hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
77,734 Commits 1,671 Branches 157 Tags
codeql-cli-2.21.0
Commit Graph

3327 Commits

Author SHA1 Message Date
Jeroen Ketema
ceb6706c73 C++: Fix formatting 2022-11-09 12:52:44 +01:00
Jeroen Ketema
4ab5066ed2 C++: Fix imports and module names in old dataflow/taint tracking library 2022-11-09 11:52:39 +01:00
Mathias Vorreiter Pedersen
f19b381e3e C++: Add use-use flow through global variables. 2022-11-08 17:10:37 +00:00
Jeroen Ketema
74f9b322a8 Merge branch 'main' into update-from-main 2022-11-08 17:01:02 +01:00
Rasmus Wriedt Larsen
4895daba85 DataFlow: Add read/store stepIsLocal consistency checks 2022-11-08 13:32:49 +01:00
Jeroen Ketema
c61a9c5911 C++: Also taint the return value dereference in the strcat model 2022-11-08 12:08:44 +01:00
Jeroen Ketema
5732c3bca0 Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2022-11-07 15:03:26 +01:00
Anders Schack-Mulligen
99ca28ea9b Merge pull request #10886 from aschackmull/dataflow/joinorders 
Dataflow: Fix a couple of join-orders.
 2022-11-07 11:05:29 +01:00
github-actions[bot]
fca754bddd Post-release preparation for codeql-cli-2.11.3 2022-11-05 14:30:48 +00:00
github-actions[bot]
508327235a Release preparation for version 2.11.3 2022-11-04 20:16:23 +00:00
Tom Hvitved
05bf86acb6 Merge pull request #11126 from hvitved/cpp/position-overrides 
C++: Let `(Indirect|Direct)Position` be sub classes of `Position`
 2022-11-04 15:35:27 +01:00
Tom Hvitved
95835b8297 C++: Let (Indirect|Direct)Position be sub classes of Position 2022-11-04 14:31:18 +01:00
Anders Schack-Mulligen
a1dba82360 Dataflow: Sync. 2022-11-04 12:41:55 +01:00
Mathias Vorreiter Pedersen
b95163cfe4 Merge pull request #11112 from MathiasVP/local-expr-flow 
C++: Improve `Buffer.qll` performance
 2022-11-04 10:32:27 +00:00
Mathias Vorreiter Pedersen
2617e6d7c6 C++: Inline a predicate that was only used once. 2022-11-04 09:35:34 +00:00
Mathias Vorreiter Pedersen
84af725ef1 Fix QLDoc. 2022-11-03 20:33:41 +00:00
Mathias Vorreiter Pedersen
b42e81c32d C++: Speed up 'Buffer.qll'. 2022-11-03 20:31:55 +00:00
Jeroen Ketema
c87b516130 C++: Turn IndirectArgumentOutNode into a PartialDefinitionNode 2022-11-03 17:58:35 +01:00
Tom Hvitved
d3488da0c2 Data flow: Sync files 2022-11-03 15:52:30 +01:00
Mathias Vorreiter Pedersen
18802a2883 Merge pull request #11042 from MathiasVP/simplify-buffer.qll 
C++: Simplify `buffer.qll` repair
 2022-11-03 09:18:39 +00:00
Dave Bartolomeo
49c4c554c4 Merge from main 2022-11-01 13:22:40 -04:00
Mathias Vorreiter Pedersen
30f15473db C++: Use 'max' instead of 'unique.' 2022-11-01 16:55:45 +00:00
Jeroen Ketema
80ef3b39ff Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2022-10-31 18:26:34 +01:00
Mathias Vorreiter Pedersen
1b50168d08 C++: Add an initial pruning stage to prevent this 
large TC in 'localFlowToExpr':
```
Evaluated relational algebra for predicate Buffer#61e3d199::localFlowStepToExpr#2#ff@0a49913i with tuple counts:
    4713946   ~0%    {2} r1 = SCAN DataFlowUtil#47741e1f::simpleLocalFlowStep#2#ff OUTPUT In.1, In.0

  40897385  ~46%    {2} r2 = JOIN boundedFastTC:Buffer#61e3d199::localFlowToExprStep#2#ff_10#higher_order_body:DataFlowUtil#47741e1f::simpleLocalFlowStep#2#ff_0#higher_order_body WITH DataFlowUtil#47741e1f::simpleLocalFlowStep#2#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1

  45611331  ~43%    {2} r3 = r1 UNION r2
    3376553  ~14%    {2} r4 = JOIN r3 WITH DataFlowUtil#47741e1f::ExprNode::getExpr#0#dispred#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1
                    return r4
```

After this commit the tuple counts looks like:
```
Evaluated relational algebra for predicate Buffer#61e3d199::localFlowStepToExpr#2#ff@8cc38x5k on iteration 2 running pipeline standard with tuple counts:
         51367   ~3%    {2} r1 = JOIN Buffer#61e3d199::getBufferSize0#1#f#prev_delta WITH DataFlowUtil#47741e1f::ExprNode::getExpr#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.0

        124933  ~18%    {2} r2 = JOIN r1 WITH #Buffer#61e3d199::localFlowToExprStep#2Plus#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1

        176300  ~17%    {2} r3 = r1 UNION r2
        184685  ~22%    {2} r4 = JOIN r3 WITH DataFlowUtil#47741e1f::simpleLocalFlowStep#2#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1
         56646  ~47%    {2} r5 = JOIN r4 WITH DataFlowUtil#47741e1f::ExprNode::getExpr#0#dispred#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1
         44635  ~16%    {2} r6 = r5 AND NOT Buffer#61e3d199::localFlowStepToExpr#2#ff#prev(Lhs.0, Lhs.1)
                        return r6
```
 2022-10-30 14:20:15 +01:00
Mathias Vorreiter Pedersen
aa8214addf C++: Simplify 'Buffer.qll' by avoiding 'asIndirectExpr'. This removes the flow from 'x' to 'x++', which makes the whole library a lot simpler. 2022-10-30 12:58:53 +01:00
Mathias Vorreiter Pedersen
18d3801c92 Merge pull request #11033 from MathiasVP/exclude-void-calls 
C++: Don't create `DataFlow::Node`s for `void`-typed instructions
 2022-10-28 20:46:33 +02:00
Mathias Vorreiter Pedersen
3261612a8c C++: Exclude void-typed instructions from 'DataFlow::Node'. These nodes can never contain any data so we don't need dataflow nodes for them. 2022-10-28 13:00:23 +02:00
Mathias Vorreiter Pedersen
2098489bb0 C++: Make QL-for-QL happy. 2022-10-28 12:35:52 +02:00
Mathias Vorreiter Pedersen
172261495f Merge branch 'replace-ast-with-ir-use-usedataflow' into fix-as-expr 2022-10-28 10:32:31 +02:00
Mathias Vorreiter Pedersen
22cdeec3fb Merge branch 'main' into printfprecision 2022-10-28 09:29:29 +02:00
Robert Marsh
b7e42e805b Merge pull request #10994 from rdmarsh2/rdmarsh2/return-cstr-repair 
C++: repair the ReturnCstr query
 2022-10-27 14:25:22 -04:00
Robert Marsh
24cb36a1e2 C++: constrain indirect out node to constructors 2022-10-27 11:48:17 -04:00
Mathias Vorreiter Pedersen
e2a0d62adf C++: Fix 'asIndirectExpr' when the underlying instruction is a 'VariableAddressInstruction'. 2022-10-27 12:12:34 +02:00
Dave Bartolomeo
23b572e9b7 Use ${workspace} for intra-workspace dependencies 
Now that the released CLI supports replacement variables in dependency version ranges, we can now mark our published library packs as depending on whatever version of their dependency is in our workspace, without having to manually bump the dependency version every release.

Note that when the packs are published, the dependencies in the published pack file are rewritten to have the correct specific version.
 2022-10-26 16:40:01 -04:00
Robert Marsh
25a1148e04 C++: autoformat 2022-10-26 14:11:37 -04:00
Mathias Vorreiter Pedersen
bc9cd63ef0 C++: Add an 'IndirectExprNode(Base)' class similar to 'ExprNode(Base)' to structure conversions between indirect daaflow nodes and expressions. 2022-10-26 17:05:01 +02:00
Robert Marsh
fc9f239a3b C++: make ConstructorCall df nodes the qualifier 
This makes the dataflow node for a ConstructorCall be the outnode of the
qualifier, which is the resulting constructed object. This should make
`asExpr` on a ConstructorCall do the "right thing" rather than selecting
the void-typed CallInstruction.
 2022-10-26 11:01:53 -04:00
Mathias Vorreiter Pedersen
4bcba16748 Merge pull request #10833 from MathiasVP/repair-badly-bounded-write-2 
C++: Prepare `Buffer.qll` for IR-based use-use dataflow
 2022-10-26 16:38:33 +02:00
Jeroen Ketema
3befa1cd96 Merge pull request #10965 from MathiasVP/fix-gettypeimpl-in-ir-dataflow 
C++: Fix `getType` in IR dataflow
 2022-10-25 15:02:45 +02:00
Mathias Vorreiter Pedersen
557b94cd83 Merge pull request #10966 from jketema/spelling-comments 
C++: Spelling fixes and documentation clarification
 2022-10-25 14:34:49 +02:00
Mathias Vorreiter Pedersen
6a7bcd384a Merge pull request #10939 from rdmarsh2/rdmarsh2/cpp/modulus-analysis-comments 
C++: additional comments for modulus analysis
 2022-10-25 14:29:54 +02:00
Mathias Vorreiter Pedersen
c8f81bc6b8 Merge branch 'replace-ast-with-ir-use-usedataflow' into repair-badly-bounded-write-2 2022-10-25 14:24:38 +02:00
Jeroen Ketema
2ad3119fab C++: Clarify getType based on the QLDoc of Instruction::getResultType() 2022-10-25 13:34:49 +02:00
Jeroen Ketema
21acefb0b4 C++: Fix some spelling mistakes that were earlier fixed in "experimental" 2022-10-25 13:32:29 +02:00
Mathias Vorreiter Pedersen
23b07e5589 Merge branch 'replace-ast-with-ir-use-usedataflow' into fix-gettypeimpl-in-ir-dataflow 2022-10-25 12:52:33 +02:00
Mathias Vorreiter Pedersen
b85d3bc829 Merge branch 'main' into replace-ast-with-ir-use-usedataflow 2022-10-25 12:51:30 +02:00
Mathias Vorreiter Pedersen
a4d434ee05 C++: Fix 'getType' for indirect dataflow nodes in IR dataflow. 2022-10-25 12:24:11 +02:00
Mathias Vorreiter Pedersen
a7d6f4ff19 C++: Fix pointer/pointee conflation and handle flow through '++' when tracking indirect flow. 2022-10-24 14:23:43 +02:00
Geoffrey White
2f849b4e77 C++: Change note. 2022-10-21 17:53:11 +01:00
Robert Marsh
88708d015c C++: additional comments for modulus analysis 2022-10-21 12:50:41 -04:00