github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
30 102 коммитов 1 541 ветка 132 Теги 497 MiB
Граф коммитов

107 Коммитов

Автор SHA1 Сообщение Дата
Mathias Vorreiter Pedersen 9f8326a3fa
Merge pull request #7243 from geoffw0/sslquery2 
C++: New query for SSL certificates not checked
 2021-12-01 15:02:19 +00:00
Geoffrey White f96968975b C++: Change note. 2021-11-25 15:49:41 +00:00
Geoffrey White 1d358c5f77 C++: Change note. 2021-11-25 14:04:47 +00:00
Geoffrey White 26e9adcc34 C++: Change note. 2021-11-09 19:39:21 +00:00
Jonas Jensen 93dfee866a C++: Add `isFromSystemMacroDefinition` predicate 2021-11-01 09:17:49 +01:00
Aditya Sharad a517a05ca8
Merge pull request #6830 from github/henrymercer/report-extraction-errors-as-warnings 
C++: Improve SARIF severity level reporting of extractor diagnostics
 2021-10-12 09:59:27 -07:00
Henry Mercer 5b26d41d27 C++: Improve SARIF severity level reporting of extractor diagnostics 2021-10-08 17:53:55 +01:00
Geoffrey White 2c64fa50d2 Merge branch 'main' into impropnullfp 2021-10-04 16:51:21 +01:00
Geoffrey White a62772c274 C++: Add change note. 2021-10-01 16:35:12 +01:00
Mathias Vorreiter Pedersen a3cf721b9e
Merge pull request #6713 from geoffw0/cwe139 
C++: New query for 'Cleartext transmission of sensitive information'
 2021-10-01 11:10:36 +02:00
Jonas Jensen 45cf6344cd
Merge pull request #6184 from github/rdmarsh2/improve-exec-tainted 
C++: Refactor ExecTainted.ql to only report results after string concatenation
 2021-09-29 19:21:13 +02:00
Anders Peter Fugmann 49c656d904
C++: Apply documentation change suggestion 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2021-09-28 09:40:07 +02:00
Robert Marsh d47c4732e2 C++: Update change note date 2021-09-27 17:36:14 -07:00
Anders Fugmann e0921ac983 C++: Increase precision of cpp/static-buffer-overflow to high 2021-09-27 09:06:36 +02:00
Robert Marsh 21ed5c430d Merge branch 'main' into rdmarsh2/improve-exec-tainted 
Manual fix for conflict in Models.qll
 2021-09-22 11:51:18 -07:00
Robert Marsh d62f76afa6
Merge pull request #6133 from MathiasVP/promote-sql-pqxx 
C++: Promote `cpp/sql-injection-via-pqxx` out of experimental
 2021-09-21 10:13:57 -07:00
Geoffrey White 24668b2281 Merge branch 'main' into cwe139 2021-09-17 16:04:51 +01:00
Geoffrey White 51243454c8 C++: Change note. 2021-09-17 15:10:55 +01:00
Robert Marsh 4d2036fa26 C++: change note for cpp/command-line-injection 2021-09-15 10:55:53 -07:00
Anders Fugmann e49cd83868 C++: update change note per suggestion from peer review 2021-09-15 10:31:15 +02:00
Mathias Vorreiter Pedersen 44dca68463 Merge branch 'main' into promote-sql-pqxx 2021-09-14 15:29:37 +01:00
Anders Fugmann f202ddc5aa C++: Add changenote 2021-09-13 16:31:06 +02:00
Anders Fugmann ddbaf585ec Merge branch 'main' into andersfugmann/improve_upper_bound 2021-09-06 10:32:44 +02:00
Anders Fugmann d962fc4ce1 C++: Improve predicate upperBound in SimpleRangeAnalysis 
If an expression has an immediate guardPhi node, this is used as a strict upper bound
 2021-09-02 21:46:18 +02:00
Jonas Jensen abdf993e47
Merge pull request #6537 from andersfugmann/implicit_downcast_involving_references 
Implicit downcast involving references
 2021-08-25 09:45:32 +02:00
Anders Peter Fugmann 67a267d971
Update cpp/change-notes/2021-08-24-implicit-downcast-from-bitfield.md 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2021-08-25 08:58:44 +02:00
Jonas Jensen 19ee64d9ad C++:Lower potentially-dangerous-function precision 
There have been multiple reports of false positives from this query over
time. Now that it has `@security-severity 10.0`, these false positives
look even worse.

The query looks purely for calls to functions with certain names, not
at whether the calls happen in a dangerous context. To justify a higher
precision, the query should only flag calls that happen in a thread or
another non-reentrant context.
 2021-08-24 17:14:42 +02:00
Anders Fugmann 6b66f5dbb4 C++: Add change note for implicit downcasting involving references 2021-08-24 10:26:25 +02:00
Ian Lynagh 1e06808105
Update cpp/change-notes/2021-08-23-getPrimaryQlClasses.md 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2021-08-23 16:52:07 +01:00
Ian Lynagh a9db1c52e5 All languages: Add getPrimaryQlClasses() 
This is a non-overridable predicate that concatenates all the
getAPrimaryQlClass() results into a comma-separated string.
 2021-08-23 15:49:10 +01:00
Alexandre Boulgakov 3ba308a69f C++: Allow querying for "C" language linkage on routine types. 2021-08-18 15:35:30 +01:00
Alexandre Boulgakov 490498899b C++: Expose trailing return type presence. 2021-08-11 16:04:07 +01:00
Mathias Vorreiter Pedersen 8ce6335383
Merge pull request #6372 from geoffw0/uncontrolledarith 2021-08-03 17:53:39 +02:00
Alexandre Boulgakov e55bd4fb64 C++: Allow querying virtual, override, and final declaration specifiers. 2021-07-29 14:02:03 +01:00
Geoffrey White 5ac6b38380 C++: Change note. 2021-07-27 14:27:16 +01:00
Robert Marsh fbb3f2e506
Merge pull request #6273 from geoffw0/cleartext-storage-file 
C++: Improve the CleartextFileWrite query
 2021-07-26 12:46:51 -07:00
Geoffrey White fa0f5d08a2 Merge branch 'main' into toctou2 2021-07-21 16:21:29 +01:00
Mathias Vorreiter Pedersen a006a7fb24 Revert "Merge pull request #6004 from MathiasVP/path-sensitive-stack-variable-reachability-analysis" 
This reverts commit e3e7b00986, reversing
changes made to 8ccdd4fb9f.
 2021-07-20 18:06:49 +02:00
Geoffrey White 5d1c7841a6 C++: Change note. 2021-07-20 14:14:01 +01:00
Geoffrey White e3e7b00986
Merge pull request #6004 from MathiasVP/path-sensitive-stack-variable-reachability-analysis 
C++: Add path-sensitivity to `StackVariableReachability`
 2021-07-15 12:34:33 +01:00
Robert Marsh 4d8e882214
Merge pull request #6186 from geoffw0/formatarg 
C++: Fix FPs from cpp/wrong-type-format-argument
 2021-07-14 17:20:46 -07:00
Geoffrey White dd03828522 C++: Change note. 2021-07-13 18:08:34 +01:00
Mathias Vorreiter Pedersen be06230b43 Merge branch 'main' into path-sensitive-stack-variable-reachability-analysis 2021-07-12 14:46:44 +02:00
Geoffrey White 4a8299e5d0 C++: Change note. 2021-06-30 09:21:10 +01:00
Mathias Vorreiter Pedersen a294fb07f5 C++: Add change-note. 2021-06-24 16:01:59 +02:00
Anders Schack-Mulligen 95ad8b55fe
Merge pull request #6107 from aschackmull/dataflow/implicit-reads 
Dataflow: Add support for implicit reads
 2021-06-24 15:38:35 +02:00
Anders Schack-Mulligen 01fc3e6559 C++/C#/Java/Python: Add change notes. 2021-06-24 14:29:34 +02:00
Mathias Vorreiter Pedersen 90fe5c5aca C++: Add change-note. 2021-06-22 17:13:07 +02:00
Geoffrey White 05ed4ed739
Update cpp/change-notes/2021-06-21-weak-cryptographic-algorithm.md 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-06-21 14:22:56 +01:00
Geoffrey White 6f808c9e4c C++: Update change note. 2021-06-21 12:32:48 +01:00