hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
6,634 Commits 1,671 Branches 157 Tags
rc/1.22
Commit Graph

1985 Commits

Author SHA1 Message Date
Geoffrey White
4ea999872b Merge pull request #1746 from jbj/ast-field-flow-ctor 
C++: Field flow through ConstructorFieldInit
 2019-08-19 09:14:02 +01:00
zlaski-semmle
ce71b45649 Zlaski/cpp386a (#1753) 
* [CPP-386] Cumulative patch.

* Restore dataflow libraries clobbered by my last commit.
 2019-08-19 10:03:18 +02:00
Jonas Jensen
84adeda167 C++: Support flow through LambdaExpression 
I've checked with a temporary workaround for the locations problem that
my annotations in the test cpp files are on the correct lines.
 2019-08-16 16:20:22 +02:00
Geoffrey White
eb39346d85 Merge pull request #1744 from jbj/ast-field-flow-aggregate-init 
C++: Field flow through ClassAggregateLiteral
 2019-08-16 09:56:11 +01:00
Jonas Jensen
ee8c0cb29a C++: Support member initializer lists > 1000 items 2019-08-16 09:36:34 +02:00
Jonas Jensen
503cbf13bb C++: Flow from parameters to ConstructorFieldInit 
Because `ConstructorFieldInit` (member initializer lists) are not part
of the control flow graph, there was no data flow from the initial value
of parameters to their uses in member initializers. This commit adds the
necessary flow under the assumption that parameters are not overwritten
in member initializers.
 2019-08-16 09:10:31 +02:00
Jonas Jensen
45eefdb218 C++: Field flow through ConstructorFieldInit 
This allows a member initializer list to be seen as a sequence of field
assignments. For example, the constructor

    C() : a(taint()) { }

now has data flow similar to

    C() { this.a = taint(); }
 2019-08-16 09:10:17 +02:00
Jonas Jensen
1be2380511 C++: Rephrase ThisFlow to get space for ctor inits 2019-08-16 08:46:11 +02:00
Jonas Jensen
f3f89ffe3f Merge pull request #1742 from geoffw0/lambdataint 
CPP: Tests for taint through lambdas
 2019-08-16 08:45:14 +02:00
Geoffrey White
a6902bdb37 CPP: Test dataflow through lambdas. 2019-08-15 19:43:24 +01:00
Dave Bartolomeo
f1bbc9bb7e Merge pull request #1745 from jbj/ast-field-flow-ABC 
C++: Annotate field-flow tests in [ABC].cpp
 2019-08-15 09:13:26 -07:00
Dave Bartolomeo
230ff92c03 Merge pull request #1743 from nickrolfe/hmap 
C++: delete headermaps test
 2019-08-15 09:01:23 -07:00
Geoffrey White
1bd4aeebad CPP: Effects of #1715. 2019-08-15 14:05:09 +01:00
Geoffrey White
02e1edd640 CPP: Test taint through lambdas. 2019-08-15 14:00:45 +01:00
Geoffrey White
b6cf341124 Merge pull request #1715 from jbj/ast-field-flow 
C++: Initial AST-based flow through fields
 2019-08-15 13:38:58 +01:00
Nick Rolfe
c26aef2381 C++: delete headermaps test 2019-08-15 12:39:58 +01:00
Jonas Jensen
1b4b352316 C++: Field flow through ClassAggregateLiteral 2019-08-15 12:01:42 +02:00
Jonas Jensen
e419ea0140 C++: Test showing no flow through aggregate init 2019-08-15 11:33:25 +02:00
Jonas Jensen
fdd8de79da C++: Remove redundant toString override 
This time I left a comment to prevent myself from getting confused again
and adding the override in the future.
 2019-08-15 11:32:11 +02:00
Jonas Jensen
ed1e3ed1ef C++: Annotate field-flow tests in [ABC].cpp 
This brings the annotation style in sync with how we annotate new tests
these days. I also changed a few annotations to have different expected
outcome based on my understanding of the code.
 2019-08-15 10:30:46 +02:00
Jonas Jensen
e94dbe926b C++: Add forgotten toString override 
This makes `PostConstructorCallNode`s show up in the test output.
 2019-08-14 16:26:49 +02:00
Anders Schack-Mulligen
1938ac4937 Java/C++/C#: Sync. 2019-08-14 10:32:15 +02:00
yh-semmle
badfc23ce4 Merge pull request #1718 from aschackmull/java/barrierguard 
Java/C++/C#: Add support for BarrierGuards.
 2019-08-13 14:11:54 -04:00
Anders Schack-Mulligen
411bc16f44 Java/C++/C#: Address review comment. 2019-08-13 16:57:48 +02:00
Anders Schack-Mulligen
9e902066ad Java/C++/C#: Elaborate qldoc. 2019-08-13 16:57:48 +02:00
Anders Schack-Mulligen
4550175b16 Java/C++/C#: Add support for BarrierGuards. 2019-08-13 16:57:48 +02:00
Jonas Jensen
e93598e476 Merge pull request #1716 from geoffw0/qldoceg4 
CPP: Add syntax examples to QLDoc in Function.qll
 2019-08-13 16:27:20 +02:00
Geoffrey White
e4bbfb9a79 CPP: Corrections. 2019-08-13 11:25:39 +01:00
Tom Hvitved
36043d04bd Merge pull request #1729 from xiemaisi/data-flow-nodes-location 
Java/C++/C#: Provide path-node locations via `hasLocationInfo`, not `getLocation`.
 2019-08-13 12:22:59 +02:00
Geoffrey White
95749bdff8 CPP: Examples Stmt.qll. 2019-08-13 10:56:59 +01:00
Jonas Jensen
38ec693ead C++: Improved ConstructorCall field flow 
This commit changes C++ `ConstructorCall` to behave like
`new`-expressions in Java: they are both `ExprNode`s and
`PostUpdateNodes`, and there's a "pre-update node" (here called
`PreConstructorCallNode`) to play the role of the qualifier argument
when calling a constructor.
 2019-08-13 11:05:13 +02:00
Jonas Jensen
18c3bfe596 Merge pull request #1731 from geoffw0/qldoceg5 
CPP: Add syntax examples to QLDoc in Initializer.qll, Parameter.qll
 2019-08-13 08:52:05 +02:00
Jonas Jensen
1f1824cb9b C++: Exclude BlockVar computation for "large" vars 2019-08-12 16:53:48 +02:00
Geoffrey White
beada95014 CPP: Examples Block.qll. 2019-08-12 15:08:37 +01:00
Dave Bartolomeo
5d6ac2bb74 Merge pull request #1583 from jbj/ir-sanity-qlcfg 
C++: Share tests between IR and QL-CFG
 2019-08-12 07:04:40 -07:00
Jonas Jensen
3f531380d1 C++: Reduce number of SubBasicBlocks in FlowVar 
by cutting basic blocks at the same place for the `x.a` partial
definition in `x.a = ...` as they were already cut for assignment to
`a`.
 2019-08-12 15:58:35 +02:00
Dave Bartolomeo
19d2f3a54e Merge pull request #1550 from jbj/array-aggregate-perf 
C++ IR: Fix performance of large value-initialized arrays
 2019-08-12 06:53:16 -07:00
Geoffrey White
2d2890e401 CPP: Add examples Parameter.qll. 2019-08-12 13:29:07 +01:00
Geoffrey White
ceec0278e5 CPP: Add examples Initializer.qll. 2019-08-12 13:16:34 +01:00
Max Schaefer
eb8087f4ea Java/C++/C#: Provide path-node locations via hasLocationInfo, not getLocation. 2019-08-12 12:52:30 +01:00
Jonas Jensen
0652d2a92b Merge pull request #1705 from geoffw0/qldoceg2 
CPP: Add syntax examples to QLDoc in Enum.qll.
 2019-08-12 13:39:05 +02:00
Geoffrey White
dc1ec635fb CPP: Undo an accidentally committed change to the test. 2019-08-12 11:17:02 +01:00
Jonas Jensen
5724fb0df0 Merge pull request #1706 from geoffw0/qldoceg3 
CPP: Add syntax examples to QLDoc in Struct.qll, Union.qll.
 2019-08-12 07:57:40 +02:00
Geoffrey White
208f533245 CPP: Brace placement. 2019-08-09 17:48:57 +01:00
Geoffrey White
11d17b891e CPP: Brace placement. 2019-08-09 17:44:55 +01:00
Geoffrey White
e149b6a332 CPP: Brace placement. 2019-08-09 17:42:02 +01:00
Jonas Jensen
0507d51f0c C++: Prune getAReachedBlockVarSBB using live vars 
On a Postgres snapshot, where the `getAReachedBlockVarSBB` predicate
performs badly because of a Yacc-generated 20,000-line parser loop, that
predicate is reduced from 4m22s to 1m32s plus 5.2s for the live
variables analysis.

This change removes 17,142 rows from `BlockVar.getAnAccess` on Postgres.
I sampled some of them, and they were all of the following form:

    while (...) {
      T x;
      f1(&x); // access
      f2(&x); // definition
    }

Such accesses are ruled out now because we deliberately lose track of
variables when they go out of scope.
 2019-08-09 16:06:28 +02:00
Jonas Jensen
b348803a66 Merge pull request #1594 from geoffw0/erafix7 
CPP: Add test coverage for LeapYearFieldAccess.isModifiedByArithmeticOperation.
 2019-08-09 15:57:35 +02:00
Jonas Jensen
8aa24fe5c9 C++: Improve QLDoc on assignmentLikeOperation 2019-08-09 15:06:19 +02:00
Geoffrey White
67eb37f460 CPP: Update test annotations. 2019-08-09 09:31:47 +01:00