hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,920 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.2
Commit Graph

1928 Commits

Author SHA1 Message Date
Geoffrey White
2d7552358b C++: Put in a better fix. 2020-09-03 18:51:57 +01:00
Geoffrey White
a1c7fd8fec C++: Remove the workaround for CPP-331. 2020-09-03 18:51:21 +01:00
Geoffrey White
5150bf30e7 C++: Add another test case inspired by CPP-331. 2020-09-03 18:50:11 +01:00
Geoffrey White
1483306c4c C++: Add more tests. 2020-09-03 18:39:50 +01:00
Jonas Jensen
b1c0e6f626 Merge remote-tracking branch 'upstream/main' into SimpleRangeAnalysis-mul-constant 2020-08-20 08:20:31 +02:00
Jonas Jensen
fd0937eb01 C++: Accept improved IntegerOverflowTainted test 2020-08-18 16:47:29 +02:00
Jonas Jensen
27345c64f3 C++: Also accept PointlessComparison test changes 2020-08-18 09:32:05 +02:00
Jonas Jensen
93d8d8eb1d C++: Demonstrate range analysis MulExpr bugs 
Unless these issues can be reproduced in far less contrived code, I
don't think they will cause problems in practice.
 2020-08-12 12:10:23 +02:00
Jonas Jensen
1ee96a4b4f C++: SimpleRangeAnalysis: unsigned multiplication 2020-08-12 10:03:04 +02:00
Geoffrey White
3cf11eca2a C++: And more test cases. 2020-08-07 17:30:07 +01:00
Geoffrey White
7d491afaeb C++: More test cases. 2020-08-07 17:05:13 +01:00
Geoffrey White
b7d2e0ca63 C++: Make all the tests meaningful. 2020-08-07 14:18:28 +01:00
Geoffrey White
0b5b7fa095 C++: Fix another edge case. 2020-08-06 19:06:42 +01:00
Geoffrey White
b3f3f6d95a C++: Fix edge case. 2020-08-06 19:03:43 +01:00
Geoffrey White
cbf30e37ed C++: Fix the issue. 2020-08-06 18:50:18 +01:00
Geoffrey White
a7564c9e0e C++: Add a test of unsigned count-down loops. 2020-08-06 18:44:22 +01:00
Mathias Vorreiter Pedersen
edc33b6516 C++: Add getOutputParameterIndex override to UserDefinedFormattingFunction and accept test changes 2020-07-15 14:46:08 +02:00
Mathias Vorreiter Pedersen
d711c22cd2 C++: Add testcase demonstrating lost query results 2020-07-15 14:42:45 +02:00
Mathias Vorreiter Pedersen
834ad92453 C++: Add test cases for unsigned multiplication and fix missing return value in existing tests 2020-07-14 16:57:47 +02:00
Geoffrey White
edc5d5d128 C++: Add a test of MissingNullTest. 2020-06-25 11:04:06 +01:00
Geoffrey White
91b9b78c48 C++: Add a test case for CWE-114 involving pointers and references. 2020-06-10 14:09:46 +01:00
Jonas Jensen
ad292d8fb6 C++: Accept one more test change from last commit 2020-06-03 14:51:05 +02:00
Jonas Jensen
5f0d283212 Merge remote-tracking branch 'upstream/master' into dataflow-indirect-args 
The conflicts came from how `this` is now a parameter but not a
`Parameter` on `master`.

Conflicts:
	cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
	cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/defaulttainttracking.cpp
	cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/tainted.expected
	cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/test_diff.expected
	cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-ir-consistency.expected
	cpp/ql/test/library-tests/dataflow/fields/ir-flow.expected
	cpp/ql/test/library-tests/syntax-zoo/dataflow-ir-consistency.expected
 2020-06-02 15:35:02 +02:00
Mathias Vorreiter Pedersen
bd97fe627c Merge branch 'master' into remove-field-conflation-from-ir-fieldflow 2020-05-27 17:08:19 +02:00
Jonas Jensen
bc09720704 Merge pull request #3479 from geoffw0/fp2762 
C++: Allow equality to block taint (security taint tracking)
 2020-05-25 15:11:10 +02:00
Mathias Vorreiter Pedersen
617ef32464 C++: Remove [FALSE POSITIVE] annotations 2020-05-21 02:22:57 +02:00
Mathias Vorreiter Pedersen
3c167125e5 C++: Accept test output 2020-05-20 18:18:34 +02:00
Geoffrey White
9babd5dc10 C++: Another positive effect of the change. 2020-05-20 12:49:01 +01:00
Jonas Jensen
486f06ab18 C++: Simplify field conflation test 
It turned out the `memcpy` step was not even necessary.
 2020-05-19 14:12:11 +02:00
Geoffrey White
edd09f09cd C++: Add test cases where several specific values are permitted. 2020-05-15 17:01:23 +01:00
Geoffrey White
48f3db3fbe Merge branch 'master' into fp2762 2020-05-15 09:55:30 +01:00
Geoffrey White
4a6021fb61 C++: Allow equality checking to block taint flow. 2020-05-14 18:32:38 +01:00
Jonas Jensen
a380dc113f C++: Test field conflation with array in struct 2020-05-14 16:29:39 +02:00
Geoffrey White
754d7f0be8 C++: More test cases for TaintedAllocationSize. 2020-05-14 15:23:31 +01:00
Jonas Jensen
1018eaff09 Merge remote-tracking branch 'upstream/master' into dataflow-indirect-args 
Conflicts:
	cpp/ql/test/library-tests/dataflow/fields/ir-flow.expected
 2020-05-13 12:05:58 +02:00
Mathias Vorreiter Pedersen
73882c9f90 Merge pull request #3439 from jbj/passesByReference-qualifier 
C++: Call qualifiers are passed by reference
 2020-05-12 08:31:57 +02:00
Robert Marsh
090977447b Merge pull request #3445 from geoffw0/rangerounding 
C++: Round result of >> in SimpleRangeAnalysis
 2020-05-11 13:07:18 -07:00
Geoffrey White
a4fa4c859a C++: Fix rounding for >>. 2020-05-11 18:55:01 +01:00
Geoffrey White
b1c32deabc C++: Add some tests with 64-bit values. 2020-05-11 18:54:50 +01:00
Jonas Jensen
3a89f43cd6 Merge remote-tracking branch 'upstream/master' into dataflow-indirect-args 
Conflicts:
	cpp/ql/src/semmle/code/cpp/ir/dataflow/DefaultTaintTracking.qll
	cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
	cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/defaulttainttracking.cpp
	cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/tainted.expected
	cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/test_diff.expected
	cpp/ql/test/library-tests/dataflow/dataflow-tests/test_ir.expected
 2020-05-11 14:44:17 +02:00
Jonas Jensen
bebd5ae36b C++: Call qualifiers are passed by reference 
After #3382 changed the escape analysis to model qualifiers as escaping,
there was an imbalance in the SSA library, where `addressTakenVariable`
excludes variables from SSA analysis if they have their address taken
but are _not_ passed by reference. This showed up as a missing result in
`TOCTOUFilesystemRace.ql`, demonstrated with a test case in #3432.

This commit changes the definition of "pass by reference" to include
call qualifiers, which allows SSA modeling of variables that have member
function calls on them.
 2020-05-11 09:39:48 +02:00
Geoffrey White
bff97d9fe5 C++: Effect of #3382. 2020-05-07 19:06:05 +01:00
Geoffrey White
6499197087 C++: Add a test of TOCTOUFilesystemRace.ql. 2020-05-07 19:03:32 +01:00
Geoffrey White
c8524522c8 C++: Add test cases. 2020-05-06 18:51:50 +01:00
Shati Patel
5c80cd5032 Merge branch 'rc/1.24' into mergeback 2020-04-29 08:05:53 +01:00
Cornelius Riemenschneider
a50d5b7c6a Accept changed test output. 2020-04-27 09:17:16 +02:00
Jonas Jensen
718f4cd3f9 C++: Speed up SuspiciousAddWithSizeof select 
This `select` clause had become very slow after we started caching
`ElementBase::toString` because the query used string concatenation to
produce alert messages, and those string concatenations were done very
early in the pipeline, producing lots of strings that would be discarded
moments later.

By using `$@` to interpolate elements into strings, the concatenation is
done outside of QL.

Testing on a Chromium snapshot, this commit takes us from

    #select#ff ................ 6m2s

to

    #select#cpe#134#fff ....... 15.2s
 2020-04-24 16:18:18 +02:00
Dave Bartolomeo
163ecd97de Merge pull request #3277 from geoffw0/rangeshift 
C++: Support for & and >> in SimpleRangeAnalysis
 2020-04-22 11:36:36 -04:00
Geoffrey White
de751b0b75 C++: Correct UnsignedBitwiseAndExpr. 2020-04-17 17:10:59 +01:00
Geoffrey White
01d3257d72 C++: Add test cases involving casts. 2020-04-17 17:01:58 +01:00