hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
74,247 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.1
Commit Graph

5370 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
428e357488 C++: Add testcase demonstrating false positive 2020-01-07 11:41:48 +01:00
Mathias Vorreiter Pedersen
9ed1510a8c C++: Improved query precision using SimpleRangeAnalysis 2020-01-06 14:16:52 +01:00
Mathias Vorreiter Pedersen
e926966e73 C++: Added more tests 2020-01-03 14:08:12 +01:00
Mathias Vorreiter Pedersen
cea78879b2 C++: Rename variables in tests to reflect their types 2020-01-03 14:07:19 +01:00
Mathias Vorreiter Pedersen
7dbb191531 C++: Improve query precision 2020-01-02 15:53:22 +01:00
Mathias Vorreiter Pedersen
cfb839a8f9 C++: Add test demonstrating the false positive 2020-01-02 15:48:01 +01:00
Jonas Jensen
618bf2e29e C++: IR data flow through total chi operands 2019-12-27 11:44:41 +01:00
Jonas Jensen
64c79bf9e1 C++: Deprecate UninitializedNode in IR data flow 
It's not used outside of tests, and it's not useful. It will break the
tests when we start allowing flow through chi nodes.
 2019-12-27 11:21:33 +01:00
Dave Bartolomeo
5b5d2f2b67 Merge pull request #2154 from rdmarsh2/rdmarsh/cpp/ir-callee-side-effects 
C++: add InitializeIndirection for pointer params
 2019-12-20 13:13:54 -07:00
Jonas Jensen
939979ddef Merge branch 'master' into overflowcalc 2019-12-19 14:12:00 +01:00
Jonas Jensen
4fffaabab9 Merge pull request #2551 from MathiasVP/argument-suppresion-c89-style 
C++: Alert suppression through single-line /* */ style comments
 2019-12-19 13:19:49 +01:00
Mathias Vorreiter Pedersen
30822f1d98 C++: Alert suppresion through single-line /* */ style comments 2019-12-19 09:10:09 +01:00
Jonas Jensen
e7283afa3e Merge pull request #2531 from dbartol/dbartol/MissingToString 
C++: Fix `toString()` predicates that don't hold
 2019-12-18 19:09:48 +01:00
Jonas Jensen
66d49a4a8a Merge pull request #2546 from MathiasVP/arguments-source-qltest 
C++: Added test for 333d0a69
 2019-12-18 09:11:11 +01:00
Robert Marsh
e209ed961a Merge branch 'master' into rdmarsh/cpp/ir-callee-side-effects 2019-12-17 15:11:02 -08:00
Dave Bartolomeo
240823019a Merge remote-tracking branch 'upstream/master' into dbartol/MissingToString 2019-12-17 11:50:36 -07:00
Mathias Vorreiter Pedersen
1d3ee71f73 C++: Added test for 333d0a69 2019-12-17 13:54:41 +01:00
Geoffrey White
0da826f0c3 Merge branch 'master' into overflowcalc 2019-12-16 13:48:38 +00:00
Geoffrey White
0a1fa08488 Update cpp/ql/test/library-tests/files/Files.ql 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2019-12-16 13:38:36 +00:00
Geoffrey White
f990634481 C++: Fix the XMLParent Constructor. 2019-12-16 11:07:16 +00:00
Geoffrey White
a6407f00a7 C++: Extend the files test to cover the issue with XMLParent. 2019-12-16 11:07:12 +00:00
Geoffrey White
c4c1dfa2b9 C++: Modernize the files tests. 2019-12-16 11:07:07 +00:00
Dave Bartolomeo
914288d3c5 C++: Fix toString() predicates that don't hold 2019-12-13 17:06:05 -07:00
Henning Makholm
6bdf186d1e C tests: generalize arguments tests 
With the coming `codeql test` support, the `predefined_macros` file will not
necessarily be located under a `tools` directory. Change the test to hide more
of its actual path, so it will work in both cases.
 2019-12-06 01:21:17 +01:00
Dave Bartolomeo
cbb6797ca8 Merge from master and resolve conflicts 2019-12-04 10:14:52 -07:00
Dave Bartolomeo
50dc5e2ba3 Merge pull request #2438 from rdmarsh2/rdmarsh/ir-line-number-ids 
C++/C#: use line numbers for instruction IDs
 2019-12-03 18:48:28 -08:00
Geoffrey White
2faae4dcb1 CPP: Autoformat. 2019-12-03 09:00:43 +00:00
Dave Bartolomeo
acc3d23877 Clarify comment 2019-12-02 11:53:43 -08:00
Jonas Jensen
763b18cd11 Merge remote-tracking branch 'upstream/master' into StackVariable 
Conflicts:
      change-notes/1.24/analysis-cpp.md
      cpp/ql/src/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql
 2019-11-28 17:51:20 +01:00
Dave Bartolomeo
aa6bd07971 Merge remote-tracking branch 'upstream/master' into dbartol/May-Must 2019-11-26 14:07:13 -07:00
Robert Marsh
e368d5dda0 C++: simplify getDisplayOrderInBlock 2019-11-26 16:02:30 -05:00
Jonas Jensen
c05cc77a91 Merge pull request #2421 from dbartol/dbartol/IndirectAlias 
C++/C#: Cleanup in preparation for indirect alias analysis
 2019-11-26 21:59:17 +01:00
Dave Bartolomeo
f3b4140948 C++/C#: Consistent handling of "may" vs. "must" memory accesses 
In the IR, some memory accesses are "must" accesses (the entire memory location is always read or written), and some are "may" accesses (some, all, or none of the bits in the location are written). We previously had to special case specific "may" accesses in a few places. This change regularizes our handling of "may" accesses.

The `MemoryAccessKind` enumeration now describes only the extent of the access (the set of locations potentially accessed), but does not distinguish "must" from "may". The new predicates `Operand.hasMayMemoryAccess()` and `Instruction.hasResultMayMemoryAccess()` hold when the access is a "may" access.

Unaliased SSA now correctly ignores variables that are ever accessed via a "may" access.

Aliased SSA now distinguishes `MemoryLocation`s for "may" and "must" accesses. I've refactored `getOverlap()` into the core `getExtentOverlap()`, which considers only the extent, but not the "may" vs. "must", and `getOverlap()`, which tweaks the result of `getExtentOverlap()` based on "may" vs. "must" and read-only locations.

When determining the overlap between a `Phi` operand and its definition, we now use the result of the defining `Chi` instruction, if one exists. This gives exact definitions for `Phi` operands for virtual variables.
 2019-11-26 12:13:07 -07:00
Jonas Jensen
b1745f588c Merge pull request #2402 from geoffw0/nospace 
CPP: Make NoSpaceForZeroTerminator.ql more conservative.
 2019-11-26 13:36:05 +01:00
Robert Marsh
60b384a6e5 C++/C#: use line numbers for instruction IDs 
This should reduce the number of merge conflicts in the IR tests resulting
from instruction ID changes due to inserting or removing instructions
 2019-11-25 18:27:59 -05:00
Dave Bartolomeo
44c1c5a7ab C++: Update points_to.ql test to use new bit offset format 2019-11-25 11:13:02 -07:00
Jonas Jensen
8f3998915b Merge pull request #2376 from geoffw0/qhelpms2 
CPP: Recommendations and examples for TlsSettingsMisconfiguration.qhelp and UseOfDeprecatedHardCodedProtocol.qhelp
 2019-11-25 08:17:32 +01:00
Dave Bartolomeo
eda47bfc51 C++: Add SSA sanity tests to IR tests 2019-11-22 16:10:51 -07:00
Dave Bartolomeo
51ff262cbc C++/C#: Add IR SSA sanity tests 2019-11-22 13:16:05 -07:00
Geoffrey White
e274e01432 CPP: More consistency. 2019-11-22 16:08:00 +00:00
Geoffrey White
8fc59ebac4 CPP: I believe these BUG labels were incorrect. 2019-11-22 16:07:59 +00:00
Geoffrey White
a1b603e73c CPP: Add the examples to the test. 2019-11-22 16:07:59 +00:00
Geoffrey White
3895a7e1f0 CPP: Queries: Improve NoSpaceForZeroTerminator query. 2019-11-22 15:27:08 +00:00
Geoffrey White
3c9432d7b7 CPP: Queries: Improve OverflowCalculated query. 2019-11-22 15:19:00 +00:00
Geoffrey White
5f798314d1 CPP: Tests: NoSpaceForZeroTerminator test cases for calloc and realloc. 2019-11-22 15:18:59 +00:00
Geoffrey White
a2c0532a84 CPP: Tests: CWE-120 test cases for calloc, realloc and new. 2019-11-22 15:16:32 +00:00
Geoffrey White
d67ea4d768 CPP: Tests: AV Rule 79 test cases for calloc, realloc and new. 2019-11-22 15:16:32 +00:00
Geoffrey White
7190dd2ef4 CPP: Tests: Rearrange a test prior to changes. 2019-11-22 15:16:32 +00:00
Geoffrey White
5014432472 CPP: Tests: Add a test of NewArrayExpr.getAllocatedType() and NewArrayExpr.getExtent(). 2019-11-22 15:16:32 +00:00
Geoffrey White
bbe6a1aa76 CPP: Additional test case. 2019-11-22 15:13:05 +00:00