hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
18,459 Commits 1,671 Branches 157 Tags
revert-4738-feature/revert-relational-pattern
Commit Graph

782 Commits

Author SHA1 Message Date
Jonas Jensen
718f4cd3f9 C++: Speed up SuspiciousAddWithSizeof select 
This `select` clause had become very slow after we started caching
`ElementBase::toString` because the query used string concatenation to
produce alert messages, and those string concatenations were done very
early in the pipeline, producing lots of strings that would be discarded
moments later.

By using `$@` to interpolate elements into strings, the concatenation is
done outside of QL.

Testing on a Chromium snapshot, this commit takes us from

    #select#ff ................ 6m2s

to

    #select#cpe#134#fff ....... 15.2s
 2020-04-24 16:18:18 +02:00
Dave Bartolomeo
163ecd97de Merge pull request #3277 from geoffw0/rangeshift 
C++: Support for & and >> in SimpleRangeAnalysis
 2020-04-22 11:36:36 -04:00
Geoffrey White
de751b0b75 C++: Correct UnsignedBitwiseAndExpr. 2020-04-17 17:10:59 +01:00
Geoffrey White
01d3257d72 C++: Add test cases involving casts. 2020-04-17 17:01:58 +01:00
Geoffrey White
24d7446976 C++: Basic model of '&' and '>>' in SimpleRangeAnalysis. 2020-04-16 11:17:29 +01:00
Geoffrey White
2acbdecfdb C++: Add test cases. 2020-04-16 11:11:58 +01:00
Geoffrey White
b8acd702d6 C++: Rename the test for consistency. 2020-04-15 12:49:07 +01:00
Geoffrey White
2aa64db40e Merge remote-tracking branch 'upstream/rc/1.24' into alloc-size2 2020-04-15 10:09:54 +01:00
Geoffrey White
a7979fdc12 C++: Base results purely on allocations now, not multiplications by a sizeof. 2020-04-09 15:05:29 +01:00
Geoffrey White
febbbc4423 C++: Additional test cases. 2020-04-09 15:03:35 +01:00
Robert Marsh
c38ccaaab6 Merge branch 'master' into rdmarsh/cpp/ir-flow-through-outparams 2020-04-08 12:32:35 -07:00
Jonas Jensen
42e9d1416b Merge pull request #3206 from geoffw0/newfreefix 
C++: Fix `cpp/new-free-mismatch` false positives
 2020-04-08 08:39:43 +02:00
Geoffrey White
66a0b7884e Merge branch 'master' into alloc-size 2020-04-07 17:12:35 +01:00
Geoffrey White
8059d69bbd C++: Model calls to operator new / delete for NewFreeMismatch.ql. 2020-04-06 14:27:05 +01:00
Geoffrey White
3e9f9645ae C++: Exclude calls to operator new / delete from NewFreeMismatch.ql. 2020-04-06 14:08:00 +01:00
Geoffrey White
97cdcbee63 C++: Test for NewFreeMismatch.ql with operator new / delete. 2020-04-06 13:57:28 +01:00
Jonas Jensen
530d4294b0 Merge remote-tracking branch 'upstream/master' into DefaultTaintTracking-Configuration 2020-04-05 07:27:07 +02:00
Jonas Jensen
58366b19e9 C++: Path explanations in the last two queries 
For some reason I thought that these two queries were special because
they manipulate `SecurityOptions` to change the taint-tracking sources.
It turns out it was just the opposite: the queries used to be special
because they invalidated the cache for the `tainted` predicate, but that
predicate is no longer used, so these queries are no longer special.
 2020-04-04 16:47:06 +02:00
Jonas Jensen
54a23a486a C++: Accept test changes for 108d5177b8 2020-04-04 16:46:59 +02:00
Jonas Jensen
5822cd7b84 C++: Put paths in the remaining LGTM-suite queries 2020-04-03 17:10:47 +02:00
Jonas Jensen
3ec1f691c2 C++: First query with flow-paths through globals 2020-04-03 16:45:00 +02:00
Jonas Jensen
469bdae9b2 C++: More helpful toString for def. by ref. node 2020-04-03 16:37:23 +02:00
Jonas Jensen
36da2d1dae C++: Manipulate the source end of paths too 
Without this, we get duplicate alerts in some cases and
unnatural-looking source nodes in other cases. The source nodes were
often `Conversion`s.
 2020-04-03 16:37:23 +02:00
Robert Marsh
a061811939 Merge branch 'master' into rdmarsh/cpp/ir-flow-through-outparams 
Pick up new test for user-defined swap functions
 2020-04-01 17:32:55 -07:00
Jonas Jensen
207c76b855 C++: Path explanations in DefaultTaintTracking 
The first three queries are migrated to use path explanations.
 2020-04-01 20:51:05 +02:00
Geoffrey White
6b5f4d9e12 Merge branch 'master' into av114 2020-04-01 18:23:21 +01:00
Robert Marsh
25f3f67c4a Merge branch 'master' into rdmarsh/cpp/ir-flow-through-outparams 
Fixes test conflicts and reveals a bug in parameter handling
 2020-03-31 12:54:00 -07:00
Dave Bartolomeo
bebf89fed5 C++: Accept test diffs 
All changes look like real improvements.
 2020-03-23 17:20:19 -04:00
Robert Marsh
59a81d8445 C++: merge from master and accept test changes 2020-03-18 13:47:01 -07:00
Jonas Jensen
f1ad0dafdc Merge pull request #2849 from geoffw0/model-gets 
C++: Model for gets
 2020-03-18 11:06:23 +01:00
Geoffrey White
034f7cc948 Merge branch 'master' into model-gets 2020-03-16 15:12:36 +00:00
Geoffrey White
2cee756587 C++: Support the mirror case with <=. 2020-03-16 13:22:00 +00:00
Geoffrey White
dcf2f7f19c C++: Add some test cases for the mirror case, with <=. 2020-03-16 13:22:00 +00:00
Geoffrey White
3d8633f701 C++: Additional test cases for the recursive bit of UnsignedGEZero. 2020-03-16 13:22:00 +00:00
Mathias Vorreiter Pedersen
e1942bbee1 C++: Fix false positives 2020-03-13 17:09:57 +01:00
Mathias Vorreiter Pedersen
cc25298f67 C++: Demonstrate false positives when a const variable is initialized in a parameter list 2020-03-13 17:00:54 +01:00
Robert Marsh
9f1833af76 Merge branch 'master' into rdmarsh/cpp/ir-flow-through-outparams 2020-03-12 15:09:58 -07:00
Geoffrey White
f4a1b41094 C++: Correct hasUpperBoundsCheck. 2020-03-12 15:45:01 +00:00
Geoffrey White
26ed560bd7 C++: Add new test cases. 2020-03-12 15:45:01 +00:00
Geoffrey White
263e51f72e C++: Clean up the test. 2020-03-12 15:45:00 +00:00
Jonas Jensen
917b984909 Merge pull request #3050 from geoffw0/mismatching_placement_new 
C++: Fix mismatching new/free FP in template code.
 2020-03-12 12:42:29 +01:00
Geoffrey White
b2c5ce8dbd C++: Exclude code in templates. 2020-03-11 18:11:45 +00:00
Geoffrey White
d454c8457d C++: Test case. 2020-03-11 18:09:09 +00:00
Robert Marsh
bba6b23019 Merge branch 'master' into rdmarsh/cpp/ir-flow-through-outparams 2020-03-10 11:12:19 -07:00
Jonas Jensen
28a9baba36 Merge pull request #3026 from MathiasVP/simplerangeanalysis-const-var-access 
C++: Handle constant variable accesses in SimpleRangeAnalysis.qll
 2020-03-10 11:22:33 +01:00
Mathias Vorreiter Pedersen
1a5282ae21 C++: Add testcase that previously resulted in a false positive 2020-03-09 22:33:59 +01:00
Mathias Vorreiter Pedersen
3973a50c9b C++: Add testcase for cpp/uncontrolled-allocation-size 2020-03-04 15:51:14 +01:00
Robert Marsh
4333fe7905 Merge branch 'master' into rdmarsh/cpp/ir-flow-through-outparams 2020-02-26 13:15:27 -08:00
Geoffrey White
4af0193c98 C++: Modify the argvlocal tests. 2020-02-24 16:51:47 +00:00
Geoffrey White
9f271949d5 C++: Adjust layout of the argvlocal test. 2020-02-24 15:52:31 +00:00