Mathias Vorreiter Pedersen
Mathias Vorreiter Pedersen
CI failures: ``` Executing tests in /home/runner/work/semmle-code/semmle-code/ql/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-297/semmle/tests. 2022-06-20T13:03:53.7182630Z --- expected 2022-06-20T13:03:53.7183311Z +++ actual 2022-06-20T13:03:53.7183720Z @@ -1,1 +1,1 @@ 2022-06-20T13:03:53.7184595Z -| test1.cpp:11:6:11:13 | badTest1 | You may have missed checking the...
Hi @ihsinme, I've discussed the status of this query with the GitHub Security Lab team, and they've pointed me to this query in their repo: https://github.com/github/securitylab/tree/main/CodeQL_Queries/cpp/OpenSSL-hostname-validation This query also covers...
> @MathiasVP, i made additions. Fantastic! > but my local environment is not able to work with multiple test files, can you show the results of working with test files?...
> I have established a call chain connection, please have a look. Great! Thanks for fixing this :) > in the boost, I still couldn't make the correct calls, because...
> good afternoon @MathiasVP. > any news on this PR? Hi! I've just come back from vacation now and I'm catching up with all of the open PRs of yours...
CI failure: ``` --- expected 2022-08-03T09:16:17.3406473Z +++ actual 2022-08-03T09:16:17.3407144Z @@ -1,1 +1,5 @@ 2022-08-03T09:16:17.3408765Z -| test1.cpp:11:6:11:13 | badTest1 | You may have missed checking the name of the certificate. |...
Hi @ihsinme, Apologies for not getting back to this one. There was a technical issue that caused CI to complain. I hope we've fixed it by merging in the latest...
Hi @ihsinme, I'm trying to resolve the CI failure. Not sure why you keep being a victim of this particular issue. Hopefully merging in `main` will resolve it 🤞.
Hi @edgchen1, Thanks for raising this issue! False positives in this query usually occur because we don't properly extract the function containing the call to the static function (and thus...
Looks like this change removes > 200 results on DCA. I think we should check a subset of those to see if this looks reasonable. What do you say, @geoffw0?