hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,267 Commits 1,671 Branches 157 Tags
codeql-cli-2.21.1
Commit Graph

3342 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
7408931565 C++: Disable 'reference -> dereference' dataflow. 2022-11-14 14:05:31 +00:00
Jeroen Ketema
2b37ebd7ed Merge remote-tracking branch 'upstream/main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2022-11-11 17:24:34 +01:00
Jeroen Ketema
5c109cdef1 Merge pull request #11234 from jketema/std-iterator-fix 
C++: Recognize `basic_string::iterator` as an iterator
 2022-11-11 17:21:42 +01:00
Rasmus Wriedt Larsen
ddbcdcb4ba Merge pull request #11160 from RasmusWL/dataflow-consistency-read-store 
DataFlow: Add read/store stepIsLocal consistency checks
 2022-11-11 14:51:45 +01:00
Jeroen Ketema
612624d241 C++: Recognize basic_string::iterator as an iterator 2022-11-11 14:04:50 +01:00
Mathias Vorreiter Pedersen
f534768715 C++: Fix join orders. 2022-11-11 11:09:38 +00:00
Mathias Vorreiter Pedersen
e0a6c16228 C++: Add missing QLDoc. 2022-11-11 11:09:38 +00:00
Mathias Vorreiter Pedersen
1a1f078684 C++: Also pick the operand as the 'ExprNode' when the expression is the qualifier of a call (and not just when it's an argument of a call). 2022-11-11 11:07:08 +00:00
Mathias Vorreiter Pedersen
c999704d1e C++: Now that we sometimes target an operand where we'd target an instruction before we should pick the operand as the 'sink' in the call-target resolution recursion. 2022-11-11 11:07:08 +00:00
Mathias Vorreiter Pedersen
a51ac7b4e7 C++: Remove some unnecessary IPA values from 'IndirectInstruction' and 'IndirectOperand' when the semantically identical value already exists in the IR. 2022-11-11 11:07:08 +00:00
Jeroen Ketema
ba00a0f370 C++: Share parameter logic in std::string model 2022-11-11 08:48:11 +01:00
Jeroen Ketema
23e29e993b C++: Split std::string::insert off in a separate class 
The `insert` function has two different return types: `iterator` and
`basic_string&`.
 2022-11-11 08:48:01 +01:00
Anders Schack-Mulligen
b3b7711149 Dataflow: Sync. 2022-11-09 14:23:15 +01:00
Jeroen Ketema
af6a87e54d C++: Add missing QLDoc comments 2022-11-09 13:08:53 +01:00
Jeroen Ketema
d7804f5473 C++: Fix DataFlow2 import 2022-11-09 12:53:05 +01:00
Jeroen Ketema
ceb6706c73 C++: Fix formatting 2022-11-09 12:52:44 +01:00
Jeroen Ketema
4ab5066ed2 C++: Fix imports and module names in old dataflow/taint tracking library 2022-11-09 11:52:39 +01:00
Mathias Vorreiter Pedersen
f19b381e3e C++: Add use-use flow through global variables. 2022-11-08 17:10:37 +00:00
Jeroen Ketema
74f9b322a8 Merge branch 'main' into update-from-main 2022-11-08 17:01:02 +01:00
Rasmus Wriedt Larsen
4895daba85 DataFlow: Add read/store stepIsLocal consistency checks 2022-11-08 13:32:49 +01:00
Jeroen Ketema
c61a9c5911 C++: Also taint the return value dereference in the strcat model 2022-11-08 12:08:44 +01:00
Jeroen Ketema
5732c3bca0 Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2022-11-07 15:03:26 +01:00
Anders Schack-Mulligen
99ca28ea9b Merge pull request #10886 from aschackmull/dataflow/joinorders 
Dataflow: Fix a couple of join-orders.
 2022-11-07 11:05:29 +01:00
github-actions[bot]
fca754bddd Post-release preparation for codeql-cli-2.11.3 2022-11-05 14:30:48 +00:00
github-actions[bot]
508327235a Release preparation for version 2.11.3 2022-11-04 20:16:23 +00:00
Tom Hvitved
05bf86acb6 Merge pull request #11126 from hvitved/cpp/position-overrides 
C++: Let `(Indirect|Direct)Position` be sub classes of `Position`
 2022-11-04 15:35:27 +01:00
Tom Hvitved
95835b8297 C++: Let (Indirect|Direct)Position be sub classes of Position 2022-11-04 14:31:18 +01:00
Anders Schack-Mulligen
a1dba82360 Dataflow: Sync. 2022-11-04 12:41:55 +01:00
Mathias Vorreiter Pedersen
b95163cfe4 Merge pull request #11112 from MathiasVP/local-expr-flow 
C++: Improve `Buffer.qll` performance
 2022-11-04 10:32:27 +00:00
Mathias Vorreiter Pedersen
2617e6d7c6 C++: Inline a predicate that was only used once. 2022-11-04 09:35:34 +00:00
Mathias Vorreiter Pedersen
84af725ef1 Fix QLDoc. 2022-11-03 20:33:41 +00:00
Mathias Vorreiter Pedersen
b42e81c32d C++: Speed up 'Buffer.qll'. 2022-11-03 20:31:55 +00:00
Jeroen Ketema
c87b516130 C++: Turn IndirectArgumentOutNode into a PartialDefinitionNode 2022-11-03 17:58:35 +01:00
Tom Hvitved
d3488da0c2 Data flow: Sync files 2022-11-03 15:52:30 +01:00
Mathias Vorreiter Pedersen
18802a2883 Merge pull request #11042 from MathiasVP/simplify-buffer.qll 
C++: Simplify `buffer.qll` repair
 2022-11-03 09:18:39 +00:00
Dave Bartolomeo
49c4c554c4 Merge from main 2022-11-01 13:22:40 -04:00
Mathias Vorreiter Pedersen
30f15473db C++: Use 'max' instead of 'unique.' 2022-11-01 16:55:45 +00:00
Jeroen Ketema
80ef3b39ff Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2022-10-31 18:26:34 +01:00
Mathias Vorreiter Pedersen
1b50168d08 C++: Add an initial pruning stage to prevent this 
large TC in 'localFlowToExpr':
```
Evaluated relational algebra for predicate Buffer#61e3d199::localFlowStepToExpr#2#ff@0a49913i with tuple counts:
    4713946   ~0%    {2} r1 = SCAN DataFlowUtil#47741e1f::simpleLocalFlowStep#2#ff OUTPUT In.1, In.0

  40897385  ~46%    {2} r2 = JOIN boundedFastTC:Buffer#61e3d199::localFlowToExprStep#2#ff_10#higher_order_body:DataFlowUtil#47741e1f::simpleLocalFlowStep#2#ff_0#higher_order_body WITH DataFlowUtil#47741e1f::simpleLocalFlowStep#2#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1

  45611331  ~43%    {2} r3 = r1 UNION r2
    3376553  ~14%    {2} r4 = JOIN r3 WITH DataFlowUtil#47741e1f::ExprNode::getExpr#0#dispred#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1
                    return r4
```

After this commit the tuple counts looks like:
```
Evaluated relational algebra for predicate Buffer#61e3d199::localFlowStepToExpr#2#ff@8cc38x5k on iteration 2 running pipeline standard with tuple counts:
         51367   ~3%    {2} r1 = JOIN Buffer#61e3d199::getBufferSize0#1#f#prev_delta WITH DataFlowUtil#47741e1f::ExprNode::getExpr#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.0

        124933  ~18%    {2} r2 = JOIN r1 WITH #Buffer#61e3d199::localFlowToExprStep#2Plus#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1

        176300  ~17%    {2} r3 = r1 UNION r2
        184685  ~22%    {2} r4 = JOIN r3 WITH DataFlowUtil#47741e1f::simpleLocalFlowStep#2#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1
         56646  ~47%    {2} r5 = JOIN r4 WITH DataFlowUtil#47741e1f::ExprNode::getExpr#0#dispred#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1
         44635  ~16%    {2} r6 = r5 AND NOT Buffer#61e3d199::localFlowStepToExpr#2#ff#prev(Lhs.0, Lhs.1)
                        return r6
```
 2022-10-30 14:20:15 +01:00
Mathias Vorreiter Pedersen
aa8214addf C++: Simplify 'Buffer.qll' by avoiding 'asIndirectExpr'. This removes the flow from 'x' to 'x++', which makes the whole library a lot simpler. 2022-10-30 12:58:53 +01:00
Mathias Vorreiter Pedersen
18d3801c92 Merge pull request #11033 from MathiasVP/exclude-void-calls 
C++: Don't create `DataFlow::Node`s for `void`-typed instructions
 2022-10-28 20:46:33 +02:00
Mathias Vorreiter Pedersen
3261612a8c C++: Exclude void-typed instructions from 'DataFlow::Node'. These nodes can never contain any data so we don't need dataflow nodes for them. 2022-10-28 13:00:23 +02:00
Mathias Vorreiter Pedersen
2098489bb0 C++: Make QL-for-QL happy. 2022-10-28 12:35:52 +02:00
Mathias Vorreiter Pedersen
172261495f Merge branch 'replace-ast-with-ir-use-usedataflow' into fix-as-expr 2022-10-28 10:32:31 +02:00
Mathias Vorreiter Pedersen
22cdeec3fb Merge branch 'main' into printfprecision 2022-10-28 09:29:29 +02:00
Robert Marsh
b7e42e805b Merge pull request #10994 from rdmarsh2/rdmarsh2/return-cstr-repair 
C++: repair the ReturnCstr query
 2022-10-27 14:25:22 -04:00
Robert Marsh
24cb36a1e2 C++: constrain indirect out node to constructors 2022-10-27 11:48:17 -04:00
Mathias Vorreiter Pedersen
e2a0d62adf C++: Fix 'asIndirectExpr' when the underlying instruction is a 'VariableAddressInstruction'. 2022-10-27 12:12:34 +02:00
Dave Bartolomeo
23b572e9b7 Use ${workspace} for intra-workspace dependencies 
Now that the released CLI supports replacement variables in dependency version ranges, we can now mark our published library packs as depending on whatever version of their dependency is in our workspace, without having to manually bump the dependency version every release.

Note that when the packs are published, the dependencies in the published pack file are rewritten to have the correct specific version.
 2022-10-26 16:40:01 -04:00
Robert Marsh
25a1148e04 C++: autoformat 2022-10-26 14:11:37 -04:00