hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,246 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.0
Commit Graph

5690 Commits

Author SHA1 Message Date
Jonas Jensen
490dd0e8c0 Merge pull request #1245 from geoffw0/classesmanyfields 
CPP: Fix performance issues in ClassesWithManyFields.ql
 2019-05-01 13:58:28 +02:00
Geoffrey White
1ee28fa15b CPP: Add a test cases that uses restrict. 2019-05-01 11:12:07 +01:00
Geoffrey White
a749b5b6d1 CPP: Improve WrongTypeFormatArguments logic when there is more than one possible expected argument type. 2019-05-01 11:12:06 +01:00
Geoffrey White
ac277ad7ad CPP: Fix %I length specifier. 2019-05-01 11:12:06 +01:00
Geoffrey White
98c3e1475e CPP: Add test cases of %I64 and similar. 2019-05-01 11:12:06 +01:00
Geoffrey White
3a0dfbd00f CPP: Normalize test cases between some of the WrongTypeFormatArguments tests. 2019-05-01 11:12:06 +01:00
Geoffrey White
efa3c77db5 CPP: Additional test cases. 2019-05-01 10:58:03 +01:00
Geoffrey White
89c26ca394 CPP: Rewrite the VDE grouping in ClassesWithManyField.ql to be more performant (and modern). 2019-05-01 10:35:59 +01:00
Jonas Jensen
40aea2f76d C++: Shorten alert message 
We don't write the reason for the alert in the alert message.
 2019-05-01 08:33:36 +02:00
Jonas Jensen
e38ac9f88a C++: suppress alerts in tightly bounded loops 2019-05-01 08:33:35 +02:00
Jonas Jensen
54091e87fa Merge pull request #1136 from zlaski-semmle/cpp340a 
[CPP-340] Refinements to FutileParams.ql etc.
 2019-05-01 08:21:35 +02:00
Ziemowit Laski
17066cfe3e [CPP-340] Adjust annotations in test.c file. 2019-04-30 13:21:36 -07:00
Ziemowit Laski
be77eb7367 [CPP-340] Add new test cases to test.c; this required the .expected 
files to be regenerated.
 2019-04-29 15:30:28 -07:00
Ziemowit Laski
4a760b1561 [CPP-340] Delete ArgumentsToImplicit.ql and associated files. 
Reduce MistypedFunctionArguments.ql precision to `medium`.
 2019-04-28 13:49:46 -07:00
Jonas Jensen
bdb678a318 Merge pull request #1267 from rdmarsh2/rdmarsh/cpp/def-by-ref-taint 
C++: add taint edges to DefinitionByReferenceNode
 2019-04-26 08:50:20 +02:00
Ziemowit Laski
ac58bdfc58 [CPP-340] For MistypedFunctionArguments.ql, add support for pointers to pointers and pointers to arrays. 2019-04-24 14:54:01 -07:00
Robert Marsh
919f5c616f C++: comment and test for taint flow via memcpy 2019-04-23 11:17:18 -07:00
Robert Marsh
262f724235 C++: add taint edges to DefinitionByReferenceNode 2019-04-22 10:39:02 -07:00
Robert Marsh
45a35a8572 Merge pull request #1265 from rdmarsh2/rdmarsh/cpp/gvn-string-pooling 
C++: string pooling in IR value numbering
 2019-04-22 09:29:44 -07:00
Robert Marsh
e7ca6c8bd9 C++: test for value number string pooling 2019-04-19 10:50:52 -07:00
Ziemowit Laski
62b030d27f [CPP-340] Add a fourth query, ArgumentsToImplicit.ql, to deal strictly with implicitly declared 
functions.  TooManyArguments.ql will now deal with explicitly declared/prototyped functions.
 2019-04-18 17:56:41 -07:00
Robert Marsh
c6f01265be Merge pull request #1263 from geoffw0/bufferoverflowqueries 
CPP: Resolve overlap between OverflowCalculated.ql and NoSpaceForZeroTerminator.ql
 2019-04-18 13:21:57 -04:00
Geoffrey White
57a4e52b47 CPP: Remove the overlap between these two queries. 2019-04-18 10:33:33 +01:00
Geoffrey White
ca6ba36d87 CPP: Unify and improve the MallocCall classes. 2019-04-18 10:30:18 +01:00
Geoffrey White
1ba8364c3b CPP: Add more test cases. 2019-04-18 10:28:34 +01:00
Geoffrey White
8856442f7f CPP: Add NoSpaceForZeroTerminator to the OverflowCalculated test. 2019-04-18 09:19:44 +01:00
Geoffrey White
12650f85c5 CPP: Rename a test file. 2019-04-18 09:16:55 +01:00
Nick Rolfe
bf204ecdf8 C++: update expected extractor arguments to match qltest runner changes 2019-04-17 12:30:04 +01:00
Robert Marsh
09d0548c81 Merge pull request #1237 from geoffw0/commentedoutcode2 
CPP: Fix FPs from detecting commented out preprocessor logic
 2019-04-16 10:31:42 -07:00
Geoffrey White
2d15163e30 CPP: Test of a comment inside #if 0. 2019-04-16 15:37:21 +01:00
Ziemowit Laski
b58f414ede [CPP-340] Add more test case; exclude K&R definitions of functions when looking 
up ()-declarations; refactor QL code.
 2019-04-12 17:25:33 -07:00
Nick Rolfe
baf091235c C++: change expected test output following extractor frontend upgrade 2019-04-11 17:45:35 +01:00
Geoffrey White
1e0e3192bb CPP: Restrict to #elif, #else, #endif. 2019-04-11 15:14:21 +01:00
Geoffrey White
2dad62acf4 CPP: Additional test cases. 2019-04-11 15:06:41 +01:00
Jonas Jensen
ac3421f6be Merge pull request #1238 from geoffw0/newtests 
CPP: New test cases
 2019-04-11 14:43:03 +02:00
Geoffrey White
3ceacff0d4 CPP: Add a test of IncorrectConstructorDelegation.ql. 2019-04-11 12:24:16 +01:00
Geoffrey White
7dd7bf346d CPP: Add a test of placement new in CWE-772 (this case came up recently but has already been fixed). 2019-04-11 12:23:33 +01:00
Geoffrey White
2c0ccf4a85 CPP: Exclude unusual header files such as config.h. 2019-04-11 11:28:45 +01:00
Geoffrey White
9e6b178d48 CPP: Resolve #endif FPs. 2019-04-11 11:05:53 +01:00
Geoffrey White
4beb77588a CPP: Add tests based on false positive results. 2019-04-11 10:14:32 +01:00
Dave Bartolomeo
878cdf7cb6 C++: Fix false positive in PointlessComparison 
We avoid putting a variable into SSA if its address is ever taken in a way that could allow mutation of the variable via indirection. We currently just look to see if the address is either "pointer to non-const" or "reference to non-const". However, if the address was cast to an integral type (e.g. `uintptr_t n = (uintptr_t)&x;`), we were treating it as unescaped. This change makes the conservative assumption that casting a pointer to an integer may result in the pointed-to value being modified later.

This fixes a customer-reported false positive (#2 from https://discuss.lgtm.com/t/2-false-positives-in-c-for-comparison-is-always-same/1943)
 2019-04-11 01:56:22 -07:00
Geoffrey White
c974693b58 CPP: Add a test case for CWE-120. 2019-04-10 18:52:03 +01:00
Geoffrey White
7ea6c1bcbe CPP: Add a test of AV Rule 186.ql. 2019-04-10 18:08:10 +01:00
Ziemowit Laski
dc7497835e [CPP-340] Make the query more strict (again). 2019-04-10 09:55:37 -07:00
Geoffrey White
5101a5bc3d Merge pull request #1056 from jbj/SimpleRangeAnalysis-use-after-cast 
C++: Fix use-after-cast bug in SimpleRangeAnalysis
 2019-04-10 11:04:20 +01:00
Jonas Jensen
01fc721497 C++: Fixup test annotation 2019-04-10 09:28:06 +02:00
Robert Marsh
75ab311c3a Merge pull request #1223 from geoffw0/commentedoutcode 
CPP: Detect commented out preprocessor logic
 2019-04-09 16:16:19 -04:00
Robert Marsh
c9fbbfe7d8 Merge pull request #984 from rdmarsh2/rdmarsh/cpp/ir-stmtexpr 
C++: add support for GNU StmtExpr in IR
 2019-04-09 12:54:35 -04:00
Geoffrey White
13ed50f049 CPP: Improve the regexp. 2019-04-09 13:08:31 +01:00
Geoffrey White
d70e7ceafe CPP: Additional test cases. 2019-04-09 13:04:32 +01:00