hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
77,734 Commits 1,671 Branches 157 Tags
codeql-cli-2.21.0
Commit Graph

12966 Commits

Author SHA1 Message Date
Robert Marsh
f9ed39915f C++: recompute IRBlock membership at each stage 
This enables the addition of new instructions in later phases of IR
construction; in particular, aliasing write instructions and inference
instructions.
 2018-11-26 12:08:18 -08:00
Geoffrey White
f034abc275 CPP: Add the Semmle security tests. 2018-11-26 17:52:34 +00:00
Aditya Sharad
7aef8fa945 Merge pull request #547 from pavgust/fix/cwe-497-performance 
C++: Refactor CWE-497 for clarity and performance
 2018-11-26 17:13:27 +00:00
Kevin Backhouse
4877659578 Fix names. 2018-11-26 14:56:35 +00:00
Jonas Jensen
fcd53ae631 Merge pull request #540 from geoffw0/cpp-296 
CPP: Fix false positive from AutoGeneratedFile.qll.
 2018-11-26 15:03:21 +01:00
Kevin Backhouse
bc752e1a98 Add post-dominators. 2018-11-24 18:23:27 +00:00
Geoffrey White
f338a4f0d6 CPP: Fix false positive from AutoGeneratedFile.qll. 2018-11-23 17:34:18 +00:00
Aditya Sharad
c20b688a3f Merge master into next. 2018-11-23 16:36:31 +00:00
Pavel Avgustinov
d4b2c01634 Lift out intermediate helper predicate. 2018-11-23 14:22:44 +00:00
Geoffrey White
0855543ac4 CPP: Tag the JPL_C LOC-4 queries. 2018-11-23 10:31:37 +00:00
Geoffrey White
e6dddd90b7 CPP: Add a test of FunctionPointerConversions.ql. 2018-11-23 10:31:36 +00:00
Geoffrey White
0a27022dd4 Merge pull request #523 from jbj/placement-new-never-freed 
C++: Detect non-allocating placement new in cpp/memory-never-freed
 2018-11-23 09:40:11 +00:00
Jonas Jensen
4ad59235d8 Merge pull request #524 from geoffw0/cpp-299 
CPP: Add (partial) dataflow to OverflowStatic.ql
 2018-11-23 08:46:07 +01:00
semmle-qlci
816a94eaa9 Merge pull request #525 from jbj/uninit-badast-mergefix 
Approved by geoffw0, ian-semmle
 2018-11-22 21:05:54 +00:00
Geoffrey White
5d8e34a55f CPP: Add a test of NonConstFunctionPointer.ql. 2018-11-22 17:48:40 +00:00
Geoffrey White
17560cf92e CPP: Tag the JPL_C LOC-3 queries. 2018-11-22 17:48:35 +00:00
Geoffrey White
9cc39ae875 CPP: Tag the JPL_C LOC-2 queries. 2018-11-22 16:31:08 +00:00
Geoffrey White
a47db56a68 CPP: Tag DuplicateBlock.ql. 2018-11-22 16:31:08 +00:00
Geoffrey White
cb609f4be0 CPP: Be conservative where there are multiple flow sources. 2018-11-22 15:50:13 +00:00
Geoffrey White
d57574e92c CPP: localFlowStep* -> localFlow. 2018-11-22 15:50:13 +00:00
Geoffrey White
ea56a5d9ce CPP: Add local dataflow to (one bit of) OverflowStatic.ql. 2018-11-22 15:49:13 +00:00
Geoffrey White
01ba635e1d CPP: Add some test cases involving dataflow. 2018-11-22 15:49:13 +00:00
Geoffrey White
dc224c5c94 Merge pull request #521 from felicity-semmle/cpp/update-qhelp 
C++: Update qhelp for consistency
 2018-11-22 15:31:34 +00:00
Pavel Avgustinov
b9a3a71406 Merge pull request #518 from jbj/vcs-deprecate-queries 
C++: Deprecate queries using VCS.qll
 2018-11-22 15:07:19 +00:00
Jonas Jensen
da26b4f856 C++: Accept test changes for IR 
This test was failing due to a semantic merge conflict between #509,
which added `UninitializedInstruction`, and #517, which added new test
code that would get `UninitializedInstruction`s in it after merging with #509.
 2018-11-22 13:52:33 +01:00
Jonas Jensen
75873bb4a6 C++: Detect non-allocating placement new 
This adds a `NewOrNewArrayExpr.getPlacementPointer` predicate and uses
it in `Alloc.qll` to detect when a `new`-expression is not an
allocation.

User-defined replacements for `operator new` may not be allocations
either, but the code continues to assume that they are. It's possible
that we want to change this assumption in the future or leave it up to
individual queries to decide on which side to err. It's hard to
statically tell whether `operator new` has been overloaded in a
particular file because it can be overloaded by a definition that is not
in scope but is only linked together with that file.
 2018-11-22 11:31:19 +01:00
Felicity Chapman
8cad0b6ef1 Update qhelp for consistency 2018-11-22 10:25:41 +00:00
Jonas Jensen
a17debac3e C++: Placement-new tests for MemoryNeverFreed.ql 2018-11-22 10:48:18 +01:00
Jonas Jensen
e062851709 Merge pull request #517 from dave-bartolomeo/dave/IRFilter 
C++: Don't generate IR for functions with bad ASTs
 2018-11-22 10:02:18 +01:00
Jonas Jensen
220487bb32 C++: Deprecate queries using VCS.qll 
One query imported VCS.qll for no reason, so I removed the import
instead of deprecating the query.
 2018-11-22 08:21:49 +01:00
Jonas Jensen
70e9d11fd2 Merge pull request #509 from dave-bartolomeo/dave/ConditionDeclExpr 
C++: IR support for ConditionDeclExpr
 2018-11-22 08:03:14 +01:00
Dave Bartolomeo
beb9c9c054 C++: Sync identical files 2018-11-21 16:51:47 -08:00
Dave Bartolomeo
97fd7b46cc C++: Add tests for filtering bad ASTs 2018-11-21 16:39:08 -08:00
Dave Bartolomeo
7db36b2a22 C++: Skip IR translation for functions with invalid ASTs 
An slightly invalid AST can cause IR construction to generate extremely bad IR. This change provides a single place to detect invalid ASTs, and to skip IR construction for the affected functions.
 2018-11-21 16:01:19 -08:00
Dave Bartolomeo
03802ed409 C++: Allow filtering of IR creation to speed up dumps 
This change provides a mechanism by which a query can tell the IR package to only create IR for certain functions. This is mostly useful for "PrintIR.qll", which uses this feature to avoid the expense of creating IR for functions that aren't going to be printed.
 2018-11-21 16:01:12 -08:00
semmle-qlci
62db19bee7 Merge pull request #492 from geoffw0/offsetuse 
Approved by dave-bartolomeo
 2018-11-21 17:26:48 +00:00
Jonas Jensen
a4bd586907 Merge pull request #456 from geoffw0/query-tags 
CPP: Query tags 1
 2018-11-21 16:13:23 +01:00
ian-semmle
366934f884 Merge pull request #350 from geoffw0/cpp-205-detail 
CPP: Add detail to the CPP-205 test
 2018-11-21 13:30:53 +00:00
Jonas Jensen
4e2d40aad8 Merge pull request #484 from geoffw0/limitedscopefile 
CPP: Fix Limitedscopefile.ql
 2018-11-21 14:30:48 +01:00
Geoffrey White
b4846dc995 CPP: Modify NVIHub.ql. 2018-11-21 13:11:08 +00:00
Jonas Jensen
f177e348bd Merge pull request #471 from geoffw0/query-tags-2 
CPP: Query tags 2 (JSF queries)
 2018-11-21 11:43:29 +01:00
Dave Bartolomeo
3715215b3f C++: Add IR support for ConditionalDeclExpr 
Also fixes several places in the library that weren't handling `ConditionalDeclExpr`  correctly.
 2018-11-21 00:14:44 -08:00
Dave Bartolomeo
07f9fe6ee4 C++: Add Uninitialized instruction for list-initialized variables 
This commit inserts an `Uninitialized` instruction to "initialize" a local variable when that variable is initialized with an initializer list. This ensures that there is always a definition of the whole variable before any read or write to part of that variable.

This change appears in a different form in @rdmarsh2's Chi node PR, but I needed to refactor the initialization code anyway to handle ConditionDeclExpr.
 2018-11-20 16:12:44 -08:00
Geoffrey White
3c7ed9b7ab CPP: Fix typo. 2018-11-20 17:13:23 +00:00
Geoffrey White
8aeaf0bc8e CPP: Add an external/jsf tag as well. 2018-11-20 17:13:23 +00:00
Geoffrey White
bb7da78c95 CPP: Tag the JSF queries. 2018-11-20 17:13:22 +00:00
Geoffrey White
9922e36590 CPP: Add missing file. 2018-11-20 16:55:10 +00:00
Geoffrey White
0493b68b50 Merge pull request #497 from jbj/disable-no-virtual-destructor 
C++: Remove @precision from AV Rule 78
 2018-11-20 16:44:36 +00:00
Jonas Jensen
33111b6b27 Merge pull request #498 from geoffw0/test-cleanup 
CPP: Clean up some test code.
 2018-11-20 14:44:52 +01:00
Geoffrey White
342164ff71 CPP: Clean up / normalize some test code. 2018-11-20 09:50:59 +00:00