hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
8,015 Commits 1,672 Branches 157 Tags
cs/assembly-prefix
Commit Graph

81 Commits

Author SHA1 Message Date
Jonas Jensen
655f940085 C++: Accept changes in CWE-{119,120} tests 
These new results seem better than the previous ones, but the previous
ones are still there. Perhaps the `Buffer.qll` library could use some
adjustment, but this seems like an improvement in isolation.
 2019-09-17 13:16:36 +02:00
Jonas Jensen
4ef5c9af62 C++: Autoformat everything 
Some files that will change in #1736 have been spared.

    ./build -j4 target/jars/qlformat
    find ql/cpp/ql -name "*.ql"  -print0 | xargs -0 target/jars/qlformat --input
    find ql/cpp/ql -name "*.qll" -print0 | xargs -0 target/jars/qlformat --input
    (cd ql && git checkout 'cpp/ql/src/semmle/code/cpp/ir/implementation/**/*SSA*.qll')
    buildutils-internal/scripts/pr-checks/sync-identical-files.py --latest
 2019-09-09 11:25:53 +02:00
Jonas Jensen
2f8787379a Merge pull request #1535 from geoffw0/nospacezero 
CPP: Fix false positives from NoSpaceForZeroTerminator.ql
 2019-07-04 22:36:04 +02:00
Jonas Jensen
8c733fd58d Merge pull request #1537 from geoffw0/add-tests 
CPP: Add some tests
 2019-07-04 21:20:55 +02:00
Geoffrey White
7fc31f263a CPP: Basic fix. 2019-07-04 17:27:40 +01:00
Geoffrey White
34d307ecef CPP: Test a common false positive. 2019-07-04 17:27:40 +01:00
Jonas Jensen
757ec97e7a Merge pull request #1251 from zlaski-semmle/zlaski/cpp370 
[CPP-370] Non-constant `format` arguments to `printf` and friends
 2019-07-01 14:43:19 +02:00
Geoffrey White
a7fb2e1261 CPP: More test cases for ArithmeticWithExtremeValues. 2019-06-26 15:38:23 +01:00
Jonas Jensen
ad337de6ce Merge branch 'master' into taintedallocfp 2019-06-19 15:35:09 +02:00
Geoffrey White
ef3ceb5910 CPP: Don't use getFollowingStmt. 2019-06-18 15:56:22 +01:00
Geoffrey White
536adaae7f CPP: Additional test cases. 2019-06-18 15:56:22 +01:00
Geoffrey White
52b68a77bd CPP: Remove commented out code. 2019-06-18 15:56:22 +01:00
Geoffrey White
56adcff2c9 CPP: Fix for LocalScopeReachability. 2019-06-18 15:56:22 +01:00
Geoffrey White
f4b4ddbdaf CPP: Add a test examining the LoopEntryConditionEvaluator on this code. 2019-06-18 15:56:22 +01:00
Geoffrey White
12bbb0755f CPP: Additional test cases. 2019-06-18 15:56:22 +01:00
Geoffrey White
3deff9c578 CPP: Fix in dataflow. 2019-06-10 12:01:14 +01:00
Geoffrey White
d51f870053 CPP: Add test cases. 2019-06-10 12:01:13 +01:00
zlaski-semmle
51e543a41d Merge branch 'master' into zlaski/cpp370 2019-06-04 09:47:30 -07:00
Geoffrey White
34444ace8b CPP: Update the query name and description. 2019-05-29 10:35:49 +01:00
Geoffrey White
9da2ead1f7 CPP: Remove redundant tests. 2019-05-29 10:35:49 +01:00
Geoffrey White
fc5e7e5e91 CPP: Test the new query. 2019-05-29 10:35:48 +01:00
Geoffrey White
88f363d564 CPP: Update the ql, qhelp and example. 2019-05-29 10:35:48 +01:00
Geoffrey White
574a1d8501 Merge pull request #1037 from kevinbackhouse/RangeAnalysisAssignAddOverflow 
Better overflow detection for AssignAdd/AssignSub
 2019-05-29 09:54:06 +01:00
Geoffrey White
6bac1e6e99 CPP: Accept CWE-190 test change. 2019-05-24 16:16:45 +01:00
Ziemowit Laski
81bfbc250f [CPP-370] Forgot to update an .expected file. 2019-05-21 07:08:13 -07:00
Ziemowit Laski
92054e2481 [CPP-370] Reformat test cases so that the .expect files line up with what was 
checked in initially.  Check for DataFlow::DefinitionByReferenceNode
          when computing isSource() for our taint analysis.
 2019-05-21 06:54:41 -07:00
Ziemowit Laski
8faf95ec84 [CPP-370] Tentatively modify CWE consts.cpp file to play nice with the dataflow library. 2019-05-21 06:21:12 -07:00
Ziemowit Laski
b205951e6d [CPP-370] Reformat test cases so that the .expect files line up with what was 
checked in initially.  Check for DataFlow::DefinitionByReferenceNode
          when computing isSource() for our taint analysis.
 2019-05-21 06:18:31 -07:00
Geoffrey White
12650f85c5 CPP: Rename a test file. 2019-04-18 09:16:55 +01:00
Jonas Jensen
ac3421f6be Merge pull request #1238 from geoffw0/newtests 
CPP: New test cases
 2019-04-11 14:43:03 +02:00
Geoffrey White
7dd7bf346d CPP: Add a test of placement new in CWE-772 (this case came up recently but has already been fixed). 2019-04-11 12:23:33 +01:00
Geoffrey White
c974693b58 CPP: Add a test case for CWE-120. 2019-04-10 18:52:03 +01:00
Jonas Jensen
fedd652de8 Merge remote-tracking branch 'upstream/rc/1.20' into mergeback-20190408 2019-04-08 08:39:44 +02:00
Jonas Jensen
f7dda1b3a4 Merge pull request #1213 from geoffw0/pointerscaling2 
CPP: De-duplicate the PointerScaling queries.
 2019-04-05 14:42:28 +02:00
Geoffrey White
695df232e3 CPP: Equalize the definitions of 'baseType'. 2019-04-05 11:28:11 +01:00
Geoffrey White
373075e06d CPP: Extend the test. 2019-04-05 11:09:13 +01:00
Geoffrey White
a437e6c103 CPP: Extend coverage. 2019-04-04 16:31:02 +01:00
Geoffrey White
a1e503f428 CPP: Add test cases for PotentiallyDangerousFunction. 2019-04-04 16:26:53 +01:00
Jonas Jensen
842aafc888 C++: Fix new UnsafeDaclSecurityDescriptor FP 
This query uses data flow for nullness analysis, which is always going
to be a large overapproximation. The overapproximation became too big
for one of the test cases after the recent change to make data flow go
across assignment by reference.

To make this query more conservative, it will now only report that the
`pDacl` argument can be null if there isn't also evidence that it can be
non-null.
 2019-04-02 11:31:12 +02:00
Geoffrey White
faa23a53be CPP: Update expected for changes elsewhere. 2019-03-28 15:49:36 +00:00
Geoffrey White
e7c02027f5 CPP: Fix 'BAD'. 2019-03-28 15:49:36 +00:00
Geoffrey White
8c75e730e4 CPP: Widen TaintedAllocationSize.ql. 2019-03-28 15:49:36 +00:00
Geoffrey White
dab1bba25c CPP: Add a test of TaintedAllocationSize. 2019-03-28 15:49:36 +00:00
Geoffrey White
8a5bc24b36 CPP: Replace PotentialBufferOverflow with OverrunWrite in the test. 2019-02-27 13:09:09 +00:00
Geoffrey White
7194121eae CPP: Expand the test cases covering PotentialBufferOverflow.ql. 2019-02-27 13:09:09 +00:00
Jonas Jensen
2550788598 C++: Accept test changes to getRelativePath 
After a `queries.xml` was added to the test directory,
`Container.getRelativePath` now considers source files to be relative to
the `cpp/test` directory rather than the directory of the `*.ql*` file.
This caused some benign test output changes, and it also caused an
unwanted alert for `test3.c:14` to appear in
`cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/tainted/IntegerOverflowTainted.expected`.
This alert came about because `inSystemMacroExpansion` holds for files
that don't have a relative path, but the pretend system header in
`../system_header` now does have a relative path because it's below the
`cpp/test` directory. The fix is to add another `queries.xml` just for
the directory with the affected test.
 2019-02-18 14:41:28 +01:00
Geoffrey White
2321ae911e CPP: Fix the test by adding PotentiallyDangerousFunction. 2019-02-05 17:58:30 +00:00
Geoffrey White
429f53ed74 CPP: Move the 'gets' case. 2019-02-05 17:58:30 +00:00
Geoffrey White
a82832e779 CPP: Add a test that uses 'gets'. 2019-02-05 17:58:30 +00:00
Jonas Jensen
be2a480394 Merge pull request #843 from geoffw0/strtoul 
CPP: Improve ArithmeticTainted.ql
 2019-01-31 07:04:17 -08:00