hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
6,634 Commits 1,671 Branches 157 Tags
rc/1.22
Commit Graph

1985 Commits

Author SHA1 Message Date
Geoffrey White
e143870b65 CPP: Pavel's sketch implementation. 2019-06-10 15:33:12 +01:00
Geoffrey White
2f36d81137 CPP: Add cases for fields. 2019-06-10 15:07:52 +01:00
Geoffrey White
d3f98a5a74 CPP: Create a direct test of Variable.getAnAssignedValue(). 2019-06-10 14:33:14 +01:00
Geoffrey White
3deff9c578 CPP: Fix in dataflow. 2019-06-10 12:01:14 +01:00
Geoffrey White
d51f870053 CPP: Add test cases. 2019-06-10 12:01:13 +01:00
Nick Rolfe
2622df0262 Merge pull request #1411 from ian-semmle/qlcfg3 
C++: QL CFG: Use synthetic_destructor_call table rather than SyntheticDestructorCalls
 2019-06-07 16:22:24 +01:00
Ian Lynagh
46cce36552 C++: Add an upgrade script 2019-06-07 14:00:52 +01:00
Ian Lynagh
fa604a393b C++: Some tidyups following review comments 2019-06-07 14:00:52 +01:00
Ian Lynagh
896e64b987 C++: Update stats 2019-06-07 14:00:52 +01:00
Ian Lynagh
a14379b860 C++: Document external package tables in dbscheme 2019-06-07 14:00:52 +01:00
Ian Lynagh
79b08d2792 C++: Remove SyntheticDestructorCalls 
It is now replace by the synthetic_destructor_call table.
 2019-06-07 14:00:52 +01:00
Ian Lynagh
03f555dda5 C++: Update test output following QLCFG changes 2019-06-07 14:00:52 +01:00
Ian Lynagh
93afadf09a C++: Add and use synthetic_destructor_call table 2019-06-07 14:00:52 +01:00
Jonas Jensen
cf96035d8c C++: Suspicious pointer scaling: @precision medium 
This query is not producing good enough results to justify `@precision
high`. It's fundamentally looking for a pattern that should correlate
with memory management errors, but it doesn't look for the errors
themselves.
 2019-06-06 21:08:20 -07:00
Ziemowit Laski
8f79cdb1fb [CPP-370] Add an additional test case. 2019-06-04 16:19:01 -07:00
Ziemowit Laski
d86557cfcb Adjust .expected output. 2019-06-04 12:57:43 -07:00
Ziemowit Laski
37fe68c656 Improve Element::toString() performance by removing recursion 
in TypeMention::toString().
 2019-06-04 12:57:43 -07:00
zlaski-semmle
51e543a41d Merge branch 'master' into zlaski/cpp370 2019-06-04 09:47:30 -07:00
Nick Rolfe
8e7521d6b8 C++: add missing close-paragraph tag to qhelp 2019-06-04 11:27:34 +01:00
Max Schaefer
5f32e1f637 CPP: Fix name of example file in qhelp. 
This seems to have been missed in https://github.com/Semmle/ql/pull/1315.
 2019-06-03 08:54:54 +01:00
semmle-qlci
79406f8387 Merge pull request #987 from rdmarsh2/rdmarsh/cpp/ir-asm-stmt 
Approved by dave-bartolomeo
 2019-06-03 07:03:28 +01:00
Jonas Jensen
c9a0eed6e8 Merge pull request #1379 from geoffw0/ctime-repair 
CPP: Add DangerousFunctionOverflow.ql to the security suite.
 2019-06-02 09:56:01 +02:00
Robert Marsh
4371d02a1f C++: accept SignAnalysis.expected 2019-05-31 13:35:05 -07:00
Robert Marsh
5dd8c9cd4e C++: revert InlineAsm subclassing SideEffectOpcode 2019-05-31 13:28:26 -07:00
Robert Marsh
2770b2a9b9 C++: respond to PR comments 2019-05-31 13:19:40 -07:00
Robert Marsh
98d6f5919f C++: Treat asmStmt operands as input/output in IR 2019-05-31 12:51:44 -07:00
Robert Marsh
66d1efdb97 C++: respond to PR comments 2019-05-31 12:42:04 -07:00
Dave Bartolomeo
0bfc559cb1 Apply suggestions from code review 
Co-Authored-By: rdmarsh2 <rdmarsh2@gmail.com>
 2019-05-31 12:29:23 -07:00
Robert Marsh
23560436a7 C++: add minimal AsmStmt support to IR 2019-05-31 12:29:19 -07:00
semmle-qlci
3851261230 Merge pull request #1378 from jbj/hasQualifiedName-inline-namespace 
Approved by dave-bartolomeo
 2019-05-31 19:39:42 +01:00
semmle-qlci
d741e0b20c Merge pull request #1382 from jbj/redundant-null-check-gvn 
Approved by dave-bartolomeo
 2019-05-31 16:28:01 +01:00
Jonas Jensen
fff6c386c9 Merge pull request #1381 from dave-bartolomeo/dave/CopyCtor 
C++: Make `constructor-used-as-copy-constructor` warning/low
 2019-05-31 09:15:37 +02:00
Robert Marsh
6167a556fd Merge pull request #1380 from dave-bartolomeo/dave/RangeFor 
C++: IR support for range-based `for` loops
 2019-05-30 17:21:42 -07:00
Dave Bartolomeo
e90403be31 C++: Make constructor-used-as-copy-constructor warning/low 
This query is supposed to look for constructors that unintentionally qualify as copy constructors due to default arguments. There are quite a few real-world projects that define such constructors intentionally. I've reduced the severity to "warning" and the precision to "low" due to the high false positive rate.
 2019-05-30 08:33:26 -07:00
Geoffrey White
d672a6e13e Merge pull request #1376 from jbj/getName-direct 
C++: Use Definition.qll's getName
 2019-05-30 10:01:12 +01:00
Jonas Jensen
2b424bfb81 C++: Clarify getAQualifierForMembers 2019-05-30 10:06:35 +02:00
Jonas Jensen
4f304fcbf7 C++: Fix join order in RedundantNullCheckSimple 
The join order broke again after the last change.
 2019-05-30 09:43:56 +02:00
Jonas Jensen
a61aec9e63 C++: Fix ValueNumbering for CopyInstruction 
Querying for overlap type wasn't possible when this library was first
written. This change fixes FPs in `RedundantNullCheckSimple.ql` on
Wireshark and other real-world projects.
 2019-05-30 09:42:46 +02:00
Jonas Jensen
120df6054b C++: Demonstrate a FP due to GVN 2019-05-30 09:41:42 +02:00
Jonas Jensen
2e7daf2308 C++: Use GVN in RedundantNullCheckSimple 2019-05-30 09:41:42 +02:00
Dave Bartolomeo
aff85c5b24 C++: IR support for range-based for loops 
IR construction was missing support for C++ 11 range-based `for` loops. The extractor generates ASTs for the compiler-generated implementation already, so I had enough information to generate IR. I've expanded on some of the predicates in `RangeBasedForStmt` to access the desugared information.

One complication was that the `DeclStmt`s for the compiler-generated variables seem to have results for `getDeclaration()` but not for `getDeclarationEntry()`. This required handling these slightly differently than we do for other `DeclStmt`s.

The flow for range-based `for` is actually easier than for a regular `for`, because all three components (init, condition, and update) are always present.
 2019-05-29 14:40:29 -07:00
Geoffrey White
665510a13c CPP: Add DangerousFunctionOverflow.ql to the security suite. 2019-05-29 16:36:02 +01:00
Jonas Jensen
df4c57648c C++: Support inline namespaces in hasQualifiedName 2019-05-29 15:22:42 +02:00
Jonas Jensen
4bb65fddf7 C++: Test that hasQualifiedName/3 ignores inline 2019-05-29 15:22:42 +02:00
Jonas Jensen
f8644b1023 C++: Use Definition.qll's getName 
It turns out we didn't have to move the `getName` implementation into
the mirror classes in `QualifiedName`. Doing so only made it harder for
the optimiser to specialize calls to `getName` on various kinds of
`Declaration`.
 2019-05-29 14:18:10 +02:00
Jonas Jensen
b4f19eebdd C++: Revert the getName() changes 
This reverts the `getName()` parts of 56e88cbac0 and 0a2e28858a.
 2019-05-29 14:15:45 +02:00
Geoffrey White
6c267f4957 CPP: Fix qhelp. 2019-05-29 10:35:49 +01:00
Geoffrey White
76d18b42b8 CPP: Repair getQualifiedName changes from elsewhere. 2019-05-29 10:35:49 +01:00
Geoffrey White
eb880c3f9f CPP: Reference URLs. 2019-05-29 10:35:49 +01:00
Geoffrey White
dc44d686d4 CPP: Update CWE tag. 2019-05-29 10:35:49 +01:00