hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
81,788 Commits 1,671 Branches 157 Tags
codeql-cli-2.22.4
Commit Graph

7071 Commits

Author SHA1 Message Date
Raul Garcia
7ab723ae79 Fixing typos & incorporating feedback. 
(MSFT feedback) Adding a new tag in the header @msrc.severity important
 2018-10-16 10:00:51 -07:00
semmle-qlci
6172c95e60 Merge pull request #320 from geoffw0/deprecated 
Approved by yh-semmle
 2018-10-16 15:45:06 +01:00
Raul Garcia
22d54801e5 Removed one false-positive scenario (no space on lpCommandLine) 
Improved the query to avoid multiple calls to hasGlobalName
Fixed typos
Simplified the test case file
 2018-10-15 15:53:02 -07:00
Raul Garcia
cd5e788aa7 Update UnsafeCreateProcessCall.ql 2018-10-15 13:41:21 -07:00
Raul Garcia
1d853691eb Update UnsafeCreateProcessCall.qhelp 2018-10-15 13:40:40 -07:00
Raul Garcia
b8f8c99529 Update UnsafeCreateProcessCall.qhelp 2018-10-15 13:39:46 -07:00
Geoffrey White
ff34ae2a46 CPP: Add deprecated metadata. 2018-10-15 08:56:49 +01:00
Raul Garcia
242d40369b Merge branch 'master' into users/raulga/c6277 2018-10-12 15:59:54 -07:00
Raul Garcia
85283d63ce C++ : NULL application name with an unquoted path in call to CreateProcess 
Calling a function of the CreatePorcess* family of functions, which may result in a security vulnerability if the path contains spaces.
 2018-10-12 15:57:01 -07:00
semmle-qlci
a8be7f2434 Merge pull request #312 from aschackmull/java/autoformat-libs 
Approved by yh-semmle
 2018-10-12 20:02:52 +01:00
Geoffrey White
a9b55534b4 CPP: Speed up phi_node > frontier_phi_node > ssa_defn recursion. 2018-10-12 18:11:53 +01:00
Anders Schack-Mulligen
f341aa79a3 Java/C: Sync dataflow copies. 2018-10-12 13:40:32 +02:00
Geoffrey White
6fc5ff53d7 CPP: Speed up getBufferSize. 2018-10-12 12:34:22 +01:00
Geoffrey White
3b8c72bf1e Merge pull request #303 from jbj/UnsignedGEZero-templates 
C++: Suppress UnsignedGEZero.ql in template instantiations
 2018-10-12 09:43:48 +01:00
Geoffrey White
9d5e674fc5 CPP: Fix hasXMacro performance. 2018-10-11 16:42:36 +01:00
Tom Hvitved
b29b314f4e Merge remote-tracking branch 'upstream/master' into mergeback-2018-10-11 2018-10-11 14:36:44 +02:00
Felicity Chapman
e2629728ba Merge pull request #235 from jbj/hresult-boolean-qhelp 
C++: Finalise docs for cpp/hresult-boolean-conversion and cpp/unsafe-dacl-security-descriptor
 2018-10-11 11:02:17 +01:00
Jonas Jensen
a10c3bcffb C++: Suppress UnsignedGEZero in template inst. 
It still runs on uninstantiated templates because its underlying
libraries do. It's not clear whether that leads to other false
positives, but that's independent of the change I'm making here.
 2018-10-10 17:06:24 +02:00
Jonas Jensen
3e022ad36f Merge pull request #270 from geoffw0/negindex 
CPP: Improvements to Buffer.qll
 2018-10-10 14:59:41 +02:00
Jonas Jensen
4b59c0cb80 Merge branch 'master' into hresult-boolean-qhelp 2018-10-09 14:56:58 +02:00
Geoffrey White
8163def3ae CPP: Alter the dataflow case. 2018-10-08 15:45:17 +01:00
Geoffrey White
8ab830f21c CPP: Allow multiple dataflow sources. 2018-10-08 15:45:17 +01:00
Geoffrey White
fe6c9f9ea2 CPP: Stricter dataflow in getBufferSize. 2018-10-08 15:45:17 +01:00
Geoffrey White
beb21f92d3 CPP: Separate the dataflow case from dynamic allocation. 2018-10-08 15:45:17 +01:00
Geoffrey White
ef8ca5de58 CPP: Replace def-use with dataflow in getBufferSize. 2018-10-08 15:45:17 +01:00
Geoffrey White
c747f24b39 CPP: Fix the initialized array case in getBufferSize. 2018-10-08 15:45:17 +01:00
Tom Hvitved
ccebd5eb11 Merge remote-tracking branch 'upstream/master' into mergeback-2018-10-08 2018-10-08 16:23:29 +02:00
Pavel Avgustinov
2904ebb8a3 Merge pull request #291 from jbj/mergeback-20181008 
Mergeback rc/1.18 to master
 2018-10-08 13:56:50 +01:00
Jonas Jensen
4e25929f82 Merge pull request #288 from geoffw0/widechartype 
CPP: Address Widechartype / WChar_t
 2018-10-08 13:46:28 +02:00
Tom Hvitved
49644bfb47 Merge remote-tracking branch 'upstream/master' into mergeback-2018-10-08 2018-10-08 11:48:56 +02:00
Jonas Jensen
799c034a5e Merge pull request #282 from rdmarsh2/rdmarsh/cpp/simple-range-analysis-caching 
C++: add cached module to SimpleRangeAnalysis
 2018-10-08 11:44:35 +02:00
Jonas Jensen
628540cf7b Merge remote-tracking branch 'upstream/rc/1.18' into mergeback-20181008 2018-10-08 09:55:31 +02:00
Geoffrey White
e2a001f925 Merge pull request #285 from jbj/primitive-bb-joinorder 
C++: Speed up primitive basic block calculation
 2018-10-06 19:47:49 +01:00
Geoffrey White
e0140f9112 CPP: Change some uses of WideCharType to Wchar_t. 2018-10-05 22:03:47 +01:00
Geoffrey White
ecf8e5d936 CPP: Add backticks. 2018-10-05 21:42:16 +01:00
Geoffrey White
d649835f45 CPP: Add an explanatory comment on WideCharType and Wchar_t. 2018-10-05 21:41:35 +01:00
Robert Marsh
c0cf16ab2e C++: move expr predicactes to cached module 2018-10-05 09:34:16 -07:00
Geoffrey White
67a7b75b84 CPP: Simplify getAFormatterWideType. 2018-10-05 16:40:54 +01:00
Geoffrey White
605db444a6 CPP: Fix for consistency. 2018-10-05 16:40:54 +01:00
Geoffrey White
94ff2e5693 CPP: Lets just not report when we're not sure. 2018-10-05 16:40:54 +01:00
Geoffrey White
2841897e3a CPP: Make getAFormatterWideType more general and move it into FormattingFunction.qll. 2018-10-05 16:40:54 +01:00
Geoffrey White
580471ab1d CPP: Replace stripTopLevelSpecifiers to emulate old behaviour. 2018-10-05 16:40:54 +01:00
Geoffrey White
e2be19b555 CPP: New mechanism for string types in printf.qll. 2018-10-05 16:40:54 +01:00
Geoffrey White
6e5207ce3c CPP: Allow declarations of library printf functions in source (repairs most of the tests). 2018-10-05 15:32:36 +01:00
Robert Marsh
fe8f7e9624 C++: consider attributes when finding wide string functions 2018-10-05 15:32:36 +01:00
Robert Marsh
5b8925c699 C++: document new predicate 2018-10-05 15:32:36 +01:00
Robert Marsh
a3459ddf08 C++: add support for custom wide character sizes 
Certain Microsoft projects, such as CoreCLR and ChakraCore, use a
library called the PAL, which enables two-byte strings in the printf
family of functions, even when built on a platform with four-byte
strings. This adds support for determining the size of a wide character
from the definitions of such functions, rather than assuming that they
match the compiler's wchar_t.
 2018-10-05 15:32:35 +01:00
Jonas Jensen
11e03b3161 C++: Fix primitive_basic_block_member join order 
This predicate looked like a join of two already-computed predicates,
but it was a bit more complicated because the `*` operator expands into
two cases: the reflexive case and the transitive case. The join order
for the transitive case placed the `PrimitiveBasicBlock` charpred call
_after_ the `member_step+` call, which means that all the tuples of
`member_step+` passed through the pipeline.

This commit changes the implementation by fully writing out the
expansion of `*` into two cases, where the base case is manually
specialised to make sure the join orderer doesn't get tempted into
reusing the same strategy for both cases. This speeds up the predicate
from 2m38s to 1s on a snapshot of our own C/C++ code.
 2018-10-05 14:26:04 +02:00
Jonas Jensen
265852058d C++: Faster implementation of BB entry node 
The existing implementation of `primitive_basic_block_entry_node` was
"cleverly" computing two properties about `node` with a single
`strictcount`: whether `node` had multiple predecessors and whether any
of those predecessors had more than once successor. This was fast enough
on most snapshots, but on the snapshot of our own code it took 37
seconds to compute `primitive_basic_block_entry_node` and its auxiliary
predicates. This is likely to have affected other large snapshots too.

With this change, the property is computed like in our other languages,
and it brings the run time down to 4 seconds.
 2018-10-05 14:20:03 +02:00
Robert Marsh
f3539e472c C++: add cached module to SimplerangeAnalysis 2018-10-04 15:25:10 -07:00