hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,672 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

4510 Commits

Author SHA1 Message Date
Geoffrey White
453529e3bf Merge pull request #575 from jbj/UnsafeCreateProcessCall-nullValue 
C++: Avoid using nullValue predicate (rc/1.19)
 2018-11-30 09:54:17 +00:00
Jonas Jensen
9babb4366b Merge remote-tracking branch 'upstream/master' into mergeback-20181130 2018-11-30 10:13:33 +01:00
Jonas Jensen
dd3791490a Merge pull request #580 from geoffw0/av-79-perf 
CPP: Fix performance issue with AV Rule 79.ql.
 2018-11-30 08:39:38 +01:00
Jonas Jensen
b98452ddb1 Merge pull request #474 from rdmarsh2/rdmarsh/cpp/call-side-effect 
C++: Initital aliased SSA with Chi nodes and function side effects
 2018-11-29 18:31:29 +01:00
Geoffrey White
4744cece7b Merge pull request #576 from jbj/bbEntryReachesLocally-perf 
C++: Fix performance of bbEntryReachesLocally (1.19)
 2018-11-29 17:12:47 +00:00
Geoffrey White
e09ce77678 CPP: Fix performance issue with AV Rule 79.ql. 2018-11-29 15:16:01 +00:00
Mark Shannon
11ca7b74a3 Merge pull request #572 from geoffw0/deprecate-cpython 
CPP: Delete CPython queries
 2018-11-29 14:50:06 +00:00
Jonas Jensen
90ad5cfac5 Merge pull request #569 from geoffw0/deprecate-pointsto-debug 
CPP: Deprecate the PointsTo debug queries.
 2018-11-29 15:28:07 +01:00
Jonas Jensen
62d478eab3 C++: Fix performance of bbEntryReachesLocally 
This predicate was fast with the queries and engine from 1.18. With the
queries from `master` it got a bad join order in the
`UninitializedLocal.ql` query, which made it take 2m34s on Wireshark.
This commit decomposes `bbEntryReachesLocally` into two predicates that
together take only 4s.
 2018-11-29 15:11:32 +01:00
Jonas Jensen
8654ebcbbd C++: Avoid using nullValue predicate 
The `nullValue` predicate performs a slow custom data-flow analysis to
find possible null values. It's so slow that it timed out after 1200s on
Wireshark.

In `UnsafeCreateProcessCall.ql`, the values found with `nullValue` were
used as sources in another data-flow analysis. By using the `NullValue`
class as sink instead of `nullValue`, we avoid the slow-down of doing
data flow twice. The `NullValue` class is essentially the base case of
`nullValue`. Confusing names, yes.
 2018-11-29 13:33:45 +01:00
Geoffrey White
9d95291124 CPP: Delete the CPython queries and libraries. 2018-11-29 09:29:46 +00:00
Geoffrey White
909ff428ac CPP: Deprecate the CPython queries. 2018-11-29 09:28:29 +00:00
Geoffrey White
d261f1b6d2 CPP: Deprecate the PointsTo tests. 2018-11-28 20:23:33 +00:00
Dave Bartolomeo
d7938362dd C++: Rename Chi IPA types to match classes 2018-11-28 10:33:04 -08:00
Geoffrey White
1232694340 CPP: Add external/jpl tags. 2018-11-28 18:18:28 +00:00
Geoffrey White
0eb0bf988e CPP: Fix for virtual method calls. 2018-11-28 14:19:24 +00:00
Dave Bartolomeo
5d997c7135 C++: Big QLDoc comment for ChiInstruction 2018-11-27 17:09:26 -08:00
Dave Bartolomeo
53cd5e9994 C++: Fix bug introduced by earlier commit 2018-11-27 14:57:58 -08:00
Dave Bartolomeo
7e6e6f00c1 C++: Fix IR for designated array initializers 2018-11-27 14:57:23 -08:00
Dave Bartolomeo
0a20f9ffbf C++: Print field names and element indices for aggregate literals in PrintAST 2018-11-27 13:26:18 -08:00
Jonas Jensen
c403bb1cad Merge pull request #541 from kevinbackhouse/CppPostDominators 
Add post-dominators
 2018-11-27 08:23:43 +01:00
Dave Bartolomeo
689002a22e C++: Fix handling of Chi instructions in sign analysis 2018-11-26 16:46:39 -08:00
Robert Marsh
f4ce7b9648 C++: respond to further PR review comments 2018-11-26 16:16:46 -08:00
Robert Marsh
7ef0d5e98d C++: respond to technical nits 2018-11-26 15:47:47 -08:00
Robert Marsh
799eb06eea C++: add AliasedDefinition for aliased SSA 2018-11-26 12:08:19 -08:00
Robert Marsh
3ee033d96e C++: IR sanity fixes for Chi nodes 2018-11-26 12:08:19 -08:00
Robert Marsh
b401cd97f2 C++: use UnmodeledDefinition in UnmodeledUse 2018-11-26 12:08:19 -08:00
Robert Marsh
927f935e62 C++: hook ChiInstructions into the operand graph 2018-11-26 12:08:19 -08:00
Robert Marsh
a33b59103a C++: insert Chi nodes in the IR successor relation 
This commit adds Chi nodes to the successor relation and accounts for
them in the CFG, but does not add them to the SSA data graph. Chi nodes
are inserted for partial writes to any VirtualVariable, regardless of
whether the partial write reaches any uses.
 2018-11-26 12:08:18 -08:00
Dave Bartolomeo
1fb36ff7e7 C++: Add conservative side effects for function calls 2018-11-26 12:08:18 -08:00
Robert Marsh
f9ed39915f C++: recompute IRBlock membership at each stage 
This enables the addition of new instructions in later phases of IR
construction; in particular, aliasing write instructions and inference
instructions.
 2018-11-26 12:08:18 -08:00
Aditya Sharad
7aef8fa945 Merge pull request #547 from pavgust/fix/cwe-497-performance 
C++: Refactor CWE-497 for clarity and performance
 2018-11-26 17:13:27 +00:00
Kevin Backhouse
4877659578 Fix names. 2018-11-26 14:56:35 +00:00
Jonas Jensen
fcd53ae631 Merge pull request #540 from geoffw0/cpp-296 
CPP: Fix false positive from AutoGeneratedFile.qll.
 2018-11-26 15:03:21 +01:00
Kevin Backhouse
bc752e1a98 Add post-dominators. 2018-11-24 18:23:27 +00:00
Geoffrey White
f338a4f0d6 CPP: Fix false positive from AutoGeneratedFile.qll. 2018-11-23 17:34:18 +00:00
Aditya Sharad
c20b688a3f Merge master into next. 2018-11-23 16:36:31 +00:00
Pavel Avgustinov
d4b2c01634 Lift out intermediate helper predicate. 2018-11-23 14:22:44 +00:00
Geoffrey White
0855543ac4 CPP: Tag the JPL_C LOC-4 queries. 2018-11-23 10:31:37 +00:00
Geoffrey White
0a27022dd4 Merge pull request #523 from jbj/placement-new-never-freed 
C++: Detect non-allocating placement new in cpp/memory-never-freed
 2018-11-23 09:40:11 +00:00
Geoffrey White
17560cf92e CPP: Tag the JPL_C LOC-3 queries. 2018-11-22 17:48:35 +00:00
Geoffrey White
9cc39ae875 CPP: Tag the JPL_C LOC-2 queries. 2018-11-22 16:31:08 +00:00
Geoffrey White
a47db56a68 CPP: Tag DuplicateBlock.ql. 2018-11-22 16:31:08 +00:00
Geoffrey White
cb609f4be0 CPP: Be conservative where there are multiple flow sources. 2018-11-22 15:50:13 +00:00
Geoffrey White
d57574e92c CPP: localFlowStep* -> localFlow. 2018-11-22 15:50:13 +00:00
Geoffrey White
ea56a5d9ce CPP: Add local dataflow to (one bit of) OverflowStatic.ql. 2018-11-22 15:49:13 +00:00
Geoffrey White
dc224c5c94 Merge pull request #521 from felicity-semmle/cpp/update-qhelp 
C++: Update qhelp for consistency
 2018-11-22 15:31:34 +00:00
Pavel Avgustinov
b9a3a71406 Merge pull request #518 from jbj/vcs-deprecate-queries 
C++: Deprecate queries using VCS.qll
 2018-11-22 15:07:19 +00:00
Jonas Jensen
75873bb4a6 C++: Detect non-allocating placement new 
This adds a `NewOrNewArrayExpr.getPlacementPointer` predicate and uses
it in `Alloc.qll` to detect when a `new`-expression is not an
allocation.

User-defined replacements for `operator new` may not be allocations
either, but the code continues to assume that they are. It's possible
that we want to change this assumption in the future or leave it up to
individual queries to decide on which side to err. It's hard to
statically tell whether `operator new` has been overloaded in a
particular file because it can be overloaded by a definition that is not
in scope but is only linked together with that file.
 2018-11-22 11:31:19 +01:00
Felicity Chapman
8cad0b6ef1 Update qhelp for consistency 2018-11-22 10:25:41 +00:00