hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
75,255 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.2
Commit Graph

1855 Commits

Author SHA1 Message Date
Ziemowit Laski
be77eb7367 [CPP-340] Add new test cases to test.c; this required the .expected 
files to be regenerated.
 2019-04-29 15:30:28 -07:00
Ziemowit Laski
4a760b1561 [CPP-340] Delete ArgumentsToImplicit.ql and associated files. 
Reduce MistypedFunctionArguments.ql precision to `medium`.
 2019-04-28 13:49:46 -07:00
Ziemowit Laski
ac58bdfc58 [CPP-340] For MistypedFunctionArguments.ql, add support for pointers to pointers and pointers to arrays. 2019-04-24 14:54:01 -07:00
Ziemowit Laski
62b030d27f [CPP-340] Add a fourth query, ArgumentsToImplicit.ql, to deal strictly with implicitly declared 
functions.  TooManyArguments.ql will now deal with explicitly declared/prototyped functions.
 2019-04-18 17:56:41 -07:00
Geoffrey White
57a4e52b47 CPP: Remove the overlap between these two queries. 2019-04-18 10:33:33 +01:00
Geoffrey White
ca6ba36d87 CPP: Unify and improve the MallocCall classes. 2019-04-18 10:30:18 +01:00
Geoffrey White
1ba8364c3b CPP: Add more test cases. 2019-04-18 10:28:34 +01:00
Geoffrey White
8856442f7f CPP: Add NoSpaceForZeroTerminator to the OverflowCalculated test. 2019-04-18 09:19:44 +01:00
Geoffrey White
12650f85c5 CPP: Rename a test file. 2019-04-18 09:16:55 +01:00
Robert Marsh
09d0548c81 Merge pull request #1237 from geoffw0/commentedoutcode2 
CPP: Fix FPs from detecting commented out preprocessor logic
 2019-04-16 10:31:42 -07:00
Geoffrey White
2d15163e30 CPP: Test of a comment inside #if 0. 2019-04-16 15:37:21 +01:00
Ziemowit Laski
b58f414ede [CPP-340] Add more test case; exclude K&R definitions of functions when looking 
up ()-declarations; refactor QL code.
 2019-04-12 17:25:33 -07:00
Geoffrey White
1e0e3192bb CPP: Restrict to #elif, #else, #endif. 2019-04-11 15:14:21 +01:00
Geoffrey White
2dad62acf4 CPP: Additional test cases. 2019-04-11 15:06:41 +01:00
Jonas Jensen
ac3421f6be Merge pull request #1238 from geoffw0/newtests 
CPP: New test cases
 2019-04-11 14:43:03 +02:00
Geoffrey White
3ceacff0d4 CPP: Add a test of IncorrectConstructorDelegation.ql. 2019-04-11 12:24:16 +01:00
Geoffrey White
7dd7bf346d CPP: Add a test of placement new in CWE-772 (this case came up recently but has already been fixed). 2019-04-11 12:23:33 +01:00
Geoffrey White
2c0ccf4a85 CPP: Exclude unusual header files such as config.h. 2019-04-11 11:28:45 +01:00
Geoffrey White
9e6b178d48 CPP: Resolve #endif FPs. 2019-04-11 11:05:53 +01:00
Geoffrey White
4beb77588a CPP: Add tests based on false positive results. 2019-04-11 10:14:32 +01:00
Dave Bartolomeo
878cdf7cb6 C++: Fix false positive in PointlessComparison 
We avoid putting a variable into SSA if its address is ever taken in a way that could allow mutation of the variable via indirection. We currently just look to see if the address is either "pointer to non-const" or "reference to non-const". However, if the address was cast to an integral type (e.g. `uintptr_t n = (uintptr_t)&x;`), we were treating it as unescaped. This change makes the conservative assumption that casting a pointer to an integer may result in the pointed-to value being modified later.

This fixes a customer-reported false positive (#2 from https://discuss.lgtm.com/t/2-false-positives-in-c-for-comparison-is-always-same/1943)
 2019-04-11 01:56:22 -07:00
Geoffrey White
c974693b58 CPP: Add a test case for CWE-120. 2019-04-10 18:52:03 +01:00
Geoffrey White
7ea6c1bcbe CPP: Add a test of AV Rule 186.ql. 2019-04-10 18:08:10 +01:00
Ziemowit Laski
dc7497835e [CPP-340] Make the query more strict (again). 2019-04-10 09:55:37 -07:00
Geoffrey White
5101a5bc3d Merge pull request #1056 from jbj/SimpleRangeAnalysis-use-after-cast 
C++: Fix use-after-cast bug in SimpleRangeAnalysis
 2019-04-10 11:04:20 +01:00
Jonas Jensen
01fc721497 C++: Fixup test annotation 2019-04-10 09:28:06 +02:00
Robert Marsh
75ab311c3a Merge pull request #1223 from geoffw0/commentedoutcode 
CPP: Detect commented out preprocessor logic
 2019-04-09 16:16:19 -04:00
Geoffrey White
13ed50f049 CPP: Improve the regexp. 2019-04-09 13:08:31 +01:00
Geoffrey White
d70e7ceafe CPP: Additional test cases. 2019-04-09 13:04:32 +01:00
Jonas Jensen
ca71ac7c36 C++: Accept improved test output 2019-04-09 13:38:52 +02:00
Jonas Jensen
fd4967e6f1 C++: Fix SnprintfOverflow issues 
Requiring strict inclusion between types turned out to cause false
positives in `SnprintfOverflow`, which relied indirectly on
`RangeAnalysisUtils::linearAccessImpl` to identify acceptable bounds
checks. This query was particularly affected because `snprintf` returns
`int` (signed) but takes `size_t` (unsigned), so conversions are bound
to happen.
 2019-04-09 11:05:14 +02:00
Geoffrey White
48fff334da CPP: Detect commented preprocessor code. 2019-04-08 18:17:23 +01:00
Geoffrey White
92241132b5 CPP: Add test cases. 2019-04-08 18:00:34 +01:00
Jonas Jensen
93286aabdf C++: Test for FP introduced by relOp changes 2019-04-08 11:19:57 +02:00
Jonas Jensen
fedd652de8 Merge remote-tracking branch 'upstream/rc/1.20' into mergeback-20190408 2019-04-08 08:39:44 +02:00
Ziemowit Laski
ef54b012e0 [CPP-340] Fixed .expected file to match new query. 2019-04-05 15:43:38 -07:00
Jonas Jensen
f7dda1b3a4 Merge pull request #1213 from geoffw0/pointerscaling2 
CPP: De-duplicate the PointerScaling queries.
 2019-04-05 14:42:28 +02:00
Geoffrey White
695df232e3 CPP: Equalize the definitions of 'baseType'. 2019-04-05 11:28:11 +01:00
Geoffrey White
373075e06d CPP: Extend the test. 2019-04-05 11:09:13 +01:00
Geoffrey White
a437e6c103 CPP: Extend coverage. 2019-04-04 16:31:02 +01:00
Geoffrey White
a1e503f428 CPP: Add test cases for PotentiallyDangerousFunction. 2019-04-04 16:26:53 +01:00
Ziemowit Laski
970c45e896 Merge branch 'master' into cpp340a 2019-04-03 17:52:46 -07:00
Jonas Jensen
d0091b28ee Merge pull request #1199 from geoffw0/printfld 
CPP: Support %Ld in printf.qll
 2019-04-03 15:38:16 +02:00
Geoffrey White
d4c931cf11 CPP: Permit %Ld and similar. 2019-04-03 11:46:48 +01:00
Geoffrey White
b3fd7ab757 CPP: Add test cases. 2019-04-03 11:46:30 +01:00
Jonas Jensen
4b159fd2a5 C++: Fix the suppression for alerts about enums 
The suppression mechanism broke when I changed `relOpWithSwap` to take
fully-converted expressions as parameters.
 2019-04-03 10:45:39 +02:00
Geoffrey White
8979361255 CPP: Exclude functions containing preprocessor logic. 2019-04-02 14:24:37 +01:00
Geoffrey White
5cb30b04cc CPP: Add a test case. 2019-04-02 13:15:40 +01:00
Jonas Jensen
842aafc888 C++: Fix new UnsafeDaclSecurityDescriptor FP 
This query uses data flow for nullness analysis, which is always going
to be a large overapproximation. The overapproximation became too big
for one of the test cases after the recent change to make data flow go
across assignment by reference.

To make this query more conservative, it will now only report that the
`pDacl` argument can be null if there isn't also evidence that it can be
non-null.
 2019-04-02 11:31:12 +02:00
Ziemowit Laski
03aa86ed4d Merge branch 'master' into cpp340a 
So as to get to change-notes/1.21/analysis-cpp.md
 2019-04-01 18:51:03 -07:00