hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
7,876 Commits 1,671 Branches 157 Tags
dave/InsecureMemset
Commit Graph

2336 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
75ebc098bb Java: Fix semantic merge conflict. 2019-10-07 15:42:26 +02:00
Anders Schack-Mulligen
b581e38782 Java: Autoformat and sync post rebase. 2019-10-07 15:26:39 +02:00
Tom Hvitved
ee5503146e Add stub implementations for isUnreachableInCall() 2019-10-07 15:13:49 +02:00
Tom Hvitved
eabfa31767 Synchronize data flow files 2019-10-07 15:13:48 +02:00
Jonas Jensen
6c87d75190 Merge pull request #2088 from geoffw0/swap3 
CPP: Add taint tests.
 2019-10-04 20:44:18 +02:00
Robert Marsh
7fefe4385a Merge pull request #1963 from jbj/predictableInstruction 
C++: Implement predictableInstruction without Expr
 2019-10-04 10:04:52 -07:00
Geoffrey White
050d99fa87 CPP: Add test cases. 2019-10-04 17:44:27 +01:00
ian-semmle
ebc10cf5db Merge pull request #2084 from matt-gretton-dann/cpp-445-synthetic_destructor_call-INVALID_KEY-warnings 
Update keysets for synthetic_destructor_call and *variables tuple
 2019-10-04 16:38:35 +01:00
Geoffrey White
0e478d1c0e Merge pull request #2066 from jbj/dataflow-conditionAlwaysTrue-perf 
C++: Improve join orders for QL CFG
 2019-10-04 14:16:41 +01:00
Geoffrey White
e465f4cc81 Merge pull request #2064 from jbj/leapyear-extends-abstract 
C++: Avoid `extends Operation` in LeapYear.qll
 2019-10-04 14:15:21 +01:00
Jonas Jensen
a7641a8765 C++: Clarify OutNode and ReturnNode QLDoc 2019-10-04 14:33:04 +02:00
Tom Hvitved
9b58d799cb Java/C++/C#: Tweak AccessPathNil::toString() 
Move the type annotation outside the brackets, to avoid prefixes such as
`[ : T]`.
 2019-10-04 11:09:44 +02:00
Robert Marsh
6e587f3f2a IR: Add VariableInstruction.getASTVariable 2019-10-03 13:12:06 -07:00
Robert Marsh
c1e3821ab0 IR: rename getVariable to getIRVariable 2019-10-03 13:10:49 -07:00
Matthew Gretton-Dann
d06e3d79c6 C++: Add DB Upgrade script 2019-10-03 15:16:50 +01:00
Matthew Gretton-Dann
618d0a9603 C++: Update DB Stats 2019-10-03 15:16:50 +01:00
Matthew Gretton-Dann
a7f682a9be C++: Update *variables keysets. 2019-10-03 15:16:50 +01:00
Matthew Gretton-Dann
d62730a9f3 C++: Update synthetic_destructor_call keysets. 
Reorder the [ destructor_call, expr ] tuple.
Add a [ expr, i ] tuple.
 2019-10-03 15:16:50 +01:00
Matthew Gretton-Dann
06d1d6ed5d C++: Fix synthetic_destructor_call key uniqueness. 2019-10-03 15:16:50 +01:00
Jonas Jensen
dca39f0fad Merge pull request #2027 from zlaski-semmle/zlaski/memset-model 
[zlaski/memset-model] QL model for `memset` and friends
 2019-10-03 14:31:23 +02:00
Jonas Jensen
01a3a037bc C++: Make complex_numbers/expr.ql less brittle 
This test used `getAQlClass`, which caused it to break when new classes
were added anywhere in the libraries. That's now avoided by switching to
`getCanonicalQLClass`. It turns out that `getCanonicalQLClass` didn't
support arithmetic expressions on complex numbers, so that support had
to be added.
 2019-10-03 13:19:16 +02:00
Jonas Jensen
41d344a8b7 C++: Support if constexpr in QL CFG 
This fixes the test `cpp/ql/test/library-tests/constexpr_if/cfg.ql`,
which broke when the QL CFG was enabled.

The new cases are just copy-pastes of the `IfStmt` cases (they don't
share a useful common superclass) with added checks for whether their
constant value equals 0.
 2019-10-03 12:21:41 +02:00
Jonas Jensen
2eed38e2d4 C++: Accept slight CFG regression in static init 
Hopefully it does not make a difference in practice whether
uninstantiated template functions are considered to have control flow
through initializers of their static variables.
 2019-10-03 11:48:03 +02:00
Jonas Jensen
8bed418022 C++: enable the QL-based CFG code 2019-10-03 10:04:24 +02:00
Tom Hvitved
e5380aa6a7 Merge pull request #2038 from aschackmull/java/dataflow-fixes 
Java/C++/C#: Misc. dataflow fixes.
 2019-10-02 16:39:01 +02:00
Anders Schack-Mulligen
f87cb4d6ac Java/C++/C#: Address review comments and fix test. 2019-10-02 14:32:17 +02:00
Jonas Jensen
3c7d79481f C++: Autoformat FlowVar.qll 2019-10-01 15:54:41 +02:00
Jonas Jensen
0990ceb09a C++: Remove bbNotInLoop and its caller in FlowVar 
This change is needed when enabling the QL CFG on certain snapshots such
as notaz/picodrive. It removes the `bbNotInLoop` predicate, which was
always a liability because it's inherently quadratic. The real slowdown
came in `skipLoop`, where all true-upon-entry loops were crossed with
all definitions of variables that should take their definition from the
loop body.
 2019-10-01 14:33:28 +02:00
Jonas Jensen
eed24f1933 C++: Improve join orders with QL CFG 
Size estimates are slightly different when we enable the QL CFG, and
this caused bad join orders in these predicates.
 2019-10-01 14:33:28 +02:00
ian-semmle
e048207e2f Merge pull request #2055 from matt-gretton-dann/cpp-439-test-cases 
C++: Add test cases for constant initializers
 2019-10-01 12:43:46 +01:00
Jonas Jensen
34b625900a C++: Avoid extends Operation in LeapYear.qll 
The `Operation` class is abstract, and extending it caused cached stages
to be recomputed all the way down to the AST. This meant that the leap
year queries evaluated their own copy of SSA and data flow.
 2019-10-01 11:50:33 +02:00
Jonas Jensen
7c319efb8b C++: Data flow through reference parameters 2019-10-01 10:43:49 +02:00
Robert Marsh
a45a6e48f8 C++: remove side effect operands from non-reads 2019-09-30 12:00:55 -07:00
Robert Marsh
9f20cb83c3 C++/C#: Autoformat 2019-09-30 12:00:55 -07:00
Robert Marsh
fcfc11052a C++: add QLDoc to side effect functions 2019-09-30 12:00:54 -07:00
Robert Marsh
8649978a43 C++: add indexes for specific side effects 2019-09-30 12:00:53 -07:00
Robert Marsh
24574be007 C++: add SizedBuffer side effect instructions 2019-09-30 12:00:53 -07:00
Robert Marsh
554d6390f7 C++: clean up after rebase 2019-09-30 12:00:53 -07:00
Robert Marsh
49088e7f09 C++: Fix formatting and dropped line 2019-09-30 12:00:53 -07:00
Robert Marsh
3d562243e4 C++: add side effects for outparams 2019-09-30 12:00:52 -07:00
Ziemowit Laski
a0cbd87d1f [zlaski/memset-model] Rename predicate usage as per PR/1938. 2019-09-30 10:47:59 -07:00
Ziemowit Laski
ae169e9c33 [zlaski/memset-model] Add AliasFunction as base class of MemsetFunction; override predicates parameterNeverEscapes, parameterEscapesOnlyViaReturn and parameterIsAlwaysReturned. 2019-09-30 10:44:12 -07:00
Ziemowit Laski
aaa2a60b93 [zlaski/memset-model] Remove taint tracking from Memset.qll. Add Memset.qll to Models.qll. 2019-09-30 10:44:12 -07:00
Ziemowit Laski
144aacb09d [zlaski/memset-model] New Memset.qll file. 2019-09-30 10:44:12 -07:00
Matthew Gretton-Dann
b76f66e83b C++: Add test cases for constant initializers 
Adds test cases for initialisation of constants which aren't simple
zeros.  Example: int x = int();
 2019-09-30 14:57:26 +01:00
Jonas Jensen
f417640da4 Merge pull request #1938 from dave-bartolomeo/dave/InNOut 
C++: Rename predicates in `FunctionInputsAndOutputs.qll` and add QLDoc
 2019-09-30 13:30:19 +02:00
Dave Bartolomeo
420713204a C++, C#: Fix typo 2019-09-29 22:44:17 -07:00
Dave Bartolomeo
043e5f716b C++, C#: Autoformat 2019-09-29 22:39:09 -07:00
Dave Bartolomeo
c1e5db0b96 C++ More PR feedback 2019-09-27 17:54:18 -07:00
Dave Bartolomeo
bcd987cdf1 Merge from master and share value numbering 2019-09-27 17:40:43 -07:00