github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
67 299 коммитов 1 542 Ветки 132 Теги 495 MiB
Граф коммитов

11710 Коммитов

Автор SHA1 Сообщение Дата
github-actions[bot] 906b65d09c Post-release preparation for codeql-cli-2.17.4 2024-05-28 18:02:25 +00:00
github-actions[bot] 33b4ae8bbb Release preparation for version 2.17.4 2024-05-28 15:44:32 +00:00
Jeroen Ketema 174f212d4e
Merge pull request #16589 from rvermeulen/rvermeulen/update-nospaceforzeroterminator-qlhelp 
Rewrite recommendations for the query `cpp/no-space-for-terminator`
 2024-05-28 09:52:20 +02:00
Jeroen Ketema c57c027f70
C++: Make the padding test independent of the `predefined_macros` file 
The padding test is the only test that currently depends on the contents
of the `predefined_macros` flile that we ship with CodeQL for use with the
CodeQL tests. Explicitly specifying `__x86_64` makes the test independent of
the contents of the file.
 2024-05-27 14:21:10 +02:00
Anders Schack-Mulligen 8085460e4a C++/Shared: Fix join order issues. 2024-05-27 11:01:52 +02:00
Anders Schack-Mulligen 5c635e982e C++/C#/Java: Update expected output. 2024-05-27 11:01:52 +02:00
Anders Schack-Mulligen 1432519cc2 Dataflow: Add totalorder predicates to all languages. 2024-05-27 11:01:52 +02:00
Anders Schack-Mulligen bc8ca1af86 Dataflow: Introduce NodeRegions for use in isUnreachableInCall. 2024-05-27 11:01:51 +02:00
Remco Vermeulen 6df4c8964b
Rewrite recommendations 
- Replace segmentation fault with crash that is platform agnostic (I think segmentation fault is not really a thing on Windows).
- Replace security vulnerability with malicious code execution. This provides a range of issues, because a crash (previously segmentation fault) could also be considered a security vulnerability. Namely a DOS.
- Removed the additional note on stack allocated arrays which seem confusing because we are always talking about buffers allocated on the heap.
 2024-05-24 16:10:42 -07:00
Dave Bartolomeo 613ccaac1d Add change note to all v1.0.0 packs 2024-05-23 13:01:22 -04:00
Dave Bartolomeo ffe4c8c87b Update all pack versions to `1.0.0` 2024-05-22 13:39:08 -04:00
Mathias Vorreiter Pedersen 3f66b635a4
Merge pull request #16562 from aschackmull/dataflow/update-qltest-expected 
Dataflow: Fix qltests following https://github.com/github/codeql/pull/16511
 2024-05-22 16:16:04 +01:00
Mathias Vorreiter Pedersen 769d9317c7 C++: Avoid a CP between 'getExpr(node)' and 'this' in 'LoopWithAlloca'. 2024-05-22 15:15:40 +01:00
Mathias Vorreiter Pedersen 1a0d66b339
Merge pull request #16557 from MathiasVP/fix-unique-pointer-query-fp 
C++: Fix `cpp/use-of-unique-pointer-after-lifetime-ends` FP
 2024-05-22 15:09:54 +01:00
Anders Schack-Mulligen e7f24318cd C++: Accept qltest .expected file changes. 2024-05-22 15:36:30 +02:00
Anders Schack-Mulligen f977a4206a C++: Accept qltest .expected file changes (interesting). 2024-05-22 15:35:28 +02:00
Mathias Vorreiter Pedersen 9907f0f827 C++: Exclude a cast to any integral type. 2024-05-22 13:42:07 +01:00
Mathias Vorreiter Pedersen 09357e15b4
Merge pull request #16533 from MathiasVP/better-negation-guards-in-c 
C++: Make `IRGuardCondition` handle `p` in `if(p)` and `if(!p)` better in C programs
 2024-05-22 13:02:06 +01:00
Mathias Vorreiter Pedersen 00a940fd58
Merge pull request #16524 from catenacyber/deref-null-result 
Adds another rule for null deref
 2024-05-22 12:37:39 +01:00
Mathias Vorreiter Pedersen 4b02f88089 C++: Add change note. 2024-05-22 12:37:08 +01:00
Mathias Vorreiter Pedersen af81698fa8 C++: Fix FP and accept test changes. 2024-05-22 12:34:09 +01:00
Mathias Vorreiter Pedersen 91f860ba4f C++: Add 'cpp/use-of-unique-pointer-after-lifetime-ends' FP. 2024-05-22 12:33:34 +01:00
Mathias Vorreiter Pedersen eda815789b
Update cpp/ql/src/experimental/Likely Bugs/DerefNullResult.ql 2024-05-22 11:21:04 +01:00
Philippe Antoine ab4b823c2e fixup unique assignment 2024-05-21 22:10:00 +02:00
Rasmus Wriedt Larsen 2451a6d3f6 Accept `.expected` changes 2024-05-21 14:47:42 +02:00
Tom Hvitved 454687d583 Data flow: Synthesize parameter return nodes 2024-05-21 14:47:42 +02:00
Jeroen Ketema c8fec336ce
C++: Fix typo in `cpp/network-to-host-function-as-array-bound` 2024-05-21 10:29:17 +02:00
Jeroen Ketema 1a60c01723
C++: Add `memcmp` test for `cpp/network-to-host-function-as-array-bound` 2024-05-21 10:27:38 +02:00
Mathias Vorreiter Pedersen 5893e38567 C++: Accept test changes. 2024-05-20 22:28:17 +01:00
Mathias Vorreiter Pedersen 0a550bb919 C++: Support 'if(!p)' for C programs in IRGuards. 2024-05-20 22:28:17 +01:00
Philippe Antoine 8ace9da14a fixup dataflow path and formatting 2024-05-20 21:31:47 +02:00
Mathias Vorreiter Pedersen 398b90a15d C++: Rename a few predicates. 2024-05-20 17:15:20 +01:00
Geoffrey White 13a7d9acb6
Merge pull request #16528 from geoffw0/docfix2 
C++: Update an instance of the name 'Semmle' in a doc page.
 2024-05-20 15:07:42 +01:00
Geoffrey White 0ba3cd96f5 C++: Update an instance of the name 'Semmle' in a doc page. 2024-05-20 10:02:50 +01:00
Mathias Vorreiter Pedersen 2f7766a557 C++: Autoformat. 2024-05-20 09:04:24 +01:00
Mathias Vorreiter Pedersen df24e5982a C++: Add tests and accept test changes. 2024-05-20 09:01:42 +01:00
Mathias Vorreiter Pedersen e8b9d7e6fa C++: Modify change note to be more aligned with existing change notes. 2024-05-20 08:52:18 +01:00
codeqlhelper 15667dcf1e
Create 2024-05-19-avoid-reporting-static-variable.md 2024-05-19 21:55:35 +08:00
codeqlhelper 1d8d45b3aa
Static variables are initialized to zero or null by compiler 
Static variables are initialized to zero or null by compiler, no need to get an initializer of them
 2024-05-19 21:48:43 +08:00
Philippe Antoine 73d306c8c8 Adds another rule for null deref 2024-05-17 17:35:07 +02:00
Chuan-kai Lin f1047606ad
Merge pull request #16418 from github/cklin/cpp-entities-reorder 
C++: Use entities in reorder directives
 2024-05-17 06:43:07 -07:00
Cornelius Riemenschneider ab7d30a464
Merge branch 'main' into criemen/move-win-autobuilder 2024-05-15 10:58:01 +02:00
Mathias Vorreiter Pedersen 64b8f97d39
Merge pull request #16495 from MathiasVP/delete-duplicated-conjunction 2024-05-15 09:37:46 +01:00
Mathias Vorreiter Pedersen a1cb419902 C++: Delete duplicated case in IR generation. 2024-05-15 08:52:56 +01:00
github-actions[bot] 32e8b5c667 Post-release preparation for codeql-cli-2.17.3 2024-05-14 21:14:08 +00:00
github-actions[bot] 100166fa53 Release preparation for version 2.17.3 2024-05-14 19:23:18 +00:00
Cornelius Riemenschneider 869bf8afc6 C++/C#: Move the Windows autobuilder into a subfolder in `ql/csharp`. 
This is a necessary preparation for moving the C# dependency management to `paket`,
which in turn is a necessary preparation for moving the C# build to bazel.

As we discovered in https://github.com/github/codeql/pull/16376,
`paket` tries to restore all projects recursively from the root folder.
If we support building C# code under both `ql/csharp` and `ql/cpp`, we need
to have a single lockfile under `ql`, as both codebases share the same set of dependencies
(and utilities from `ql/csharp/extractor`).
Then, `paket` will also try to restore things that look like "C# projects" in other languages'
folders, which is not what we want.
Therefore, we address this by moving all C# code into a common root directory, `ql/csharp`.

This needs an internal PR to adjust the buildsystem to look for the autobuilder in the new location.
 2024-05-14 13:45:49 +02:00
Erik Krogh Kristensen bcddef8f32
Merge pull request #16131 from erik-krogh/cpp-path 
C++: Improve the cpp/path-injection qhelp
 2024-05-09 22:21:51 +02:00
Jeroen Ketema 4dfcdbccd7
Merge pull request #16459 from jketema/handler-fix 
C++: Fix destructor translation for handlers
 2024-05-09 10:23:07 +02:00
Jeroen Ketema 9e09c5a6cf
C++: Fix copy and paste error in comment 2024-05-08 22:11:19 +02:00