hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,999 Commits 1,671 Branches 157 Tags
query-help-tests-lgtm
Commit Graph

5109 Commits

Author SHA1 Message Date
Jonas Jensen
cec73e689e Merge pull request #3393 from dbartol/codeql-c-analysis-team/40/1 
C++: A few IR QLDoc comments
 2020-05-11 15:56:43 +02:00
Jonas Jensen
48d2bd6102 C++: Improve suppression of duplicate sources 
This fixes a cosmetic bug in `.../CWE-134/.../examples.c` in the
internal repo.
 2020-05-11 14:44:53 +02:00
Jonas Jensen
3a89f43cd6 Merge remote-tracking branch 'upstream/master' into dataflow-indirect-args 
Conflicts:
	cpp/ql/src/semmle/code/cpp/ir/dataflow/DefaultTaintTracking.qll
	cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
	cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/defaulttainttracking.cpp
	cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/tainted.expected
	cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/test_diff.expected
	cpp/ql/test/library-tests/dataflow/dataflow-tests/test_ir.expected
 2020-05-11 14:44:17 +02:00
Jonas Jensen
3369453bb1 Merge pull request #3427 from MathiasVP/remove-abstract-from-builtin-op 
C++: Remove abstract keyword from `BuiltInOperation`
 2020-05-11 14:16:46 +02:00
Jonas Jensen
4f5b8f7306 Merge pull request #3430 from MathiasVP/comments-about-comments 
C++: Add QLDoc to CaptionedComments.qll and CommentedOutCode.qll
 2020-05-11 12:36:54 +02:00
Mathias Vorreiter Pedersen
715fa9e446 Simplify comment 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2020-05-11 11:32:10 +02:00
Mathias Vorreiter Pedersen
104545f3a7 Replace 'Returns' with 'Gets' 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2020-05-11 11:31:51 +02:00
Mathias Vorreiter Pedersen
411e52a231 C++: Replace @buildin_op with @builtin_op 2020-05-11 11:12:48 +02:00
Jonas Jensen
b3498bd0ad Merge pull request #3425 from MathiasVP/remove-more-abstract-classes 
C++: Remove abstract keyword from a couple of AST classes
 2020-05-11 10:55:35 +02:00
Jonas Jensen
bebd5ae36b C++: Call qualifiers are passed by reference 
After #3382 changed the escape analysis to model qualifiers as escaping,
there was an imbalance in the SSA library, where `addressTakenVariable`
excludes variables from SSA analysis if they have their address taken
but are _not_ passed by reference. This showed up as a missing result in
`TOCTOUFilesystemRace.ql`, demonstrated with a test case in #3432.

This commit changes the definition of "pass by reference" to include
call qualifiers, which allows SSA modeling of variables that have member
function calls on them.
 2020-05-11 09:39:48 +02:00
Jonas Jensen
8ff045b6a2 Merge pull request #3432 from geoffw0/toctou 
C++: Add a test of TOCTOUFilesystemRace.ql
 2020-05-11 09:18:51 +02:00
Jonas Jensen
71c21e6eca C++: Accept test changes forgotten in 32e04b403 
Adding a new test case leads to changes in all `.expected` files in its
directory.

The new results show that the `DefinitionsAndUses` library does not
model `std::addressof` correctly, but that library is not intended to be
used for new code.
 2020-05-11 08:17:13 +02:00
Cornelius Riemenschneider
3596ff7c51 Address review. 2020-05-10 19:34:16 +02:00
Mathias Vorreiter Pedersen
b34db333a5 C++: Add upgrade script 2020-05-09 13:41:39 +02:00
jcreedcmu
c9788a7928 Merge pull request #3308 from jcreedcmu/jcreed/jump-to-def 
Add queries for VS Code jump-to-definition
 2020-05-08 07:29:02 -04:00
Mathias Vorreiter Pedersen
86f283dff2 C++: Add new stats file from Jenkins job 2020-05-08 09:15:58 +02:00
Geoffrey White
bff97d9fe5 C++: Effect of #3382. 2020-05-07 19:06:05 +01:00
Geoffrey White
6499197087 C++: Add a test of TOCTOUFilesystemRace.ql. 2020-05-07 19:03:32 +01:00
Mathias Vorreiter Pedersen
8df25c3025 C++: Add QLDoc 2020-05-07 18:34:26 +02:00
Jonas Jensen
4b9a3f1482 Merge remote-tracking branch 'upstream/master' into dataflow-defbyref-to-field 2020-05-07 16:48:41 +02:00
Jonas Jensen
88eeca39fb Merge commit '52d8acc1a198c5ea29c1dddceda1d6c0fb75de14' into dataflow-defbyref-to-field 
This is a partial merge from master. In particular, it takes in #3382
and #3385.
 2020-05-07 16:46:11 +02:00
Jonas Jensen
5e8bd0a724 C++: Fix variable name in comment 2020-05-07 16:38:15 +02:00
Jonas Jensen
32e04b4033 C++: Support std::addressof 
I didn't add this support in `AddressConstantExpression.qll` since I
think it would require extra work and testing to get the constexprness
right. My long-term plan for `AddressConstantExpression.qll` is to move
its functionality to the extractor.
 2020-05-07 16:30:44 +02:00
Cornelius Riemenschneider
1aa7a827af Add QLDoc. 2020-05-07 14:53:41 +02:00
Mathias Vorreiter Pedersen
594f3b1807 C++: Add testcase for #3110 2020-05-07 14:39:53 +02:00
Dave Bartolomeo
e435484740 C++/C#: Fix formatting 2020-05-07 08:39:01 -04:00
Mathias Vorreiter Pedersen
43ffcfe730 C++: Remove abstract keyword from BuiltInOperation 2020-05-07 13:18:12 +02:00
Mathias Vorreiter Pedersen
dd0ca34038 C++: Remove abstract keyword from a couple of AST classes 2020-05-07 12:01:07 +02:00
Dave Bartolomeo
f0e86a9191 C++: Add missing module comment 2020-05-06 17:30:20 -04:00
Dave Bartolomeo
df4fdaf6ff C++: Fix PR feedback 
Note that the various predicates to access the singleton instances of the `EdgeKind` classes have been moved into a module named `EdgeKind`.
 2020-05-06 17:06:48 -04:00
Geoffrey White
c8524522c8 C++: Add test cases. 2020-05-06 18:51:50 +01:00
Cornelius Riemenschneider
e397e5d325 Add new testcase to arraylengthanalysis library. 2020-05-06 16:36:48 +02:00
Cornelius Riemenschneider
1c9fa4eb1d This library proves that a subset of pointer dereferences in a program are safe, i.e. in-bounds. 
It does so by first defining what a pointer dereference is (on the IR
`Instruction` level), and then using the array length analysis and the range
analysis together to prove that some of these pointer dereferences are safe.
 2020-05-06 16:36:48 +02:00
Jonas Jensen
63f04afa8d Merge pull request #3312 from hvitved/dataflow/impl-no-postupdate 
Data flow: Support stores into nodes that are not `PostUpdateNode`s
 2020-05-06 09:09:31 +02:00
Robert Marsh
78d2ac1ff4 Merge pull request #3368 from Cornelius-Riemenschneider/local-ala 
C++: Add experimental Array Length Tracking library
 2020-05-05 13:05:52 -07:00
Mathias Vorreiter Pedersen
114310700a Merge pull request #3414 from geoffw0/issue3356 
C++: Fix error in QLDoc.
 2020-05-05 18:07:49 +02:00
Geoffrey White
3e2e69c06a C++: Autoformat. 2020-05-05 16:55:15 +01:00
Geoffrey White
27490a35ae C++: Fix error in QLDoc. 2020-05-05 13:37:14 +01:00
Geoffrey White
2940f4794e C++: Fix isfromtemplateinstantiation test. 2020-05-05 13:12:44 +01:00
Tom Hvitved
e95cc24b3f Data flow: Support stores into nodes that are not PostUpdateNodes 2020-05-05 14:01:04 +02:00
Geoffrey White
0b381b9ba7 C++: Autoformat. 2020-05-05 12:58:54 +01:00
Anders Schack-Mulligen
b7458091a9 Merge pull request #3110 from hvitved/dataflow/no-more-summaries 
Data flow: No more flow summaries
 2020-05-05 13:27:07 +02:00
Matthew Gretton-Dann
52d8acc1a1 Merge pull request #3404 from nickrolfe/field_attrs 
C++: add test for attributes on fields
 2020-05-05 12:12:28 +01:00
Geoffrey White
31a7e2c34e C++: Make getAnonymousParameterDescription private. 2020-05-05 10:05:18 +01:00
Cornelius Riemenschneider
264763080e Autoformat, address review. 2020-05-05 08:52:52 +02:00
Geoffrey White
511d7c9199 C++: Improve solution for UsingDeclarationEntry. 2020-05-04 18:01:29 +01:00
Geoffrey White
3d431607e7 C++: Combine the usings tests and add detail about classes. 2020-05-04 17:48:42 +01:00
Geoffrey White
9fc37d174e C++: Update the 'usings' tests. 2020-05-04 17:46:26 +01:00
Nick Rolfe
ae913fbf56 C++: update expected output to include field attribute 2020-05-04 16:17:59 +01:00
Nick Rolfe
124ea86d65 C++: add test for attributes on fields 2020-05-04 15:12:49 +01:00