hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
81,788 Commits 1,671 Branches 157 Tags
codeql-cli-2.22.4
Commit Graph

7071 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
ebc1d5feff Merge branch 'main' into rdmarsh2/cpp/improve-constant-off-by-one 2023-05-24 16:07:08 -07:00
Mathias Vorreiter Pedersen
298013a57e C++: Add in-barrier on sources to reduce duplication. 2023-05-24 16:02:27 -07:00
Mathias Vorreiter Pedersen
64d7b4923d C++: Prune flow states based on 'PointerArithmeticToDerefConfig'. 2023-05-24 16:02:17 -07:00
Mathias Vorreiter Pedersen
90824d01b4 C++: Add change note. 2023-05-24 14:39:05 -07:00
github-actions[bot]
d2e192020b Post-release preparation for codeql-cli-2.13.3 2023-05-24 11:26:12 +00:00
Mathias Vorreiter Pedersen
e1223d0b21 C++: Add security severity. 2023-05-23 15:01:33 -07:00
Mathias Vorreiter Pedersen
0dfc9b996d C++: Promote 'cpp/overrun-write' out of experimental. 2023-05-23 14:57:42 -07:00
Mathias Vorreiter Pedersen
81dbfecbfc C++: Promote the product-dataflow library out of experimental. 2023-05-23 09:48:50 -07:00
github-actions[bot]
7aa23cf11d Release preparation for version 2.13.3 2023-05-22 20:47:00 +00:00
Robert Marsh
4ed7450689 C++: remove unneeded pragma 2023-05-22 11:09:44 -04:00
Robert Marsh
604affdeb0 C++: autoformat 2023-05-22 09:31:39 -04:00
Robert Marsh
bf07b0f97b C++: fix cxartesian product in constant off-by-one query 2023-05-19 18:32:09 -04:00
Mathias Vorreiter Pedersen
a77c62473e C++: Reduce code-duplication in 'cpp/overrun-write'. 2023-05-18 13:23:15 +01:00
Nicky Mouha
27519ce3ea Create IfStatementAdditionOverflow.qhelp 2023-05-17 15:27:19 -04:00
Nicky Mouha
5c6fc2ff01 Update IfStatementAdditionOverflow.ql 2023-05-17 15:18:52 -04:00
Jeroen Ketema
d1efffe492 Merge branch 'main' into deref-size 2023-05-17 17:13:49 +02:00
Jeroen Ketema
e3aecd3f1f Merge pull request #13200 from jketema/deref-subpath 
C++: Implement the `subpaths` query predicate for `cpp/invalid-pointer-deref`
 2023-05-17 17:13:28 +02:00
Jeroen Ketema
b83aaf9594 C++: Use range analysis-based hasSize predicate in cpp/invalid-pointer-deref 
This is copied from `cpp/overrun-write`.
 2023-05-17 11:39:41 +02:00
Jeroen Ketema
31ae513f8c C++: Implement the subpaths query predicate for cpp/invalid-pointer-deref 2023-05-17 11:27:37 +02:00
Mathias Vorreiter Pedersen
a5632a21d1 Merge branch 'main' into precompute-states-in-overrun-write 2023-05-16 18:09:16 +01:00
Mathias Vorreiter Pedersen
650e9e1088 C++: Fix Code Scanning error. 2023-05-15 14:05:41 +01:00
Mathias Vorreiter Pedersen
f1c124a3da C++: Share more code between 'ValidState' and 'StringSizeConfig'. 2023-05-15 14:01:17 +01:00
Mathias Vorreiter Pedersen
f31709fb29 C++: Make comment more clear. 2023-05-15 13:36:29 +01:00
Mathias Vorreiter Pedersen
a7712b608a C++: Add more comments. 2023-05-15 11:14:06 +01:00
Robert Marsh
584adf843a C++: restrict flowstates in constant off-by-one query 2023-05-12 12:43:10 -04:00
Mathias Vorreiter Pedersen
f20a69074a C++: Remove flow through ssa phi back-edges. 2023-05-12 13:01:29 +01:00
Mathias Vorreiter Pedersen
75e36e89de C++: Precompute the set of necessary states. 2023-05-12 10:47:23 +01:00
Mathias Vorreiter Pedersen
f7924bda0d Merge pull request #13099 from MathiasVP/heuristic-allocation-for-overrun-write 
C++: Use heuristic allocation functions in `cpp/overrun-write`
 2023-05-12 10:15:28 +01:00
Mathias Vorreiter Pedersen
fd6282063e Merge pull request #12971 from MathiasVP/fix-fp-in-invalid-deref-2 
C++: Fix more FPs on `cpp/invalid-pointer-deref`
 2023-05-11 10:06:01 +01:00
Robert Marsh
f77c77fdf9 C++: refactor off-by-one query to use flowstate 2023-05-10 15:01:01 -04:00
Kasper Svendsen
8410eb3477 C++: Enable implicit this warnings 2023-05-10 15:15:21 +02:00
Mathias Vorreiter Pedersen
f05cce8fc2 C++: Add a member predicate to phi nodes for checking if a phi is a read-phi and use it to restrict flow in 'cpp/invalid-pointer-deref'. 2023-05-10 14:10:13 +01:00
Jeroen Ketema
c3a7f98b2f Merge branch 'main' into fix-fp-in-invalid-deref-2 2023-05-10 11:31:10 +02:00
Mathias Vorreiter Pedersen
9da7c9f696 C++: Use heuristic allocation in 'cpp/overrun-write'. 2023-05-10 08:22:56 +01:00
Kasper Svendsen
c46898cb75 C++: Make implicit this receivers explicit 2023-05-09 15:35:54 +02:00
Mathias Vorreiter Pedersen
2021f46f19 C++: Add QLDoc to 'getOverflow'. 2023-05-09 08:52:08 +01:00
Robert Marsh
b7653ec92d C++: ignore cast arrays in constant off-by-one query 2023-05-04 16:39:02 -04:00
Robert Marsh
3abf5d1bd2 C++: stitch paths in array off-by-one query 2023-05-04 16:28:05 -04:00
Mathias Vorreiter Pedersen
2587f8ed96 C++: Only alert on the largest possible overflow. 2023-05-04 17:29:31 +01:00
github-actions[bot]
18d4af994d Post-release preparation for codeql-cli-2.13.1 2023-05-02 10:50:20 +00:00
github-actions[bot]
3bd29171fb Release preparation for version 2.13.1 2023-04-28 12:14:35 +00:00
Mathias Vorreiter Pedersen
faf846bd58 C++: Disable flow through nodes that are sources of phi edges' back edges. 2023-04-28 11:36:42 +01:00
Mathias Vorreiter Pedersen
fb1a871777 Merge pull request #12855 from MathiasVP/fix-joins-in-use-after-free 
C++: Fix bad self-join in `cpp/use-after-free`
 2023-04-18 17:13:03 +01:00
Alex Ford
924ce250dd Merge pull request #12847 from github/post-release-prep/codeql-cli-2.13.0 
Post-release preparation for codeql-cli-2.13.0
 2023-04-18 14:40:40 +01:00
Mathias Vorreiter Pedersen
61aba4683f C++: Fix bad self-join in 'cpp/use-after-free'. 
Before:
```ql
[2023-04-18 09:17:24] Evaluated non-recursive predicate _ValueNumberingInternal#c9f42560::tvalueNumber#1#ff_10#join_rhs_project#Instruction#577b6a83::Initia__#loop_invariant_prefix@ae046923 in 3903ms (size: 130544).
Evaluated relational algebra for predicate _ValueNumberingInternal#c9f42560::tvalueNumber#1#ff_10#join_rhs_project#Instruction#577b6a83::Initia__#loop_invariant_prefix@ae046923 with tuple counts:
        533787724  ~0%    {2} r1 = JOIN ValueNumberingInternal#c9f42560::tvalueNumber#1#ff_10#join_rhs WITH ValueNumberingInternal#c9f42560::tvalueNumber#1#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1
           130544  ~0%    {2} r2 = JOIN r1 WITH project#Instruction#577b6a83::InitializeParameterInstruction#ff ON FIRST 1 OUTPUT Lhs.1, Lhs.0
                          return r2
```

After:
```ql
[2023-04-18 10:09:34] Evaluated non-recursive predicate _ValueNumberingInternal#c9f42560::tvalueNumber#1#ff_project#Instruction#577b6a83::InitializeParamete__#loop_invariant_prefix@eb90a6fk in 2ms (size: 18380).
Evaluated relational algebra for predicate _ValueNumberingInternal#c9f42560::tvalueNumber#1#ff_project#Instruction#577b6a83::InitializeParamete__#loop_invariant_prefix@eb90a6fk with tuple counts:
        18380  ~0%    {2} r1 = JOIN ValueNumberingInternal#c9f42560::tvalueNumber#1#ff WITH project#Instruction#577b6a83::InitializeParameterInstruction#ff ON FIRST 1 OUTPUT Lhs.1, Lhs.0
                      return r1
```
 2023-04-18 10:14:45 +01:00
Tom Hvitved
f6d000eb20 Merge pull request #12805 from hvitved/remove-queries-xml 
Remove all `queries.xml` files
 2023-04-18 10:52:14 +02:00
github-actions[bot]
648f0e19ec Post-release preparation for codeql-cli-2.13.0 2023-04-17 15:39:24 +00:00
Mathias Vorreiter Pedersen
d975ceb648 Merge pull request #12818 from MathiasVP/dataflow-for-missing-scanf-qery 
C++: Use the new dataflow library in `cpp/missing-check-scanf`
 2023-04-17 14:34:11 +01:00
Mathias Vorreiter Pedersen
7eee589304 Merge pull request #12569 from andersfugmann/andersfugmann/use_after_free 
C++: Implement use-after-free and double-free queries using the new IR use-use dataflow
 2023-04-17 08:01:58 +01:00
Mathias Vorreiter Pedersen
fa5ed04286 Update cpp/ql/src/Critical/DoubleFree.qhelp 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2023-04-17 07:40:01 +01:00