hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into zlaski/cpp370

Browse Source
This commit is contained in:
zlaski-semmle
2019-06-04 09:47:30 -07:00
committed by GitHub
parent 46b6eac955 813e1e7c91
commit 51e543a41d
543 changed files with 25015 additions and 6631 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
cpp/ql/test/query-tests/Likely Bugs/Memory Management/StackAddressEscapes/ArrayTypeTest.ql
View File

@@ -7,8 +7,8 @@ import cpp
from ArrayExpr arrayExpr
select
arrayExpr,
arrayExpr.getArrayBase().getType().getUnspecifiedType().toString() +
arrayExpr.getArrayBase().getUnspecifiedType().toString() +
", " +
arrayExpr.getArrayBase().getFullyConverted().getType().getUnspecifiedType().toString() +
arrayExpr.getArrayBase().getFullyConverted().getUnspecifiedType().toString() +
", " +
arrayExpr.getType().getUnspecifiedType().toString()
arrayExpr.getUnspecifiedType().toString()

41
cpp/ql/test/query-tests/Likely Bugs/RedundantNullCheckSimple/RedundantNullCheckSimple.cpp
View File

@@ -69,3 +69,44 @@ int test_inverted_logic(int *p) {
return 0;
}
}
void test_indirect_local() {
int a = 0;
int *p = &a;
int **pp = &p;
int x;
x = **pp;
if (*pp == nullptr) { // BAD
return;
}
}
void test_field_local(bool boolvar) {
int a = 0;
struct {
int *p;
} s = { &a };
auto sp = &s;
if (boolvar) {
int x = *sp->p;
if (sp->p == nullptr) { // BAD
return;
}
} else {
int *x = sp->p;
if (sp == nullptr) { // BAD [NOT DETECTED]
return;
}
}
}
struct S {
long **pplong;
void test_phi() {
while (*pplong != nullptr) { // GOOD
pplong++;
}
}
};

2
cpp/ql/test/query-tests/Likely Bugs/RedundantNullCheckSimple/RedundantNullCheckSimple.expected
View File

@@ -1,3 +1,5 @@
| RedundantNullCheckSimple.cpp:4:7:4:7 | Load: p | This null check is redundant because the value is $@ in any case | RedundantNullCheckSimple.cpp:3:7:3:8 | Load: * ... | dereferenced here |
| RedundantNullCheckSimple.cpp:13:8:13:8 | Load: p | This null check is redundant because the value is $@ in any case | RedundantNullCheckSimple.cpp:10:11:10:12 | Load: * ... | dereferenced here |
| RedundantNullCheckSimple.cpp:48:12:48:12 | Load: p | This null check is redundant because the value is $@ in any case | RedundantNullCheckSimple.cpp:51:10:51:11 | Load: * ... | dereferenced here |
| RedundantNullCheckSimple.cpp:79:7:79:9 | Load: * ... | This null check is redundant because the value is $@ in any case | RedundantNullCheckSimple.cpp:78:7:78:10 | Load: * ... | dereferenced here |
| RedundantNullCheckSimple.cpp:93:13:93:13 | Load: p | This null check is redundant because the value is $@ in any case | RedundantNullCheckSimple.cpp:92:13:92:18 | Load: * ... | dereferenced here |

2
cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/tainted/IntegerOverflowTainted.expected
View File

@@ -2,3 +2,5 @@
| test3.c:13:16:13:19 | * ... | $@ flows to here and is used in an expression which might overflow negatively. | test3.c:11:15:11:18 | argv | User-provided value |
| test4.cpp:13:17:13:20 | access to array | $@ flows to here and is used in an expression which might overflow negatively. | test4.cpp:9:13:9:16 | argv | User-provided value |
| test5.cpp:10:9:10:15 | call to strtoul | $@ flows to here and is used in an expression which might overflow. | test5.cpp:9:7:9:9 | buf | User-provided value |
| test.c:44:7:44:12 | ... -- | $@ flows to here and is used in an expression which might overflow negatively. | test.c:41:17:41:20 | argv | User-provided value |
| test.c:54:7:54:12 | ... -- | $@ flows to here and is used in an expression which might overflow negatively. | test.c:51:17:51:20 | argv | User-provided value |

0
cpp/ql/test/query-tests/Security/CWE/CWE-242/semmle/tests/PotentiallyDangerousFunction.expected → cpp/ql/test/query-tests/Security/CWE/CWE-242/semmle/tests/DangerousFunctionOverflow.expected
View File

1
cpp/ql/test/query-tests/Security/CWE/CWE-242/semmle/tests/DangerousFunctionOverflow.qlref Normal file
View File

@@ -0,0 +1 @@
Security/CWE/CWE-676/DangerousFunctionOverflow.ql

1
cpp/ql/test/query-tests/Security/CWE/CWE-242/semmle/tests/PotentiallyDangerousFunction.qlref
View File

@@ -1 +0,0 @@
Security/CWE/CWE-676/PotentiallyDangerousFunction.ql

2
cpp/ql/test/query-tests/Security/CWE/CWE-676/semmle/PotentiallyDangerousFunction/DangerousFunctionOverflow.expected Normal file
View File

@@ -0,0 +1,2 @@
| test.c:42:2:42:5 | call to gets | gets does not guard against buffer overflow |
| test.c:43:6:43:9 | call to gets | gets does not guard against buffer overflow |

1
cpp/ql/test/query-tests/Security/CWE/CWE-676/semmle/PotentiallyDangerousFunction/DangerousFunctionOverflow.qlref Normal file
View File

@@ -0,0 +1 @@
Security/CWE/CWE-676/DangerousFunctionOverflow.ql

2
cpp/ql/test/query-tests/Security/CWE/CWE-676/semmle/PotentiallyDangerousFunction/PotentiallyDangerousFunction.expected
View File

@@ -1,6 +1,4 @@
| test.c:31:22:31:27 | call to gmtime | Call to gmtime is potentially dangerous |
| test.c:42:2:42:5 | call to gets | gets does not guard against buffer overflow |
| test.c:43:6:43:9 | call to gets | gets does not guard against buffer overflow |
| test.c:48:19:48:27 | call to localtime | Call to localtime is potentially dangerous |
| test.c:49:22:49:26 | call to ctime | Call to ctime is potentially dangerous |
| test.c:50:23:50:29 | call to asctime | Call to asctime is potentially dangerous |