github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
47 017 коммитов 1 541 ветка 132 Теги 497 MiB
Граф коммитов

8511 Коммитов

Автор SHA1 Сообщение Дата
github-actions[bot] 5b14ebf22a Post-release preparation for codeql-cli-2.11.4 2022-11-18 11:26:00 +00:00
github-actions[bot] e105c13e77 Release preparation for version 2.11.4 2022-11-17 16:40:45 +00:00
Tom Hvitved 780297152c C#: Downgrade `Microsoft.Build` nuget package 
17.4.0 does not officially support .NET 6 (it supports .NET 7), so downgrade
to avoid warnings.
 2022-11-17 11:00:25 +01:00
Tom Hvitved 5ab77600b8 C++: Update auto-builder nuget packages 2022-11-17 10:44:23 +01:00
Anders Schack-Mulligen 94bca4399a
Merge pull request #11183 from aschackmull/dataflow/groupflow 
Dataflow: Introduce support for src/sink grouping in path results.
 2022-11-16 12:59:01 +01:00
Jeroen Ketema 98176007d8
C++: Fix type in dataflow test comment 2022-11-15 17:18:08 +01:00
Jeroen Ketema 5c109cdef1
Merge pull request #11234 from jketema/std-iterator-fix 
C++: Recognize `basic_string::iterator` as an iterator
 2022-11-11 17:21:42 +01:00
Rasmus Wriedt Larsen ddbcdcb4ba
Merge pull request #11160 from RasmusWL/dataflow-consistency-read-store 
DataFlow: Add read/store stepIsLocal consistency checks
 2022-11-11 14:51:45 +01:00
Jeroen Ketema 612624d241
C++: Recognize `basic_string::iterator` as an iterator 2022-11-11 14:04:50 +01:00
Jeroen Ketema ba00a0f370
C++: Share parameter logic in `std::string` model 2022-11-11 08:48:11 +01:00
Jeroen Ketema 23e29e993b
C++: Split `std::string::insert` off in a separate class 
The `insert` function has two different return types: `iterator` and
`basic_string&`.
 2022-11-11 08:48:01 +01:00
Rasmus Wriedt Larsen 88f703af1f
DataFlow: Accept changes to `.expected` 2022-11-10 22:13:34 +01:00
Jeroen Ketema 62f5d10d03
C++: Fix `localTaint` expected results 2022-11-10 16:08:07 +01:00
Jeroen Ketema 62a0bcddd9
C++: Fix the `accept` prototype in the dataflow taint tests 2022-11-10 14:23:26 +01:00
Jeroen Ketema e7576fdd1a
Merge pull request #11197 from jketema/simplify-taint-test 
C++: Simplify dataflow taint test query
 2022-11-10 11:58:50 +01:00
Jeroen Ketema 4d7aeced3f
C++: Simplify dataflow taint test query 
The complexity seems a left-over from before these tests were turned into
inline expectation tests, where the aim seems to have been to have exactly
one sink node for each `sink` call. Multiple sink nodes for the same `sink`
call are not made visible in the inline expecation tests, and I am not
conviced this was very useful before, so remove the complexity.
 2022-11-10 10:38:22 +01:00
Anders Schack-Mulligen b3b7711149 Dataflow: Sync. 2022-11-09 14:23:15 +01:00
Jeroen Ketema 6a5f37b1b7
Merge pull request #11149 from geoffw0/wrong-number-msg 
C++: Clearer messages for the format args queries
 2022-11-08 20:44:10 +01:00
Jeroen Ketema 2bef82babc
Merge pull request #11163 from jketema/missing-return 
C++: Add dataflow test that deliberately omits the return of a non-void function
 2022-11-08 16:00:36 +01:00
Geoffrey White c8426776fc Merge branch 'main' into wrong-number-msg 2022-11-08 14:47:19 +00:00
Jeroen Ketema fa2d58adff
C++: Add dataflow test that deliberately omits the return of a non-void function 2022-11-08 15:12:34 +01:00
Rasmus Wriedt Larsen 4895daba85
DataFlow: Add read/store stepIsLocal consistency checks 2022-11-08 13:32:49 +01:00
Jeroen Ketema c61a9c5911
C++: Also taint the return value dereference in the `strcat` model 2022-11-08 12:08:44 +01:00
Jeroen Ketema 0d4a2239fc
C++: Fix wrong return types and missing statement in dataflow test 2022-11-08 09:55:10 +01:00
Geoffrey White d72ea52f68 C++: More accurate test tags. 2022-11-07 16:32:46 +00:00
Geoffrey White 55a7adff20 C++: Make the message clearer. 2022-11-07 16:32:45 +00:00
Geoffrey White b911556896 C++: Add a test showing the motivation. 2022-11-07 16:17:32 +00:00
Jeroen Ketema d62e3f6bc2
Merge pull request #11137 from jketema/dataflow-test-fixes 
C++: Small fixes for the dataflow tests
 2022-11-07 11:07:09 +01:00
Anders Schack-Mulligen 99ca28ea9b
Merge pull request #10886 from aschackmull/dataflow/joinorders 
Dataflow: Fix a couple of join-orders.
 2022-11-07 11:05:29 +01:00
Jeroen Ketema 291027ad82
C++: Fix return type in dataflow test 2022-11-07 09:42:54 +01:00
Jeroen Ketema 3b1feeef6d
C++: Remove unneeded `isAdditionalFlowStep` from dataflow test 
Since the introduction of flow through global variables these additional
steps are no longer needed.
 2022-11-07 09:40:57 +01:00
github-actions[bot] fca754bddd Post-release preparation for codeql-cli-2.11.3 2022-11-05 14:30:48 +00:00
github-actions[bot] 508327235a Release preparation for version 2.11.3 2022-11-04 20:16:23 +00:00
Tom Hvitved 05bf86acb6
Merge pull request #11126 from hvitved/cpp/position-overrides 
C++: Let `(Indirect|Direct)Position` be sub classes of `Position`
 2022-11-04 15:35:27 +01:00
Tom Hvitved 95835b8297 C++: Let `(Indirect|Direct)Position` be sub classes of `Position` 2022-11-04 14:31:18 +01:00
Anders Schack-Mulligen a1dba82360 Dataflow: Sync. 2022-11-04 12:41:55 +01:00
Tom Hvitved a533c95640 C++: Update expected test output 2022-11-03 15:52:30 +01:00
Tom Hvitved d3488da0c2 Data flow: Sync files 2022-11-03 15:52:30 +01:00
Mathias Vorreiter Pedersen 1ca7c5b97d
Merge pull request #11091 from JarLob/assign 
Fix AV Rule 76
 2022-11-03 13:06:10 +00:00
Mathias Vorreiter Pedersen ad0b36a0c9 C++: Add change note. 2022-11-03 11:41:38 +00:00
JarLob 3317223e19 Fix AV Rule 76 2022-11-02 22:50:25 +01:00
Dave Bartolomeo 9d5e5e3ee7 `${workspace}` all the things 2022-11-01 13:29:05 -04:00
Dave Bartolomeo 49c4c554c4 Merge from `main` 2022-11-01 13:22:40 -04:00
Jeroen Ketema b43cbf7f95
Update cpp/ql/test/query-tests/Likely Bugs/Format/NonConstantFormat/test.cpp 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2022-10-31 17:03:29 +01:00
Jeroen Ketema abe9258943
C++: Add `strcpy` test for `cpp/non-constant-format` 2022-10-31 15:29:17 +01:00
Jeroen Ketema 83afc2a0ad
C++: Add `strcpy` prototype to test 2022-10-31 15:25:35 +01:00
Rasmus Wriedt Larsen 8628ff5e52
Merge pull request #10999 from RasmusWL/inline-fail-tag 
InlineExpectationsTest: Fail if missing `getARelevantTag`
 2022-10-28 10:35:49 +02:00
Mathias Vorreiter Pedersen 22cdeec3fb Merge branch 'main' into printfprecision 2022-10-28 09:29:29 +02:00
Rasmus Wriedt Larsen adf109b624
Merge branch 'main' into inline-fail-tag 2022-10-27 13:42:32 +02:00
Rasmus Wriedt Larsen fc7eb5b4fc
InlineExpectationsTest: sync 2022-10-27 09:02:28 +02:00