codeql

Граф коммитов

Автор	SHA1	Сообщение	Дата
Erik Krogh Kristensen	7615668f92	Merge pull request #11662 from erik-krogh/c-useInstanceOf Swift/C++: Use instanceof in more places	2022-12-14 14:30:21 +01:00
Tom Hvitved	cfcb3a60ba	C++: Update expected test output	2022-12-13 09:53:01 +01:00
Tom Hvitved	bc58cbec8c	C++: Implement `ContentApprox`	2022-12-13 09:53:01 +01:00
Tom Hvitved	0c2eee2a72	Data flow: Sync files	2022-12-13 09:52:55 +01:00
erik-krogh	92a7e787a8	C: do the minimal change to ValueNumberBound instead	2022-12-12 22:17:50 +01:00
erik-krogh	698e05f85a	Swift/C++: Use instanceof in more places	2022-12-12 16:58:13 +01:00
Jeroen Ketema	beb66d027e	C++: Use `FlowSource` in `cpp/path-injection`	2022-12-10 20:27:56 +01:00
Jeroen Ketema	d5acd310ce	Merge pull request #11644 from jketema/lower-case-flow-source-description C++: Make all flow source descriptions start with a lower case letter	2022-12-10 20:23:14 +01:00
Jeroen Ketema	ce92ba640a	C++: Accept test changes	2022-12-09 23:38:03 +01:00
Jeroen Ketema	9dc2614012	C++: Make all flow source descriptions start with a lower case letter In every context where we use the description a lower case letter makes more sense.	2022-12-09 23:18:58 +01:00
Jeroen Ketema	1e1974c9fb	C++: Add change note	2022-12-09 23:17:36 +01:00
Jeroen Ketema	331fab5ac0	C++: Generalize the `ArgvSource` flow source This matches `isUserInput` and handles cases where `argv` has a different name, which is allowed.	2022-12-09 23:12:31 +01:00
Mathias Vorreiter Pedersen	7d1f10bc78	Merge pull request #11627 from jketema/getaddrinfo C++: Model `getaddrinfo` as flow source	2022-12-09 12:38:43 +00:00
Jeroen Ketema	2095f11b8c	C++: Add change note	2022-12-08 23:35:32 +01:00
Jeroen Ketema	aabbafd2bf	C++: Fix QL-for-QL warning	2022-12-08 19:33:11 +01:00
Jeroen Ketema	ec0ce56269	C++: Model `getaddrinfo` as flow source	2022-12-08 19:20:11 +01:00
Jeroen Ketema	89cd4790d5	Merge pull request #11610 from jketema/scanf C++: Model `scanf` and `fscanf` as flow sources	2022-12-08 19:14:39 +01:00
Geoffrey White	f373b7fe7c	Merge pull request #11596 from geoffw0/cleartextbufferwrite C++: Performance fix for cpp/cleartext-storage-buffer	2022-12-08 17:18:10 +00:00
Jeroen Ketema	8f9a73ee09	C++: Address review comments	2022-12-08 16:14:12 +01:00
Jeroen Ketema	33fa76f911	C++: Add change note	2022-12-08 15:22:42 +01:00
Jeroen Ketema	b216c79992	C++: Accept test changes	2022-12-08 15:22:41 +01:00
Jeroen Ketema	f35b7f8fe8	C++: Model `scanf` and `fscanf` as flow sources	2022-12-08 15:22:41 +01:00
Mathias Vorreiter Pedersen	6897b20722	Merge pull request #11601 from MathiasVP/keep-std-string-iterator	2022-12-08 12:59:33 +00:00
Chris Smowton	49bc524fd0	Merge remote-tracking branch 'origin/rc/3.8' into smowton/admin/merge-rc38-into-main	2022-12-08 11:12:30 +00:00
Jeroen Ketema	a6bc9fd10f	Merge pull request #11591 from jketema/getenv C++: Model `secure_getenv` and `_wgetenv` as local flow sources	2022-12-08 10:44:28 +01:00
Jeroen Ketema	fc49ede33d	C++: Add change note	2022-12-08 09:44:23 +01:00
Jeroen Ketema	a2dac3a41e	C++: Move remote flow sink test and also handle local and remote sinks	2022-12-08 09:36:19 +01:00
Mathias Vorreiter Pedersen	54c12cd715	C++: Reintroduce 'StdBasicStringIterator'.	2022-12-07 18:21:52 +00:00
Geoffrey White	a8b8b54f8d	Update cpp/ql/src/Security/CWE/CWE-311/CleartextBufferWrite.ql Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>	2022-12-07 16:44:33 +00:00
Geoffrey White	4b8575bfc3	C++: Simplify the query slightly.	2022-12-07 15:35:45 +00:00
Geoffrey White	b3d838d678	C++: Define the sources more clearly and consistently (fixes performance issue).	2022-12-07 14:45:39 +00:00
Jeroen Ketema	01d8ad98f6	C++: Model `secure_getenv` and `_wgetenv` as local flow sources	2022-12-07 13:37:12 +01:00
Jeroen Ketema	b5147bbfb0	C++: Deprecate `DefaultTaintTracking` and `TaintTrackingImpl`	2022-12-06 17:45:16 +01:00
Mathias Vorreiter Pedersen	2c500142c7	Merge pull request #11435 from jketema/rewrite-tainted-path C++: Rewrite `cpp/path-injection` to not use `DefaultTaintTracking`	2022-12-06 14:54:57 +00:00
Jeroen Ketema	995efef5da	C++: Add explanatory comment to `hasFilteredFlowPath`	2022-12-06 09:03:21 +01:00
Jeroen Ketema	5637d573c1	C++: Add test case that is no longer detected after latest changes	2022-12-06 08:31:22 +01:00
Jeroen Ketema	6dbc59d5b5	C++: Simplify `isSink` based on reviewer comments	2022-12-05 23:23:08 +01:00
Tom Hvitved	7972db68bc	C++: Update expected test output	2022-12-05 17:07:32 +01:00
Tom Hvitved	52f3a48638	Data flow: Sync files	2022-12-05 12:57:27 +01:00
github-actions[bot]	5e35785fd0	Post-release preparation for codeql-cli-2.11.5	2022-12-02 11:37:44 +00:00
Mathias Vorreiter Pedersen	cef7224739	C++: Make QL-for-QL happy.	2022-12-02 10:12:25 +00:00
Mathias Vorreiter Pedersen	a245977075	C++: Change iterator models.	2022-12-02 10:11:20 +00:00
github-actions[bot]	31ab22e3a0	Release preparation for version 2.11.5	2022-12-01 20:05:14 +00:00
Jeroen Ketema	3dfe18b565	C++: Introduce the coarse upper bound check from default taint tracking	2022-12-01 09:13:48 +01:00
Owen Mansel-Chan	55c4643b20	Dataflow: Sync.	2022-11-30 11:00:07 +00:00
Arthur Baars	cf7ebe2fa8	Merge pull request #11471 from github/rc/3.8 Merge rc/3.8 into main	2022-11-29 12:57:34 +01:00
Jeroen Ketema	d3cccca7f1	C++: Filter duplicate (source, sink)-pairs	2022-11-29 11:17:39 +01:00
Jeroen Ketema	378206ae7d	C++: Stop taint from flowing to arithmetic types These are not likely to give the user much control over what can be accessed.	2022-11-29 11:15:28 +01:00
Jeroen Ketema	718663415b	C++: Stop flow from going through another source Without this we get confusing results: ``` char userAndFile = argv[2]; char fileName = argv[1]; fopen(fileName, "wb+"); // Both argv[1] and argv[2] marked as source without // this change. ``` While here add some more test cases.	2022-11-29 10:52:57 +01:00
Jeroen Ketema	63334764d7	C++: Rewrite `cpp/path-injection` to not use `DefaultTaintTracking`	2022-11-29 10:52:57 +01:00

1 2 3 4 5 ...

8584 Коммитов