hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
77,734 Commits 1,672 Branches 157 Tags
codeql-cli-2.21.0
Commit Graph

5483 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
885bf427bd C++: Accept test changes. 2022-09-05 23:26:03 +01:00
Mathias Vorreiter Pedersen
fc85ef76ed C++: Introduce 'PseudoDeclarationEntry's to handle missing 'DeclarationEntry's during IR construction. 2022-09-05 22:17:14 +01:00
Mathias Vorreiter Pedersen
2da46ad691 C++: Add two testcases demonstrating malformed IR from missing declaration entries from decl stmts. 2022-09-05 17:49:20 +01:00
Geoffrey White
946456acc2 C++: Apply the sanitizer improvement from cpp/cleartext-storage-buffer in cpp/cleartext-storage-file and cpp/cleartext-transmission. 2022-09-05 14:44:33 +01:00
Robert Marsh
ca2694ae1d C++: exclude end pointers in iterator-style loops 2022-09-01 17:42:19 -04:00
Nora Dimitrijević
ce1e4ad422 Merge branch 'main' into missing-check-scanf-squashed 2022-08-30 11:34:00 +02:00
erik-krogh
cc7a9ef97a rename more acronyms 2022-08-25 20:52:27 +02:00
Nora Dimitrijević
02772ed20c Revert changes to .gitignore and .clang-format 
because they are potentially too global, belong in a separate PR.
 2022-08-25 16:37:39 +02:00
Nora Dimitrijević
ad56274a73 C++: Small improvements to query qldoc and message 2022-08-25 15:22:41 +02:00
Nora Dimitrijević
5c894ae40b Merge branch 'main' into missing-check-scanf-squashed 2022-08-24 21:14:57 +02:00
Nora Dimitrijević
170d12bf5a Write MissingCheckScanf.qhelp 2022-08-24 19:58:19 +02:00
erik-krogh
1c0f2251e2 Merge branch 'main' into msgConsis 2022-08-24 14:38:57 +02:00
Nora Dimitrijević
ca162a4365 C++: complete initial implementation of cpp/missing-check-scanf 
There are still some remaining FPs (haven't fully tested them)
that should be ironed out in a follow-up to increase the precision, e.g.:

  * if scanf(&i) != 1 return
    if maybe() && scanf(&i) != 1 return
    use(i) // should be OK on both counts

  * The minimum guard constant for the *_s variants may not be right.

  * int i[2]
    scanf(i, i+1) // second i is flagged as a use of the first

  * Maybe loosen the "unguarded or badly guarded use() = bad" policy to
    "unguarded but already-initialized = good" and "badly guarded = bad",
    since a lot of FPs in MRVA fall into the "unguarded but already-
    initialized" bucket.
 2022-08-24 11:25:06 +02:00
Nora Dimitrijević
69911d4f36 .clang-format: do not autoformat test.cpp 2022-08-24 11:25:05 +02:00
erik-krogh
a50234adb0 apply suggestion from review 2022-08-23 15:41:37 +02:00
erik-krogh
1a7d3ee831 update expected output after changing queries 2022-08-23 12:35:32 +02:00
erik-krogh
7e0bd5bde4 update expected output of tests 2022-08-22 21:41:47 +02:00
erik-krogh
e89e0eb7fb make some acronyms camelCase 2022-08-22 21:22:35 +02:00
erik-krogh
ce9f69a639 rename all occurrences of XML to Xml 2022-08-22 14:08:31 +02:00
Jeroen Ketema
f00a9ac8fc Merge pull request #10112 from jketema/orphaned 
C++: Handle orphaned local variables
 2022-08-22 10:45:10 +02:00
Jeroen Ketema
4a7ad84d02 C++: Add __func__ and __PRETTY_FUNCTION__ IR tests 2022-08-20 01:09:52 +02:00
Jeroen Ketema
584a0189a8 C++: Update test results after changes 2022-08-19 21:50:45 +02:00
Chris Smowton
8d20b9cf52 Use hasLocationInfo to match several Location fields at once 2022-08-19 19:03:17 +01:00
Chris Smowton
1ea7caf559 Fix join ordering in inline-expectations test 2022-08-19 18:17:22 +01:00
intrigus
dabccd8686 Add query for tainted wordexp calls. 2022-08-16 23:56:50 +02:00
Robert Marsh
56eacce320 C++: restrict to end-of-allocation pointers 2022-08-16 17:52:06 -04:00
Robert Marsh
93de8e2308 C++: fix missing bounds in exp range analysis 2022-08-16 17:44:51 -04:00
Robert Marsh
e4d0e7431c C++: some experimental product flow queries 2022-08-16 17:44:46 -04:00
Robert Marsh
9e0c82eabb Merge pull request #10039 from rdmarsh2/rdmarsh2/cpp/sem-range-analysis-perf 
C++: Fix missing bounds and performance issues in semantic range analysis
 2022-08-16 12:27:02 -04:00
Robert Marsh
818bdcf3ab C++: autoformat a test 2022-08-16 11:31:28 -04:00
Robert Marsh
5450681ade C++: Autoformat and fix a test 2022-08-12 13:49:16 -04:00
Jeroen Ketema
4d76fd198e C++: Handle block assignments in the IR 2022-08-12 18:43:23 +02:00
Jeroen Ketema
5c905b76b4 C++: Expose block assignment operations in the QL library 2022-08-12 18:43:23 +02:00
Jeroen Ketema
ebf8161f1b C++: Add block assignment expression to the database schema 
These can under some circumstances be generated by the frontend as part
of compiler generated copy constructors and assignment operators.
 2022-08-12 18:43:23 +02:00
Jeroen Ketema
de142b276d C++: Add IR test that exposes a gap in the extractor output 2022-08-12 18:43:23 +02:00
Geoffrey White
c62ae3b350 C++: First working. We now prefer flagging the cases where the variable was initialized, as in real world cases we haven't seen it done safely. 2022-08-11 12:27:48 +02:00
Geoffrey White
76ef779f60 C++: Add test and placeholder query. 2022-08-11 12:27:39 +02:00
Jeroen Ketema
8528e6b8e1 C++: Update test results for exposing attribute arguments as proper constants 2022-08-10 21:11:58 +02:00
Nora Dimitrijević
8e60a4a478 Update StrncpyFlippedArgs.expected 
Add output lines for the newly implemented test case, test.cpp/test9().
 2022-08-10 13:42:21 +02:00
Nora Dimitrijević
df419003ad Use Strcpy.qll in StrncpyFlippedArgs.ql 
As a result, the query gets access to more types of strncpy-like
functions, as demonstrated by test.cpp, which now "fails" (i.e. works) for the new test
cases instroduced
in the previous commit.
 2022-08-10 13:42:21 +02:00
Nora Dimitrijević
554aea1bb8 New strcpy-variant in StrncpyFlippedArgs test 
Added wcsxfrm_l, which is not currently caught by the query,
meaning that in this case a successful
test implies missing functionality.
 2022-08-10 13:42:21 +02:00
Geoffrey White
db8a3107b3 Merge pull request #9089 from ihsinme/ihsinme-patch-87 
CPP: Add query for CWE-125 Out-of-bounds Read with different interpretation of the string when use mbtowc
 2022-08-09 09:31:32 +01:00
ihsinme
9b5154f878 Update and rename DangerousUseMbtowc.qlref to DangerousWorksWithMultibyteOrWideCharacters.qlref 2022-08-08 18:39:10 +03:00
ihsinme
bce395f201 Rename DangerousUseMbtowc.expected to DangerousWorksWithMultibyteOrWideCharacters.expected 2022-08-08 18:38:24 +03:00
Jeroen Ketema
ba2cee07a9 Merge pull request #8596 from rdmarsh2/rdmarsh2/dataflow-global-vars 
C++: IR data flow through global variables
 2022-08-05 10:07:00 +02:00
Mathias Vorreiter Pedersen
c582d17350 Merge pull request #9952 from MathiasVP/speedup-return-stack-allocated-memory 
C++: Speedup `cpp/return-stack-allocated-memory`
 2022-08-03 09:41:38 +01:00
Mathias Vorreiter Pedersen
5181cc1295 C++: Add a 'allowInterproceduralFlow' predicate to the 'MustFlow' library to and use it instead of checking the enclosing callables after computing the dataflow graph. 2022-08-02 13:43:01 +01:00
Robert Marsh
3007c96c72 C++: fix a nit 2022-08-01 15:34:03 -04:00
Robert Marsh
6dbaae6bfc Merge branch 'main' into rdmarsh2/dataflow-global-vars 2022-08-01 14:56:24 -04:00
Robert Marsh
4f8373f577 Merge branch 'main' into rdmarsh2/dataflow-global-vars 2022-08-01 14:55:45 -04:00