5096 Commits

Author	SHA1	Message	Date
Dave Bartolomeo	d6ef94a4c7	C++: Remove dead comment	2020-05-18 23:05:19 -04:00
Dave Bartolomeo	01c2f0ce01	C++/C#: Fix formatting	2020-05-18 18:02:00 -04:00
Dave Bartolomeo	42c659b8f2	C++/C#: Remove UnmodeledDefinition instruction	2020-05-18 15:08:50 -04:00
Dave Bartolomeo	35868d4e5b	C++/C#: Change dump of unmodeled use to m? ... This is kind of inconsequential on its own, but will make the test diffs easier to understand once the next commit removes `UnmodeledDefinition`.	2020-05-18 10:47:43 -04:00
Jonas Jensen	76e194c8be	C++: Fix struct field conflation in IR data flow ... The virtual-dispatch code for globals was missing any relationship between the union field access and the global variable, which meant it propagated function-pointer flow between any two fields of a global struct. This resulted in false positives from `cpp/tainted-format-string` on projects using SDL, such as WohlSoft/PGE-Project. In addition to fixing that bug, this commit also brings the code up to date with the new style of modeling flow through global variables: `DataFlow::Node.asVariable()`.	2020-05-18 16:24:22 +02:00
Mathias Vorreiter Pedersen	a42d80aa14	Merge pull request #3481 from dbartol/github/codeql-c-analysis-team/69 ... C++/C#: Allow memory operands to lack a definition	2020-05-16 11:53:00 +02:00
Dave Bartolomeo	96c87b309b	C++/C#: Use unique to get a better join order ... The previous changes made the optimizer choose a bad join order for the RHS of the antijoin in `addressOperandAllocationAndOffset`. Once again, `unique` to the rescue.	2020-05-15 17:36:43 -04:00
Jonas Jensen	b08de6c051	Merge pull request #3482 from MathiasVP/getlim-taint-source ... C++: Add GetDelim as taint step	2020-05-15 15:54:29 +02:00
Tom Hvitved	cd9538d0d9	Merge remote-tracking branch 'upstream/master' into dataflow/precise-field-types	2020-05-15 15:24:05 +02:00
Dave Bartolomeo	89ec60c948	C++/C#: Add missing QLDoc	2020-05-15 09:01:16 -04:00
Dave Bartolomeo	bcddaf4c29	C++/C#: Fix formatting	2020-05-15 08:56:32 -04:00
Mathias Vorreiter Pedersen	7502c6f821	Set mustWrite to false in response to PR feedback ... Co-authored-by: Jonas Jensen <jbj@github.com>	2020-05-15 14:32:46 +02:00
Jonas Jensen	8a0af0bcac	Merge pull request #3465 from MathiasVP/remove-abstract-from-access-and-cast ... C++: Remove abstract keyword from `Access` and `Cast` classes	2020-05-15 12:25:34 +02:00
Mathias Vorreiter Pedersen	e70f22c753	C++: Model getdelim and friends	2020-05-15 11:05:57 +02:00
Geoffrey White	48f3db3fbe	Merge branch 'master' into fp2762	2020-05-15 09:55:30 +01:00
Dave Bartolomeo	4614372873	C++/C#: Add QLDoc	2020-05-14 17:49:23 -04:00
Dave Bartolomeo	6c12b59f0f	C++/C#: Allow non-Phi memory operands to have no definition	2020-05-14 17:22:23 -04:00
Geoffrey White	4a6021fb61	C++: Allow equality checking to block taint flow.	2020-05-14 18:32:38 +01:00
Jonas Jensen	49ebb3197a	Merge pull request #3472 from geoffw0/paramstring ... C++: Improve getParameterString().	2020-05-14 16:48:07 +02:00
Dave Bartolomeo	9de597db25	C++: Refactor Operand to prepare for cross-phase IPA sharing	2020-05-14 10:29:08 -04:00
Tom Hvitved	2d7470fc3a	C++: Follow-up changes	2020-05-14 15:58:50 +02:00
Tom Hvitved	aa83cc1472	Data flow: Sync files	2020-05-14 15:58:50 +02:00
Geoffrey White	6583012e6d	C++: Use concat in getParameterString().	2020-05-14 14:21:46 +01:00
Geoffrey White	da83f826b9	C++: Solve duplication in getParameterString().	2020-05-14 14:21:06 +01:00
Mathias Vorreiter Pedersen	dbba2269ad	C++: Add stats	2020-05-14 08:47:16 +02:00
Robert Marsh	396ccda81f	Merge pull request #3422 from Cornelius-Riemenschneider/inbounds-ptr ... C++: Add InBoundsPointerDeref.qll to experimental	2020-05-13 16:55:42 -07:00
Mathias Vorreiter Pedersen	8f3ba75534	C++: Remove abstract keyword from Access and Cast and create .dbscheme unions	2020-05-13 23:15:11 +02:00
Jonas Jensen	1018eaff09	Merge remote-tracking branch 'upstream/master' into dataflow-indirect-args ... Conflicts: cpp/ql/test/library-tests/dataflow/fields/ir-flow.expected	2020-05-13 12:05:58 +02:00
Jonas Jensen	038bea2f52	C++: Add type check to prevent field conflation	2020-05-13 09:25:24 +02:00
Dave Bartolomeo	5d3f25211d	C++/C#: Remove UnmodeledUse instruction	2020-05-13 01:06:40 -04:00
Dave Bartolomeo	7f2c6dd9f9	C++/C#: Remove UnmodeledUseOperand	2020-05-13 01:05:27 -04:00
Jonas Jensen	451ae7b762	Merge pull request #3444 from dbartol/codeql-c-analysis-team/68 ... Rename `sanity` -> `consistency`	2020-05-12 12:33:08 +02:00
Mathias Vorreiter Pedersen	73882c9f90	Merge pull request #3439 from jbj/passesByReference-qualifier ... C++: Call qualifiers are passed by reference	2020-05-12 08:31:57 +02:00
Mathias Vorreiter Pedersen	df6abdc074	Merge pull request #3389 from jbj/dataflow-defbyref-to-field ... C++: Post-update flow through &, *, +, ...	2020-05-12 08:30:33 +02:00
Robert Marsh	090977447b	Merge pull request #3445 from geoffw0/rangerounding ... C++: Round result of >> in SimpleRangeAnalysis	2020-05-11 13:07:18 -07:00
Dave Bartolomeo	e5bd66809a	C++/C#: Add QLDoc for renamed queries	2020-05-11 14:16:21 -04:00
Geoffrey White	a4fa4c859a	C++: Fix rounding for >>.	2020-05-11 18:55:01 +01:00
Dave Bartolomeo	09d1da2f7a	C++/C#: Rename sanity -> consistency ... I did both of these languages together because they share some of the changed code via `identical-files.json`.	2020-05-11 13:29:52 -04:00
Jonas Jensen	cec73e689e	Merge pull request #3393 from dbartol/codeql-c-analysis-team/40/1 ... C++: A few IR QLDoc comments	2020-05-11 15:56:43 +02:00
Jonas Jensen	48d2bd6102	C++: Improve suppression of duplicate sources ... This fixes a cosmetic bug in `.../CWE-134/.../examples.c` in the internal repo.	2020-05-11 14:44:53 +02:00
Jonas Jensen	3a89f43cd6	Merge remote-tracking branch 'upstream/master' into dataflow-indirect-args ... Conflicts: cpp/ql/src/semmle/code/cpp/ir/dataflow/DefaultTaintTracking.qll cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/defaulttainttracking.cpp cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/tainted.expected cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/test_diff.expected cpp/ql/test/library-tests/dataflow/dataflow-tests/test_ir.expected	2020-05-11 14:44:17 +02:00
Jonas Jensen	3369453bb1	Merge pull request #3427 from MathiasVP/remove-abstract-from-builtin-op ... C++: Remove abstract keyword from `BuiltInOperation`	2020-05-11 14:16:46 +02:00
Jonas Jensen	4f5b8f7306	Merge pull request #3430 from MathiasVP/comments-about-comments ... C++: Add QLDoc to CaptionedComments.qll and CommentedOutCode.qll	2020-05-11 12:36:54 +02:00
Mathias Vorreiter Pedersen	715fa9e446	Simplify comment ... Co-authored-by: Jonas Jensen <jbj@github.com>	2020-05-11 11:32:10 +02:00
Mathias Vorreiter Pedersen	104545f3a7	Replace 'Returns' with 'Gets' ... Co-authored-by: Jonas Jensen <jbj@github.com>	2020-05-11 11:31:51 +02:00
Mathias Vorreiter Pedersen	411e52a231	C++: Replace @buildin_op with @builtin_op	2020-05-11 11:12:48 +02:00
Jonas Jensen	b3498bd0ad	Merge pull request #3425 from MathiasVP/remove-more-abstract-classes ... C++: Remove abstract keyword from a couple of AST classes	2020-05-11 10:55:35 +02:00
Jonas Jensen	bebd5ae36b	C++: Call qualifiers are passed by reference ... After #3382 changed the escape analysis to model qualifiers as escaping, there was an imbalance in the SSA library, where `addressTakenVariable` excludes variables from SSA analysis if they have their address taken but are _not_ passed by reference. This showed up as a missing result in `TOCTOUFilesystemRace.ql`, demonstrated with a test case in #3432. This commit changes the definition of "pass by reference" to include call qualifiers, which allows SSA modeling of variables that have member function calls on them.	2020-05-11 09:39:48 +02:00
Cornelius Riemenschneider	3596ff7c51	Address review.	2020-05-10 19:34:16 +02:00
jcreedcmu	c9788a7928	Merge pull request #3308 from jcreedcmu/jcreed/jump-to-def ... Add queries for VS Code jump-to-definition	2020-05-08 07:29:02 -04:00