hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 19:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,347 Commits 1,672 Branches 157 Tags
hmac/command-injection-from-library-inputs
Commit Graph

5325 Commits

Author SHA1 Message Date
Jonas Jensen
7485cc76b2 C++: Edit Recommendation section 
1. The two last examples were misleading at best. The first of those two
   recommended casting to non-negative `int`s to `unsigned int` and then
   checking if their addition would overflow, but overflow was
   impossible because their sum (on 32-bit two's complement) could be at
   most 2^32 - 2. The second example could lead to the wrong condition
   (unsigned overflow) being checked if taken literally. Instead of
   keeping that example, I reworeded the first paragraph of the
   Recommendation section.
2. The assumptions about `delta` being positive was relaxed to
   non-negative.
3. There was no need to assume that an unsigned short was non-negative.
4. Some of the suggestions were missing `i >`.
 2019-11-15 11:05:00 +01:00
Jonas Jensen
73d9cc2e7b Merge pull request #2309 from geoffw0/cpp418 
CPP: QLDoc enhancements
 2019-11-15 08:46:08 +01:00
Robert Marsh
562f62879f C++: rename variables in PointerOverflow examples 2019-11-14 15:21:26 -08:00
Robert Marsh
c6d848caf9 C++: simplify PointerOverflow.qhelp 2019-11-14 15:11:39 -08:00
Robert Marsh
facbd32062 Merge branch 'master' into rdmarsh/cpp/ir-callee-side-effects 2019-11-14 11:09:13 -08:00
Robert Marsh
2fb1d4d1b1 C++: fix IR return block successors 2019-11-14 10:29:48 -08:00
Geoffrey White
7408726f41 Merge pull request #2312 from jbj/pointer-wraparound-query 
C++: New query: Pointer overflow check
 2019-11-14 16:13:04 +00:00
Geoffrey White
f2b7af7437 CPP: Add example code for RoutineType. 2019-11-14 15:25:00 +00:00
Nick Rolfe
f5513342d6 C++: add missing backtick in qldoc comment 2019-11-14 13:20:41 +00:00
Geoffrey White
beb3602253 Update cpp/ql/src/semmle/code/cpp/exprs/BuiltInOperations.qll 
Co-Authored-By: Jonas Jensen <jbj@github.com>
 2019-11-14 12:49:02 +00:00
Geoffrey White
6724632413 Update cpp/ql/src/semmle/code/cpp/exprs/BuiltInOperations.qll 
Co-Authored-By: Jonas Jensen <jbj@github.com>
 2019-11-14 12:48:50 +00:00
Geoffrey White
45cc6c445c Update cpp/ql/src/semmle/code/cpp/exprs/BuiltInOperations.qll 
Co-Authored-By: Jonas Jensen <jbj@github.com>
 2019-11-14 12:48:05 +00:00
Geoffrey White
0bb37c17f2 CPP: Delete parenthesized comment. 2019-11-14 12:46:43 +00:00
Geoffrey White
8b30baf656 CPP: Delete 'compiler-generated'. 2019-11-14 12:43:54 +00:00
Geoffrey White
f96cffa1f3 Update cpp/ql/src/semmle/code/cpp/exprs/BuiltInOperations.qll 
Co-Authored-By: Jonas Jensen <jbj@github.com>
 2019-11-14 12:41:10 +00:00
Geoffrey White
82c6ff02b2 Update cpp/ql/src/semmle/code/cpp/exprs/BuiltInOperations.qll 
Co-Authored-By: Jonas Jensen <jbj@github.com>
 2019-11-14 12:40:53 +00:00
Geoffrey White
6262cee27d Update cpp/ql/src/semmle/code/cpp/exprs/BuiltInOperations.qll 
Co-Authored-By: Jonas Jensen <jbj@github.com>
 2019-11-14 12:40:41 +00:00
Geoffrey White
fe5bd42203 Update cpp/ql/src/semmle/code/cpp/exprs/BuiltInOperations.qll 
Co-Authored-By: Jonas Jensen <jbj@github.com>
 2019-11-14 12:40:29 +00:00
Geoffrey White
d8aeedfe01 Update cpp/ql/src/semmle/code/cpp/exprs/BuiltInOperations.qll 
Co-Authored-By: Jonas Jensen <jbj@github.com>
 2019-11-14 12:40:11 +00:00
Geoffrey White
877e9ba6d8 Update cpp/ql/src/semmle/code/cpp/exprs/BuiltInOperations.qll 
Co-Authored-By: Jonas Jensen <jbj@github.com>
 2019-11-14 12:39:54 +00:00
Geoffrey White
acefadda8c Update cpp/ql/src/semmle/code/cpp/exprs/Assignment.qll 
Co-Authored-By: Jonas Jensen <jbj@github.com>
 2019-11-14 12:35:15 +00:00
Geoffrey White
b1dfc60422 Update cpp/ql/src/semmle/code/cpp/exprs/Cast.qll 
Co-Authored-By: Jonas Jensen <jbj@github.com>
 2019-11-14 12:34:13 +00:00
Anders Schack-Mulligen
106b8cfbca Java/C++/C#: Fix bad magic and bad join-order. 2019-11-14 13:17:17 +01:00
Jonas Jensen
c7176e50ca C++: Tweak wording in docs 2019-11-14 13:03:34 +01:00
Geoffrey White
79a000d88f Update cpp/ql/src/semmle/code/cpp/exprs/Expr.qll 
Co-Authored-By: Jonas Jensen <jbj@github.com>
 2019-11-14 11:31:27 +00:00
Geoffrey White
0f2a2cb956 Update cpp/ql/src/semmle/code/cpp/exprs/Expr.qll 
Co-Authored-By: Jonas Jensen <jbj@github.com>
 2019-11-14 11:31:01 +00:00
Geoffrey White
25db90021b Update cpp/ql/src/semmle/code/cpp/exprs/Expr.qll 
Co-Authored-By: Jonas Jensen <jbj@github.com>
 2019-11-14 11:29:03 +00:00
Geoffrey White
01b25199d0 CPP: Lesser than -> Less than. 2019-11-14 11:27:15 +00:00
Geoffrey White
238918c394 Update cpp/ql/src/semmle/code/cpp/Type.qll 
Co-Authored-By: Jonas Jensen <jbj@github.com>
 2019-11-14 11:24:54 +00:00
Geoffrey White
b3bda421bc Update cpp/ql/src/semmle/code/cpp/Type.qll 
Co-Authored-By: Jonas Jensen <jbj@github.com>
 2019-11-14 11:24:15 +00:00
Geoffrey White
90909d211c Update cpp/ql/src/semmle/code/cpp/Type.qll 
Co-Authored-By: Jonas Jensen <jbj@github.com>
 2019-11-14 11:24:00 +00:00
Geoffrey White
7d2babd9db Update cpp/ql/src/semmle/code/cpp/Type.qll 
Co-Authored-By: Jonas Jensen <jbj@github.com>
 2019-11-14 11:22:16 +00:00
Geoffrey White
97559857bf Update cpp/ql/src/semmle/code/cpp/Type.qll 
Co-Authored-By: Jonas Jensen <jbj@github.com>
 2019-11-14 11:22:07 +00:00
Jonas Jensen
931b0f1445 Apply suggestions from code review 
Co-Authored-By: Alistair <54933897+hubwriter@users.noreply.github.com>
 2019-11-14 12:06:02 +01:00
Dave Bartolomeo
08620046ab Merge pull request #2068 from rdmarsh2/rdmarsh/cpp/ir-constructor-side-effects 
C++: side effect instrs for constructor qualifiers
 2019-11-13 14:56:24 -07:00
Geoffrey White
44ffb600d6 CPP: Improve the UnknwonType example as suggested. 2019-11-13 16:55:32 +00:00
Geoffrey White
2b73af09e4 CPP: Consistency. 2019-11-13 16:39:51 +00:00
Geoffrey White
e72bf2d35e CPP: *lvalue* -> _lvalue_ and similar. 2019-11-13 16:36:18 +00:00
Geoffrey White
e883220de3 CPP: Remove other comments about equivalence. 2019-11-13 16:28:50 +00:00
Geoffrey White
5e15265b50 Update cpp/ql/src/semmle/code/cpp/Type.qll 
Co-Authored-By: Jonas Jensen <jbj@github.com>
 2019-11-13 15:53:34 +00:00
Geoffrey White
da6fa7adfc Update cpp/ql/src/semmle/code/cpp/Type.qll 
Co-Authored-By: Jonas Jensen <jbj@github.com>
 2019-11-13 15:52:49 +00:00
Geoffrey White
4c6fd004e6 Update cpp/ql/src/semmle/code/cpp/Type.qll 
Co-Authored-By: Jonas Jensen <jbj@github.com>
 2019-11-13 15:52:15 +00:00
Jonas Jensen
4ddac749af C++: Add change note 
Also fix discrepancies between `SignedOverflowCheck.ql` and its change
note.
 2019-11-13 14:43:30 +01:00
Jonas Jensen
2d72a9cdec C++: Rename query 
This new name is similar to its sister query "Signed overflow check".
 2019-11-13 14:40:27 +01:00
Jonas Jensen
1b849dbf0e C++: More principled macro exclusion 
We no longer exclude macros based on their name, which means we can now
find results inside arguments to the `likely` macro in Linux (except
that Linux is compiled with `-fno-strict-overflow`).
 2019-11-13 14:22:38 +01:00
Jonas Jensen
8d79634f8c C++: Factor out isFromMacroDefinition predicate 
This trick for excluding elements from macro bodies but not macro
arguments looks promising and should probably be used much more. With
this commit, it's now easy to use from any query.

Performance is still good because the new predicate gets appropriately
magiced.
 2019-11-13 14:07:33 +01:00
Jonas Jensen
d2009c53dc C++: Support GCC flags making ptr overflow defined 2019-11-13 14:07:33 +01:00
Jonas Jensen
8ed991759c C++: Rename PointerWrapAround to PointerOverflow 
Overflow was the terminology I found for this in the C standard (C11
6.5.6-8).
 2019-11-13 14:06:58 +01:00
Jonas Jensen
bd08c64933 C++: Apply my own review comments from #2218 2019-11-13 14:05:23 +01:00
Geoffrey White
abcf9e0d78 CPP: Autoformat. 2019-11-13 12:35:26 +00:00