hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
81,788 Commits 1,672 Branches 157 Tags
codeql-cli-2.22.4
Commit Graph

7071 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
d55db836cb C++: Remove implied conjunct. 2021-05-10 16:13:54 +02:00
Mathias Vorreiter Pedersen
c0b65314be C++: Fix false positive by restricting _both_ the old (unconverted) expression _and_ all of the conversions. 2021-05-10 15:18:42 +02:00
ihsinme
c8f2937df9 Update DeclarationOfVariableWithUnnecessarilyWideScope.ql 2021-05-10 14:16:11 +03:00
Mathias Vorreiter Pedersen
c91ed80e6c C++: Fix false positive by computing range of the converted expression. 2021-05-10 10:12:43 +02:00
Dave Bartolomeo
773e5f2e2e Merge remote-tracking branch 'upstream/main' into side-effects 2021-05-07 16:50:48 -04:00
Dave Bartolomeo
187e136ecc C++: Generate IR side effects for smart pointer indirections 
When inserting side effect instructions for argument indirections, we now insert side effects for smart pointers as we would for raw pointers. The address operand of the side effect instruction is  the smart pointer object, which is a bit odd. However, I'd like to think through the design of a more principled solution before doing additional work.

A few new tests are added to the existing IR tests. In addition, the IR tests now `#include` some of the shared STL headers. I've disabled IR dumps for functions from those headers, since they only get in the way of the test cases we intended.
 2021-05-07 16:50:03 -04:00
Dave Bartolomeo
f0a994a570 C++: Fix pointer flow modeling for smart pointer setters 2021-05-07 16:33:15 -04:00
Dave Bartolomeo
653ef9d257 C++: Improve consistency failure message for multiple MemoryLocations on a memory access. 2021-05-07 16:04:01 -04:00
Dave Bartolomeo
54b9f2175d C++: Allow annotating IR dumps with Alias Analysis info 
This commit adds a `PrintAliasAnalysis.qll` module, which can be imported alongside `PrintIR.qll` to annotate those dumps with alias analysis results.
 2021-05-07 16:03:11 -04:00
Geoffrey White
65ac5b862d Merge pull request #5847 from MathiasVP/improve-wrong-in-detecting-and-handling-memory-allocation-errors 
Improve wrong in detecting and handling memory allocation errors
 2021-05-07 17:39:04 +01:00
Geoffrey White
75edcf0b4f Merge branch 'main' into unsigneddiff2 2021-05-07 16:35:16 +01:00
Geoffrey White
69468514f0 Update cpp/ql/src/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-05-07 16:26:42 +01:00
Geoffrey White
91be483c57 Update cpp/ql/src/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-05-07 16:26:36 +01:00
Geoffrey White
fc96c1c400 Update cpp/ql/src/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-05-07 16:26:23 +01:00
Geoffrey White
5db6abe2f4 Update cpp/ql/src/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-05-07 16:22:48 +01:00
Geoffrey White
894f5d523c Update cpp/ql/src/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-05-07 16:19:48 +01:00
Mathias Vorreiter Pedersen
90e8368258 C++: Properly handle conversions in convertedExprMayThrow. This recursive implementation idea is stolen from convertedExprMightOverflow in SimpleRangeAnalysis. 2021-05-07 12:31:43 +02:00
Mathias Vorreiter Pedersen
88e6cbaacd C++: Include Assignments in exprMayThrow and accept test changes. 2021-05-07 11:49:25 +02:00
Mathias Vorreiter Pedersen
08fa611700 C++: Avoid calling SwitchCase.getAStmt for performance reasons. This turns out to not be needed as the statements inside the switch case will get picked up by the BlockStmt.getAStmt case already. 2021-05-07 11:18:50 +02:00
Robert Marsh
9ac55aff0e C++: One more join order fix 2021-05-06 17:43:28 -07:00
Mathias Vorreiter Pedersen
856d512aa6 C++: Simplify noThrowInTryBlock. 2021-05-06 18:36:09 +02:00
Mathias Vorreiter Pedersen
7c1720a1d1 C++: Remove NoThrowAllocator and inline its (corrected) definition in ThrowingAllocator. 2021-05-06 18:02:05 +02:00
Robert Marsh
b3e598c1a7 C++/C#: fix another join order in SSA construction 2021-05-06 08:14:49 -07:00
Robert Marsh
5318aa8ead C++: autoformat 2021-05-06 08:14:48 -07:00
Robert Marsh
35594eac22 C++: fix bad join order in phi node sharing 2021-05-06 08:14:47 -07:00
Robert Marsh
5406783e9c C++: autoformat 2021-05-06 08:14:46 -07:00
Robert Marsh
5d7d26bed1 C++: fixups and file sync for SSA sharing 2021-05-06 08:14:44 -07:00
Robert Marsh
195b811422 C++: handle phi operands from unreachable blocks 2021-05-06 08:14:42 -07:00
Robert Marsh
6600436dd9 C++: handle degenerate phi nodes 2021-05-06 08:14:41 -07:00
Dave Bartolomeo
922cf640f4 C++/C#: Add combineOverlap() predicate 2021-05-06 08:14:40 -07:00
Robert Marsh
8bc7e5993e autoformat and sync C++ files 2021-05-06 08:14:36 -07:00
Robert Marsh
deff5c3af1 C++: Reuse SSA from earlier stages 
This refactors the SSA stages of the IR so that instructions which have
a modeled memory result in the unaliased SSA stage do not have SSA
recomputed in the aliased SSA stage.
 2021-05-06 08:14:34 -07:00
Robert Marsh
a9d7990596 C++: make unaliased_ssa IR stage sound 2021-05-06 08:14:33 -07:00
Mathias Vorreiter Pedersen
d1eb774737 C++: Remove implied conjunction. 2021-05-06 17:03:42 +02:00
Mathias Vorreiter Pedersen
e0606d61b6 C++: Fix qldoc. 2021-05-06 16:58:49 +02:00
Mathias Vorreiter Pedersen
c12837cff0 C++: Fix false negative. 2021-05-06 16:57:09 +02:00
Mathias Vorreiter Pedersen
47a419a5f1 C++: Respond to review comments. First: Avoid using locations to detect constructor and destructor calls. Second: Include missing statements in stmtMayThrow. 2021-05-06 16:37:26 +02:00
Mathias Vorreiter Pedersen
4463293dc4 C++: Move common code from NewExpr and NewArrayExpr into the NewOrNewArrayExpr class. 2021-05-06 16:35:41 +02:00
Mathias Vorreiter Pedersen
95e65dec8f C++: Make sure a CatchBlock that catches a const std::bad_alloc& is also a BadAllocCatchBlock. 2021-05-06 14:35:27 +02:00
Mathias Vorreiter Pedersen
6cdef782c8 Merge branch 'main' into improve-wrong-in-detecting-and-handling-memory-allocation-errors 2021-05-06 13:37:21 +02:00
Mathias Vorreiter Pedersen
420215931c C++: Rename query. 2021-05-06 13:35:08 +02:00
Mathias Vorreiter Pedersen
56d7342398 C++: Improve the cpp/detect-and-handle-memory-allocation-errors query. 2021-05-06 13:29:20 +02:00
Evgenii Protsenko
b1a6394959 C++: SqlPqxxTainted.ql. Change @id in query metadata 2021-05-06 12:36:48 +03:00
ihsinme
976ccda135 Update DeclarationOfVariableWithUnnecessarilyWideScope.ql 2021-05-05 23:34:21 +03:00
ihsinme
b277082462 Update DeclarationOfVariableWithUnnecessarilyWideScope.qhelp 2021-05-05 23:28:04 +03:00
Evgenii Protsenko
330eaea467 C++: SqlPqxxTainted.ql style fixes 2021-05-05 21:48:14 +03:00
Evgenii Protsenko
955d97f6be C++: Init SqlPqxxTainted.ql 2021-05-05 21:25:36 +03:00
Jonas Jensen
390ee3a6b8 Merge pull request #5829 from MathiasVP/reorder-get-instruction-opcode 
C++: Reorder getInstructionOpcode
 2021-05-05 11:13:15 +02:00
Mathias Vorreiter Pedersen
066cdb55d7 C++: Add qldoc explaining column order. 2021-05-05 09:30:12 +02:00
Henning Makholm
4964ce347b CPP: fix semi-unused variables in WrongInDetectingAndHandlingMemoryAllocationErrors.ql 
The fact that `aex` and `it` was each used in just one disjunct of the
exists() body caused the optimizer to generate perfectly horrible
code, including a pointless cartesian product between them that caused
the evaluation to blow up.

Fix it such that each variable is logically scoped. That makes the
compiler much happier.
 2021-05-05 02:31:11 +02:00