hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
11,879 Commits 1,671 Branches 157 Tags
rc/1.24
Commit Graph

3579 Commits

Author SHA1 Message Date
Jonas Jensen
d19c77d473 C++: Indirection for security.TaintTracking impl 
This change should make it easier to switch to the IR-based
`DefaultTaintTracking` code without getting a large and conflict-prone
diff.
 2020-01-17 12:04:53 +01:00
Marc Waldman
dbe51e070f Merge pull request #2 from marcrepo/patch-2 
Documentation update for Issue #2623
 2020-01-17 04:55:34 -05:00
Marc Waldman
0d409b2d69 Documentation update for Issue #2623 
Changes based on Issue #2623 - DescriptorNeverClosed.ql identifies only sockets (not file handles)
 2020-01-17 04:46:10 -05:00
Marc Waldman
140051cc9a Removed word "file" from description (see Issue 2623) 
This pull request is in reference to Issue #2623 - "DescriptorNeverClosed.ql identifies only sockets (not file handles)"
 2020-01-17 04:38:15 -05:00
Jonas Jensen
5d08a0e338 Merge pull request #2558 from MathiasVP/ast-classes-should-not-be-abstract 
C++: Ast classes should not be abstract
 2020-01-17 08:47:55 +01:00
Mathias Vorreiter Pedersen
e4def730fd C++: Fix alert message 2020-01-16 21:30:14 +01:00
Geoffrey White
3c41ed56a1 CPP: Support taint to return value derefs instead. 2020-01-16 18:15:21 +00:00
Robert Marsh
e0406190a1 Merge branch 'master' into getPhiOperandDefinition-perf-2 2020-01-16 07:23:59 -08:00
Robert Marsh
c942da524c C++/C#: Sync 2020-01-16 07:16:57 -08:00
Robert Marsh
1b5d33023e C++: actually fix Chi total operands 2020-01-16 07:15:08 -08:00
Mathias Vorreiter Pedersen
c1fcf78f16 C++: Fold predicate sameLocation 2020-01-16 16:14:55 +01:00
Mathias Vorreiter Pedersen
04ef4d102d C++: Remove unnecessary testcase 2020-01-16 15:10:37 +01:00
Jonas Jensen
f4d0c5e905 C++ IR: Support for global virtual dispatch 
The IR data flow library now supports virtual dispatch with a library
that's similar to `security.TaintTracking`. In particular, it should
have the same performance characteristics. The main difference is that
non-recursive callers of `flowsFrom` now pass `_` instead of `true` for
`boolean allowFromArg`. This change allows flow through `return` to
actually work.
 2020-01-16 14:51:28 +01:00
Geoffrey White
ef47563139 CPP: Support flow of pointed-to things through function calls. 2020-01-16 11:08:19 +00:00
Mathias Vorreiter Pedersen
87c59e0017 C++: Overrideable taint sources in DefaultTaintTracking 2020-01-16 11:10:43 +01:00
Mathias Vorreiter Pedersen
603b1c26a7 Merge branch 'master' into ast-classes-should-not-be-abstract 2020-01-16 10:16:03 +01:00
Dave Bartolomeo
48301e1187 Merge pull request #2594 from rdmarsh2/ir-overlappingVariableMemoryLocations 
C++: compute overlap on irvars with vvar indexes
 2020-01-15 13:06:33 -07:00
Geoffrey White
04af2ace94 CPP: Add DataFlow to strdup. 2020-01-15 19:18:37 +00:00
Geoffrey White
9b5be995d2 CPP: Split Strdup model into it's own class and file. 2020-01-15 18:38:33 +00:00
Geoffrey White
ce389ca791 CPP: Add tests for strdup. 2020-01-15 18:26:24 +00:00
Robert Marsh
a91f10fe40 Merge pull request #2629 from dbartol/dbartol/missing-vvars 
C++/C#: Fix missing virtual variables
 2020-01-15 08:32:43 -08:00
Tom Hvitved
f7278d36e1 Merge pull request #2498 from aschackmull/java/taint-getter 
Java/C++/C#: Add support for taint-getter/setter summaries in data flow.
 2020-01-15 09:55:19 +01:00
Dave Bartolomeo
e60f902c36 C++/C#: Fix missing virtual variables 
The aliased SSA code was assuming that, for every automatic variable, there would be at least one memory access that reads or writes the entire variable. We've encountered a couple cases where that isn't true due to extractor issues. As a workaround, we now always create the `VariableMemoryLocation` for every local variable.

I've also added a sanity test to detect this condition in the future.

Along the way, I had to fix a perf issue in the PrintIR code. When determining the ID of a result based on line number, we were considering all `Instruction`s generated for a particular line, regardless of whether they were all in the same `IRFunction`. In addition, the predicate had what appeared to be a bad join order that made it take forever on large snapshots. I've scoped it down to just consider `Instruction`s in the same function, and outlined that predicate to fix the join order issue. This causes some numbering changes, but they're for the better. I don't think there was actually any nondeterminism there before, but now the numbering won't depend on the number of instantiations of a template, either.
 2020-01-14 17:57:15 -07:00
Robert Marsh
42be28b211 C++: autoformat 2020-01-14 13:17:57 -08:00
Robert Marsh
5a5832b7de Merge pull request #2569 from jbj/ir-total-chi-flow 
C++: IR data flow through total chi operands
 2020-01-14 12:47:58 -08:00
Geoffrey White
e8139c0f31 CPP: Autoformat. 2020-01-14 14:35:58 +00:00
Geoffrey White
2fa846d1a6 CPP: Correct test. 2020-01-14 14:33:43 +00:00
Geoffrey White
d98d80b07d CPP: Improve locations for AV Rule 114.ql. 2020-01-14 14:33:43 +00:00
Anders Schack-Mulligen
241b8a05e4 Java/C++/C#: Address review comment. 2020-01-14 11:59:55 +01:00
Anders Schack-Mulligen
041bcc5812 Java/C++/C#: Small perf improvement and simplification. 2020-01-13 17:00:56 +01:00
Jonas Jensen
b8ee5a63db Merge pull request #2614 from geoffw0/arithun 
CPP: Speed up ArithmeticUncontrolled.ql
 2020-01-13 15:25:12 +01:00
Jonas Jensen
3183893a98 Merge pull request #2530 from geoffw0/hiddenqueries2 
CPP: Speed up nullCheckAssert in InconsistentCheckReturnNull.ql.
 2020-01-13 15:23:55 +01:00
Mathias Vorreiter Pedersen
1bc3829a72 C++: Use newly created library versions of the 'Underspecified Functions' queries in new ImplicitFunctionDeclaration query 2020-01-13 14:01:01 +01:00
Mathias Vorreiter Pedersen
acb106be44 C++: Fix formatting 2020-01-13 13:20:23 +01:00
Mathias Vorreiter Pedersen
394a864b0a C++: Factored the body of TooManyArguments.ql out into a library file 2020-01-13 11:44:58 +01:00
Mathias Vorreiter Pedersen
6cff36b9c9 C++: Factored the body of TooFewArguments.ql out into a library file 2020-01-13 11:36:22 +01:00
Mathias Vorreiter Pedersen
e2244d41f5 C++: Factored the body of MistypedFunctionArguments.ql out into a library file 2020-01-13 11:34:01 +01:00
Mathias Vorreiter Pedersen
c9439df914 C++: Added query that detects implicit function declarations 2020-01-12 16:28:30 +01:00
Geoffrey White
9176529799 Merge pull request #2599 from MathiasVP/assign-where-compare-meant-false-positives 
Assign where compare meant false positives
 2020-01-10 13:39:39 +00:00
Mathias Vorreiter Pedersen
111f1dbd19 Merge branch 'assign-where-compare-meant-false-positives' of github.com:MathiasVP/ql into assign-where-compare-meant-false-positives 2020-01-10 13:14:00 +01:00
Mathias Vorreiter Pedersen
f80c13abd7 C++: Fixed incorrect comments in testcases 2020-01-10 12:24:43 +01:00
Mathias Vorreiter Pedersen
f181753c35 Typo fix 
Co-Authored-By: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2020-01-10 11:49:03 +01:00
Mathias Vorreiter Pedersen
21c99d1827 Typo fix 
Co-Authored-By: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2020-01-10 11:46:14 +01:00
Robert Marsh
d2b225790a C++: fix chi instr oeprands to chi instrs 2020-01-09 11:48:18 -08:00
Geoffrey White
1d615d311c CPP: Autoformat. 2020-01-09 13:48:58 +00:00
Geoffrey White
f6f7df4e8f CPP: Speed up nullCheckAssert in InconsistentCheckReturnNull.ql. 2020-01-09 13:48:13 +00:00
Geoffrey White
50c0ec1cb1 CPP: Optimize isRandValue. 2020-01-09 12:12:00 +00:00
Robert Marsh
5007fd2aa8 C++: Autoformat and sync 2020-01-08 12:49:51 -08:00
Robert Marsh
e416d75f6f C++: add noopt on getPhiOperandDefinition 2020-01-08 11:36:57 -08:00
Jonas Jensen
8acbb3bfb9 C++: Further simplify a bit 
This changes tuple counts!?
 2020-01-08 11:36:50 -08:00