hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,671 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

4510 Commits

Author SHA1 Message Date
Robert Marsh
b4a947ddf1 C++: add getIRVariable for this temp variables 2020-05-22 15:43:34 -07:00
Robert Marsh
8a53dc882d C++: treat this as a parameter in IR 2020-05-22 15:35:34 -07:00
Dave Bartolomeo
df834ac031 C++: Fix duplicate result types 
In a couple of cases, we use `glval<unknown>` as the result type of an instruction because we can't come up with anything better. Two examples are the result of `VariableAddress[#ellipsis]`, and the address of the temp variable that holds the lvalue result of the conditional operator in `(a ? b : c) = y`. In both cases, we call `getTypeForGLValue(any(UnknownType t))`, but that would have multiple results because `result.hasType(any(UnknownType t), true)` also holds for `CppFunctionGLValueType`. I tightened the result type to ensure we get the right one.
 2020-05-22 16:20:33 -04:00
Geoffrey White
0f4723aee4 Merge pull request #3520 from dbartol/github/codeql-c-analysis-team/79 
C++: Mark deprecated overrides as deprecated
 2020-05-21 14:55:39 +01:00
Dave Bartolomeo
5641b2c140 C++: Remove deprecated predicate from File 2020-05-20 14:14:49 -04:00
Dave Bartolomeo
ff1e70efce C++: Undo changes to shared XML.qll 2020-05-20 14:14:31 -04:00
Mathias Vorreiter Pedersen
218a3cf93d C++: Remove field conflation 2020-05-20 18:18:26 +02:00
Geoffrey White
f2436ff713 C++: Autoformat. 2020-05-20 12:39:54 +01:00
Robert Marsh
28c2acabe5 Merge pull request #3505 from dbartol/github/codeql-c-analysis-team/69 
C++/C#: Remove `UnmodeledDefinition` instruction
 2020-05-19 17:17:53 -07:00
Dave Bartolomeo
3832d4cae6 C++: Mark deprecated overrides as deprecated 
The QL compiler is about to be changed to emit a warning when overriding a deprecated predicate. This PR marks the existing overrides of deprecated predicates as `deprecated` themselves, which avoids the warning.

The `Print.qll` models seem to preserve the `isWideCharDefault()` predicate for backwards compatibility, so we can't remove them and must continue overriding them.

The `XML.qll` override is necessary because both superclasses declare the `getName()` predicate. One is `deprecated`, and the other is `abstract`, so we have to have an override.
 2020-05-19 16:33:33 -04:00
Geoffrey White
fdf4e83c25 C++: Solve tuple count bulge that may affect performance. 2020-05-19 16:59:37 +01:00
Tom Hvitved
431403f5db Data flow: Remove deprecated predicates 2020-05-19 15:42:59 +02:00
Jonas Jensen
5318d42c4f Merge remote-tracking branch 'upstream/rc/1.24' into mergeback-2020-05-19 2020-05-19 14:42:58 +02:00
Geoffrey White
7d630c458e Merge branch 'master' into fp2762 2020-05-19 11:43:50 +01:00
Dave Bartolomeo
d6ef94a4c7 C++: Remove dead comment 2020-05-18 23:05:19 -04:00
Dave Bartolomeo
01c2f0ce01 C++/C#: Fix formatting 2020-05-18 18:02:00 -04:00
Dave Bartolomeo
42c659b8f2 C++/C#: Remove UnmodeledDefinition instruction 2020-05-18 15:08:50 -04:00
Dave Bartolomeo
35868d4e5b C++/C#: Change dump of unmodeled use to m? 
This is kind of inconsequential on its own, but will make the test diffs easier to understand once the next commit removes `UnmodeledDefinition`.
 2020-05-18 10:47:43 -04:00
Jonas Jensen
76e194c8be C++: Fix struct field conflation in IR data flow 
The virtual-dispatch code for globals was missing any relationship
between the union field access and the global variable, which meant it
propagated function-pointer flow between any two fields of a global
struct. This resulted in false positives from
`cpp/tainted-format-string` on projects using SDL, such as
WohlSoft/PGE-Project.

In addition to fixing that bug, this commit also brings the code up to
date with the new style of modeling flow through global variables:
`DataFlow::Node.asVariable()`.
 2020-05-18 16:24:22 +02:00
Mathias Vorreiter Pedersen
a42d80aa14 Merge pull request #3481 from dbartol/github/codeql-c-analysis-team/69 
C++/C#: Allow memory operands to lack a definition
 2020-05-16 11:53:00 +02:00
Dave Bartolomeo
96c87b309b C++/C#: Use unique to get a better join order 
The previous changes made the optimizer choose a bad join order for the RHS of the antijoin in `addressOperandAllocationAndOffset`. Once again, `unique` to the rescue.
 2020-05-15 17:36:43 -04:00
Jonas Jensen
b08de6c051 Merge pull request #3482 from MathiasVP/getlim-taint-source 
C++: Add GetDelim as taint step
 2020-05-15 15:54:29 +02:00
Tom Hvitved
cd9538d0d9 Merge remote-tracking branch 'upstream/master' into dataflow/precise-field-types 2020-05-15 15:24:05 +02:00
Dave Bartolomeo
89ec60c948 C++/C#: Add missing QLDoc 2020-05-15 09:01:16 -04:00
Dave Bartolomeo
bcddaf4c29 C++/C#: Fix formatting 2020-05-15 08:56:32 -04:00
Mathias Vorreiter Pedersen
7502c6f821 Set mustWrite to false in response to PR feedback 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2020-05-15 14:32:46 +02:00
Jonas Jensen
8a0af0bcac Merge pull request #3465 from MathiasVP/remove-abstract-from-access-and-cast 
C++: Remove abstract keyword from `Access` and `Cast` classes
 2020-05-15 12:25:34 +02:00
Mathias Vorreiter Pedersen
e70f22c753 C++: Model getdelim and friends 2020-05-15 11:05:57 +02:00
Geoffrey White
48f3db3fbe Merge branch 'master' into fp2762 2020-05-15 09:55:30 +01:00
Dave Bartolomeo
4614372873 C++/C#: Add QLDoc 2020-05-14 17:49:23 -04:00
Dave Bartolomeo
6c12b59f0f C++/C#: Allow non-Phi memory operands to have no definition 2020-05-14 17:22:23 -04:00
Geoffrey White
4a6021fb61 C++: Allow equality checking to block taint flow. 2020-05-14 18:32:38 +01:00
Jonas Jensen
49ebb3197a Merge pull request #3472 from geoffw0/paramstring 
C++: Improve getParameterString().
 2020-05-14 16:48:07 +02:00
Dave Bartolomeo
9de597db25 C++: Refactor Operand to prepare for cross-phase IPA sharing 2020-05-14 10:29:08 -04:00
Tom Hvitved
2d7470fc3a C++: Follow-up changes 2020-05-14 15:58:50 +02:00
Tom Hvitved
aa83cc1472 Data flow: Sync files 2020-05-14 15:58:50 +02:00
Geoffrey White
6583012e6d C++: Use concat in getParameterString(). 2020-05-14 14:21:46 +01:00
Geoffrey White
da83f826b9 C++: Solve duplication in getParameterString(). 2020-05-14 14:21:06 +01:00
Mathias Vorreiter Pedersen
dbba2269ad C++: Add stats 2020-05-14 08:47:16 +02:00
Robert Marsh
396ccda81f Merge pull request #3422 from Cornelius-Riemenschneider/inbounds-ptr 
C++: Add InBoundsPointerDeref.qll to experimental
 2020-05-13 16:55:42 -07:00
Mathias Vorreiter Pedersen
8f3ba75534 C++: Remove abstract keyword from Access and Cast and create .dbscheme unions 2020-05-13 23:15:11 +02:00
Jonas Jensen
1018eaff09 Merge remote-tracking branch 'upstream/master' into dataflow-indirect-args 
Conflicts:
	cpp/ql/test/library-tests/dataflow/fields/ir-flow.expected
 2020-05-13 12:05:58 +02:00
Jonas Jensen
038bea2f52 C++: Add type check to prevent field conflation 2020-05-13 09:25:24 +02:00
Dave Bartolomeo
5d3f25211d C++/C#: Remove UnmodeledUse instruction 2020-05-13 01:06:40 -04:00
Dave Bartolomeo
7f2c6dd9f9 C++/C#: Remove UnmodeledUseOperand 2020-05-13 01:05:27 -04:00
Jonas Jensen
451ae7b762 Merge pull request #3444 from dbartol/codeql-c-analysis-team/68 
Rename `sanity` -> `consistency`
 2020-05-12 12:33:08 +02:00
Mathias Vorreiter Pedersen
73882c9f90 Merge pull request #3439 from jbj/passesByReference-qualifier 
C++: Call qualifiers are passed by reference
 2020-05-12 08:31:57 +02:00
Mathias Vorreiter Pedersen
df6abdc074 Merge pull request #3389 from jbj/dataflow-defbyref-to-field 
C++: Post-update flow through &, *, +, ...
 2020-05-12 08:30:33 +02:00
Robert Marsh
090977447b Merge pull request #3445 from geoffw0/rangerounding 
C++: Round result of >> in SimpleRangeAnalysis
 2020-05-11 13:07:18 -07:00
Dave Bartolomeo
e5bd66809a C++/C#: Add QLDoc for renamed queries 2020-05-11 14:16:21 -04:00