hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,671 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

2579 Commits

Author SHA1 Message Date
Max Schaefer
5b2e32b051 Add qlpack.yml files for test folders. 2019-11-12 15:03:02 +00:00
Geoffrey White
60c7cb38e8 CPP: Relocate the test as well. 2019-11-12 09:55:22 +00:00
Geoffrey White
dff490e658 CPP: Remove the 'boostorg' subdirectory (these queries could be extended to support other libraries, as their names and descriptions already suggest). 2019-11-12 09:55:22 +00:00
Geoffrey White
806703b929 CPP: Relocate the test as well. 2019-11-12 09:54:55 +00:00
Geoffrey White
2b9428df32 CPP: Remove the 'Buffer Overflow' subdirectory (we have many buffer overflow queries, putting one in a special directory will only create confusion). 2019-11-12 09:54:46 +00:00
Geoffrey White
b917264770 CPP: Rename NtohlArrayNoBoundOpenSource.ql -> NtohlArrayNoBound.ql (I believe the 'OpenSource' part is a remnant from the way the contributor organizes their queries). 2019-11-12 09:53:59 +00:00
Jonas Jensen
18cc539c8d Merge branch 'master' into pointer-wraparound-query 2019-11-12 10:22:46 +01:00
Jonas Jensen
c36b73f09c Merge pull request #2232 from geoffw0/formatsymbols 
CPP: Fully support n$ in format strings
 2019-11-12 09:43:20 +01:00
Dave Bartolomeo
303bab61b5 Merge pull request #2289 from jbj/ConvertToNonVirtualBaseInstruction 
C++ IR: clearly distinguish between virtual and non-virtual base conversions
 2019-11-11 13:37:07 -07:00
Jonas Jensen
ec79bfacf8 Merge pull request #2249 from geoffw0/tlsperf 
CPP: TlsSettingsMisconfiguration.ql performance and cleanup
 2019-11-11 16:47:53 +01:00
Geoffrey White
dff21e02db CPP: Fully support positional arguments. 2019-11-11 15:27:23 +00:00
Geoffrey White
760884051c CPP: Add test cases using various combinations of width and precision specifiers, positional arguments, and flags. 2019-11-11 15:27:22 +00:00
Jonas Jensen
f2a9876c2a Merge pull request #2003 from geoffw0/formatarg 
CPP: WrongTypeFormatArguments.ql Fix
 2019-11-11 16:07:37 +01:00
Jonas Jensen
eb55d964a8 C++: Fix semantic merge conflict 
This test output must have been wrong because I produced it with an
extractor that didn't have #2153 applied.
 2019-11-11 15:39:53 +01:00
Geoffrey White
e77fefaf9e Merge pull request #2295 from jbj/self-comparison-templates 
C++: Suppress PointlessSelfComparison.ql on templates
 2019-11-11 14:12:55 +00:00
Jonas Jensen
97cc0ebc8c C++: Suppress PointlessSelfComparison on templates 
It's a bit crude to suppress all results in instantiations, but we're
already using this kind of suppression in `PointlessComparison.ql`
(without the `Self`) because there is no convenient alternative. It
means we lose some good results but also suppress a new false positive
in Boost that surfaced after we added support for non-type template
parameters.
 2019-11-11 14:00:00 +01:00
Jonas Jensen
281d512178 C++: Add tests for self-comparison template FP 2019-11-11 13:52:22 +01:00
Jonas Jensen
279fc16b60 C++: ConvertToBase -> ConvertToNonVirtualBase 
This rename was done with

    perl -p -i -e's/ConvertToBase/ConvertToNonVirtualBase/g' **/*.ql* **/*.expected

followed by re-running the affected tests.
 2019-11-10 10:35:53 +01:00
Jonas Jensen
f3e691b5ec Merge pull request #2075 from zlaski-semmle/zlaski/cpp434 
[CPP-434] Detect signed overflow checks
 2019-11-09 09:57:23 +01:00
Ziemowit Laski
7a4c4b62f6 [zlaski/pointer-overflow-check] Rename PointerOverflowCheck -> PointerWrapAround. 2019-11-08 14:54:20 -08:00
Ziemowit Laski
f2105867a8 [zlaski/pointer-overflow-check] Enhance qhelp and test case. 2019-11-08 14:36:33 -08:00
Robert Marsh
64b34ad975 Merge branch 'master' of github.com:Semmle/ql into rdmarsh/cpp/ir-constructor-side-effects 2019-11-08 14:06:36 -08:00
Robert Marsh
1dc0cb89d0 Merge branch 'master' of github.com:Semmle/ql into rdmarsh/cpp/ir-constructor-side-effects 2019-11-08 12:47:27 -08:00
Dave Bartolomeo
c365b2f2f0 Merge from master 
Resolve conflicts in test output
 2019-11-08 10:42:29 -07:00
Geoffrey White
b4fb98dc7c CPP: Fix comments. 2019-11-08 15:10:13 +00:00
Geoffrey White
821d5061a7 CPP: Correct the tests. 2019-11-08 15:10:13 +00:00
Geoffrey White
cd3bccf73a CPP: Fix FPs. 2019-11-08 15:09:46 +00:00
Geoffrey White
1cf4449314 CPP: Test for NonConstantFormat with multiple definitons. 2019-11-08 15:09:45 +00:00
Geoffrey White
144cda7dd9 CPP: Test for WrongTypeFormatArguments with multiple definitions. 2019-11-08 15:09:45 +00:00
Dave Bartolomeo
17f76c2516 C++: Fix merge conflicts 2019-11-07 22:02:15 -07:00
Robert Marsh
2582b69e17 Merge branch 'master' of github.com:Semmle/ql into rdmarsh/cpp/ir-constructor-side-effects 2019-11-07 15:46:08 -08:00
Robert Marsh
e93dcdb16c Merge branch 'master' into rdmarsh/cpp/ir-constructor-side-effects 2019-11-07 15:19:46 -08:00
Robert Marsh
f483ec152b Merge branch 'master' of github.com:Semmle/ql into rdmarsh/cpp/uninit-string-initializers 2019-11-07 14:36:58 -08:00
Robert Marsh
ee185ea92e Merge pull request #2273 from geoffw0/ntohl 
CPP: Add tests of NtohlArrayNoBoundOpenSource.ql.
 2019-11-07 14:06:32 -08:00
Robert Marsh
ae1377447e C++: only generate uninits when needed 2019-11-07 13:55:49 -08:00
Dave Bartolomeo
6c1d219c86 Merge from master 2019-11-07 14:50:04 -07:00
Robert Marsh
c5396d9980 Merge pull request #2262 from jbj/ir-virtual-dispatch-local 
C++: Rudimentary support for IR data flow virtual dispatch
 2019-11-07 13:09:24 -08:00
Dave Bartolomeo
f808dcefab Merge pull request #2277 from ian-semmle/cfg_diffs 
C++: Remove tests for CFG differences
 2019-11-07 12:41:40 -07:00
Dave Bartolomeo
64480c2ace Merge pull request #1999 from jbj/ir-copy-unloaded-result 
C++: Make sure there's a Instruction for each Expr
 2019-11-07 12:31:54 -07:00
Ian Lynagh
b5af4e5acd C++: Remove tests for CFG differences 
Now that we have switched over, they are no longer interesting.
 2019-11-07 16:32:18 +00:00
Matthew Gretton-Dann
ddf1ef8a7d C++: Add new test case for template member change 
We now output literals for accesses to members of template parameters:

So for `foo` in the following example:

```
template<typename T> void bar(T& t) {
  T.foo(1)
}
```
 2019-11-07 14:08:25 +00:00
Matthew Gretton-Dann
c0884e9a88 C++: Update expected results. 2019-11-07 14:08:25 +00:00
Robert Marsh
81ad11090e C++: uninit instr for string literal initializers 2019-11-06 13:37:03 -08:00
Robert Marsh
51c4ef4f7f C++: add SSA IR test for array initializers 2019-11-06 13:32:35 -08:00
Dave Bartolomeo
a9e3bfbd11 C++/C#: Treat string literals like read-only global variables for alias purposes. 
Previously, we didn't track string literals as known memory locations at all, so they all just got marked as `UnknownMemoryLocation`, just like an aribtrary read from a random pointer. This led to some confusing def-use chains, where it would look like the contents of a string literal were being written to by the side effect of an earlier function call, which of course is impossible.

To fix this, I've made two changes. First, each string literal is now given a corresponding `IRVariable` (specifically `IRStringLiteral`), since a string literal behaves more or less as a read-only global variable. Second, the `IRVariable` for each string literal is now marked `isReadOnly()`, which the alias analysis uses to determine that an arbitrary write to aliased memory will not overwrite the contents of a string literal.

I originally planned to treat all string literals with the same value as being the same memory location, since this is the usual behavior of modern compilers. However, this made implementing `IRVariable.getAST()` tricky for string literals, so I left them unpooled.
 2019-11-06 13:08:28 -07:00
Nick Rolfe
5b00b21713 Merge pull request #2153 from matt-gretton-dann/cpp-447-support-non-type-template-parameters 
RFC: C++ Support non type template parameter values
 2019-11-06 15:11:34 +00:00
Jonas Jensen
8ffd7c1055 Merge pull request #2222 from geoffw0/libraryperf 
CPP: Improvements for ConditionallyInitializedVariable.ql
 2019-11-06 15:54:16 +01:00
Jonas Jensen
76a3db9eed Merge remote-tracking branch 'upstream/master' into ir-copy-unloaded-result 2019-11-06 15:21:22 +01:00
Geoffrey White
f9feb05a72 CPP: Add a test of NtohlArrayNoBoundOpenSource.ql. 2019-11-06 13:36:31 +00:00
Jonas Jensen
ec9ef33486 C++: IR data flow through inheritance conversions 
This makes IR data flow behave more like AST data flow, and it makes IR
virtual dispatch work without further changes.
 2019-11-06 14:04:07 +01:00