hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
3,929 Commits 1,671 Branches 157 Tags
rc/1.20
Commit Graph

1165 Commits

Author SHA1 Message Date
Robert Marsh
b8f8ed55e6 Merge pull request #1000 from jbj/dataflow-defbyref 
C++: Support definition by reference in data flow library
 2019-03-01 13:54:37 -08:00
Geoffrey White
66013272da Merge pull request #894 from jbj/ir-RedundantNullCheckSimple 
C++: IR query for redundant null check
 2019-03-01 15:34:18 +00:00
Nick Rolfe
e6ddf7f48a Merge pull request #1012 from ian-semmle/constexpr 
C++: Add Variable.isConstexpr()
 2019-03-01 14:42:35 +00:00
Geoffrey White
28304e4fde Merge pull request #1005 from jbj/dataflow-Node-cached 
C++: Cache TNode and localFlowStep
 2019-02-28 17:43:14 +00:00
Ian Lynagh
a709a2d0f3 C++: Add Variable.isConstexpr() 2019-02-28 15:26:15 +00:00
Geoffrey White
832a436a49 Revert "C++: Revert doc-related changes to dbscheme" 
This reverts commit e81d197ebd.
 2019-02-28 14:50:49 +00:00
Geoffrey White
e55dc43111 CPP: Consistency changes suggested by Dave. 2019-02-28 14:50:49 +00:00
Geoffrey White
b1bf1b8f1c CPP: More annotations. 2019-02-28 14:50:49 +00:00
Geoffrey White
dd271f1c93 CPP: Fix type 'diagnosstic'. 2019-02-28 14:50:49 +00:00
Geoffrey White
0c84e06234 CPP: Fix typo. 2019-02-28 14:50:49 +00:00
Geoffrey White
6398298bea CPP: Add keyset annotations to the CPP dbscheme. 2019-02-28 14:50:49 +00:00
Jonas Jensen
264301be66 C++: Cache TNode and localFlowStep 
These two elements weren't cached, which meant that local data flow was
recalculated in every query that used data flow. They are also cached in
the Java version of `DataFlowUtil.qll`.
 2019-02-28 11:41:51 +01:00
Jonas Jensen
8e6daafd7c C++: Add DefinitionByReferenceNode.getParameter 
This commits also adds a test that uses `getParameter`. The new tests
demonstrate that support for array-to-pointer decay works, but we get
data flow to the array rather than its contents.
 2019-02-28 09:39:51 +01:00
Jonas Jensen
2bc0a8d6fb C++: Remove getVariableAccess from def-by-ref node 
This accessor may not be forward-compatible with an IR-based version,
and it's unclear whether it has any use. The `VariableAccess` remains in
the `TDefinitionByReferenceNode` constructor since it's used to
implement `getType`.
 2019-02-28 09:38:40 +01:00
Jonas Jensen
7ff732d962 C++: Use OO dispatch for getType and getFunction 2019-02-28 08:23:24 +01:00
Jonas Jensen
972d00822c C++: Generalize std::move data flow 2019-02-27 15:53:00 +01:00
Jonas Jensen
80183464d9 C++: Define DefinitionByReferenceNode 
This enables data flow through `memcpy` and similar functions modeled in
`semmle.code.cpp.model`.
 2019-02-27 15:53:00 +01:00
Jonas Jensen
5647a1a658 C++: BlockVar value stops at def by ref (partial) 2019-02-27 15:05:53 +01:00
Geoffrey White
25a5ff5e55 CPP: Similarly update other @deprecated messages. 2019-02-27 13:20:24 +00:00
Geoffrey White
f0356bb83b CPP: Reformat @deprecated message. 2019-02-27 13:18:29 +00:00
Geoffrey White
3f2e902912 CPP: Remove it from the security dashboard (OverrunWrite.ql is already on there). 2019-02-27 13:09:09 +00:00
Geoffrey White
45315cda90 CPP: Deprecate PotentialBufferOverflow.ql. 2019-02-27 13:09:09 +00:00
Geoffrey White
8a5bc24b36 CPP: Replace PotentialBufferOverflow with OverrunWrite in the test. 2019-02-27 13:09:09 +00:00
Geoffrey White
7194121eae CPP: Expand the test cases covering PotentialBufferOverflow.ql. 2019-02-27 13:09:09 +00:00
Jonas Jensen
20f3df0d09 C++: Add tests to demo lack dataflow by reference 2019-02-27 13:19:16 +01:00
semmle-qlci
d857f52c7d Merge pull request #991 from jbj/error-function-returns 
Approved by geoffw0
 2019-02-27 08:01:39 +00:00
Dave Bartolomeo
84c7f195d6 Merge pull request #994 from geoffw0/msalloc 
CPP: Add lots more allocation functions to Alloc.qll
 2019-02-26 11:59:45 -08:00
Geoffrey White
e32042d69c CPP: Add support for Microsoft functions in Alloc.qll. 2019-02-26 17:11:37 +00:00
Jonas Jensen
07bd85e9fa C++: Function error doesn't always exit 
The configuration in `DefaultOptions.qll` assumed that a call to any
top-level function named `error` would exit the program. This is not
true.

The assumption was probably about `error(3)`, which is a GNU extension.
It only exits if its first argument it not 0. Furthermore, projects such
as openssh may define their own function named `error` with different
behaviour. Because the GNU `error` function is non-standard, it's
perfectly fine to shadow it with a project-specific definition.

This change removes two FPs from `PointlessComparison.qll` on
https://github.com/openssh/openssh-portable.
 2019-02-26 16:31:34 +01:00
Jonas Jensen
f12dfda28f Merge pull request #985 from rdmarsh2/rdmarsh/ir-call-side-effect 
C++: fix PrimaryInstruction for call side effects
 2019-02-26 10:36:18 +01:00
Robert Marsh
af490a9b3e C++: fix PrimaryInstruction for call side effects 2019-02-25 11:41:40 -08:00
Ian Lynagh
ad126b93cf C++: Remove a use of deprecated Function.getFullSignature() 2019-02-25 15:51:39 +00:00
Ian Lynagh
f02a4ce63e C++: Accept test changes following new *constexpr specifiers 2019-02-25 12:48:48 +00:00
Ian Lynagh
4bd03d52f1 C++: Add constexpr support for functions 2019-02-25 12:48:48 +00:00
Ian Lynagh
5db38ef14b C++: Add a test for constexpr functions 2019-02-25 12:48:48 +00:00
Jonas Jensen
a9f8a53dac Merge pull request #972 from geoffw0/rtl 
CPP: Add support for the Rtl* functions in BufferAccess.ql
 2019-02-25 13:07:05 +01:00
Jonas Jensen
2181bca389 C++: Remove @precision of AllocaInLoop.ql 
A PR check was failing because this query was enabled on LGTM but had no
qhelp. I'm removing the `@precision` for now to take it off LGTM, and
then we can add it back when it has qhelp, tests, and change note.
 2019-02-25 11:45:34 +01:00
Dave Bartolomeo
70bccf85fc Merge pull request #970 from jbj/ir-block-count 
C++: Use the cached getInstructionCount
 2019-02-22 10:19:39 -08:00
Geoffrey White
dc0044288b CPP: Add support for some Rtl* functions in BufferAccess.qll. 2019-02-22 15:54:16 +00:00
Jonas Jensen
6777c8c13c C++: Use the cached getInstructionCount 
The object-oriented `IRBlock` interface was recomputing instruction
counts instead of using the cached count that had already been computed.
 2019-02-22 14:55:09 +01:00
Geoffrey White
8302ac4644 Merge pull request #965 from evverx/alloca-in-a-loop 
CPP: add a query for catching alloca in a loop
 2019-02-22 11:44:59 +00:00
Robert Marsh
07cbbdaf9a C++: accept test output 2019-02-21 17:18:06 -08:00
Robert Marsh
aa97302671 make loads from tainted addresses tainted 2019-02-21 17:17:49 -08:00
Robert Marsh
9a9ec7bb17 C++: add IR-based taint tracking library 2019-02-21 17:09:09 -08:00
Robert Marsh
173ade1336 C++: add arithmetic/bitwise instruction classes 2019-02-21 17:09:08 -08:00
Jonas Jensen
7649e8758b Merge pull request #846 from geoffw0/returnstack 
CPP: Improve  ReturnStackAllocatedMemory.ql
 2019-02-21 22:04:53 +01:00
Robert Marsh
a0c12c46e5 Merge pull request #962 from jbj/IRGuards-cached 
C++: Reduce the IRGuards to two cached stages
 2019-02-21 10:50:19 -08:00
Evgeny Vereshchagin
e9401fca0d CPP: add a query for catching alloca in a loop 
Thanks to Sam Lanning (@samlanning) and Robert Marsh for taking the time to help
to make it possible. In fact, it was Robert Marsh who effectively
wrote the query and figured out that __builtin_alloca should be
used to also take functions like strdupa into account. I just
filled out the metadata :-)
 2019-02-21 18:09:56 +01:00
Geoffrey White
0ca67880b2 Merge pull request #902 from jbj/test-queries.xml 
C++: Add a queries.xml to the test dir
 2019-02-21 16:43:01 +00:00
Jonas Jensen
1bc967c1d1 Merge pull request #819 from geoffw0/newdelete 
CPP: Improve dataflow in newdelete.qll
 2019-02-21 15:09:49 +01:00