hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,347 Commits 1,672 Branches 157 Tags
hmac/command-injection-from-library-inputs
Commit Graph

5325 Commits

Author SHA1 Message Date
Geoffrey White
f381768a1e CPP: Create HeaderFile.noTopLevelCode from existing logic. 2019-04-11 11:21:53 +01:00
Geoffrey White
9e6b178d48 CPP: Resolve #endif FPs. 2019-04-11 11:05:53 +01:00
Dave Bartolomeo
878cdf7cb6 C++: Fix false positive in PointlessComparison 
We avoid putting a variable into SSA if its address is ever taken in a way that could allow mutation of the variable via indirection. We currently just look to see if the address is either "pointer to non-const" or "reference to non-const". However, if the address was cast to an integral type (e.g. `uintptr_t n = (uintptr_t)&x;`), we were treating it as unescaped. This change makes the conservative assumption that casting a pointer to an integer may result in the pointed-to value being modified later.

This fixes a customer-reported false positive (#2 from https://discuss.lgtm.com/t/2-false-positives-in-c-for-comparison-is-always-same/1943)
 2019-04-11 01:56:22 -07:00
Ziemowit Laski
d76138f189 [CPP-340] Remove use of getUnderlyingType() predicate as it does 
not appear necessary.  Correct comment to refer to
           arguments rather than parameters.
 2019-04-10 10:51:22 -07:00
Ziemowit Laski
dc7497835e [CPP-340] Make the query more strict (again). 2019-04-10 09:55:37 -07:00
Tom Hvitved
813dfc6417 C++: Generalize data-flow library in preparation for C# adoption 2019-04-10 13:05:39 +02:00
Geoffrey White
5101a5bc3d Merge pull request #1056 from jbj/SimpleRangeAnalysis-use-after-cast 
C++: Fix use-after-cast bug in SimpleRangeAnalysis
 2019-04-10 11:04:20 +01:00
Robert Marsh
75ab311c3a Merge pull request #1223 from geoffw0/commentedoutcode 
CPP: Detect commented out preprocessor logic
 2019-04-09 16:16:19 -04:00
Robert Marsh
c9fbbfe7d8 Merge pull request #984 from rdmarsh2/rdmarsh/cpp/ir-stmtexpr 
C++: add support for GNU StmtExpr in IR
 2019-04-09 12:54:35 -04:00
Geoffrey White
13ed50f049 CPP: Improve the regexp. 2019-04-09 13:08:31 +01:00
Geoffrey White
ddb1b0ac1c CPP: Declaration -> definition. 2019-04-09 12:35:20 +01:00
Jonas Jensen
fd4967e6f1 C++: Fix SnprintfOverflow issues 
Requiring strict inclusion between types turned out to cause false
positives in `SnprintfOverflow`, which relied indirectly on
`RangeAnalysisUtils::linearAccessImpl` to identify acceptable bounds
checks. This query was particularly affected because `snprintf` returns
`int` (signed) but takes `size_t` (unsigned), so conversions are bound
to happen.
 2019-04-09 11:05:14 +02:00
Geoffrey White
48fff334da CPP: Detect commented preprocessor code. 2019-04-08 18:17:23 +01:00
Geoffrey White
4d67bd32dd CPP: Move comments explaining implementation details into the body of 'looksLikeCode'. 2019-04-08 18:14:54 +01:00
Geoffrey White
f432f1a03a CPP: Autoformat CommentedOutCode.qll. 2019-04-08 18:00:49 +01:00
Jonas Jensen
fedd652de8 Merge remote-tracking branch 'upstream/rc/1.20' into mergeback-20190408 2019-04-08 08:39:44 +02:00
Robert Marsh
8087cb5040 C++: add CopyValueInstruction for StmtExpr result 2019-04-05 11:27:19 -07:00
Geoffrey White
5dce09b179 Revert "CPP: Workaround improvement for File.compiledAsMicrosoft." 
This reverts commit c3ec7b55b7.
 2019-04-05 17:37:44 +01:00
Geoffrey White
918f7043af Revert "CPP: Add '/' case." 
This reverts commit 5e71207a23.
 2019-04-05 17:37:39 +01:00
Jonas Jensen
f7dda1b3a4 Merge pull request #1213 from geoffw0/pointerscaling2 
CPP: De-duplicate the PointerScaling queries.
 2019-04-05 14:42:28 +02:00
Geoffrey White
f040755b3b CPP: Remove unnecessary imports. 2019-04-05 11:44:50 +01:00
Geoffrey White
44d68a761d CPP: Move 'baseType' into IncorrectPointerScalingCommon.qll. 2019-04-05 11:43:47 +01:00
Geoffrey White
695df232e3 CPP: Equalize the definitions of 'baseType'. 2019-04-05 11:28:11 +01:00
Jonas Jensen
d619a8c693 Merge pull request #1192 from geoffw0/severity 
CPP: Change some query severities
 2019-04-05 09:23:27 +02:00
Jonas Jensen
8c17278808 Merge pull request #1191 from geoffw0/microsoft 
CPP: Workaround improvement for File.compiledAsMicrosoft.
 2019-04-05 09:22:08 +02:00
Robert Marsh
81dd03848f C++: respond to PR comments 2019-04-04 10:52:08 -07:00
Robert Marsh
f2fbdac31b C++: add support for GNU StmtExpr in IR 2019-04-04 10:51:06 -07:00
Geoffrey White
0a0bcdf939 CPP: Move some code into IncorrectPointerScalingCommon.qll. 2019-04-04 18:08:18 +01:00
Geoffrey White
7aee334baf CPP: Update the qhelp. 2019-04-04 16:48:14 +01:00
Geoffrey White
a437e6c103 CPP: Extend coverage. 2019-04-04 16:31:02 +01:00
Geoffrey White
5e71207a23 CPP: Add '/' case. 2019-04-04 14:32:22 +01:00
Anders Schack-Mulligen
15fa4f8b7a Merge pull request #1007 from jbj/dataflow-dispatch-no-ctx 
C++: Simplify stubs in DataFlowDispatch.qll
 2019-04-04 11:25:50 +02:00
Ziemowit Laski
970c45e896 Merge branch 'master' into cpp340a 2019-04-03 17:52:46 -07:00
Ziemowit Laski
e4ce8347bc [CPP-340] Simplify MistypedFunctionArguments.ql and reduce its 
precision from very-high to high.
 2019-04-03 16:19:37 -07:00
Jonas Jensen
d0091b28ee Merge pull request #1199 from geoffw0/printfld 
CPP: Support %Ld in printf.qll
 2019-04-03 15:38:16 +02:00
Geoffrey White
d4c931cf11 CPP: Permit %Ld and similar. 2019-04-03 11:46:48 +01:00
Jonas Jensen
2140995530 C++: Update QLDoc for new use of getFullyConverted 2019-04-03 10:52:05 +02:00
Jonas Jensen
4b159fd2a5 C++: Fix the suppression for alerts about enums 
The suppression mechanism broke when I changed `relOpWithSwap` to take
fully-converted expressions as parameters.
 2019-04-03 10:45:39 +02:00
Jonas Jensen
f9c9efeabe Merge pull request #1188 from geoffw0/donotedit 
CPP: Consider more files to be generated.
 2019-04-03 09:52:28 +02:00
Robert Marsh
fa8b771944 Merge pull request #1186 from jbj/dataflow-defbyref-1.20-fixes 
C++: Let data flow past definition by reference
 2019-04-02 13:36:37 -07:00
Robert Marsh
65d0412692 Merge pull request #1194 from geoffw0/dead-goto 
CPP: Fix false positive from DeadCodeGoto.ql
 2019-04-02 10:03:15 -07:00
Jonas Jensen
eae2fe5a16 Merge pull request #1190 from Semmle/rc/1.20 
Merge 1.20 into master
 2019-04-02 15:29:12 +02:00
Geoffrey White
8979361255 CPP: Exclude functions containing preprocessor logic. 2019-04-02 14:24:37 +01:00
Geoffrey White
1542fdc44b CPP: Change AV Rule 107.ql to a recommendation. 2019-04-02 12:19:33 +01:00
Geoffrey White
96136a1c55 CPP: Change SloppyGlobal.ql to a recommendation. 2019-04-02 12:18:22 +01:00
Geoffrey White
c3ec7b55b7 CPP: Workaround improvement for File.compiledAsMicrosoft. 2019-04-02 11:40:49 +01:00
Jonas Jensen
842aafc888 C++: Fix new UnsafeDaclSecurityDescriptor FP 
This query uses data flow for nullness analysis, which is always going
to be a large overapproximation. The overapproximation became too big
for one of the test cases after the recent change to make data flow go
across assignment by reference.

To make this query more conservative, it will now only report that the
`pDacl` argument can be null if there isn't also evidence that it can be
non-null.
 2019-04-02 11:31:12 +02:00
Geoffrey White
bce6ee5c27 CPP: Consider more files to be generated. 2019-04-02 09:19:55 +01:00
Ziemowit Laski
96b8bdfeb5 [CPP-340] Add new queries to analysis-cpp.md; correct id of 
TooFewArguments.ql
 2019-04-01 19:15:27 -07:00
Ziemowit Laski
03aa86ed4d Merge branch 'master' into cpp340a 
So as to get to change-notes/1.21/analysis-cpp.md
 2019-04-01 18:51:03 -07:00