hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
76,207 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.5
Commit Graph

12871 Commits

Author SHA1 Message Date
Jeroen Ketema
2becb3043e Merge pull request #15638 from jketema/destructors5 
C++: Support C++20 range-based for initializers
 2024-02-19 16:22:23 +01:00
Mathias Vorreiter Pedersen
b927968e88 Merge pull request #15516 from microsoft/51-2cppnon-constant-format-alter-not-const-source 
C++: Change sources in `NonConstantFormat.ql`
 2024-02-17 00:01:58 +01:00
Robert Marsh
2494b7d801 C++: fix for IR CFG problem with return in if 2024-02-16 21:08:21 +00:00
Geoffrey White
6e13b877bb C++: Add FlowSummaryNode and test it. 2024-02-16 18:06:57 +00:00
Robert Marsh
2c8ed6479a C++: test for return in if 2024-02-16 17:55:34 +00:00
Benjamin Rodes
639642fb67 Formatting. 2024-02-16 11:19:02 -05:00
Benjamin Rodes
0410ed734b Adding exclusion for main's argv (I believe this and other changes were accidentally removed in prior merge with other non-const branches) 2024-02-16 11:18:06 -05:00
Benjamin Rodes
9f3dd6300f Fixing query to use path graph. 2024-02-16 11:11:48 -05:00
Benjamin Rodes
aa7c677e13 Merge branch '51-2cppnon-constant-format-alter-not-const-source' into cpp-non-constant-format-as-path-query 
# Conflicts:
#	cpp/ql/src/Likely Bugs/Format/NonConstantFormat.ql
 2024-02-16 10:49:05 -05:00
Benjamin Rodes
c38376a264 Merge branch '51-2cppnon-constant-format-alter-not-const-source' of https://github.com/microsoft/codeql into 51-2cppnon-constant-format-alter-not-const-source 2024-02-16 10:42:04 -05:00
Mathias Vorreiter Pedersen
7c22146f46 C++: Accept query test changes. 2024-02-16 16:33:44 +01:00
Mathias Vorreiter Pedersen
096073d295 C++: Add change note. 2024-02-16 16:29:34 +01:00
Benjamin Rodes
93f2e856af Formatting update. 2024-02-16 10:28:14 -05:00
Benjamin Rodes
4a9b2d5027 Comment change. 2024-02-16 10:18:07 -05:00
Benjamin Rodes
5b0a3dcdbe Accidental removal of an and. 2024-02-16 10:15:21 -05:00
Benjamin Rodes
95ebbb1bbd Ql alterations for cleanup as part of merge suggestions. 2024-02-16 10:13:50 -05:00
Ben Rodes
1fb7f089ca Update cpp/ql/src/Likely Bugs/Format/NonConstantFormat.ql 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2024-02-16 10:06:34 -05:00
Jeroen Ketema
dd39fa0bde C++: Support C++20 range-based for initializers 2024-02-16 15:20:14 +01:00
Mathias Vorreiter Pedersen
be54a41593 C++: Accept query test changes. 2024-02-16 15:01:50 +01:00
Mathias Vorreiter Pedersen
06ff46091d C++: Fix joins in 'controlsBlock'. 2024-02-16 14:49:20 +01:00
Mathias Vorreiter Pedersen
b407c86d03 C++: Make Code Scanning happy. 2024-02-16 13:51:34 +01:00
Mathias Vorreiter Pedersen
57c1bf5835 C++: Add file-level QLDoc. 2024-02-16 13:47:02 +01:00
Mathias Vorreiter Pedersen
497592a4d4 C++: Add change note. 2024-02-16 13:36:25 +01:00
Geoffrey White
e187a4a7d6 C++: Add flow summaries to simpleLocalFlowStep. 2024-02-16 12:31:17 +00:00
Mathias Vorreiter Pedersen
9b2019db6b C++: Accept test changes. 2024-02-16 13:10:41 +01:00
Mathias Vorreiter Pedersen
499ab0892f C++: Currently, to catch flow in an example such as: 
```cpp
char* source();
void sink(const char*);
int sprintf(char *, const char *, ...);

void call_sprintf(char* path, char* data) {
        sprintf(path, "%s", "abc"); // (1)
        sprintf(path, "%s", data); // (2)
}

void foo() {
        char path[10];
        call_sprintf(path, source()); // (3)
        sink(path);
}
```
we identify that the `*path [post update]` node at `// (2)` is a
`ReturnNodeExt` and since `*data` flows to that node flow will be carried
out to `*path [post update]` at // (3) and thus reach `sink(path)`.

The reason `*path [post update]` at `// 2` is recognized as a `ReturnNodeExt`
is because it satisfies the following condition (which is identified by the
shared dataflow library):
There is flow from the parameter node `*path` to the pre-update node of the
post-update node `*path [post update]` at `// (2)`.

However, when we start recognizing that the call to `sprintf(path, ...)` at
`// (1)` overrides the value of `*path` and no longer provide use-use flow out
of `*path` the `*path [post update]` node at `// (2)` is no longer recognized
as a `ReturnNodeExt` (because it doesn't satisfy the above criteria).

Thus, we need to identify the flow above without relying on the dataflow
library's summary mechanism. That is, instead of relying on the dataflow
library's mechanism to summarize the `*data -> *path` flow for `call_sprintf`
we need to:
- Ensure that the write to `*path` at `// (2)` is recognized as the "final"
write to the parameter, and
- Ensure that there's flow out of that parameter and back to
`*path [post update]` at `// (3)`.

Luckiky, we do all of this already to support flow out of writes to parameters
that don't have post-update nodes. For example, in something like:
```cpp
void set(int* x, int y) {
  *x = y;
}

void test() {
  int x;
  set(&x, source());
  sink(x);
}
```
So in order to make the original example work, all we need to do is to remove
the restrictions on this mechanism so that the same mechanism that makes the
above example work also makes the original example work!
 2024-02-16 13:09:45 +01:00
Mathias Vorreiter Pedersen
7e9bf2a880 C++: Add a model for 'partial updating' and extend models appropriately. 2024-02-16 12:56:19 +01:00
Mathias Vorreiter Pedersen
24a63ae94d C++: Block flow by default. 2024-02-16 12:56:19 +01:00
Mathias Vorreiter Pedersen
625c47fa9c C++: Add a testcase. 2024-02-16 12:56:19 +01:00
Mathias Vorreiter Pedersen
c19ed4c17e Merge pull request #15626 from MathiasVP/fix-constness-checking 
C++: Don't strip specifiers away in `TFinalParameterUse`
 2024-02-16 10:09:43 +01:00
Benjamin Rodes
d6b0746b30 The non-constant format query is now a path query. Minor changes to the output alert to be more precise on what is being alerted. Minor changes to the query itself to avoid redundancies with argv. 2024-02-15 12:14:52 -05:00
Jeroen Ketema
da3ff4813f Merge pull request #15612 from jketema/destructors4a 
C++: Support `constexpr if` in the IR
 2024-02-15 17:29:56 +01:00
Benjamin Rodes
9e50fc6893 Updating tests to account for removing const char* heuristic. 2024-02-15 09:54:03 -05:00
Benjamin Rodes
caf2ee27fa Adding false negative tests for future work. 2024-02-15 09:43:26 -05:00
Mathias Vorreiter Pedersen
532e8dac45 C++: Don't strip specifiers in 'TFinalParameterUse'. 2024-02-15 14:08:12 +01:00
Jeroen Ketema
33413129a5 C++: For unnamed local variable declaration entries consider the name of the variable 2024-02-14 15:03:04 +01:00
Jeroen Ketema
46bc311111 C++: Support constexpr if in the IR 2024-02-14 13:37:56 +01:00
Jeroen Ketema
c79cc493e8 C++: Accept more test changes 2024-02-13 21:53:51 +01:00
Jeroen Ketema
a3b3aa4f25 C++: Update tests after extractor changes 2024-02-13 21:31:21 +01:00
Jeroen Ketema
caf09e0735 C++: Update IR comment that no longer applies 2024-02-13 21:30:58 +01:00
Jeroen Ketema
b3aea0f893 C++: Do not print the qualifier of OverloadedPointerDereferenceExpr twice in PrintAST 2024-02-13 21:29:21 +01:00
Jeroen Ketema
b776cbe668 Merge pull request #15597 from jketema/destructors2 
C++: Update test results of `constexpr if` destructors
 2024-02-13 19:59:19 +01:00
Benjamin Rodes
5c508553f3 Efficiency improvement (force a better join order) 2024-02-13 09:42:08 -08:00
Robert Marsh
7e23ccd383 Merge branch 'main' into rdmarsh2/cpp/ir-synthetic-destructors 2024-02-13 15:45:51 +00:00
Robert Marsh
128bc99f90 C++: delete some FIXMEs that turned out fine 2024-02-13 15:34:36 +00:00
Mathias Vorreiter Pedersen
fb4bd53ec5 Revert "Merge pull request #15528 from MathiasVP/flow-barrier-interface" 
This reverts commit c5dc88345d, reversing
changes made to 781486172e.
 2024-02-13 13:42:58 +00:00
Mathias Vorreiter Pedersen
cb7fe16ced Revert "Merge pull request #15537 from MathiasVP/swap-also-clears-first-argument" 
This reverts commit 23677b23c2, reversing
changes made to c5dc88345d.
 2024-02-13 13:42:58 +00:00
Jeroen Ketema
f3e55a46ee C++: Update test results of constexpr if destructors 2024-02-13 13:37:59 +01:00
Mathias Vorreiter Pedersen
048b3727f5 Merge pull request #15587 from MathiasVP/fix-memset-model 
C++: Fix `memset` model
 2024-02-13 10:45:08 +00:00
Jeroen Ketema
fb072a5156 C++: Add additional IR tests for init statements 2024-02-13 10:44:24 +01:00