hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
74,247 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.1
Commit Graph

5370 Commits

Author SHA1 Message Date
Ziemowit Laski
62b030d27f [CPP-340] Add a fourth query, ArgumentsToImplicit.ql, to deal strictly with implicitly declared 
functions.  TooManyArguments.ql will now deal with explicitly declared/prototyped functions.
 2019-04-18 17:56:41 -07:00
Robert Marsh
c6f01265be Merge pull request #1263 from geoffw0/bufferoverflowqueries 
CPP: Resolve overlap between OverflowCalculated.ql and NoSpaceForZeroTerminator.ql
 2019-04-18 13:21:57 -04:00
Geoffrey White
57a4e52b47 CPP: Remove the overlap between these two queries. 2019-04-18 10:33:33 +01:00
Geoffrey White
ca6ba36d87 CPP: Unify and improve the MallocCall classes. 2019-04-18 10:30:18 +01:00
Geoffrey White
1ba8364c3b CPP: Add more test cases. 2019-04-18 10:28:34 +01:00
Geoffrey White
8856442f7f CPP: Add NoSpaceForZeroTerminator to the OverflowCalculated test. 2019-04-18 09:19:44 +01:00
Geoffrey White
12650f85c5 CPP: Rename a test file. 2019-04-18 09:16:55 +01:00
Nick Rolfe
bf204ecdf8 C++: update expected extractor arguments to match qltest runner changes 2019-04-17 12:30:04 +01:00
Robert Marsh
09d0548c81 Merge pull request #1237 from geoffw0/commentedoutcode2 
CPP: Fix FPs from detecting commented out preprocessor logic
 2019-04-16 10:31:42 -07:00
Geoffrey White
2d15163e30 CPP: Test of a comment inside #if 0. 2019-04-16 15:37:21 +01:00
Ziemowit Laski
b58f414ede [CPP-340] Add more test case; exclude K&R definitions of functions when looking 
up ()-declarations; refactor QL code.
 2019-04-12 17:25:33 -07:00
Nick Rolfe
baf091235c C++: change expected test output following extractor frontend upgrade 2019-04-11 17:45:35 +01:00
Geoffrey White
1e0e3192bb CPP: Restrict to #elif, #else, #endif. 2019-04-11 15:14:21 +01:00
Geoffrey White
2dad62acf4 CPP: Additional test cases. 2019-04-11 15:06:41 +01:00
Jonas Jensen
ac3421f6be Merge pull request #1238 from geoffw0/newtests 
CPP: New test cases
 2019-04-11 14:43:03 +02:00
Geoffrey White
3ceacff0d4 CPP: Add a test of IncorrectConstructorDelegation.ql. 2019-04-11 12:24:16 +01:00
Geoffrey White
7dd7bf346d CPP: Add a test of placement new in CWE-772 (this case came up recently but has already been fixed). 2019-04-11 12:23:33 +01:00
Geoffrey White
2c0ccf4a85 CPP: Exclude unusual header files such as config.h. 2019-04-11 11:28:45 +01:00
Geoffrey White
9e6b178d48 CPP: Resolve #endif FPs. 2019-04-11 11:05:53 +01:00
Geoffrey White
4beb77588a CPP: Add tests based on false positive results. 2019-04-11 10:14:32 +01:00
Dave Bartolomeo
878cdf7cb6 C++: Fix false positive in PointlessComparison 
We avoid putting a variable into SSA if its address is ever taken in a way that could allow mutation of the variable via indirection. We currently just look to see if the address is either "pointer to non-const" or "reference to non-const". However, if the address was cast to an integral type (e.g. `uintptr_t n = (uintptr_t)&x;`), we were treating it as unescaped. This change makes the conservative assumption that casting a pointer to an integer may result in the pointed-to value being modified later.

This fixes a customer-reported false positive (#2 from https://discuss.lgtm.com/t/2-false-positives-in-c-for-comparison-is-always-same/1943)
 2019-04-11 01:56:22 -07:00
Geoffrey White
c974693b58 CPP: Add a test case for CWE-120. 2019-04-10 18:52:03 +01:00
Geoffrey White
7ea6c1bcbe CPP: Add a test of AV Rule 186.ql. 2019-04-10 18:08:10 +01:00
Ziemowit Laski
dc7497835e [CPP-340] Make the query more strict (again). 2019-04-10 09:55:37 -07:00
Geoffrey White
5101a5bc3d Merge pull request #1056 from jbj/SimpleRangeAnalysis-use-after-cast 
C++: Fix use-after-cast bug in SimpleRangeAnalysis
 2019-04-10 11:04:20 +01:00
Jonas Jensen
01fc721497 C++: Fixup test annotation 2019-04-10 09:28:06 +02:00
Robert Marsh
75ab311c3a Merge pull request #1223 from geoffw0/commentedoutcode 
CPP: Detect commented out preprocessor logic
 2019-04-09 16:16:19 -04:00
Robert Marsh
c9fbbfe7d8 Merge pull request #984 from rdmarsh2/rdmarsh/cpp/ir-stmtexpr 
C++: add support for GNU StmtExpr in IR
 2019-04-09 12:54:35 -04:00
Geoffrey White
13ed50f049 CPP: Improve the regexp. 2019-04-09 13:08:31 +01:00
Geoffrey White
d70e7ceafe CPP: Additional test cases. 2019-04-09 13:04:32 +01:00
Jonas Jensen
ca71ac7c36 C++: Accept improved test output 2019-04-09 13:38:52 +02:00
Jonas Jensen
fd4967e6f1 C++: Fix SnprintfOverflow issues 
Requiring strict inclusion between types turned out to cause false
positives in `SnprintfOverflow`, which relied indirectly on
`RangeAnalysisUtils::linearAccessImpl` to identify acceptable bounds
checks. This query was particularly affected because `snprintf` returns
`int` (signed) but takes `size_t` (unsigned), so conversions are bound
to happen.
 2019-04-09 11:05:14 +02:00
Robert Marsh
fd7512c447 C++: accept test change in SignAnalysis 2019-04-08 14:10:37 -04:00
Geoffrey White
48fff334da CPP: Detect commented preprocessor code. 2019-04-08 18:17:23 +01:00
Geoffrey White
92241132b5 CPP: Add test cases. 2019-04-08 18:00:34 +01:00
Jonas Jensen
93286aabdf C++: Test for FP introduced by relOp changes 2019-04-08 11:19:57 +02:00
Jonas Jensen
fedd652de8 Merge remote-tracking branch 'upstream/rc/1.20' into mergeback-20190408 2019-04-08 08:39:44 +02:00
Ziemowit Laski
ef54b012e0 [CPP-340] Fixed .expected file to match new query. 2019-04-05 15:43:38 -07:00
Robert Marsh
8087cb5040 C++: add CopyValueInstruction for StmtExpr result 2019-04-05 11:27:19 -07:00
Jonas Jensen
f7dda1b3a4 Merge pull request #1213 from geoffw0/pointerscaling2 
CPP: De-duplicate the PointerScaling queries.
 2019-04-05 14:42:28 +02:00
Jonas Jensen
19b05c57d7 Merge pull request #1204 from geoffw0/badlock 
CPP: Add a test of common mistakes using locking classes.
 2019-04-05 14:34:32 +02:00
Geoffrey White
695df232e3 CPP: Equalize the definitions of 'baseType'. 2019-04-05 11:28:11 +01:00
Geoffrey White
373075e06d CPP: Extend the test. 2019-04-05 11:09:13 +01:00
Geoffrey White
34fbc7b194 CPP: Guard the delete. 2019-04-05 10:00:55 +01:00
Robert Marsh
46f93ff322 C++: update test expectations 2019-04-04 10:55:27 -07:00
Robert Marsh
427b853077 C++: add another test case for IR stmtexpr 2019-04-04 10:55:27 -07:00
Robert Marsh
f2fbdac31b C++: add support for GNU StmtExpr in IR 2019-04-04 10:51:06 -07:00
Geoffrey White
a437e6c103 CPP: Extend coverage. 2019-04-04 16:31:02 +01:00
Geoffrey White
a1e503f428 CPP: Add test cases for PotentiallyDangerousFunction. 2019-04-04 16:26:53 +01:00
Geoffrey White
cb09d23069 CPP: Add a test of common mistakes using locking and similar classes. 2019-04-04 11:23:06 +01:00