hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,671 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

5704 Commits

Author SHA1 Message Date
Robert Marsh
5dd8c9cd4e C++: revert InlineAsm subclassing SideEffectOpcode 2019-05-31 13:28:26 -07:00
Robert Marsh
2770b2a9b9 C++: respond to PR comments 2019-05-31 13:19:40 -07:00
Robert Marsh
98d6f5919f C++: Treat asmStmt operands as input/output in IR 2019-05-31 12:51:44 -07:00
Robert Marsh
66d1efdb97 C++: respond to PR comments 2019-05-31 12:42:04 -07:00
Robert Marsh
23560436a7 C++: add minimal AsmStmt support to IR 2019-05-31 12:29:19 -07:00
semmle-qlci
3851261230 Merge pull request #1378 from jbj/hasQualifiedName-inline-namespace 
Approved by dave-bartolomeo
 2019-05-31 19:39:42 +01:00
semmle-qlci
d741e0b20c Merge pull request #1382 from jbj/redundant-null-check-gvn 
Approved by dave-bartolomeo
 2019-05-31 16:28:01 +01:00
Jonas Jensen
a61aec9e63 C++: Fix ValueNumbering for CopyInstruction 
Querying for overlap type wasn't possible when this library was first
written. This change fixes FPs in `RedundantNullCheckSimple.ql` on
Wireshark and other real-world projects.
 2019-05-30 09:42:46 +02:00
Jonas Jensen
120df6054b C++: Demonstrate a FP due to GVN 2019-05-30 09:41:42 +02:00
Jonas Jensen
2e7daf2308 C++: Use GVN in RedundantNullCheckSimple 2019-05-30 09:41:42 +02:00
Dave Bartolomeo
aff85c5b24 C++: IR support for range-based for loops 
IR construction was missing support for C++ 11 range-based `for` loops. The extractor generates ASTs for the compiler-generated implementation already, so I had enough information to generate IR. I've expanded on some of the predicates in `RangeBasedForStmt` to access the desugared information.

One complication was that the `DeclStmt`s for the compiler-generated variables seem to have results for `getDeclaration()` but not for `getDeclarationEntry()`. This required handling these slightly differently than we do for other `DeclStmt`s.

The flow for range-based `for` is actually easier than for a regular `for`, because all three components (init, condition, and update) are always present.
 2019-05-29 14:40:29 -07:00
Jonas Jensen
df4c57648c C++: Support inline namespaces in hasQualifiedName 2019-05-29 15:22:42 +02:00
Jonas Jensen
4bb65fddf7 C++: Test that hasQualifiedName/3 ignores inline 2019-05-29 15:22:42 +02:00
Geoffrey White
34444ace8b CPP: Update the query name and description. 2019-05-29 10:35:49 +01:00
Geoffrey White
9da2ead1f7 CPP: Remove redundant tests. 2019-05-29 10:35:49 +01:00
Geoffrey White
fc5e7e5e91 CPP: Test the new query. 2019-05-29 10:35:48 +01:00
Geoffrey White
88f363d564 CPP: Update the ql, qhelp and example. 2019-05-29 10:35:48 +01:00
Geoffrey White
574a1d8501 Merge pull request #1037 from kevinbackhouse/RangeAnalysisAssignAddOverflow 
Better overflow detection for AssignAdd/AssignSub
 2019-05-29 09:54:06 +01:00
Jonas Jensen
b0a7f207e4 Merge pull request #1343 from rdmarsh2/rdmarsh/cpp/getUnspecifiedType 
C++: add getUnspecifiedType() for exprs and decls
 2019-05-28 20:10:28 +01:00
Geoffrey White
170691b467 CPP: Comment as suggested. 2019-05-24 16:16:45 +01:00
Geoffrey White
6bac1e6e99 CPP: Accept CWE-190 test change. 2019-05-24 16:16:45 +01:00
Ziemowit Laski
46b6eac955 [CPP-370] An .expected file is mismatched again. Not sure why 
this is happening.
 2019-05-22 09:08:44 -07:00
Denis Levin
1b8117ba3a C++: Mishandling Japanese Era and Leap Year in calculations 2019-05-21 14:49:40 -07:00
Ian Lynagh
6a77ac8a13 C++: Follow extractor changes for 0136 2019-05-21 17:07:21 +01:00
Ziemowit Laski
81bfbc250f [CPP-370] Forgot to update an .expected file. 2019-05-21 07:08:13 -07:00
Ziemowit Laski
ae55b7b643 [CPP-370] Add new test file for testing procedurally nested format 
argument violations.
 2019-05-21 07:08:13 -07:00
Ziemowit Laski
92054e2481 [CPP-370] Reformat test cases so that the .expect files line up with what was 
checked in initially.  Check for DataFlow::DefinitionByReferenceNode
          when computing isSource() for our taint analysis.
 2019-05-21 06:54:41 -07:00
Ziemowit Laski
098b6543f5 [CPP-370] Rewrite of NonConstantFormat.ql using the taint tracking library. 2019-05-21 06:51:47 -07:00
Ziemowit Laski
d8b8dda439 [CPP-370] First attempt at isAdditionalFlowStep(). 2019-05-21 06:45:52 -07:00
Ziemowit Laski
dbec17f85b [CPP-370] Tentative implementation of NonConstantFormat.ql using the global 
DataFlow library.  This is intended solely for further discussion.
 2019-05-21 06:23:51 -07:00
Ziemowit Laski
6025c03857 [CPP-370] Add nested.cpp test case, for nested calls to ...printf functions. 2019-05-21 06:21:12 -07:00
Ziemowit Laski
8faf95ec84 [CPP-370] Tentatively modify CWE consts.cpp file to play nice with the dataflow library. 2019-05-21 06:21:12 -07:00
Ziemowit Laski
b205951e6d [CPP-370] Reformat test cases so that the .expect files line up with what was 
checked in initially.  Check for DataFlow::DefinitionByReferenceNode
          when computing isSource() for our taint analysis.
 2019-05-21 06:18:31 -07:00
Ziemowit Laski
ed67c9fd5a [CPP-370] Rewrite of NonConstantFormat.ql using the taint tracking library. 2019-05-21 06:18:31 -07:00
Ziemowit Laski
fae55d5493 [CPP-370] First attempt at isAdditionalFlowStep(). 2019-05-21 06:18:30 -07:00
Ziemowit Laski
775861c386 [CPP-370] Minor textual tweaks. 2019-05-21 06:18:30 -07:00
Ziemowit Laski
de10598dd6 [CPP-370] NonConstantFormat.expected changed for some reason. 2019-05-21 06:18:30 -07:00
Ziemowit Laski
ffddc5bff6 [CPP-370] Update the NonConstantFormat.expected result template. 2019-05-21 06:18:30 -07:00
Ziemowit Laski
0c86d4c112 [CPP-370] Tentative implementation of NonConstantFormat.ql using the global 
DataFlow library.  This is intended solely for further discussion.
 2019-05-21 06:18:30 -07:00
Robert Marsh
e899120270 C++: replace getType().getUnspecifiedType() 2019-05-20 15:08:28 +01:00
Robert Marsh
14795863e2 Merge pull request #1303 from jbj/hasQualifiedName 
C++: Fix `getQualifiedName` performance issues
 2019-05-15 12:42:57 -07:00
Jonas Jensen
662d55fd72 C++: Add tests for qualified names 2019-05-06 10:58:05 +02:00
Jonas Jensen
93658038bc C++: Use a smaller double literal in test 
This number got rounded differently on Linux and Windows, causing the
Windows test to fail.
 2019-05-03 09:06:10 +02:00
Dave Bartolomeo
34a422c756 C++: Accept test output after value category extractor fix 2019-05-02 11:18:10 -07:00
Dave Bartolomeo
ad966e4bd4 C++: Accept test diffs after imprecise use format change 2019-05-02 11:18:09 -07:00
Dave Bartolomeo
fef58ec1ee C++: Add "~" prefix to inexact uses 2019-05-02 11:18:09 -07:00
Dave Bartolomeo
ff12ed145e C++: Update test expectations after StmtExpr changes 2019-05-02 11:18:09 -07:00
Dave Bartolomeo
95a62beb7a C++: Update test expectations due to better dataflow analysis 2019-05-02 11:18:09 -07:00
Dave Bartolomeo
e0f7344676 C++: Imprecise definitions in SSA 2019-05-02 11:18:08 -07:00
Dave Bartolomeo
9726428bcc C++: More SSA test cases 2019-05-02 11:18:08 -07:00