hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,644 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.1
Commit Graph

5704 Commits

Author SHA1 Message Date
Andrew Eisenberg
99e8cb78b0 Merge pull request #10496 from aeisenberg/aeisenberg/merge-rc3.7-into-main 
Aeisenberg/merge rc3.7 into main
 2022-09-21 08:09:47 -07:00
Geoffrey White
518b45bc8e C++: Add two more test cases. 2022-09-21 15:41:27 +01:00
Geoffrey White
2756c0e7af C++: Don't report results in files with compilation errors. 2022-09-21 10:45:28 +01:00
Andrew Eisenberg
58e4861b45 Merge branch 'main' into rc/3.7 2022-09-20 12:43:20 -07:00
Geoffrey White
9ddb485405 Merge branch 'main' into cleartext-perf 2022-09-20 17:56:18 +01:00
Geoffrey White
c599b02e98 C++: Add test case. 2022-09-20 15:23:13 +01:00
Mathias Vorreiter Pedersen
3e6576bfaf C++: Add example of missing result. 2022-09-18 12:18:04 +01:00
Mathias Vorreiter Pedersen
d1cf688abf C++: Fix test function naming. 2022-09-18 12:17:46 +01:00
Mathias Vorreiter Pedersen
4482669d7e C++: Add a new 'InvalidPointerDeref' query to experimental. 2022-09-15 17:47:15 +01:00
Mathias Vorreiter Pedersen
b8a5aa5d85 C++: Fix a couple of range analysis issues: 
1. The new query is expecting pointer arithmetic operations to generate
range-analysis bounds, but this wasn't true on main.
2. The bounds generated by `boundFlowCond` was incorrectly inferred as
non-strict when comparing a pointers (unlike when comparing values of
integral types). This gave FPs in the new query.

This also fixes a couple of missing results in existing queries that
use the new range-analysis library.
 2022-09-15 17:46:52 +01:00
ihsinme
50105c1f6d create new branchihsinme-patch-111 in fork 2022-09-15 06:35:42 +00:00
Mathias Vorreiter Pedersen
c7ccff2e20 C++: Accept test changes. 2022-09-13 12:11:22 +01:00
Geoffrey White
6011ae9ecc Merge branch 'main' into cleartext-perf 2022-09-09 11:40:47 +01:00
Robert Marsh
0feeafd0ac Merge pull request #10339 from MathiasVP/dont-use-get-unique-id-in-range-analysis 
C++: Don't use `getUniqueId` in range analysis
 2022-09-08 11:13:43 -04:00
Jeroen Ketema
1140d27bda C++: Add tests for newly supported builtin operations 2022-09-08 10:06:57 +02:00
Mathias Vorreiter Pedersen
7062263885 C++: Accept test changes. 2022-09-07 21:11:52 +01:00
Mathias Vorreiter Pedersen
86259ced97 Merge branch 'main' into rdmarsh2/cpp/product-flow 2022-09-07 16:38:42 +01:00
Robert Marsh
55a10d99b4 Merge pull request #10305 from MathiasVP/ql-workaround-for-missing-decl-entries 
C++: Synthesize `DeclarationEntry`s for IR construction
 2022-09-07 11:34:28 -04:00
Mathias Vorreiter Pedersen
011d15aca3 C++: Accept test changes. 2022-09-07 14:56:08 +01:00
Mathias Vorreiter Pedersen
5ce47d97b2 Merge branch 'main' into rdmarsh2/cpp/product-flow 2022-09-07 11:14:42 +01:00
Mathias Vorreiter Pedersen
d6b8f25312 C++: Add more tests. 2022-09-06 15:22:10 +01:00
Mathias Vorreiter Pedersen
885bf427bd C++: Accept test changes. 2022-09-05 23:26:03 +01:00
Mathias Vorreiter Pedersen
fc85ef76ed C++: Introduce 'PseudoDeclarationEntry's to handle missing 'DeclarationEntry's during IR construction. 2022-09-05 22:17:14 +01:00
Mathias Vorreiter Pedersen
2da46ad691 C++: Add two testcases demonstrating malformed IR from missing declaration entries from decl stmts. 2022-09-05 17:49:20 +01:00
Geoffrey White
946456acc2 C++: Apply the sanitizer improvement from cpp/cleartext-storage-buffer in cpp/cleartext-storage-file and cpp/cleartext-transmission. 2022-09-05 14:44:33 +01:00
Robert Marsh
ca2694ae1d C++: exclude end pointers in iterator-style loops 2022-09-01 17:42:19 -04:00
Nora Dimitrijević
ce1e4ad422 Merge branch 'main' into missing-check-scanf-squashed 2022-08-30 11:34:00 +02:00
erik-krogh
cc7a9ef97a rename more acronyms 2022-08-25 20:52:27 +02:00
Nora Dimitrijević
02772ed20c Revert changes to .gitignore and .clang-format 
because they are potentially too global, belong in a separate PR.
 2022-08-25 16:37:39 +02:00
Nora Dimitrijević
ad56274a73 C++: Small improvements to query qldoc and message 2022-08-25 15:22:41 +02:00
Nora Dimitrijević
5c894ae40b Merge branch 'main' into missing-check-scanf-squashed 2022-08-24 21:14:57 +02:00
Nora Dimitrijević
170d12bf5a Write MissingCheckScanf.qhelp 2022-08-24 19:58:19 +02:00
erik-krogh
1c0f2251e2 Merge branch 'main' into msgConsis 2022-08-24 14:38:57 +02:00
Nora Dimitrijević
ca162a4365 C++: complete initial implementation of cpp/missing-check-scanf 
There are still some remaining FPs (haven't fully tested them)
that should be ironed out in a follow-up to increase the precision, e.g.:

  * if scanf(&i) != 1 return
    if maybe() && scanf(&i) != 1 return
    use(i) // should be OK on both counts

  * The minimum guard constant for the *_s variants may not be right.

  * int i[2]
    scanf(i, i+1) // second i is flagged as a use of the first

  * Maybe loosen the "unguarded or badly guarded use() = bad" policy to
    "unguarded but already-initialized = good" and "badly guarded = bad",
    since a lot of FPs in MRVA fall into the "unguarded but already-
    initialized" bucket.
 2022-08-24 11:25:06 +02:00
Nora Dimitrijević
69911d4f36 .clang-format: do not autoformat test.cpp 2022-08-24 11:25:05 +02:00
erik-krogh
a50234adb0 apply suggestion from review 2022-08-23 15:41:37 +02:00
erik-krogh
1a7d3ee831 update expected output after changing queries 2022-08-23 12:35:32 +02:00
erik-krogh
7e0bd5bde4 update expected output of tests 2022-08-22 21:41:47 +02:00
erik-krogh
e89e0eb7fb make some acronyms camelCase 2022-08-22 21:22:35 +02:00
erik-krogh
ce9f69a639 rename all occurrences of XML to Xml 2022-08-22 14:08:31 +02:00
Jeroen Ketema
f00a9ac8fc Merge pull request #10112 from jketema/orphaned 
C++: Handle orphaned local variables
 2022-08-22 10:45:10 +02:00
Jeroen Ketema
4a7ad84d02 C++: Add __func__ and __PRETTY_FUNCTION__ IR tests 2022-08-20 01:09:52 +02:00
Jeroen Ketema
584a0189a8 C++: Update test results after changes 2022-08-19 21:50:45 +02:00
Chris Smowton
8d20b9cf52 Use hasLocationInfo to match several Location fields at once 2022-08-19 19:03:17 +01:00
Chris Smowton
1ea7caf559 Fix join ordering in inline-expectations test 2022-08-19 18:17:22 +01:00
intrigus
dabccd8686 Add query for tainted wordexp calls. 2022-08-16 23:56:50 +02:00
Robert Marsh
56eacce320 C++: restrict to end-of-allocation pointers 2022-08-16 17:52:06 -04:00
Robert Marsh
93de8e2308 C++: fix missing bounds in exp range analysis 2022-08-16 17:44:51 -04:00
Robert Marsh
e4d0e7431c C++: some experimental product flow queries 2022-08-16 17:44:46 -04:00
Robert Marsh
9e0c82eabb Merge pull request #10039 from rdmarsh2/rdmarsh2/cpp/sem-range-analysis-perf 
C++: Fix missing bounds and performance issues in semantic range analysis
 2022-08-16 12:27:02 -04:00