hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,991 Commits 1,672 Branches 157 Tags
codeql-cli-2.7.4
Commit Graph

5096 Commits

Author SHA1 Message Date
Dave Bartolomeo
a9e3bfbd11 C++/C#: Treat string literals like read-only global variables for alias purposes. 
Previously, we didn't track string literals as known memory locations at all, so they all just got marked as `UnknownMemoryLocation`, just like an aribtrary read from a random pointer. This led to some confusing def-use chains, where it would look like the contents of a string literal were being written to by the side effect of an earlier function call, which of course is impossible.

To fix this, I've made two changes. First, each string literal is now given a corresponding `IRVariable` (specifically `IRStringLiteral`), since a string literal behaves more or less as a read-only global variable. Second, the `IRVariable` for each string literal is now marked `isReadOnly()`, which the alias analysis uses to determine that an arbitrary write to aliased memory will not overwrite the contents of a string literal.

I originally planned to treat all string literals with the same value as being the same memory location, since this is the usual behavior of modern compilers. However, this made implementing `IRVariable.getAST()` tricky for string literals, so I left them unpooled.
 2019-11-06 13:08:28 -07:00
Geoffrey White
6c38f55e28 CPP: QLDoc protocols.qll. 2019-11-06 17:06:57 +00:00
Geoffrey White
e886cf7297 CPP: 'i.e.' -> 'that is'. 2019-11-06 16:27:06 +00:00
Geoffrey White
81c58d5a64 CPP: Improve QLDoc comments. 2019-11-06 16:20:39 +00:00
Geoffrey White
0c3f4e530f CPP: Make some library predicates private. 2019-11-06 16:07:28 +00:00
Geoffrey White
399ac1f112 CPP: Rename 'getAssertedFalseCondition' to something less misleading. 2019-11-06 15:57:44 +00:00
Nick Rolfe
5b00b21713 Merge pull request #2153 from matt-gretton-dann/cpp-447-support-non-type-template-parameters 
RFC: C++ Support non type template parameter values
 2019-11-06 15:11:34 +00:00
Jonas Jensen
8ffd7c1055 Merge pull request #2222 from geoffw0/libraryperf 
CPP: Improvements for ConditionallyInitializedVariable.ql
 2019-11-06 15:54:16 +01:00
Jonas Jensen
217ecd3551 C++: Add <p> tags to split text into paragraphs 
Without this, the rendered output is one big paragraph.
 2019-11-06 15:50:08 +01:00
Jonas Jensen
76a3db9eed Merge remote-tracking branch 'upstream/master' into ir-copy-unloaded-result 2019-11-06 15:21:22 +01:00
Jonas Jensen
aa841c306d C++: Use virtual dispatch in DefaultTaintTracking 
This bit is only used by the compatibility code that sends flow into
parameters of functions without body.
 2019-11-06 14:04:07 +01:00
Jonas Jensen
ec9ef33486 C++: IR data flow through inheritance conversions 
This makes IR data flow behave more like AST data flow, and it makes IR
virtual dispatch work without further changes.
 2019-11-06 14:04:07 +01:00
Jonas Jensen
49008c9ff5 C++: IR data flow local virtual dispatch 
This is just good enough to cause no performance regressions and pass
the virtual-dispatch tests we have for `security.TaintTracking`. In
particular, it fixes the tests for `UncontrolledProcessOperation.ql`
when enabling `DefaultTaintTracking.qll`.
 2019-11-06 14:04:02 +01:00
Ziemowit Laski
1f82ea7750 [zlaski/pointer-overflow-check] Refine query to exclude macros (other than 'assert'). 2019-11-05 18:25:41 -08:00
Matthew Gretton-Dann
20ae183c16 C++: Tidy up formatting 2019-11-05 14:18:29 +00:00
Jonas Jensen
df2fbfb3d0 C++: localInstruction{Flow,Taint} helpers 
These are analogous to the existing `localExpr{Flow,Taint}` predicates.
 2019-11-05 14:13:20 +01:00
Geoffrey White
7456a92d6d CPP: Autoformat. 2019-11-05 13:10:19 +00:00
Geoffrey White
5106626bd0 CPP: QLDoc helper predicates. 2019-11-05 13:06:43 +00:00
Matthew Gretton-Dann
afe666500f C++: Simplify getTemplateArgument*() impl. 2019-11-05 11:39:22 +00:00
Matthew Gretton-Dann
6b4506dbea C++: Update schema stats 2019-11-05 11:39:22 +00:00
Matthew Gretton-Dann
6fe22a76da C++: Change API for exposing template parameters. 
Note that Declaration::getTemplateArgumentType() and
Declaration::getTemplateArgumentValue() need to be public so that they
can be overriden in derived classes.
 2019-11-05 11:39:22 +00:00
Matthew Gretton-Dann
afeaa6254d C++: Improve Template Value docs. 2019-11-05 11:39:22 +00:00
Matthew Gretton-Dann
809d97de02 C++: Print print nontype template params 2019-11-05 11:39:22 +00:00
Matthew Gretton-Dann
4ab87291f3 C++: Further use of TemplateArgumentValue 2019-11-05 11:39:22 +00:00
Matthew Gretton-Dann
df7d21220b C++: Basic lib support for template param values 2019-11-05 11:39:22 +00:00
Matthew Gretton-Dann
48c7d1d7c1 C++: add *_template_parameter_value() tuples 2019-11-05 11:39:22 +00:00
Geoffrey White
8c16b36c7f Merge pull request #2231 from semmledocs-ac/newqueries-docscheck 
CPP & C#: Review of qhelp (SD-4028)
 2019-11-05 11:11:34 +00:00
Ziemowit Laski
3aafcf4604 [zlaski/pointer-overflow-check] Minor tweak to Qhelp. 2019-11-04 17:00:06 -08:00
Ziemowit Laski
9407ba1a35 [zlaski/pointer-overflow-check] Initial version. 2019-11-04 17:00:06 -08:00
Ziemowit Laski
398896a4b2 [CPP-434] Change list items to ordinary paragraphs in the Recommendation section. 2019-11-04 16:44:31 -08:00
Ziemowit Laski
ce8ba86f2d [CPP-434] Use a bullet list instead of a table in order to placate Jenkins. 2019-11-04 12:30:52 -08:00
Geoffrey White
3e8b28a0a8 Merge pull request #2213 from jbj/BarrierGuard 
C++: Implement DataFlow::BarrierGuard for AST+IR
 2019-11-04 11:08:36 +00:00
Jonas Jensen
fb4dac597c C++: Minimal caching of the IR type system 
This was the minimal amount of predicates I could easily cache without
introducing extra cached stages. The predicates that are not cached
here, like `CppType::getTypeSize` and `getCanonicalLanguageType`, appear
to be cheap.

I've tested that this avoids recomputation of the IR type system by
running

    grep -c 'Starting to evaluate predicate CppType::CppType::getIRType_dispred'

on the evaluator log for `IRSanity.ql`. It drops from 4 to 1. The
pretty-printed DIL drops from 79,175 lines to 76,326 lines.
 2019-11-03 16:40:30 +01:00
Ziemowit Laski
2bad9394b7 [CPP-434] Squelch alerts for expressions inside macros; try to make Qhelp Jenkins-friendly. 2019-11-01 15:24:22 -07:00
Geoffrey White
c2812197a9 CPP: Further speedup. 2019-11-01 18:16:12 +00:00
Jonas Jensen
426565ae68 Merge pull request #2239 from DX-MON/master 
Query cpp/unused-static-variable was producing incorrect results for constexpr variables
 2019-11-01 18:59:52 +01:00
Geoffrey White
08293d0009 CPP: Simplify. 2019-11-01 17:58:29 +00:00
Geoffrey White
98b9afd83f CPP: Remove apparently irrelevant parts of the query. 
This is not strictly behaviour preserving, but I believe the parts I've removed or simplified weren't intended to do what they were doing.
 2019-11-01 17:54:13 +00:00
Geoffrey White
c08493670b CPP: Speed up ExistsAnyFlowConfig. 2019-11-01 17:40:44 +00:00
Geoffrey White
6a865ed580 CPP: De-duplicate TlsSettingsMisconfiguration.ql. 2019-11-01 17:40:41 +00:00
Ziemowit Laski
3e1fd4a737 [CPP-434] Add table of constructs to Qhelp. Rewrite examples section. 2019-10-31 18:03:34 -07:00
Dave Bartolomeo
ea23c2daac Merge pull request #2188 from jbj/printast-override 
C++: Add a sample class in PrintAST.ql
 2019-10-31 17:02:20 -07:00
Dave Bartolomeo
e6f632b44e Merge pull request #2228 from jbj/DefaultTaintTracking-getASTVariable 
C++: Use getASTVariable in DefaultTaintTracking
 2019-10-31 17:00:49 -07:00
Rachel Mant
413f49bba5 Query cpp/unused-static-variable was producing incorrect results for constexpr variables 2019-10-31 22:50:44 +00:00
Robert Marsh
31f25c8cfc C++: primary instrs for constructor side effects 2019-10-31 11:43:47 -07:00
Robert Marsh
86b5e97f76 Merge branch 'master' of github.com:Semmle/ql into rdmarsh/cpp/ir-constructor-side-effects 2019-10-31 11:34:22 -07:00
Robert Marsh
9477bd5698 Merge branch 'master' of github.com:Semmle/ql into rdmarsh/cpp/ir-buffer-read-call-se 2019-10-31 11:00:01 -07:00
Robert Marsh
24c9b8b9b1 C++: fix unbound variables 2019-10-30 14:06:19 -07:00
alistair
27d0b51c6b CPP & C#: Review of qhelp 
PR #2151 got merged without a review of the qhelp
by a technical writer.
The current PR makes changes I would have suggested on that PR.
 2019-10-30 16:10:03 +00:00
Jonas Jensen
1e6c983d62 C++: Use getASTVariable in DefaultTaintTracking 
This library is not yet used in a query or test, so it broke silently
when `VariableAddressInstruction.getVariable` was removed.
 2019-10-30 13:42:17 +01:00