hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
76,612 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.7
Commit Graph

162 Commits

Author SHA1 Message Date
Alex Eyers-Taylor
1c012548d4 CPP: Add tests for incorrect check scanf 2023-11-24 16:58:11 +00:00
Alex Eyers-Taylor
12e24a2b44 CPP: Exclude incorrect scanf checks from missing scanf checks 2023-11-24 16:57:59 +00:00
Alex Eyers-Taylor
f48e8b6062 CPP: Add query for detecteing incorrect error checking for scanf 2023-11-24 14:53:10 +00:00
Alex Eyers-Taylor
26b0363707 CPP: Add test demonstrating use-after-free false negatives. 2023-10-23 17:01:52 +01:00
Alex Eyers-Taylor
2860c0c0d4 CPP: Move test into correct file. 2023-09-27 18:42:26 +01:00
Alex Eyers-Taylor
d0849311a6 CPP: Fix use after free FPs by elimnatiing freeing nodes rather than freeing expressions. 2023-09-20 18:47:57 +01:00
Alex Eyers-Taylor
9de6230bbf CPP: Add use after free false positive example. 2023-09-20 18:34:47 +01:00
Mathias Vorreiter Pedersen
b03054b1ed C++: Make sure some instruction also gives back the 'ParenthesisExpr's. 2023-09-12 19:46:42 +01:00
Mathias Vorreiter Pedersen
71fe6f5d4b C++: Use fully converted expressions in 'cpp/use-after-free' and 'cpp/double-free'. 2023-09-12 19:28:57 +01:00
Mathias Vorreiter Pedersen
f1c4fa2345 C++: When we generate a string for the node we avoid multiple results by only using the 0'th result from the 'asExpr' predicate. However, when we want to convert between nodes and expressions we don't care about which one we get. 2023-09-01 14:04:52 +01:00
Mathias Vorreiter Pedersen
16d62186c0 C++: Use this new predicate everywhere we need to convert an instruction to an expression. 2023-09-01 13:32:25 +01:00
Alex Eyers-Taylor
8b1b1618c4 CPP: Add tests for false positive in memory vulnerability queries. 2023-08-29 11:17:44 +01:00
Alex Eyers-Taylor
689fda43ed CPP: Add delete/delete[] calls to the IR. 2023-08-29 11:17:43 +01:00
Mathias Vorreiter Pedersen
b32d55a21d C++: Accept test changes. 2023-05-22 18:26:29 -07:00
Mathias Vorreiter Pedersen
533e1d818b C++: Add some use-after-free FPs. 2023-04-19 17:01:55 +01:00
Mathias Vorreiter Pedersen
d975ceb648 Merge pull request #12818 from MathiasVP/dataflow-for-missing-scanf-qery 
C++: Use the new dataflow library in `cpp/missing-check-scanf`
 2023-04-17 14:34:11 +01:00
Mathias Vorreiter Pedersen
0db05fe4fa C++: Use the new dataflow library in the 'missing scanf' query. 2023-04-13 14:51:08 +01:00
Mathias Vorreiter Pedersen
b2d4a82932 C++: Fix annotations. 2023-04-13 11:13:15 +01:00
Mathias Vorreiter Pedersen
1ac5db3a98 C++: Fix annotations. 2023-04-13 11:07:12 +01:00
Mathias Vorreiter Pedersen
31b71ea163 C++: Fix annotations. 2023-04-13 11:04:51 +01:00
Mathias Vorreiter Pedersen
40dde93beb C++: Fix FP and accept test changes. 2023-04-13 11:00:08 +01:00
Mathias Vorreiter Pedersen
23a7cd943f C++: Fix missing result and accept test changes. 2023-04-13 10:50:46 +01:00
Mathias Vorreiter Pedersen
416f8d5ac9 C++: Fix test annotations. 2023-04-13 10:47:17 +01:00
Mathias Vorreiter Pedersen
c76dbebd9b C++: Ensure that the 'use-after-free' query is run on 'test_free.cpp'. 2023-04-13 10:47:07 +01:00
Mathias Vorreiter Pedersen
3c88590df2 C++: Accept test changes for the new use-after-query. 2023-04-11 15:21:21 +01:00
Mathias Vorreiter Pedersen
a8151b4ee4 C++: Add double-free tests. 2023-04-11 15:21:21 +01:00
Mathias Vorreiter Pedersen
40cc2e7891 C++: Also exclude unevaluated buffers in 'OverflowStatic'. 2023-03-21 09:53:39 +00:00
Mathias Vorreiter Pedersen
4d2a1ea149 C++: Also add a FP test to 'OverflowStatic'. 2023-03-21 09:50:47 +00:00
Mathias Vorreiter Pedersen
b37bb660c5 C++: Add FP caused by a BufferAccess inside an unevalauted context. 2023-03-21 09:37:18 +00:00
Paolo Tranquilli
429518bcea C++: add further FP to test 2023-03-07 12:03:34 +01:00
Paolo Tranquilli
311cf4e7fd C++: add false positives to MissingCheckScanf test 
See https://github.com/github/codeql/issues/12412 for the initial
report.
 2023-03-07 11:56:05 +01:00
Geoffrey White
823c767aac C++: Undo changes to SizeCheck.ql, SizeCheck2.ql. 2023-01-05 12:34:12 +00:00
Geoffrey White
2023abdc60 C++: Update the queries. 2023-01-05 11:33:58 +00:00
Geoffrey White
a9aa67177b C++: Add test cases for HeuristicAllocationExpr in queries. 2023-01-05 11:30:21 +00:00
Jeroen Ketema
4fb43d56b3 C++: Exclude deallocation functions as scanf result accesses 2022-12-15 09:39:16 +01:00
Mathias Vorreiter Pedersen
ef6b85fa77 C++: Accept test changes. 2022-11-18 16:43:30 +00:00
erik-krogh
9e4843d53e update the alert-message of cpp/file-may-not-be-closed based on feedback 2022-09-23 14:46:00 +02:00
erik-krogh
2351884352 update some alert-messages based on review feedback 2022-09-23 14:45:59 +02:00
erik-krogh
40bea78186 remove more instances of the alert-loc being repeated as a link 2022-09-23 14:45:59 +02:00
erik-krogh
33165f4f55 CPP: update expected output 2022-09-23 14:45:59 +02:00
Nora Dimitrijević
02772ed20c Revert changes to .gitignore and .clang-format 
because they are potentially too global, belong in a separate PR.
 2022-08-25 16:37:39 +02:00
Nora Dimitrijević
ad56274a73 C++: Small improvements to query qldoc and message 2022-08-25 15:22:41 +02:00
Nora Dimitrijević
170d12bf5a Write MissingCheckScanf.qhelp 2022-08-24 19:58:19 +02:00
Nora Dimitrijević
ca162a4365 C++: complete initial implementation of cpp/missing-check-scanf 
There are still some remaining FPs (haven't fully tested them)
that should be ironed out in a follow-up to increase the precision, e.g.:

  * if scanf(&i) != 1 return
    if maybe() && scanf(&i) != 1 return
    use(i) // should be OK on both counts

  * The minimum guard constant for the *_s variants may not be right.

  * int i[2]
    scanf(i, i+1) // second i is flagged as a use of the first

  * Maybe loosen the "unguarded or badly guarded use() = bad" policy to
    "unguarded but already-initialized = good" and "badly guarded = bad",
    since a lot of FPs in MRVA fall into the "unguarded but already-
    initialized" bucket.
 2022-08-24 11:25:06 +02:00
Nora Dimitrijević
69911d4f36 .clang-format: do not autoformat test.cpp 2022-08-24 11:25:05 +02:00
Geoffrey White
c62ae3b350 C++: First working. We now prefer flagging the cases where the variable was initialized, as in real world cases we haven't seen it done safely. 2022-08-11 12:27:48 +02:00
Geoffrey White
76ef779f60 C++: Add test and placeholder query. 2022-08-11 12:27:39 +02:00
Mathias Vorreiter Pedersen
7106fe35aa C++: Accept test changes. This is just a change in the names of the path nodes. These names are actually better as they don't refer to the name of IR instructions. 2022-03-08 11:40:56 +00:00
Anders Fugmann
03bd7d7f96 C++: Update test results from OverflowStatic 2021-09-27 11:23:08 +02:00
Anders Fugmann
9a35a699cb C++: Update tests 2021-09-13 12:10:58 +02:00