hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 02:13:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,294 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.3
Commit Graph

7095 Commits

Author SHA1 Message Date
Robert Marsh
262f724235 C++: add taint edges to DefinitionByReferenceNode 2019-04-22 10:39:02 -07:00
Robert Marsh
45a35a8572 Merge pull request #1265 from rdmarsh2/rdmarsh/cpp/gvn-string-pooling 
C++: string pooling in IR value numbering
 2019-04-22 09:29:44 -07:00
Ziemowit Laski
36b2c14f88 [CPP-340] Minor formatting tweaks 2019-04-19 11:46:54 -07:00
Ziemowit Laski
62b030d27f [CPP-340] Add a fourth query, ArgumentsToImplicit.ql, to deal strictly with implicitly declared 
functions.  TooManyArguments.ql will now deal with explicitly declared/prototyped functions.
 2019-04-18 17:56:41 -07:00
Robert Marsh
3907ef98a3 C++: value number string constants 2019-04-18 16:14:54 -07:00
Robert Marsh
c6f01265be Merge pull request #1263 from geoffw0/bufferoverflowqueries 
CPP: Resolve overlap between OverflowCalculated.ql and NoSpaceForZeroTerminator.ql
 2019-04-18 13:21:57 -04:00
Geoffrey White
eaed0004a3 CPP: Add qhelp for RedundantNullCheckSimple.ql. 2019-04-18 12:47:07 +01:00
Geoffrey White
57a4e52b47 CPP: Remove the overlap between these two queries. 2019-04-18 10:33:33 +01:00
Geoffrey White
ca6ba36d87 CPP: Unify and improve the MallocCall classes. 2019-04-18 10:30:18 +01:00
Max Schaefer
599185e125 CPP: Fix two doc comments. 2019-04-17 10:49:38 +01:00
Geoffrey White
f33b24c917 Merge pull request #1239 from jbj/qlformat-1 
C++: Autoformat QL code in Architecture and Best Practices
 2019-04-17 09:56:29 +01:00
Ziemowit Laski
65130c40ab [CPP-340] Add white list (for false positive suppression) to TooManyArguments.ql 2019-04-16 14:02:34 -07:00
Robert Marsh
09d0548c81 Merge pull request #1237 from geoffw0/commentedoutcode2 
CPP: Fix FPs from detecting commented out preprocessor logic
 2019-04-16 10:31:42 -07:00
Ziemowit Laski
61c91b67aa [CPP-340] Refactor MistypedFunctionArguments.ql further. 2019-04-14 11:31:10 -07:00
Ziemowit Laski
b58f414ede [CPP-340] Add more test case; exclude K&R definitions of functions when looking 
up ()-declarations; refactor QL code.
 2019-04-12 17:25:33 -07:00
Jonas Jensen
29aa5f550c C++: Tidy up code so it looks good after qlformat 2019-04-12 10:43:24 +02:00
Geoffrey White
1e0e3192bb CPP: Restrict to #elif, #else, #endif. 2019-04-11 15:14:21 +01:00
Jonas Jensen
6049c2ccfd C++: Autoformat Architecture + Best Practices 2019-04-11 14:27:07 +02:00
Geoffrey White
4a8b4b32d5 CPP: Fix indentation. 2019-04-11 11:38:50 +01:00
Geoffrey White
2c0ccf4a85 CPP: Exclude unusual header files such as config.h. 2019-04-11 11:28:45 +01:00
Geoffrey White
f381768a1e CPP: Create HeaderFile.noTopLevelCode from existing logic. 2019-04-11 11:21:53 +01:00
Geoffrey White
9e6b178d48 CPP: Resolve #endif FPs. 2019-04-11 11:05:53 +01:00
Dave Bartolomeo
878cdf7cb6 C++: Fix false positive in PointlessComparison 
We avoid putting a variable into SSA if its address is ever taken in a way that could allow mutation of the variable via indirection. We currently just look to see if the address is either "pointer to non-const" or "reference to non-const". However, if the address was cast to an integral type (e.g. `uintptr_t n = (uintptr_t)&x;`), we were treating it as unescaped. This change makes the conservative assumption that casting a pointer to an integer may result in the pointed-to value being modified later.

This fixes a customer-reported false positive (#2 from https://discuss.lgtm.com/t/2-false-positives-in-c-for-comparison-is-always-same/1943)
 2019-04-11 01:56:22 -07:00
Ziemowit Laski
d76138f189 [CPP-340] Remove use of getUnderlyingType() predicate as it does 
not appear necessary.  Correct comment to refer to
           arguments rather than parameters.
 2019-04-10 10:51:22 -07:00
Ziemowit Laski
dc7497835e [CPP-340] Make the query more strict (again). 2019-04-10 09:55:37 -07:00
Tom Hvitved
813dfc6417 C++: Generalize data-flow library in preparation for C# adoption 2019-04-10 13:05:39 +02:00
Geoffrey White
5101a5bc3d Merge pull request #1056 from jbj/SimpleRangeAnalysis-use-after-cast 
C++: Fix use-after-cast bug in SimpleRangeAnalysis
 2019-04-10 11:04:20 +01:00
Robert Marsh
75ab311c3a Merge pull request #1223 from geoffw0/commentedoutcode 
CPP: Detect commented out preprocessor logic
 2019-04-09 16:16:19 -04:00
Robert Marsh
c9fbbfe7d8 Merge pull request #984 from rdmarsh2/rdmarsh/cpp/ir-stmtexpr 
C++: add support for GNU StmtExpr in IR
 2019-04-09 12:54:35 -04:00
Geoffrey White
13ed50f049 CPP: Improve the regexp. 2019-04-09 13:08:31 +01:00
Geoffrey White
ddb1b0ac1c CPP: Declaration -> definition. 2019-04-09 12:35:20 +01:00
Jonas Jensen
fd4967e6f1 C++: Fix SnprintfOverflow issues 
Requiring strict inclusion between types turned out to cause false
positives in `SnprintfOverflow`, which relied indirectly on
`RangeAnalysisUtils::linearAccessImpl` to identify acceptable bounds
checks. This query was particularly affected because `snprintf` returns
`int` (signed) but takes `size_t` (unsigned), so conversions are bound
to happen.
 2019-04-09 11:05:14 +02:00
Geoffrey White
48fff334da CPP: Detect commented preprocessor code. 2019-04-08 18:17:23 +01:00
Geoffrey White
4d67bd32dd CPP: Move comments explaining implementation details into the body of 'looksLikeCode'. 2019-04-08 18:14:54 +01:00
Geoffrey White
f432f1a03a CPP: Autoformat CommentedOutCode.qll. 2019-04-08 18:00:49 +01:00
Jonas Jensen
fedd652de8 Merge remote-tracking branch 'upstream/rc/1.20' into mergeback-20190408 2019-04-08 08:39:44 +02:00
Robert Marsh
8087cb5040 C++: add CopyValueInstruction for StmtExpr result 2019-04-05 11:27:19 -07:00
Geoffrey White
5dce09b179 Revert "CPP: Workaround improvement for File.compiledAsMicrosoft." 
This reverts commit c3ec7b55b7.
 2019-04-05 17:37:44 +01:00
Geoffrey White
918f7043af Revert "CPP: Add '/' case." 
This reverts commit 5e71207a23.
 2019-04-05 17:37:39 +01:00
Jonas Jensen
f7dda1b3a4 Merge pull request #1213 from geoffw0/pointerscaling2 
CPP: De-duplicate the PointerScaling queries.
 2019-04-05 14:42:28 +02:00
Geoffrey White
f040755b3b CPP: Remove unnecessary imports. 2019-04-05 11:44:50 +01:00
Geoffrey White
44d68a761d CPP: Move 'baseType' into IncorrectPointerScalingCommon.qll. 2019-04-05 11:43:47 +01:00
Geoffrey White
695df232e3 CPP: Equalize the definitions of 'baseType'. 2019-04-05 11:28:11 +01:00
Jonas Jensen
d619a8c693 Merge pull request #1192 from geoffw0/severity 
CPP: Change some query severities
 2019-04-05 09:23:27 +02:00
Jonas Jensen
8c17278808 Merge pull request #1191 from geoffw0/microsoft 
CPP: Workaround improvement for File.compiledAsMicrosoft.
 2019-04-05 09:22:08 +02:00
Robert Marsh
81dd03848f C++: respond to PR comments 2019-04-04 10:52:08 -07:00
Robert Marsh
f2fbdac31b C++: add support for GNU StmtExpr in IR 2019-04-04 10:51:06 -07:00
Geoffrey White
0a0bcdf939 CPP: Move some code into IncorrectPointerScalingCommon.qll. 2019-04-04 18:08:18 +01:00
Geoffrey White
7aee334baf CPP: Update the qhelp. 2019-04-04 16:48:14 +01:00
Geoffrey White
a437e6c103 CPP: Extend coverage. 2019-04-04 16:31:02 +01:00