hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
11,841 Commits 1,671 Branches 157 Tags
merge-rc/1.24
Commit Graph

3597 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
333d0a69d2 Java/C++/C#: Bugfix for field flow through reverse read. 2019-11-29 09:38:24 +01:00
Geoffrey White
3477c4a8fb Update cpp/ql/src/semmle/code/cpp/commons/Alloc.qll 
Co-Authored-By: Jonas Jensen <jbj@github.com>
 2019-11-28 17:30:36 +00:00
Geoffrey White
aae9f88413 CPP: Model 'alloca'. 2019-11-28 17:27:37 +00:00
Jonas Jensen
763b18cd11 Merge remote-tracking branch 'upstream/master' into StackVariable 
Conflicts:
      change-notes/1.24/analysis-cpp.md
      cpp/ql/src/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql
 2019-11-28 17:51:20 +01:00
Jonas Jensen
d816701e07 Revert "C++: Use StackVariable in Nullness.qll" 
It looks like allowing statics in `Nullness.qll` is fine since it's a
"may be null" analysis rather than a "must be null" analysis.

This reverts commit f5b9837e19.
 2019-11-28 17:44:42 +01:00
Jonas Jensen
d22df24cab Merge pull request #2467 from geoffw0/speedup1 
CPP: Speed up isCompiledAsC.
 2019-11-28 17:31:27 +01:00
Geoffrey White
b1c992e85f CPP: Speed up isCompiledAsC (x3). 2019-11-28 11:28:38 +00:00
Dave Bartolomeo
aa6bd07971 Merge remote-tracking branch 'upstream/master' into dbartol/May-Must 2019-11-26 14:07:13 -07:00
Robert Marsh
e368d5dda0 C++: simplify getDisplayOrderInBlock 2019-11-26 16:02:30 -05:00
Jonas Jensen
c05cc77a91 Merge pull request #2421 from dbartol/dbartol/IndirectAlias 
C++/C#: Cleanup in preparation for indirect alias analysis
 2019-11-26 21:59:17 +01:00
Dave Bartolomeo
f3b4140948 C++/C#: Consistent handling of "may" vs. "must" memory accesses 
In the IR, some memory accesses are "must" accesses (the entire memory location is always read or written), and some are "may" accesses (some, all, or none of the bits in the location are written). We previously had to special case specific "may" accesses in a few places. This change regularizes our handling of "may" accesses.

The `MemoryAccessKind` enumeration now describes only the extent of the access (the set of locations potentially accessed), but does not distinguish "must" from "may". The new predicates `Operand.hasMayMemoryAccess()` and `Instruction.hasResultMayMemoryAccess()` hold when the access is a "may" access.

Unaliased SSA now correctly ignores variables that are ever accessed via a "may" access.

Aliased SSA now distinguishes `MemoryLocation`s for "may" and "must" accesses. I've refactored `getOverlap()` into the core `getExtentOverlap()`, which considers only the extent, but not the "may" vs. "must", and `getOverlap()`, which tweaks the result of `getExtentOverlap()` based on "may" vs. "must" and read-only locations.

When determining the overlap between a `Phi` operand and its definition, we now use the result of the defining `Chi` instruction, if one exists. This gives exact definitions for `Phi` operands for virtual variables.
 2019-11-26 12:13:07 -07:00
Dave Bartolomeo
4e1ee7a998 C++/C#: Fix formatting 2019-11-26 10:48:24 -07:00
Jonas Jensen
b1745f588c Merge pull request #2402 from geoffw0/nospace 
CPP: Make NoSpaceForZeroTerminator.ql more conservative.
 2019-11-26 13:36:05 +01:00
Robert Marsh
60b384a6e5 C++/C#: use line numbers for instruction IDs 
This should reduce the number of merge conflicts in the IR tests resulting
from instruction ID changes due to inserting or removing instructions
 2019-11-25 18:27:59 -05:00
Dave Bartolomeo
7d48220a76 C++/C#: Make QLDoc conform to style guide 2019-11-25 11:26:45 -07:00
Dave Bartolomeo
44c1c5a7ab C++: Update points_to.ql test to use new bit offset format 2019-11-25 11:13:02 -07:00
Dave Bartolomeo
521fbb125e C++/C#: Fix formatting 2019-11-25 11:12:23 -07:00
semmle-qlci
d58a6b02bf Merge pull request #2396 from hvitved/dataflow/erased-type-class 
Approved by aschackmull, jbj
 2019-11-25 15:22:13 +00:00
Geoffrey White
1d26d4c5e4 Merge pull request #2404 from jbj/signed-overflow-macro 
C++: Fix SignedOverflowCheck.ql performance
 2019-11-25 15:15:57 +00:00
Tom Hvitved
a26efdf4c1 Java/C++/C#: Rename DataFlowErasedType back to DataFlowType 2019-11-25 11:43:58 +01:00
Jonas Jensen
5ee19c5a66 C++: Stricter loop-variant check 
The `loopVariant` predicate in `ComparisonWithWiderType.ql` is intended
to identify loop counters, but it was too much of a stretch to apply it
to any subexpression of the small side of the comparison.

This change fixes two false positives on arvidn/libtorrent and many
others seen in the wild (on Linux, CoreCLR, ffmpeg, ...).
 2019-11-25 11:31:41 +01:00
Jonas Jensen
8f3998915b Merge pull request #2376 from geoffw0/qhelpms2 
CPP: Recommendations and examples for TlsSettingsMisconfiguration.qhelp and UseOfDeprecatedHardCodedProtocol.qhelp
 2019-11-25 08:17:32 +01:00
Dave Bartolomeo
eda47bfc51 C++: Add SSA sanity tests to IR tests 2019-11-22 16:10:51 -07:00
Dave Bartolomeo
bd78f68975 C++/C#: Fix formatting 2019-11-22 16:08:49 -07:00
Dave Bartolomeo
df21835759 C++/C#: Refactor some integer constant code 
Make `bitsToBytesAndBits` omit the leftover bits if zero.
 2019-11-22 13:23:00 -07:00
Dave Bartolomeo
51ff262cbc C++/C#: Add IR SSA sanity tests 2019-11-22 13:16:05 -07:00
Dave Bartolomeo
bc48c25690 C++/C#: Make IRVariable and its derived classes non-abstract 2019-11-22 12:13:39 -07:00
Dave Bartolomeo
12daa76b70 C++: Make duplicateOperand query report function name 2019-11-22 11:00:01 -07:00
Geoffrey White
cdbe920067 CPP: Remove second overview paragraph. 2019-11-22 16:22:08 +00:00
Geoffrey White
5a346c357b Update cpp/ql/src/Likely Bugs/Protocols/UseOfDeprecatedHardcodedProtocolGood.cpp 
Co-Authored-By: Jonas Jensen <jbj@github.com>
 2019-11-22 16:21:24 +00:00
Geoffrey White
0c07fa44a1 Update cpp/ql/src/Likely Bugs/Protocols/UseOfDeprecatedHardcodedProtocol.qhelp 
Co-Authored-By: Alistair <54933897+hubwriter@users.noreply.github.com>
 2019-11-22 16:21:05 +00:00
Geoffrey White
ac1010872b Update cpp/ql/src/Likely Bugs/Protocols/UseOfDeprecatedHardcodedProtocol.qhelp 
Co-Authored-By: Alistair <54933897+hubwriter@users.noreply.github.com>
 2019-11-22 16:20:54 +00:00
Geoffrey White
e274e01432 CPP: More consistency. 2019-11-22 16:08:00 +00:00
Geoffrey White
d4f75c1c2a CPP: Consistency. 2019-11-22 16:07:59 +00:00
Geoffrey White
384cf4b233 CPP: Recommendation and example for UseOfDeprecatedHardcodedProtocol.qhelp. 2019-11-22 16:07:59 +00:00
Geoffrey White
8fc59ebac4 CPP: I believe these BUG labels were incorrect. 2019-11-22 16:07:59 +00:00
Geoffrey White
21d8264d80 CPP: Fix typo. 2019-11-22 16:07:59 +00:00
Geoffrey White
a1b603e73c CPP: Add the examples to the test. 2019-11-22 16:07:59 +00:00
Geoffrey White
3cd545d186 CPP: Recommendation and example for TlsSettingsMisconfiguration.qhelp. 2019-11-22 16:07:59 +00:00
Geoffrey White
794a3deba9 CPP: Break up a long sentence in query description. 2019-11-22 16:07:59 +00:00
Geoffrey White
6fc415485b CPP: Autoformat. 2019-11-22 15:34:51 +00:00
Geoffrey White
c73d3ebbb6 CPP: Pre-autoformat. 2019-11-22 15:34:50 +00:00
Geoffrey White
3895a7e1f0 CPP: Queries: Improve NoSpaceForZeroTerminator query. 2019-11-22 15:27:08 +00:00
Geoffrey White
3c9432d7b7 CPP: Queries: Improve OverflowCalculated query. 2019-11-22 15:19:00 +00:00
Geoffrey White
1e7bd9e987 CPP: Queries: Similar dataflow simplification in OverflowCalculated.ql to that made recently in NoSpaceForZeroTerminator.ql. 2019-11-22 15:19:00 +00:00
Geoffrey White
1fa30306dc CPP: Libraries: Separate deallocation libraries. 2019-11-22 15:18:59 +00:00
Geoffrey White
a51da53013 CPP: Libraries: Split into interface and implementation. 2019-11-22 15:18:59 +00:00
Geoffrey White
356356f71b CPP: Libraries: Overridable classes. 2019-11-22 15:18:59 +00:00
Geoffrey White
0d01ea66c6 CPP: Libraries: Move interfaces into the models directory. 2019-11-22 15:18:59 +00:00
Geoffrey White
64ed97b584 CPP: Libraries: Add FreeFunction and DeallocationExpr to malloc.qll. 2019-11-22 15:18:59 +00:00