hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
75,734 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.4
Commit Graph

1864 Commits

Author SHA1 Message Date
Ziemowit Laski
ff3430d8d0 Use '// GOOD' and '// BAD' annotations for query diagnostics. 2019-03-19 12:29:38 -07:00
Max Schaefer
6fbf487524 Merge remote-tracking branch 'upstream/rc/1.20' into mergeback-2019-03-19 2019-03-19 14:09:03 +00:00
Jonas Jensen
111a462d16 C++: Recover some of the good results we lost 
My recent changes to suppress FPs in `ReturnStackAllocatedMemory.ql`
caused us to lose all results where there was a `Conversion` at the
initial address escape. We cannot handle conversions in general, but
this commit restores the good results for the trivial types of
conversion that we can handle.
 2019-03-19 11:09:58 +01:00
Jonas Jensen
d864df5b7f C++: Tests for new false negatives 2019-03-19 10:30:14 +01:00
Ziemowit Laski
566fdc3f70 Change names of parameters to memcpy(), as per Geoff. 2019-03-18 11:15:43 -07:00
Geoffrey White
73b7b980c8 CPP: Add to UnusedStaticVariables tests. 2019-03-18 16:43:48 +00:00
Jonas Jensen
6b1cd17009 C++: Fix FPs due to data flow Conversion handling 
Since we cannot track data flow from a fully-converted expression but
only the unconverted expression, we should check whether the address
initially escapes into the unconverted expression, not the
fully-converted one.

This fixes most of the false positives observed on lgtm.com.
 2019-03-16 20:50:27 +01:00
Jonas Jensen
1a7351ef6e C++: Add tests for three FPs observed on lgtm.com 2019-03-16 20:50:27 +01:00
Ziemowit Laski
2d5bdc85b0 Add 'restrict' support to the C++ test cases. 2019-03-14 12:12:45 -07:00
Ziemowit Laski
586aa0ae41 Updated query to look for Microsoft-specific '_alloca' and '_malloca' entry points. Added sundry positive and negative test cases. 2019-03-13 18:43:24 -07:00
Ziemowit Laski
75b4a6d6b3 [CPP-80] Provide kinder, gentler wording for messages (ClassesWithManyFields.{ql,qhelp}) 2019-03-11 16:16:05 -07:00
Geoffrey White
9f9712047c CPP: Add a few more tests of '%c'. 2019-03-06 10:23:45 +00:00
Jonas Jensen
9d595aa5ea Merge pull request #1033 from geoffw0/newdelete-perf 
CPP: NewDelete.qll performance
 2019-03-05 12:52:59 +00:00
Max Schaefer
7f5e2630a1 Merge pull request #1032 from xiemaisi/master-for-merge 
Merge master into rc/1.20
 2019-03-04 21:23:51 +00:00
Geoffrey White
df73bb3468 CPP: Fix performance issue. Also has a small positive effect on correctness. 2019-03-04 12:47:55 +00:00
Geoffrey White
f0085ed25a CPP: Additional test cases. 2019-03-04 12:45:05 +00:00
Geoffrey White
66013272da Merge pull request #894 from jbj/ir-RedundantNullCheckSimple 
C++: IR query for redundant null check
 2019-03-01 15:34:18 +00:00
Geoffrey White
8a5bc24b36 CPP: Replace PotentialBufferOverflow with OverrunWrite in the test. 2019-02-27 13:09:09 +00:00
Geoffrey White
7194121eae CPP: Expand the test cases covering PotentialBufferOverflow.ql. 2019-02-27 13:09:09 +00:00
Jonas Jensen
7649e8758b Merge pull request #846 from geoffw0/returnstack 
CPP: Improve  ReturnStackAllocatedMemory.ql
 2019-02-21 22:04:53 +01:00
Geoffrey White
0ca67880b2 Merge pull request #902 from jbj/test-queries.xml 
C++: Add a queries.xml to the test dir
 2019-02-21 16:43:01 +00:00
Jonas Jensen
b9236d216f C++: Improve ReturnStackAllocatedMemory alert msg 2019-02-21 11:20:25 +01:00
Jonas Jensen
dcf910f20c C++: Use EscapesTree to find pointers to stack 
This simplifies the query and is a strict improvement on the tests. I
also found it to be an overall improvement on real projects.
 2019-02-21 11:20:25 +01:00
Jonas Jensen
9f2fdbbc1d C++: More tests for RedundantNullCheckSimple 2019-02-21 10:13:25 +01:00
Jonas Jensen
9ac8d60636 C++: IR query for redundant null check 
This new query is not written because it's the most interesting query we
could write but because it's an IR-based query whose results are easy to
verify.
 2019-02-21 10:13:25 +01:00
Geoffrey White
d30bcb6fcf CPP: Widen allocReachedVariable slightly. 2019-02-20 10:19:57 +00:00
Geoffrey White
23ae12a763 CPP: Add test cases. 2019-02-20 10:19:57 +00:00
Geoffrey White
6a17ebbd1b CPP: Add test cases and renumber. 2019-02-20 10:09:57 +00:00
Geoffrey White
4e77f586da CPP: Fix file names. 2019-02-20 10:08:27 +00:00
Jonas Jensen
2550788598 C++: Accept test changes to getRelativePath 
After a `queries.xml` was added to the test directory,
`Container.getRelativePath` now considers source files to be relative to
the `cpp/test` directory rather than the directory of the `*.ql*` file.
This caused some benign test output changes, and it also caused an
unwanted alert for `test3.c:14` to appear in
`cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/tainted/IntegerOverflowTainted.expected`.
This alert came about because `inSystemMacroExpansion` holds for files
that don't have a relative path, but the pretend system header in
`../system_header` now does have a relative path because it's below the
`cpp/test` directory. The fix is to add another `queries.xml` just for
the directory with the affected test.
 2019-02-18 14:41:28 +01:00
Geoffrey White
2321ae911e CPP: Fix the test by adding PotentiallyDangerousFunction. 2019-02-05 17:58:30 +00:00
Geoffrey White
429f53ed74 CPP: Move the 'gets' case. 2019-02-05 17:58:30 +00:00
Geoffrey White
a82832e779 CPP: Add a test that uses 'gets'. 2019-02-05 17:58:30 +00:00
Jonas Jensen
45a995ba52 C++: Accept test changes from last commit 2019-02-04 13:00:28 +01:00
Jonas Jensen
be2a480394 Merge pull request #843 from geoffw0/strtoul 
CPP: Improve ArithmeticTainted.ql
 2019-01-31 07:04:17 -08:00
Geoffrey White
07adf6f201 CPP: Handle array accesses. 2019-01-30 18:36:32 +00:00
Geoffrey White
4685f193f5 CPP: Widen varMaybeStackAllocated. 2019-01-30 18:36:32 +00:00
Geoffrey White
25e11512db CPP: Add a test of ReturnStackAllocatedMemory. 2019-01-30 18:36:31 +00:00
Jonas Jensen
d776d9f903 Merge pull request #821 from geoffw0/query-tags-case 
CPP: Improve ArrayArgSizeMismatch.ql
 2019-01-29 03:52:52 -08:00
semmle-qlci
bf64fee4bd Merge pull request #790 from rdmarsh2/rdmarsh/cpp/futile-params 
Approved by semmledocs-ac
 2019-01-28 22:11:44 +00:00
Geoffrey White
b0805f8e79 CPP: Adjust ArithmeticTainted.ql so that it can work on non-VariableAccesses. 2019-01-28 17:36:56 +00:00
Geoffrey White
f1dc538796 CPP: Add a test using strtoul in a taint query. 2019-01-28 16:59:02 +00:00
Geoffrey White
1a044a0a22 CPP: Add 'fread' to BufferAccess.qll. 2019-01-25 12:58:25 +00:00
Geoffrey White
fd6365838b CPP: Add test cases involving fread. 2019-01-25 12:58:25 +00:00
Jonas Jensen
2aca40a021 Merge pull request #736 from geoffw0/macroinv2 
CPP: Deprecate MacroInvocationExpr and MacroInvocationStmt
 2019-01-25 09:02:02 +01:00
Robert Marsh
44d8e6b6e2 C++: respond to PR comments 2019-01-24 10:50:56 -08:00
Geoffrey White
02c69a744f CPP: Fix false positive. 2019-01-24 15:15:02 +00:00
Geoffrey White
e1d31bf117 CPP: Add a test of ArrayArgSizeMismatch.ql. 2019-01-24 11:20:58 +00:00
Jonas Jensen
61e23bed88 Merge branch 'master' into strcpy-fixups 2019-01-24 10:51:51 +01:00
Robert Marsh
fa02042fda C++: add more tests and rename test functions 2019-01-23 11:42:44 -08:00