 +01:00
Rebecca Valentine
a8204385c3 Adds fix for __init_subclass__ bug. (#2390) 
* Adds fix for __init_subclass__ bug.

* Adds test case.

* Move test on name.

I think it makes more sense here, alongside the other "special" method names.
 2019-11-24 12:18:17 +01:00
Dave Bartolomeo
eda47bfc51 C++: Add SSA sanity tests to IR tests 2019-11-22 16:10:51 -07:00
Dave Bartolomeo
bd78f68975 C++/C#: Fix formatting 2019-11-22 16:08:49 -07:00
Raul Garcia (MSFT)
908d789f1b Merge branch 'master' of https://github.com/semmle/ql 2019-11-22 13:25:22 -08:00
Max Schaefer
1ff032d11e Add new query ConstantLengthComparison. 2019-11-22 20:55:14 +00:00
Dave Bartolomeo
df21835759 C++/C#: Refactor some integer constant code 
Make `bitsToBytesAndBits` omit the leftover bits if zero.
 2019-11-22 13:23:00 -07:00
Dave Bartolomeo
51ff262cbc C++/C#: Add IR SSA sanity tests 2019-11-22 13:16:05 -07:00
Dave Bartolomeo
bc48c25690 C++/C#: Make IRVariable and its derived classes non-abstract 2019-11-22 12:13:39 -07:00
Dave Bartolomeo
12daa76b70 C++: Make duplicateOperand query report function name 2019-11-22 11:00:01 -07:00
Max Schaefer
26a656b838 Merge pull request #189 from sauyon/use-taint-split 
Use split taint predicates to emulate taint
 2019-11-22 17:51:09 +00:00
Sauyon Lee
50b48e1c9e Merge pull request #191 from max/isEmptyInterfaceNoInline 
Mark `isEmptyInterface` as `noinline`.
 2019-11-22 09:45:06 -08:00
Geoffrey White
cdbe920067 CPP: Remove second overview paragraph. 2019-11-22 16:22:08 +00:00
Geoffrey White
5a346c357b Update cpp/ql/src/Likely Bugs/Protocols/UseOfDeprecatedHardcodedProtocolGood.cpp 
Co-Authored-By: Jonas Jensen <jbj@github.com>
 2019-11-22 16:21:24 +00:00
Geoffrey White
0c07fa44a1 Update cpp/ql/src/Likely Bugs/Protocols/UseOfDeprecatedHardcodedProtocol.qhelp 
Co-Authored-By: Alistair <54933897+hubwriter@users.noreply.github.com>
 2019-11-22 16:21:05 +00:00
Geoffrey White
ac1010872b Update cpp/ql/src/Likely Bugs/Protocols/UseOfDeprecatedHardcodedProtocol.qhelp 
Co-Authored-By: Alistair <54933897+hubwriter@users.noreply.github.com>
 2019-11-22 16:20:54 +00:00
Geoffrey White
e274e01432 CPP: More consistency. 2019-11-22 16:08:00 +00:00
Geoffrey White
d4f75c1c2a CPP: Consistency. 2019-11-22 16:07:59 +00:00
Geoffrey White
384cf4b233 CPP: Recommendation and example for UseOfDeprecatedHardcodedProtocol.qhelp. 2019-11-22 16:07:59 +00:00
Geoffrey White
8fc59ebac4 CPP: I believe these BUG labels were incorrect. 2019-11-22 16:07:59 +00:00
Geoffrey White
21d8264d80 CPP: Fix typo. 2019-11-22 16:07:59 +00:00
Geoffrey White
a1b603e73c CPP: Add the examples to the test. 2019-11-22 16:07:59 +00:00
Geoffrey White
3cd545d186 CPP: Recommendation and example for TlsSettingsMisconfiguration.qhelp. 2019-11-22 16:07:59 +00:00
Geoffrey White
794a3deba9 CPP: Break up a long sentence in query description. 2019-11-22 16:07:59 +00:00
Taus Brock-Nannestad
67647bda66 Python: Fix false positive for py/use-of-input. 
Fixes #1969.

The points-to analysis does not know that the assignment `input = raw_input`
cannot fail under Python 2, and so there are two possible values that `input`
could point-to after exiting the exception handler: the built-in `input`, or the
built-in `raw_input`. In the latter case we do not want to report the alert, and
so adding a check that the given function does not point-to the built-in
`raw_input` suffices.
 2019-11-22 16:46:20 +01:00
Geoffrey White
6fc415485b CPP: Autoformat. 2019-11-22 15:34:51 +00:00
Geoffrey White
c73d3ebbb6 CPP: Pre-autoformat. 2019-11-22 15:34:50 +00:00
Geoffrey White
1d233f2f9e CPP: Change notes for the queries. 2019-11-22 15:27:08 +00:00
Geoffrey White
62008597d4 CPP: Change notes for the library. 2019-11-22 15:27:08 +00:00
Geoffrey White
3895a7e1f0 CPP: Queries: Improve NoSpaceForZeroTerminator query. 2019-11-22 15:27:08 +00:00
Geoffrey White
3c9432d7b7 CPP: Queries: Improve OverflowCalculated query. 2019-11-22 15:19:00 +00:00
Geoffrey White
1e7bd9e987 CPP: Queries: Similar dataflow simplification in OverflowCalculated.ql to that made recently in NoSpaceForZeroTerminator.ql. 2019-11-22 15:19:00 +00:00
Geoffrey White
1fa30306dc CPP: Libraries: Separate deallocation libraries. 2019-11-22 15:18:59 +00:00
Geoffrey White
a51da53013 CPP: Libraries: Split into interface and implementation. 2019-11-22 15:18:59 +00:00
Geoffrey White
356356f71b CPP: Libraries: Overridable classes. 2019-11-22 15:18:59 +00:00
Geoffrey White
0d01ea66c6 CPP: Libraries: Move interfaces into the models directory. 2019-11-22 15:18:59 +00:00
Geoffrey White
64ed97b584 CPP: Libraries: Add FreeFunction and DeallocationExpr to malloc.qll. 2019-11-22 15:18:59 +00:00
Geoffrey White
5dab91cb51 CPP: Libraries: Update uses of the Alloc.qll library. 2019-11-22 15:18:59 +00:00
Geoffrey White
376ef2fc8e CPP: Libraries: Add MallocFunction and AllocationExpr to malloc.qll. 2019-11-22 15:18:59 +00:00
Geoffrey White
5f798314d1 CPP: Tests: NoSpaceForZeroTerminator test cases for calloc and realloc. 2019-11-22 15:18:59 +00:00
Geoffrey White
a2c0532a84 CPP: Tests: CWE-120 test cases for calloc, realloc and new. 2019-11-22 15:16:32 +00:00
Geoffrey White
d67ea4d768 CPP: Tests: AV Rule 79 test cases for calloc, realloc and new. 2019-11-22 15:16:32 +00:00
Geoffrey White
7190dd2ef4 CPP: Tests: Rearrange a test prior to changes. 2019-11-22 15:16:32 +00:00
Geoffrey White
5014432472 CPP: Tests: Add a test of NewArrayExpr.getAllocatedType() and NewArrayExpr.getExtent(). 2019-11-22 15:16:32 +00:00