hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 03:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5275 from Marcono1234/marcono1234/included-qhelp-files

Browse Source 
Use `.inc.qhelp` extension for included help files
This commit is contained in:
Anders Schack-Mulligen
2021-03-08 16:26:32 +01:00
committed by GitHub
parent f9f143d62c 95aeb7b53f
commit aeb13146d2
80 changed files with 70 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cpp/ql/src/Critical/DeadCodeCondition.qhelp
View File

@@ -9,7 +9,7 @@
It is likely that these conditions indicate an error in the branching condition.
Alternatively, the conditions may have been left behind after debugging.</p>
<include src="aliasAnalysisWarning.qhelp" />
<include src="aliasAnalysisWarning.inc.qhelp" />
</overview>
<recommendation>

2
cpp/ql/src/Critical/DeadCodeFunction.qhelp
View File

@@ -13,7 +13,7 @@ If left in the code base they increase object code size, decrease code comprehen
This type of function may be part of the program's API and could be used by external programs.
</p>
<include src="callGraphWarning.qhelp" />
<include src="callGraphWarning.inc.qhelp" />
</overview>
<recommendation>

2
cpp/ql/src/Critical/DescriptorMayNotBeClosed.qhelp
View File

@@ -10,7 +10,7 @@ This query looks at functions that return file or socket descriptors, but may re
This can occur when an operation performed on the open descriptor fails, and the function returns with an error before it closes the open resource. An improperly handled error could cause the function to leak resource descriptors. Failing to close resources in the function that opened them also makes it more difficult to detect leaks.
</p>
<include src="dataFlowWarning.qhelp" />
<include src="dataFlowWarning.inc.qhelp" />
</overview>
<recommendation>

2
cpp/ql/src/Critical/DescriptorNeverClosed.qhelp
View File

@@ -10,7 +10,7 @@ This rule finds calls to <code>socket</code> where there is no corresponding <co
Leaving descriptors open will cause a resource leak that will persist even after the program terminates.
</p>
<include src="aliasAnalysisWarning.qhelp" />
<include src="aliasAnalysisWarning.inc.qhelp" />
</overview>
<recommendation>

2
cpp/ql/src/Critical/FileMayNotBeClosed.qhelp
View File

@@ -10,7 +10,7 @@ This rule looks at functions that return a <code>FILE*</code>, but may return an
This can occur when an operation performed on the open descriptor fails, and the function returns with an error before closing the open resource. An improperly handled error may cause the function to leak file descriptors.
</p>
<include src="dataFlowWarning.qhelp" />
<include src="dataFlowWarning.inc.qhelp" />
</overview>
<recommendation>

2
cpp/ql/src/Critical/FileNeverClosed.qhelp
View File

@@ -10,7 +10,7 @@ This rule finds calls to <code>fopen</code> with no corresponding <code>fclose</
Leaving files open will cause a resource leak that will persist even after the program terminates.
</p>
<include src="aliasAnalysisWarning.qhelp" />
<include src="aliasAnalysisWarning.inc.qhelp" />
</overview>
<recommendation>

2
cpp/ql/src/Critical/GlobalUseBeforeInit.qhelp
View File

@@ -10,7 +10,7 @@ Not all compilers generate code that zero-out memory, especially when optimizati
is not compliant with the latest language standards. Accessing uninitialized memory will lead to undefined results.
</p>
<include src="dataFlowWarning.qhelp" />
<include src="dataFlowWarning.inc.qhelp" />
</overview>
<recommendation>

2
cpp/ql/src/Critical/InconsistentNullnessTesting.qhelp
View File

@@ -12,7 +12,7 @@ Dereferencing a null pointer and attempting to modify its contents can lead to a
important system data (including the interrupt table in some architectures).
</p>
<include src="pointsToWarning.qhelp" />
<include src="pointsToWarning.inc.qhelp" />
</overview>
<recommendation>

2
cpp/ql/src/Critical/InitialisationNotRun.qhelp
View File

@@ -11,7 +11,7 @@ Uninitialized variables may contain any value, as not all compilers generate cod
optimizations are enabled or the compiler is not compliant with the latest language standards.
</p>
<include src="callGraphWarning.qhelp" />
<include src="callGraphWarning.inc.qhelp" />
</overview>
<recommendation>

2
cpp/ql/src/Critical/LateNegativeTest.qhelp
View File

@@ -13,7 +13,7 @@ after. Otherwise, if the value is negative then the program will have failed
before performing the test.
</p>
<include src="dataFlowWarning.qhelp" />
<include src="dataFlowWarning.inc.qhelp" />
</overview>
<recommendation>

2
cpp/ql/src/Critical/MemoryMayNotBeFreed.qhelp
View File

@@ -9,7 +9,7 @@
This rule looks for functions that allocate memory, but may return without freeing it. This can occur when an operation performed on the memory block fails, and the function returns with an error before freeing the allocated block. This causes the function to leak memory and may eventually lead to software failure.
</p>
<include src="dataFlowWarning.qhelp" />
<include src="dataFlowWarning.inc.qhelp" />
</overview>
<recommendation>

2
cpp/ql/src/Critical/MemoryNeverFreed.qhelp
View File

@@ -10,7 +10,7 @@ This rule finds calls to the <code>alloc</code> family of functions without a co
This leads to memory leaks.
</p>
<include src="aliasAnalysisWarning.qhelp" />
<include src="aliasAnalysisWarning.inc.qhelp" />
</overview>
<recommendation>

2
cpp/ql/src/Critical/MissingNegativityTest.qhelp
View File

@@ -16,7 +16,7 @@ buffer overruns.
The query looks only at the return values of functions that may return a negative value (not all functions).
</p>
<include src="dataFlowWarning.qhelp" />
<include src="dataFlowWarning.inc.qhelp" />
</overview>
<recommendation>

2
cpp/ql/src/Critical/NewArrayDeleteMismatch.qhelp
View File

@@ -63,7 +63,7 @@ destructors likely not be called (as previously noted), but the pointer will als
potentially less of a serious issue than that posed by the first approach, but it should still be avoided.</li>
</ul>
<include src="pointsToWarning.qhelp" />
<include src="pointsToWarning.inc.qhelp" />
</overview>
<recommendation>

2
cpp/ql/src/Critical/NewDeleteArrayMismatch.qhelp
View File

@@ -18,7 +18,7 @@ an array (which could have header data specifying the length of the array) and w
element of the 'array', which would likely lead to a segfault due to the invalid header data.
</p>
<include src="pointsToWarning.qhelp" />
<include src="pointsToWarning.inc.qhelp" />
</overview>
<recommendation>

2
cpp/ql/src/Critical/OverflowCalculated.qhelp
View File

@@ -19,7 +19,7 @@ the data being copied. Buffer overflows can result to anything from a segmentati
if the array is on stack-allocated memory).
</p>
<include src="aliasAnalysisWarning.qhelp" />
<include src="aliasAnalysisWarning.inc.qhelp" />
</overview>
<recommendation>

2
cpp/ql/src/Critical/OverflowDestination.qhelp
View File

@@ -14,7 +14,7 @@ Buffer overflows can lead to anything from a segmentation fault to a security vu
Ensure that the size parameter is derived from the size of the destination buffer, and
not the source buffer.</p>
<include src="aliasAnalysisWarning.qhelp" />
<include src="aliasAnalysisWarning.inc.qhelp" />
</recommendation>

2
cpp/ql/src/Critical/ReturnStackAllocatedObject.qhelp
View File

@@ -12,7 +12,7 @@ the contents of that memory become undefined after that. Clearly, using a pointe
memory after the function has already returned will have undefined results.
</p>
<include src="pointsToWarning.qhelp" />
<include src="pointsToWarning.inc.qhelp" />
</overview>
<recommendation>

2
cpp/ql/src/Critical/UseAfterFree.qhelp
View File

@@ -12,7 +12,7 @@ from a segfault to memory corruption that would cause subsequent calls to the dy
erratically, to a possible security vulnerability.
</p>
<include src="pointsToWarning.qhelp" />
<include src="pointsToWarning.inc.qhelp" />
</overview>
<recommendation>

0
cpp/ql/src/Critical/aliasAnalysisWarning.qhelp → cpp/ql/src/Critical/aliasAnalysisWarning.inc.qhelp
View File

0
cpp/ql/src/Critical/callGraphWarning.qhelp → cpp/ql/src/Critical/callGraphWarning.inc.qhelp
View File

0
cpp/ql/src/Critical/dataFlowWarning.qhelp → cpp/ql/src/Critical/dataFlowWarning.inc.qhelp
View File

0
cpp/ql/src/Critical/pointsToWarning.qhelp → cpp/ql/src/Critical/pointsToWarning.inc.qhelp
View File

2
cpp/ql/src/Likely Bugs/Leap Year/Adding365DaysPerYear.qhelp
View File

@@ -3,7 +3,7 @@
"qhelp.dtd">
<qhelp>
<overview>
<include src="LeapYear.qhelp" />
<include src="LeapYear.inc.qhelp" />
<p>When performing arithmetic operations on a variable that represents a date, leap years must be taken into account.
It is not safe to assume that a year is 365 days long.</p>

0
cpp/ql/src/Likely Bugs/Leap Year/LeapYear.qhelp → cpp/ql/src/Likely Bugs/Leap Year/LeapYear.inc.qhelp
View File

2
cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.qhelp
View File

@@ -3,7 +3,7 @@
"qhelp.dtd">
<qhelp>
<overview>
<include src="LeapYear.qhelp" />
<include src="LeapYear.inc.qhelp" />
<p>When performing arithmetic operations on a variable that represents a year, it is important to consider that the resulting value may not be a valid date.</p>
<p>The typical example is doing simple year arithmetic (i.e. <code>date.year++</code>) without considering if the resulting value will be a valid date or not.</p>

2
cpp/ql/src/Likely Bugs/Leap Year/UncheckedReturnValueForTimeFunctions.qhelp
View File

@@ -3,7 +3,7 @@
"qhelp.dtd">
<qhelp>
<overview>
<include src="LeapYear.qhelp" />
<include src="LeapYear.inc.qhelp" />
<p>When using a function that transforms a date structure, and the year on the input argument for the API has been manipulated, it is important to check for the return value of the function to make sure it succeeded.</p>
<p>Otherwise, the function may have failed, and the output parameter may contain invalid data that can cause any number of problems on the affected system.</p>

2
cpp/ql/src/Likely Bugs/Leap Year/UnsafeArrayForDaysOfYear.qhelp
View File

@@ -3,7 +3,7 @@
"qhelp.dtd">
<qhelp>
<overview>
<include src="LeapYear.qhelp" />
<include src="LeapYear.inc.qhelp" />
<p>This query helps to detect when a developer allocates an array or other fixed-length data structure such as <code>std::vector</code> with 365 elements one for each day of the year.</p>
<p>Since leap years have 366 days, there will be no allocated element on December 31st at the end of a leap year; which will lead to a buffer overflow on a leap year.</p>

2
cpp/ql/src/Security/CWE/CWE-311/CleartextBufferWrite.qhelp
View File

@@ -2,4 +2,4 @@
"-//Semmle//qhelp//EN"
"qhelp.dtd">
<qhelp>
<include src="CleartextStorage.qhelp" /></qhelp>
<include src="CleartextStorage.inc.qhelp" /></qhelp>

2
cpp/ql/src/Security/CWE/CWE-311/CleartextFileWrite.qhelp
View File

@@ -2,4 +2,4 @@
"-//Semmle//qhelp//EN"
"qhelp.dtd">
<qhelp>
<include src="CleartextStorage.qhelp" /></qhelp>
<include src="CleartextStorage.inc.qhelp" /></qhelp>

0
cpp/ql/src/Security/CWE/CWE-311/CleartextStorage.qhelp → cpp/ql/src/Security/CWE/CWE-311/CleartextStorage.inc.qhelp
View File

2
cpp/ql/src/jsf/4.05 Libraries/AV Rule 24.qhelp
View File

@@ -7,7 +7,7 @@
<overview>
<!-- Mention that this rule may not be applicable in projects that don't follow the JSF standard. -->
<include src="../jsfNote.qhelp" />
<include src="../jsfNote.inc.qhelp" />
<p>
This query highlights calls to the standard library functions <code>abort, exit, getenv</code> and <code>system</code>.

2
cpp/ql/src/jsf/4.10 Classes/AV Rule 85.qhelp
View File

@@ -7,7 +7,7 @@
<overview>
<!-- Mention that this rule may not be applicable in projects that don't follow the JSF standard. -->
<include src="../jsfNote.qhelp" />
<include src="../jsfNote.inc.qhelp" />
<p>
This query ensures that all operators with opposites (e.g. == and !=) are both defined, and

4
cpp/ql/src/jsf/4.13 Functions/AV Rule 111.qhelp
View File

@@ -7,7 +7,7 @@
<overview>
<!-- Mention that this rule may not be applicable in projects that don't follow the JSF standard. -->
<include src="../jsfNote.qhelp" />
<include src="../jsfNote.inc.qhelp" />
<p>
This query highlights return statements that return pointers to an object allocated on the stack. The lifetime
@@ -18,7 +18,7 @@ memory after the function has already returned will have undefined results.
<!-- Mention how the results could be probabilistic (uses pointsto) -->
<include src="../../Critical/pointsToWarning.qhelp" />
<include src="../../Critical/pointsToWarning.inc.qhelp" />
</overview>
<recommendation>

2
cpp/ql/src/jsf/4.13 Functions/AV Rule 114.qhelp
View File

@@ -12,7 +12,7 @@ calling convention for x86, it would be whatever value was in the AX/EAX registe
assuming the function had a non-float return type that can fit in a machine word.
</p>
<include src="../../Critical/dataFlowWarning.qhelp" />
<include src="../../Critical/dataFlowWarning.inc.qhelp" />
<!--/*FALSEPOSITIVE_WARNING*/-->

2
cpp/ql/src/jsf/4.15 Declarations and Definitions/AV Rule 135.qhelp
View File

@@ -7,7 +7,7 @@
<overview>
<!-- Mention that this rule may not be applicable in projects that don't follow the JSF standard. -->
<include src="../jsfNote.qhelp" />
<include src="../jsfNote.inc.qhelp" />
<p>
This query highlights identifiers in an inner scope that hide (have the same name as) an identifier in an outer scope.

2
cpp/ql/src/jsf/4.15 Declarations and Definitions/AV Rule 140.qhelp
View File

@@ -7,7 +7,7 @@
<overview>
<!-- Mention that this rule may not be applicable in projects that don't follow the JSF standard. -->
<include src="../jsfNote.qhelp" />
<include src="../jsfNote.inc.qhelp" />
<p>
This query highlights variables with the <code>register</code> storage class specifier. Modern compilers are now capable of

2
cpp/ql/src/jsf/4.17 Types/AV Rule 147.qhelp
View File

@@ -7,7 +7,7 @@
<overview>
<!-- Mention that this rule may not be applicable in projects that don't follow the JSF standard. -->
<include src="../jsfNote.qhelp" />
<include src="../jsfNote.inc.qhelp" />
<p>
This query highlights portions of code that can expose the floating point implementation of the underlying

2
cpp/ql/src/jsf/4.18 Constants/AV Rule 151.1.qhelp
View File

@@ -7,7 +7,7 @@
<overview>
<!-- Mention that this rule may not be applicable in projects that don't follow the JSF standard. -->
<include src="../jsfNote.qhelp" />
<include src="../jsfNote.inc.qhelp" />
<p>
This query highlights string literals that are assigned to a non-<code>const</code> variable. String literals

2
cpp/ql/src/jsf/4.20 Unions and Bit Fields/AV Rule 154.qhelp
View File

@@ -7,7 +7,7 @@
<overview>
<!-- Mention that this rule may not be applicable in projects that don't follow the JSF standard. -->
<include src="../jsfNote.qhelp" />
<include src="../jsfNote.inc.qhelp" />
<p>
This query finds bit fields with members that are not explicitly declared to be unsigned.

2
cpp/ql/src/jsf/4.21 Operators/AV Rule 165.qhelp
View File

@@ -7,7 +7,7 @@
<overview>
<!-- Mention that this rule may not be applicable in projects that don't follow the JSF standard. -->
<include src="../jsfNote.qhelp" />
<include src="../jsfNote.inc.qhelp" />
<p>
This query finds unsigned values that are being negated. Behavior is undefined in such cases.

2
cpp/ql/src/jsf/4.24 Control Flow Structures/AV Rule 189.qhelp
View File

@@ -6,7 +6,7 @@
<overview>
<!-- Mention that this rule may not be applicable in projects that don't follow the JSF standard. -->
<include src="../jsfNote.qhelp" />
<include src="../jsfNote.inc.qhelp" />
<p>Use of goto statements makes code more difficult to understand and maintain. Consequently, the use
of goto statements is deprecated except as a mechanism for breaking out of multiple nested loops.

0
cpp/ql/src/jsf/jsfNote.qhelp → cpp/ql/src/jsf/jsfNote.inc.qhelp
View File