hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-23 04:06:37 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
b51c85597b942ed2f2ea1828d4cce3fe53e7eeee
codeql/cpp/ql/test/query-tests/Security/CWE
History
Paolo Tranquilli c117a1e21f C++: demote VeryLikelyOverrunWrite cast results 
There were some false positives where something like

    int x;
    // ...
    sprintf(buff, "%ld", (long)x);

was considered as if the parameter had a non-trivial range analysis only
because the range of `int` is smaller than the range for `long`, without
any non-trivial range analysis actually done on `x`.

These will now be reported by `OverrunWrite` instead.
2022-01-13 11:59:48 +00:00
..
CWE-014
C++: Make the tests more realistic by actually using the local variable for something. Otherwise it looks like a zero-initialization of a buffer, which the query now tries to exclude.
2021-02-26 09:19:05 +01:00
CWE-022
Accept test changes.
2021-10-28 12:36:36 +01:00
CWE-078
Accept test changes.
2021-10-28 12:36:36 +01:00
CWE-079/semmle/CgiXss
update further test with new locations
2021-11-23 15:28:15 +00:00
CWE-089/SqlTainted
C++: add subpaths to DefaultTaintTracking
2021-09-23 21:00:45 -07:00
CWE-114
update further test with new locations
2021-11-23 15:28:15 +00:00
CWE-119
C++: split cpp/overrunning-write into two
2022-01-13 11:59:47 +00:00
CWE-120/semmle
C++: split cpp/overrunning-write into two
2022-01-13 11:59:47 +00:00
CWE-121/semmle/tests
CPP: Add the Semmle security tests.
2018-11-26 17:52:34 +00:00
CWE-129
C++: Fix a few glitches and accept line number changes in expected files.
2021-09-02 17:34:47 +01:00
CWE-131/semmle/NoSpaceForZeroTerminator
C++: Move the SizeCheck*.ql tests to the standard location.
2020-10-20 16:02:54 +01:00
CWE-134
update further test with new locations
2021-11-23 15:28:15 +00:00
CWE-190
C++: fix typo in Overflow.qll abs handling
2022-01-07 14:09:47 -05:00
CWE-191/UnsignedDifferenceExpressionComparedZero
C++: Add more dataflow cases to replace the loss.
2021-04-13 15:09:12 +01:00
CWE-197/SAMATE/IntegerOverflowTainted
C++: Fix a few glitches and accept line number changes in expected files.
2021-09-02 17:34:47 +01:00
CWE-242/semmle/tests
C++: demote VeryLikelyOverrunWrite cast results
2022-01-13 11:59:48 +00:00
CWE-253
CPP: Exclude switch statements.
2018-10-19 10:24:29 +01:00
CWE-290/semmle/AuthenticationBypass
C++: add subpaths to DefaultTaintTracking
2021-09-23 21:00:45 -07:00
CWE-295
Merge pull request #7243 from geoffw0/sslquery2
2021-12-01 15:02:19 +00:00
CWE-311/semmle/tests
C++: Separate two test cases slightly so that we get clearer test coverage of the interprocedural / multi-path cases.
2021-12-13 18:18:29 +00:00
CWE-319/UseOfHttp
C++: Add tests expanding on the issue with (global) variables.
2021-11-11 09:40:03 +00:00
CWE-327
C++: Repair funcion call in a function call.
2021-06-17 14:33:16 +01:00
CWE-367/semmle
C++: Add tests.
2021-10-08 14:30:27 +01:00
CWE-416/semmle/tests
Revert "Merge pull request #6004 from MathiasVP/path-sensitive-stack-variable-reachability-analysis"
2021-07-20 18:06:49 +02:00
CWE-428
Fixing typos & incorporating feedback.
2018-10-16 10:00:51 -07:00
CWE-457/semmle
Revert "Merge pull request #6004 from MathiasVP/path-sensitive-stack-variable-reachability-analysis"
2021-07-20 18:06:49 +02:00
CWE-468/semmle
C++: Speed up SuspiciousAddWithSizeof select
2020-04-24 16:18:18 +02:00
CWE-497
C++: Actually fix expected files after layout changes.
2021-09-03 09:13:41 +01:00
CWE-570
Update cpp/ql/test/query-tests/Security/CWE/CWE-570/test.cpp
2021-08-11 16:18:18 +02:00
CWE-676
C++: Fix a few glitches and accept line number changes in expected files.
2021-09-02 17:34:47 +01:00
CWE-704
Updates based on feedback
2018-10-02 11:17:23 -07:00
CWE-732
C++: Fix new UnsafeDaclSecurityDescriptor FP
2019-04-02 11:31:12 +02:00
CWE-764/semmle/tests
C++: Add mutex test case.
2021-03-30 15:39:21 +01:00
CWE-772
C++: Actually fix expected files after layout changes.
2021-09-03 09:13:41 +01:00
CWE-807/semmle/TaintedCondition
Accept test changes.
2021-10-28 12:36:36 +01:00
CWE-835/semmle/InfiniteLoopWithUnsatisfiableExitCondition
CPP: Add the Semmle security tests.
2018-11-26 17:52:34 +00:00
README.md
C++: Subsection header.
2021-09-13 14:10:17 +01:00

README.md

CWE specific security tests

Source from the Juliet Test Suite

Some of the the files in these tests contain source code copied or derived from the public domain "Juliet Test Suite for C/C++" (provided by NIST / SAMATE Team at https://samate.nist.gov/SARD/testsuite.php). Such tests are typically in subdirectories named "SAMATE".