hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 02:13:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
11,869 Commits 1,671 Branches 157 Tags
adityasharad/1.24.0/cpp-large-variable-10k
Commit Graph

3581 Commits

Author SHA1 Message Date
Geoffrey White
a0e839d3f1 C++: Block duplicate taint results from 'gets' and other functions. 2020-02-24 11:53:22 +00:00
Geoffrey White
06e649fc30 C++: Add support for fgetws. 2020-02-24 11:47:32 +00:00
Geoffrey White
5afebc8418 C++: Autoformat. 2020-02-24 11:40:47 +00:00
Geoffrey White
c45bf90e98 Update cpp/ql/src/semmle/code/cpp/models/implementations/Gets.qll 
Co-Authored-By: Jonas Jensen <jbj@github.com>
 2020-02-24 11:36:09 +00:00
Geoffrey White
e683f6113d C++: Model 'gets'. 2020-02-24 11:27:35 +00:00
Geoffrey White
8dcd46f9e7 C++: Add a taint test for gets. 2020-02-24 11:25:28 +00:00
Mathias Vorreiter Pedersen
ed430ce855 C++/C#: Bind parameter in new case. 2020-02-24 09:12:14 +01:00
Mathias Vorreiter Pedersen
af364e66fc C++/C#: Move sanity check inside InstructionSanity module and accept tests 2020-02-23 20:53:49 +01:00
Dave Bartolomeo
170331b105 C++: Better fix for void type on buffer access 
Fixes issue https://github.com/github/codeql-c-analysis-team/issues/20

This change undoes the workaround in https://github.com/Semmle/ql/pull/2736, and replaces it with a fix for the underlying cause. The problem was that the IR construction code for side effects incorrectly assumed that `BufferAccessOpcode` included `SizedBufferAccessOpcode`. I think that was actually a perfectly reasonable assumption to make, so I changed the `Opcode` hierarchy to make it true.
 2020-02-21 18:46:32 -07:00
Mathias Vorreiter Pedersen
d9753b0ca5 C++/C#: Accept test output after adding sanity check to Instruction.qll 2020-02-21 15:09:53 +01:00
Geoffrey White
ad45a4b079 Merge pull request #2890 from nickrolfe/range_based_for 
C++: add more extensive test for desugaring of range-based-for loops
 2020-02-21 09:31:34 +00:00
Anders Schack-Mulligen
771cb754c2 Merge pull request #2822 from hvitved/dataflow/node-cand-simple-call-context 
Data flow: Track simple call contexts in `nodeCand[Fwd]1`
 2020-02-21 10:02:06 +01:00
Tom Hvitved
0cc3218115 Merge pull request #2872 from aschackmull/dataflow/pathstep-localflow-join 
Java/C++/C#: Improve join-order in pathStep predicate
 2020-02-21 09:39:17 +01:00
Mathias Vorreiter Pedersen
780010d8f9 C++/C#: Sync identical files 2020-02-20 22:15:06 +01:00
Mathias Vorreiter Pedersen
6c08783158 C++: Accept output 2020-02-20 22:13:37 +01:00
Mathias Vorreiter Pedersen
4545ad0f93 C++: Add sanity check to Instruction.qll 2020-02-20 22:09:02 +01:00
Mathias Vorreiter Pedersen
76e5bd59df C++: Change edge to DefaultEdge 2020-02-20 22:08:16 +01:00
Tom Hvitved
a772b82fea Address review comments 2020-02-20 19:48:49 +01:00
Nick Rolfe
46b226e0c5 C++: add more extensive test for desugaring of range-based-for loops 2020-02-20 16:15:22 +00:00
Mathias Vorreiter Pedersen
c5f38eecfe C++: Fix IR generation and accept output 2020-02-20 15:37:02 +01:00
Mathias Vorreiter Pedersen
051d574ffd C++: Add switch testcases demonstrating incorrect IR 2020-02-20 15:31:44 +01:00
Jonas Jensen
97035aeb63 Merge pull request #2848 from geoffw0/model-sideeffects 
C++: Disambiguate SideEffectFunction QLDoc.
 2020-02-20 10:30:53 +01:00
Robert Marsh
bed6d2b225 Merge branch 'master' into rdmarsh/cpp/malloc-alias-locations 2020-02-19 16:44:13 -08:00
Dave Bartolomeo
4f1a23e248 "Fix" spelling 2020-02-19 15:57:31 -07:00
Dave Bartolomeo
5263222dc2 "Fix" spelling 2020-02-19 15:57:19 -07:00
Robert Marsh
de66841263 Merge pull request #2873 from geoffw0/fixasttest2 
C++: Fix another test that should be working on the AST dataflow.
 2020-02-19 14:13:44 -08:00
Robert Marsh
82f2540dde Merge pull request #2871 from geoffw0/fixasttest 
C++: Fix a test that should be working on the AST dataflow.
 2020-02-19 10:55:13 -08:00
Anders Schack-Mulligen
91166431d2 Java/C++/C#: s/Callable/DataFlowCallable/ 2020-02-19 17:23:01 +01:00
Jonas Jensen
1d2d8729b8 Merge pull request #2839 from MathiasVP/sync-ir-valuenumbering-internals 
C++/C#: Fix sync config file for value numbering sharing
 2020-02-19 16:57:16 +01:00
Geoffrey White
89bbb975f9 C++: Effects on tests. 2020-02-19 14:52:49 +00:00
Geoffrey White
4e2a45cd3e C++: Correct SideEffectFunction model for PureStrFunction. 2020-02-19 14:38:43 +00:00
Geoffrey White
22cba0f26e C++: Delete TODO. 2020-02-19 14:38:43 +00:00
Geoffrey White
5f7085937e C++: Improve the SideEffect library QLDoc. 2020-02-19 14:38:43 +00:00
Geoffrey White
c014ca6ed7 C++: Rename some tests for clarity / less emphasis on the AST. 2020-02-19 14:33:57 +00:00
Geoffrey White
3e49e12126 C++ Repair GlobalValueNumbering (AST) test. 2020-02-19 14:28:46 +00:00
Anders Schack-Mulligen
c6016bb08c Java/C++/C#: Improve join-order in pathStep predicate 2020-02-19 14:47:39 +01:00
Geoffrey White
df29143b7e C++: Fix a test that should be working on the AST dataflow. 2020-02-19 13:02:24 +00:00
Mathias Vorreiter Pedersen
59a19679ea C++/C#: Sync identical files after merge 2020-02-19 11:06:00 +01:00
Mathias Vorreiter Pedersen
bbcc1e1c37 Merge branch 'master' into sync-ir-valuenumbering-internals 2020-02-19 10:43:48 +01:00
Mathias Vorreiter Pedersen
3a05a82c1d C++: Accept output 2020-02-19 10:35:03 +01:00
Mathias Vorreiter Pedersen
246ef694f6 Merge branch 'master' into gvn-use-impl 2020-02-19 10:29:46 +01:00
Robert Marsh
ff876aaedf C++: Accept test output with IR enabled 2020-02-18 09:48:21 -08:00
Robert Marsh
adfe5f30a1 Merge branch 'master' into rdmarsh/cpp/ir-flow-through-outparams 2020-02-18 08:42:27 -08:00
Mathias Vorreiter Pedersen
cc4c780573 Merge pull request #2860 from jbj/isInCycle-neighbors 
C++: Manual magic for `isInCycle`
 2020-02-18 17:41:19 +01:00
Robert Marsh
aaf6926c34 Merge pull request #2851 from jbj/ir-enable-only 
C++: Use IR for security.TaintTracking and GVN
 2020-02-18 11:37:34 -05:00
Mathias Vorreiter Pedersen
4cad5549ee C++: Directly import AST GVN module in tests 2020-02-18 12:21:14 +01:00
Jonas Jensen
0d239e8bd2 C++: Manual magic for isInCycle 
The `isInCycle` predicate would take a long time on Wireshark with 6GB
RAM, sometimes OOMing in the fastTC HOP. Analyzing wireshark with 6GB is
important because that's the standard configuration on our Jenkins
workers. With this commit, I can analyze Wireshark with 6GB on my
laptop.

The `getNonPhiOperandDef` predicate on Wireshark is 34M tuples, while
`getDefIfHasNeighbors` is 11M tuples, and the TC of
`getDefIfHasNeighbors` is 23M tuples (487 MB).
 2020-02-18 08:33:43 +01:00
Tom Hvitved
a695b567ec Data flow: Sync files 2020-02-17 19:39:52 +01:00
semmle-qlci
ecad925101 Merge pull request #2631 from hvitved/dataflow/generalize-flow-summaries 
Approved by aschackmull
 2020-02-17 18:22:46 +00:00
Tom Hvitved
0e7838aca5 Data flow: Sync files 2020-02-17 15:08:26 +01:00