hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'next' into qlucie/master

Browse Source
This commit is contained in:
Aditya Sharad
2018-09-26 12:08:33 +01:00
committed by GitHub
parent 57f3ac8a79 314e1a1e8c
commit 75680dbfef
25 changed files with 4005 additions and 3980 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
cpp/ql/src/META-INF/MANIFEST.MF
View File

@@ -2,7 +2,7 @@ Manifest-Version: 1.0
Bundle-ManifestVersion: 2
Bundle-Name: Semmle C/C++ Default Queries
Bundle-SymbolicName: com.semmle.plugin.semmlecode.cpp.queries;singleton:=true
Bundle-Version: 1.18.0.qualifier
Bundle-Version: 1.19.0.qualifier
Bundle-Vendor: Semmle Ltd.
Bundle-ActivationPolicy: lazy
Require-Bundle: com.semmle.plugin.qdt.ui;bundle-version="[1.18.0.qualifier,1.18.0.qualifier]"
Require-Bundle: com.semmle.plugin.qdt.ui;bundle-version="[1.19.0.qualifier,1.19.0.qualifier]"

6
cpp/ql/src/semmle/code/cpp/Class.qll
View File

@@ -418,6 +418,12 @@ class Class extends UserType {
*/
predicate isPOD() { is_pod_class(underlyingElement(this)) }
/**
* Holds if this class is a standard-layout class [N4140 9(7)]. Also holds
* for structs in C programs.
*/
predicate isStandardLayout() { is_standard_layout_class(underlyingElement(this)) }
/**
* Holds if this class is abstract, in other words whether it declares one
* or more pure virtual member functions.

28
cpp/ql/src/semmle/code/cpp/exprs/BuiltInOperations.qll
View File

@@ -202,6 +202,27 @@ class BuiltInOperationBuiltInShuffleVector extends BuiltInOperation, @builtinshu
override string toString() { result = "__builtin_shufflevector" }
}
/**
* A clang `__builtin_convertvector` expression.
*/
class BuiltInOperationBuiltInConvertVector extends BuiltInOperation, @builtinconvertvector {
override string toString() { result = "__builtin_convertvector" }
}
/**
* A clang `__builtin_addressof` expression (can be used to implement C++'s std::addressof).
*/
class BuiltInOperationBuiltInAddressOf extends UnaryOperation, BuiltInOperation, @builtinaddressof {
/** Gets the function or variable whose address is taken. */
Declaration getAddressable() {
result = this.getOperand().(Access).getTarget()
// this handles the case where we are taking the address of a reference variable
or result = this.getOperand().(ReferenceDereferenceExpr).getChild(0).(Access).getTarget()
}
override string getOperator() { result = "__builtin_addressof" }
}
/**
* The `__is_trivially_constructible` type trait.
*/
@@ -369,3 +390,10 @@ class BuiltInOperationIsFinal extends BuiltInOperation, @isfinalexpr {
class BuiltInChooseExpr extends BuiltInOperation, @builtinchooseexpr {
override string toString() { result = "__builtin_choose_expr" }
}
/**
* Fill operation on a GNU vector.
*/
class VectorFillOperation extends UnaryOperation, @vec_fill {
override string getOperator() { result = "(vector fill)" }
}

4
cpp/ql/src/semmlecode.cpp.dbscheme
View File

@@ -691,6 +691,7 @@ usertype_uuid(
);
is_pod_class(unique int id: @usertype ref);
is_standard_layout_class(unique int id: @usertype ref);
is_complete(unique int id: @usertype ref);
@@ -1429,6 +1430,9 @@ case @expr.kind of
| 319 = @noexceptexpr
| 320 = @builtinshufflevector
| 321 = @builtinchooseexpr
| 322 = @builtinaddressof
| 323 = @vec_fill
| 324 = @builtinconvertvector
;
new_allocated_type(

7747
cpp/ql/src/semmlecode.cpp.dbscheme.stats
View File

File diff suppressed because it is too large Load Diff

8
cpp/ql/test/library-tests/clang_builtin_macros/addressof.c Normal file
View File

@@ -0,0 +1,8 @@
// semmle-extractor-options: --edg --clang
int x = 0;
int* f(void) {
int* x_addr = __builtin_addressof(x);
return x_addr;
}

1
cpp/ql/test/library-tests/clang_builtin_macros/addressof.expected Normal file
View File

@@ -0,0 +1 @@
| addressof.c:6:17:6:38 | __builtin_addressof ... | addressof.c:6:37:6:37 | x |

4
cpp/ql/test/library-tests/clang_builtin_macros/addressof.ql Normal file
View File

@@ -0,0 +1,4 @@
import cpp
from BuiltInOperationBuiltInAddressOf op
select op, op.getOperand()

10
cpp/ql/test/library-tests/clang_builtin_macros/values.expected
View File

@@ -1,7 +1,9 @@
| | fp_offset | <no initialiser value> |
| | gp_offset | <no initialiser value> |
| | overflow_arg_area | <no initialiser value> |
| | reg_save_area | <no initialiser value> |
| | fp_offset | <no initialiser expr> |
| | gp_offset | <no initialiser expr> |
| | overflow_arg_area | <no initialiser expr> |
| | reg_save_area | <no initialiser expr> |
| addressof.c | x | 0 |
| addressof.c | x_addr | __builtin_addressof ... |
| extended.cpp | has_nullptr_e | 1 |
| extended.cpp | has_nullptr_f | 1 |
| gcc492.c | has_include | 1 |

6
cpp/ql/test/library-tests/clang_builtin_macros/values.ql
View File

@@ -1,9 +1,9 @@
import cpp
string varInit(Variable v) {
if exists(v.getInitializer().getExpr().getValue())
then result = v.getInitializer().getExpr().getValue().toString()
else result = "<no initialiser value>"
if exists(v.getInitializer().getExpr())
then result = v.getInitializer().getExpr().toString()
else result = "<no initialiser expr>"
}
from Variable v

5
cpp/ql/test/library-tests/std_layout/test.c Normal file
View File

@@ -0,0 +1,5 @@
// Confirm that `Class::isStandardLayout()` holds for a C struct.
struct PlainOldCStruct {
int x;
};

89
cpp/ql/test/library-tests/std_layout/test.cpp Normal file
View File

@@ -0,0 +1,89 @@
// AStd is a standard layout type
struct AStd {
int x;
};
// BNonStd is NOT a standard layout type - not all members have the same access
// control
class BNonStd {
int x;
public:
int y;
};
// CNonStd is NOT a standard layout type - it has a virtual function
class CNonStd {
virtual void f();
};
// DNonStd is NOT a standard layout type - it has a virtual base class
class DNonStd : public virtual AStd {};
// ENonStd is NOT a standard layout type - it has a data member of reference
// type
class ENonStd {
int& xref;
};
// FStd is a standard layout type - all data members are standard layout types
class FStd {
AStd a;
};
// GNonStd is NOT a standard layout type - contains a non-standard-layout member
class GNonStd {
BNonStd b;
};
// HStd is a standard layout type - its base class is a standard layout type
struct HStd : AStd {};
// INonStd is NOT a standard layout type - its base class is not a standard
// layout type
struct INonStd : BNonStd {};
// JStd is a standard layout type
struct JStd {
static int x;
};
// KStd is a standard layout type - base class has no non-static data members
struct KStd : JStd {};
// LStd is a standard layout type - only one base class has non-static data
// members
struct LStd : AStd, JStd {};
// MNonStd is NOT a standard layout type - more than one base class with
// non-static data members
struct MNonStd : AStd, FStd {};
// Instantiations of NMaybeStd may or may not be standard layout types,
// depending on the template parameter.
template<typename T>
struct NMaybeStd {
T x;
};
// Instantiation NMaybeStd<AStd> is a standard layout type
NMaybeStd<AStd> nmaybestd_astd;
// Instantiation NMaybeStd<AStd> is a standard layout type
NMaybeStd<int> nmaybestd_int;
// Instantiation NMaybeStd<BNonStd> is NOT a standard layout type
NMaybeStd<BNonStd> nmaybestd_bnonstd;
// Instantiations of ONonStd cannot be standard layout types - regardless of the
// template parameter's type - since not all members have the same access
// control.
template<typename T>
struct ONonStd {
T x;
private:
T y;
};
// Therefore instantiation ONonStd<int> is NOT a standard layout type
ONonStd<int> ononstd_int;

21
cpp/ql/test/library-tests/std_layout/test.expected Normal file
View File

@@ -0,0 +1,21 @@
| file://:0:0:0:0 | __va_list_tag | standard layout |
| test.c:3:8:3:22 | PlainOldCStruct | standard layout |
| test.cpp:3:8:3:11 | AStd | standard layout |
| test.cpp:9:7:9:13 | BNonStd | NOT standard layout |
| test.cpp:16:7:16:13 | CNonStd | NOT standard layout |
| test.cpp:21:7:21:13 | DNonStd | NOT standard layout |
| test.cpp:25:7:25:13 | ENonStd | NOT standard layout |
| test.cpp:30:7:30:10 | FStd | standard layout |
| test.cpp:35:7:35:13 | GNonStd | NOT standard layout |
| test.cpp:40:8:40:11 | HStd | standard layout |
| test.cpp:44:8:44:14 | INonStd | NOT standard layout |
| test.cpp:47:8:47:11 | JStd | standard layout |
| test.cpp:52:8:52:11 | KStd | standard layout |
| test.cpp:56:8:56:11 | LStd | standard layout |
| test.cpp:60:8:60:14 | MNonStd | NOT standard layout |
| test.cpp:65:8:65:16 | NMaybeStd<AStd> | standard layout |
| test.cpp:65:8:65:16 | NMaybeStd<BNonStd> | NOT standard layout |
| test.cpp:65:8:65:16 | NMaybeStd<T> | NOT standard layout |
| test.cpp:65:8:65:16 | NMaybeStd<int> | standard layout |
| test.cpp:82:8:82:14 | ONonStd<T> | NOT standard layout |
| test.cpp:82:8:82:14 | ONonStd<int> | NOT standard layout |

5
cpp/ql/test/library-tests/std_layout/test.ql Normal file
View File

@@ -0,0 +1,5 @@
import cpp
from Class c, string s
where if c.isStandardLayout() then s = "standard layout" else s = "NOT standard layout"
select c, s

4
cpp/ql/test/library-tests/type_sizes/type_sizes.expected
View File

@@ -60,7 +60,7 @@
| file://:0:0:0:0 | const char[5] | 5 |
| file://:0:0:0:0 | decltype(nullptr) | 8 |
| file://:0:0:0:0 | double | 8 |
| file://:0:0:0:0 | error | 0 |
| file://:0:0:0:0 | error | 1 |
| file://:0:0:0:0 | float | 4 |
| file://:0:0:0:0 | int | 4 |
| file://:0:0:0:0 | int & | 8 |
@@ -78,7 +78,7 @@
| file://:0:0:0:0 | signed long | 8 |
| file://:0:0:0:0 | signed long long | 8 |
| file://:0:0:0:0 | signed short | 2 |
| file://:0:0:0:0 | unknown | 0 |
| file://:0:0:0:0 | unknown | 1 |
| file://:0:0:0:0 | unsigned __int128 | 16 |
| file://:0:0:0:0 | unsigned char | 1 |
| file://:0:0:0:0 | unsigned int | 4 |

1
cpp/ql/test/library-tests/vector_types/builtin_ops.expected
View File

@@ -1 +1,2 @@
| vector_types.cpp:31:13:31:49 | __builtin_shufflevector |
| vector_types.cpp:58:10:58:52 | __builtin_convertvector |

1
cpp/ql/test/library-tests/vector_types/fill.expected Normal file
View File

@@ -0,0 +1 @@
| vector_types.cpp:51:18:51:18 | (vector fill) ... | file://:0:0:0:0 | __attribute((vector_size(16))) int | vector_types.cpp:51:18:51:18 | n | file://:0:0:0:0 | int |

5
cpp/ql/test/library-tests/vector_types/fill.ql Normal file
View File

@@ -0,0 +1,5 @@
import cpp
from VectorFillOperation vf, Expr operand
where operand = vf.getOperand()
select vf, vf.getType(), operand, operand.getType()

4
cpp/ql/test/library-tests/vector_types/variables.expected
View File

@@ -14,3 +14,7 @@
| vector_types.cpp:33:8:33:9 | v5 | v5 | file://:0:0:0:0 | __attribute((vector_size(16))) double | 16 |
| vector_types.cpp:34:10:34:16 | doubles | doubles | file://:0:0:0:0 | double[2] | 16 |
| vector_types.cpp:41:14:41:16 | arg | arg | vector_types.cpp:7:14:7:17 | v16c | 16 |
| vector_types.cpp:47:23:47:25 | dst | dst | file://:0:0:0:0 | v16i * | 8 |
| vector_types.cpp:47:34:47:36 | src | src | file://:0:0:0:0 | v16i * | 8 |
| vector_types.cpp:47:43:47:43 | n | n | file://:0:0:0:0 | int | 4 |
| vector_types.cpp:57:43:57:44 | vf | vf | vector_types.cpp:55:16:55:27 | vector4float | 16 |

2
cpp/ql/test/library-tests/vector_types/vector_ops.expected
View File

@@ -1,2 +1,4 @@
| vector_types.cpp:16:16:16:41 | ... == ... | == | file://:0:0:0:0 | __attribute((vector_size(16))) char |
| vector_types.cpp:21:10:21:18 | ... < ... | < | file://:0:0:0:0 | __attribute((vector_size(16))) int |
| vector_types.cpp:51:10:51:18 | ... << ... | << | file://:0:0:0:0 | __attribute((vector_size(16))) int |
| vector_types.cpp:51:18:51:18 | (vector fill) ... | (vector fill) | file://:0:0:0:0 | __attribute((vector_size(16))) int |

16
cpp/ql/test/library-tests/vector_types/vector_types.cpp
View File

@@ -41,3 +41,19 @@ int main() {
v4f lax(v16c arg) {
return arg;
}
typedef int v16i __attribute__((vector_size(16)));
void shift_left(v16i *dst, v16i *src, int n) {
// We represent this shift as an operation on vector types, and the
// right-hand side is a vector fill expression (i.e. a vector filled with n in
// each element).
*dst = *src << n;
}
typedef double vector4double __attribute__((__vector_size__(32)));
typedef float vector4float __attribute__((__vector_size__(16)));
vector4double convert_vector(vector4float vf) {
return __builtin_convertvector(vf, vector4double);
}

4
csharp/ql/src/META-INF/MANIFEST.MF
View File

@@ -2,7 +2,7 @@ Manifest-Version: 1.0
Bundle-ManifestVersion: 2
Bundle-Name: Semmle C# Default Queries
Bundle-SymbolicName: com.semmle.plugin.semmlecode.csharp.queries;singleton:=true
Bundle-Version: 1.18.0.qualifier
Bundle-Version: 1.19.0.qualifier
Bundle-Vendor: Semmle Ltd.
Bundle-ActivationPolicy: lazy
Require-Bundle: com.semmle.plugin.qdt.ui;bundle-version="[1.18.0.qualifier, 1.18.0.qualifier]"
Require-Bundle: com.semmle.plugin.qdt.ui;bundle-version="[1.19.0.qualifier, 1.19.0.qualifier]"

4
java/ql/src/META-INF/MANIFEST.MF
View File

@@ -2,8 +2,8 @@ Manifest-Version: 1.0
Bundle-ManifestVersion: 2
Bundle-Name: Semmle Default Java Queries
Bundle-SymbolicName: com.semmle.plugin.semmlecode.queries;singleton:=true
Bundle-Version: 1.18.0.qualifier
Bundle-Version: 1.19.0.qualifier
Bundle-Vendor: Semmle Ltd.
Bundle-ActivationPolicy: lazy
Require-Bundle: com.semmle.plugin.qdt.ui;bundle-version="[1.18.0.qualifier,1.18.0.qualifier]"
Require-Bundle: com.semmle.plugin.qdt.ui;bundle-version="[1.19.0.qualifier,1.19.0.qualifier]"

4
javascript/ql/src/META-INF/MANIFEST.MF
View File

@@ -2,7 +2,7 @@ Manifest-Version: 1.0
Bundle-ManifestVersion: 2
Bundle-Name: Semmle JavaScript Default Queries
Bundle-SymbolicName: com.semmle.plugin.semmlecode.javascript.queries;singleton:=true
Bundle-Version: 1.18.0.qualifier
Bundle-Version: 1.19.0.qualifier
Bundle-Vendor: Semmle Ltd.
Bundle-ActivationPolicy: lazy
Require-Bundle: com.semmle.plugin.qdt.ui;bundle-version="[1.18.0.qualifier, 1.18.0.qualifier]"
Require-Bundle: com.semmle.plugin.qdt.ui;bundle-version="[1.19.0.qualifier, 1.19.0.qualifier]"

2
javascript/ql/test/query-tests/Security/CWE-079/ReflectedXssWithCustomSanitizer_old.expected
View File

@@ -1,7 +1,7 @@
WARNING: Predicate flowsFrom has been deprecated and may be removed in future (ReflectedXssWithCustomSanitizer_old.ql:21,11-20)
WARNING: Type SanitizingGuard has been deprecated and may be removed in future (ReflectedXssWithCustomSanitizer_old.ql:8,34-64)
WARNING: Type XssDataFlowConfiguration has been deprecated and may be removed in future (ReflectedXssWithCustomSanitizer_old.ql:14,20-44)
WARNING: Type XssDataFlowConfiguration has been deprecated and may be removed in future (ReflectedXssWithCustomSanitizer_old.ql:20,6-30)
WARNING: Predicate flowsFrom has been deprecated and may be removed in future (ReflectedXssWithCustomSanitizer_old.ql:21,11-20)
| ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:8:33:8:45 | req.params.id | user-provided value |
| formatting.js:6:14:6:47 | util.fo ... , evil) | Cross-site scripting vulnerability due to $@. | formatting.js:4:16:4:29 | req.query.evil | user-provided value |
| formatting.js:7:14:7:53 | require ... , evil) | Cross-site scripting vulnerability due to $@. | formatting.js:4:16:4:29 | req.query.evil | user-provided value |