hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
11,886 Commits 1,671 Branches 157 Tags
codeql-cli-2.1.4-cloudbuild
Commit Graph

130 Commits

Author SHA1 Message Date
Jonas Jensen
718f4cd3f9 C++: Speed up SuspiciousAddWithSizeof select 
This `select` clause had become very slow after we started caching
`ElementBase::toString` because the query used string concatenation to
produce alert messages, and those string concatenations were done very
early in the pipeline, producing lots of strings that would be discarded
moments later.

By using `$@` to interpolate elements into strings, the concatenation is
done outside of QL.

Testing on a Chromium snapshot, this commit takes us from

    #select#ff ................ 6m2s

to

    #select#cpe#134#fff ....... 15.2s
 2020-04-24 16:18:18 +02:00
Geoffrey White
2aa64db40e Merge remote-tracking branch 'upstream/rc/1.24' into alloc-size2 2020-04-15 10:09:54 +01:00
Geoffrey White
a7979fdc12 C++: Base results purely on allocations now, not multiplications by a sizeof. 2020-04-09 15:05:29 +01:00
Geoffrey White
febbbc4423 C++: Additional test cases. 2020-04-09 15:03:35 +01:00
Robert Marsh
c38ccaaab6 Merge branch 'master' into rdmarsh/cpp/ir-flow-through-outparams 2020-04-08 12:32:35 -07:00
Geoffrey White
66a0b7884e Merge branch 'master' into alloc-size 2020-04-07 17:12:35 +01:00
Jonas Jensen
58366b19e9 C++: Path explanations in the last two queries 
For some reason I thought that these two queries were special because
they manipulate `SecurityOptions` to change the taint-tracking sources.
It turns out it was just the opposite: the queries used to be special
because they invalidated the cache for the `tainted` predicate, but that
predicate is no longer used, so these queries are no longer special.
 2020-04-04 16:47:06 +02:00
Jonas Jensen
54a23a486a C++: Accept test changes for 108d5177b8 2020-04-04 16:46:59 +02:00
Jonas Jensen
5822cd7b84 C++: Put paths in the remaining LGTM-suite queries 2020-04-03 17:10:47 +02:00
Jonas Jensen
3ec1f691c2 C++: First query with flow-paths through globals 2020-04-03 16:45:00 +02:00
Jonas Jensen
469bdae9b2 C++: More helpful toString for def. by ref. node 2020-04-03 16:37:23 +02:00
Jonas Jensen
36da2d1dae C++: Manipulate the source end of paths too 
Without this, we get duplicate alerts in some cases and
unnatural-looking source nodes in other cases. The source nodes were
often `Conversion`s.
 2020-04-03 16:37:23 +02:00
Jonas Jensen
207c76b855 C++: Path explanations in DefaultTaintTracking 
The first three queries are migrated to use path explanations.
 2020-04-01 20:51:05 +02:00
Robert Marsh
59a81d8445 C++: merge from master and accept test changes 2020-03-18 13:47:01 -07:00
Geoffrey White
034f7cc948 Merge branch 'master' into model-gets 2020-03-16 15:12:36 +00:00
Geoffrey White
f4a1b41094 C++: Correct hasUpperBoundsCheck. 2020-03-12 15:45:01 +00:00
Geoffrey White
26ed560bd7 C++: Add new test cases. 2020-03-12 15:45:01 +00:00
Geoffrey White
263e51f72e C++: Clean up the test. 2020-03-12 15:45:00 +00:00
Robert Marsh
bba6b23019 Merge branch 'master' into rdmarsh/cpp/ir-flow-through-outparams 2020-03-10 11:12:19 -07:00
Jonas Jensen
28a9baba36 Merge pull request #3026 from MathiasVP/simplerangeanalysis-const-var-access 
C++: Handle constant variable accesses in SimpleRangeAnalysis.qll
 2020-03-10 11:22:33 +01:00
Mathias Vorreiter Pedersen
1a5282ae21 C++: Add testcase that previously resulted in a false positive 2020-03-09 22:33:59 +01:00
Mathias Vorreiter Pedersen
3973a50c9b C++: Add testcase for cpp/uncontrolled-allocation-size 2020-03-04 15:51:14 +01:00
Robert Marsh
4333fe7905 Merge branch 'master' into rdmarsh/cpp/ir-flow-through-outparams 2020-02-26 13:15:27 -08:00
Geoffrey White
4af0193c98 C++: Modify the argvlocal tests. 2020-02-24 16:51:47 +00:00
Geoffrey White
9f271949d5 C++: Adjust layout of the argvlocal test. 2020-02-24 15:52:31 +00:00
Geoffrey White
a0e839d3f1 C++: Block duplicate taint results from 'gets' and other functions. 2020-02-24 11:53:22 +00:00
Geoffrey White
e683f6113d C++: Model 'gets'. 2020-02-24 11:27:35 +00:00
Robert Marsh
ff876aaedf C++: Accept test output with IR enabled 2020-02-18 09:48:21 -08:00
Jonas Jensen
a59c0facee C++: Accept test changes for IR libs 
This is for the tests in the ql repo. There are also changed tests in
the internal repo.
 2020-02-15 21:12:20 +01:00
Geoffrey White
75a50a1714 C++: Understand formatting function varargs as needing null termination. 2020-02-11 15:25:59 +00:00
Geoffrey White
2f290bd528 C++: Additional test cases. 2020-02-11 15:25:59 +00:00
Geoffrey White
851c1134f3 C++: Add 'strlen' back. 2020-02-06 10:17:37 +00:00
Geoffrey White
860d0aa42f C++: Remove single argument functions. 2020-02-06 10:17:37 +00:00
Geoffrey White
95c77ca3c6 C++: Update comment. 2020-02-06 10:17:37 +00:00
Geoffrey White
1d46971bb7 C++: Add an ArrayFunction model to FormattingFunction. 2020-01-28 08:46:46 +00:00
Geoffrey White
fcdb20d1fc C++: Move the SuspiciousCallToStrncat test to the expected location. 2020-01-23 11:05:46 +00:00
Geoffrey White
f4f0f6d93e C++: Merge the StrncpyFlippedArgs tests. 2020-01-23 11:05:46 +00:00
Geoffrey White
3aa66f5aca C++: Merge the OverflowStatic tests. 2020-01-23 11:05:46 +00:00
Geoffrey White
200545d88c CPP: Add detail to the model. 2020-01-17 18:56:21 +00:00
Geoffrey White
3895a7e1f0 CPP: Queries: Improve NoSpaceForZeroTerminator query. 2019-11-22 15:27:08 +00:00
Geoffrey White
5f798314d1 CPP: Tests: NoSpaceForZeroTerminator test cases for calloc and realloc. 2019-11-22 15:18:59 +00:00
Geoffrey White
a2c0532a84 CPP: Tests: CWE-120 test cases for calloc, realloc and new. 2019-11-22 15:16:32 +00:00
Geoffrey White
bbe6a1aa76 CPP: Additional test case. 2019-11-22 15:13:05 +00:00
Geoffrey White
e6ea705ff2 CPP: Switch from a blacklist to whitelist approach for determining null termination. 2019-11-20 15:34:38 +00:00
Geoffrey White
fbd9d9bdab CPP: Add a test case involving the std::string constructor. 2019-11-20 15:20:21 +00:00
Geoffrey White
6fc9cc5952 CPP: Add a test case using 'new'. 2019-11-20 14:27:19 +00:00
Geoffrey White
57c7a87af9 CPP: Add tests with different proof of zero-termination. 2019-11-20 14:27:19 +00:00
Geoffrey White
3c9fe91581 CPP: Add proof of zero-termination to tests. 2019-11-20 14:27:19 +00:00
Geoffrey White
c40c88ec4b CPP: Add test cases for ConditionallyUninitializedVariables.ql. 2019-10-28 18:43:00 +00:00
Jonas Jensen
655f940085 C++: Accept changes in CWE-{119,120} tests 
These new results seem better than the previous ones, but the previous
ones are still there. Perhaps the `Buffer.qll` library could use some
adjustment, but this seems like an improvement in isolation.
 2019-09-17 13:16:36 +02:00