hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,671 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

4510 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
a305d39111 Merge pull request #3577 from dbartol/github/codeql-c-analysis-team/69 
C++: Fix `MemoryLocation` with multiple `VirtualVariables`
 2020-05-29 09:40:58 +02:00
Mathias Vorreiter Pedersen
0467995f4f C++: Make explicit that O_CREAT and O_EXCL are Linux-specific 2020-05-29 09:36:08 +02:00
Jonas Jensen
9813258a3e Merge remote-tracking branch 'upstream/master' into Expr-location-workaround 
Conflicts and semantic conflicts in `library-tests/dataflow/fields` and
`library-tests/ir/ir`.
 2020-05-29 08:44:37 +02:00
Jonas Jensen
87ad519541 Merge pull request #3569 from geoffw0/strftime 
C++: Taint flow consistency change for strftime
 2020-05-29 08:05:25 +02:00
Robert Marsh
a638a08bc5 C++: autoformat 2020-05-28 17:06:14 -07:00
Robert Marsh
f82c97b84a C++: fix IR control flow for cast in placement new 2020-05-28 16:53:21 -07:00
Robert Marsh
732da9cc4c Merge pull request #3586 from MathiasVP/qldoc-for-remaining-controlflow 
C++: QLDoc for the remaining elements in the controlflow directory
 2020-05-28 15:59:19 -07:00
Robert Marsh
a897caec76 C++: outbound dataflow via this indirections 2020-05-28 15:30:41 -07:00
Robert Marsh
7dc30e3fdc C++: add output indirections for this 2020-05-28 15:30:41 -07:00
Dave Bartolomeo
476f27e427 Merge from master 2020-05-28 17:27:08 -04:00
Robert Marsh
693789c2cc Merge branch 'master' into ir-this-parameter 
Bring in new tests so their output can be fixed
 2020-05-28 08:32:10 -07:00
Mathias Vorreiter Pedersen
7b2c9c5aed C++: Add quotes to improve readability. 2020-05-28 16:48:48 +02:00
Mathias Vorreiter Pedersen
5fb79cde9a C++: Sync identical files 2020-05-28 16:45:52 +02:00
Mathias Vorreiter Pedersen
0671586aac C++: QLDoc for the remaining elements in the controlflow directory 2020-05-28 16:35:46 +02:00
Geoffrey White
6fcfd0310f C++: Autoformat. 2020-05-28 15:23:48 +01:00
Geoffrey White
c9e1ccf320 Merge branch 'master' into strftime 2020-05-28 15:22:16 +01:00
Jonas Jensen
688f540843 Merge pull request #3582 from MathiasVP/qldoc-for-controlflow 
C++: QLDoc for BasicBlock, ControlFlowGraph and Dataflow
 2020-05-28 13:52:43 +02:00
Mathias Vorreiter Pedersen
1ef0643b60 C++: QLDoc for Constants 2020-05-28 12:24:23 +02:00
Mathias Vorreiter Pedersen
52da5755b3 C++: Respond to review comments. 2020-05-28 11:20:13 +02:00
Mathias Vorreiter Pedersen
3d27b6bbde C++: QLDoc for BasicBlock, ControlFlowGraph and Dataflow 2020-05-28 10:10:26 +02:00
Jonas Jensen
6eaf64c896 Merge remote-tracking branch 'upstream/master' into Expr-location-workaround 2020-05-28 09:37:15 +02:00
Robert Marsh
54ed5d647a C++:autoformat 2020-05-27 19:30:02 -07:00
Robert Marsh
58673c449a C++: switch to TranslatedThisParameter 2020-05-27 19:29:29 -07:00
Robert Marsh
593d4c0f32 Merge pull request #3567 from MathiasVP/ir-partial-definition 
Implement `asPartialDefinition` for IR dataflow nodes
 2020-05-27 13:51:41 -07:00
Dave Bartolomeo
533eeff7e8 C++: Fix MemoryLocation with multiple VirtualVariables 
While investigating a bug with `TInstruction` sharing, I discovered that we had a case where alias analysis could create two `VirtualVariable`s for the same `Allocation`. For an indirect parameter allocation, we were using the type of the pointer variable as the type of the indirect allocation, instead of just `Unknown`. If the `IRType` of the pointer variable was the same type as the type of at least one access to the indirect allocation, we'd create both an `EntireAllocationVirtualVariable` and a `VariableVirtualVariable` for the allocation.

I added a new consistency test to guard against this in the future. This also turned out to be the root cause of the one existing known consistency failure in the IR tests.
 2020-05-27 14:06:59 -04:00
Mathias Vorreiter Pedersen
bd97fe627c Merge branch 'master' into remove-field-conflation-from-ir-fieldflow 2020-05-27 17:08:19 +02:00
Robert Marsh
b45473ec4c C++: more specific type in IndirectParameterAlloc 2020-05-26 14:07:26 -07:00
Robert Marsh
70f62538af C++: autoformat 2020-05-26 14:06:22 -07:00
Robert Marsh
fb46002332 C++: Fix ThisParameterNode after IR changes 2020-05-26 13:35:08 -07:00
Robert Marsh
43520b8f9b C++/C#: Fix copy/pasted qldoc 2020-05-26 09:47:30 -07:00
Geoffrey White
1baf14461d C++: Add a definition of taint to the models library. 2020-05-26 17:44:17 +01:00
Robert Marsh
2429e22709 Merge pull request #3548 from dbartol/github/codeql-c-analysis-team/69 
C++: Fix duplicate result types
 2020-05-26 09:44:12 -07:00
Geoffrey White
965d4829b5 C++: Consistency. 2020-05-26 17:43:40 +01:00
Geoffrey White
dea7be0884 Merge pull request #3557 from jbj/qldoc-external 
C++: QLDoc for legacy libraries in `external` dir
 2020-05-26 15:01:03 +01:00
Mathias Vorreiter Pedersen
08fa3141cd C++: Fix accidential removal of private annotations 2020-05-26 14:15:46 +02:00
Jonas Jensen
5deeda0337 Merge pull request #3387 from geoffw0/tostringperf 
C++: Eliminate recursion from toString().
 2020-05-26 13:24:43 +02:00
Mathias Vorreiter Pedersen
251240376b C++: Fix asPartialDefinition for IR dataflow nodes and accept testcases 2020-05-26 13:14:38 +02:00
Mathias Vorreiter Pedersen
b205d36933 C++: Remove chi -> load rule from simpleLocalFlowStep and accept tests 2020-05-26 11:40:26 +02:00
Mathias Vorreiter Pedersen
5fb76df44f Merge pull request #3556 from jbj/qldoc-CodeDuplication 
C++/JavaScript: Improve CodeDuplication.qll QLDoc
 2020-05-26 09:17:28 +02:00
semmle-qlci
64aefc612f Merge pull request #3554 from jbj/too-few-arguments-ambiguous 
Approved by dbartol
 2020-05-26 07:26:53 +01:00
Dave Bartolomeo
5c20d56134 Merge pull request #3558 from jbj/qldoc-default-objc 
C++: Properly deprecate objc.qll and default.qll
 2020-05-25 14:31:25 -04:00
Dave Bartolomeo
12688f80ce Merge pull request #3559 from jbj/vcs-remove 
C++: Remove VCS.qll and all queries using it
 2020-05-25 14:30:31 -04:00
Jonas Jensen
e28ed848a4 C++: Remove VCS.qll and all queries using it 
All these queries have been deprecated since 2018. There is
unfortunately no way to deprecate a library, but it's been years since
we populated any databases using the VCS library, so nobody should be
using it.
 2020-05-25 19:28:06 +02:00
Jonas Jensen
5fc2a3de92 C++: QLDoc for default.qll and objc.qll 
These are both deprecated.
 2020-05-25 19:05:41 +02:00
Jonas Jensen
357e14b2d2 C++: QLDoc for legacy libraries in external dir 
These docs were taken from the corresponding files in JavaScript, and
parameter names were changed to match.
 2020-05-25 19:03:14 +02:00
Jonas Jensen
6fc9e1d84c C++/JavaScript: Improve CodeDuplication.qll QLDoc 
I took most of the docs from the corresponding predicates in
JavaScript's `CodeDuplication.qll`. Where JavaScript had a corresponding
predicate but didn't have QLDoc, I added new QLDoc to both.
 2020-05-25 18:59:48 +02:00
Jonas Jensen
bc09720704 Merge pull request #3479 from geoffw0/fp2762 
C++: Allow equality to block taint (security taint tracking)
 2020-05-25 15:11:10 +02:00
Jonas Jensen
3d58e6f7af Merge pull request #3515 from hvitved/dataflow/remove-deprecated 
Data flow: Remove deprecated predicates
 2020-05-25 15:08:28 +02:00
Jonas Jensen
b4c32a00d8 C++: Fix up QLDoc in TooFewArguments.qll 2020-05-25 14:49:02 +02:00
Jonas Jensen
b1edc1d255 C++: Only give alert when no def fits arg count 
The `cpp/too-few-arguments` query produced alerts for ambiguous
databases where a function had multiple possible declarations, with some
declarations having the right number of parameters and some having too
many. With this change, the query errs on the side of caution in those
cases and does not produce an alert.

This fixes false positives on racket/racket.

The new `hasDefiniteNumberOfParameters` is exactly the negation of the
old `hasZeroParamDecl`.
 2020-05-25 14:48:57 +02:00