hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,676 Commits 1,672 Branches 157 Tags
yo-h/java15
Commit Graph

5006 Commits

Author SHA1 Message Date
Geoffrey White
689c637d48 C++: Rename things. 2020-08-20 12:52:40 +01:00
Geoffrey White
61158e759b C++: Improve StdContainerConstructor model. 2020-08-20 11:04:59 +01:00
Geoffrey White
f2ac4fa94a C++: Autoformat. 2020-08-20 10:44:54 +01:00
Geoffrey White
cda9fd250b C++: Model vector methods. 2020-08-20 10:30:01 +01:00
Geoffrey White
620126d38c C++: Add vector taint cases to test. 2020-08-20 10:27:25 +01:00
Geoffrey White
43c8efdf63 C++: Repair the range based for test. 2020-08-20 10:19:54 +01:00
Geoffrey White
8afa92d881 C++: Add more detail to the vector class in the test stl.h. 2020-08-20 09:39:35 +01:00
Jonas Jensen
b1c0e6f626 Merge remote-tracking branch 'upstream/main' into SimpleRangeAnalysis-mul-constant 2020-08-20 08:20:31 +02:00
Robert Marsh
6b1243e8b4 C++: respond to PR comments on Iterator.qll 2020-08-19 16:23:00 -07:00
Robert Marsh
20188b7bc2 C++: input iterator models 2020-08-19 12:11:36 -07:00
Robert Marsh
d32d6c9d8d WIP: more iterator cases 2020-08-19 11:51:41 -07:00
Robert Marsh
d50dd090be C++: rename to Iterator*Operator 2020-08-19 11:51:41 -07:00
Robert Marsh
85af74eb06 C++: Models for bidirectional input iterators 2020-08-19 11:51:41 -07:00
Robert Marsh
a457d54ad1 Merge pull request #4078 from jbj/SimpleRangeAnalysis-AssignMulExpr 
C++: Range analysis for unsigned AssignMulExpr
 2020-08-19 14:42:04 -04:00
Jonas Jensen
b14bc42756 Merge pull request #4090 from geoffw0/strmethods 
C++: Model taint through many more methods in std::string
 2020-08-19 16:40:46 +02:00
Jonas Jensen
21d16d13fc Merge remote-tracking branch 'upstream/main' into SimpleRangeAnalysis-AssignMulExpr 2020-08-19 14:50:40 +02:00
Jonas Jensen
83884c0dc5 Merge pull request #4089 from jbj/jbj/printFloat-precise 
C++: Accept float.toString changes in tests
 2020-08-19 12:58:27 +02:00
Mathias Vorreiter Pedersen
eed6fe96ae Merge branch 'main' into alternative-instruction-operand-flow 2020-08-19 11:18:51 +02:00
Nick Rolfe
d7849bc13f C++: fix compilation errors in ssa.cpp 2020-08-18 18:39:00 +01:00
Jonas Jensen
01a226bdcf C++: Rename multipliesBy->effectivelyMultipliesBy 
From code review of #4098.
 2020-08-18 16:53:29 +02:00
Jonas Jensen
b65f82210f Merge remote-tracking branch 'upstream/main' into SimpleRangeAnalysis-mul-constant 2020-08-18 16:51:56 +02:00
Jonas Jensen
f79c140dc1 C++: Cosmetic: use [0, 1] instead of [0 .. 1] 2020-08-18 16:48:23 +02:00
Jonas Jensen
fd0937eb01 C++: Accept improved IntegerOverflowTainted test 2020-08-18 16:47:29 +02:00
Jonas Jensen
dd5b561f08 C++: Use getValue(e) instead of e.getValue() 2020-08-18 16:45:24 +02:00
Jonas Jensen
b316644ac2 C++: SimpleRangeAnalysis for *= by constant 2020-08-18 15:07:20 +02:00
Jonas Jensen
ca1f5317b3 Merge pull request #4068 from geoffw0/uncontrolled-alloc-size 
C++: Downgrade `cpp/uncontrolled-allocation-size` query precision.
 2020-08-18 13:59:53 +02:00
Anders Schack-Mulligen
f75f5ab125 Merge pull request #3838 from hvitved/dataflow/flow-fwd-ctx 
Data flow: Use precise call contexts in `flowFwd()`
 2020-08-18 13:06:11 +02:00
Jonas Jensen
b6b72729f6 C++: SimpleRangeAnalysis for MulExpr by constant 2020-08-18 11:37:59 +02:00
Jonas Jensen
2e2f99cabf C++: Correctly classify the MulExpr rounding bugs 2020-08-18 10:39:57 +02:00
Jonas Jensen
a7d9715fd9 C++: BinaryOperation.hasOperands 
QLDoc borrowed from JavaScript. Implementation borrowed from Java.
Parameter names changed.
 2020-08-18 10:28:59 +02:00
Jonas Jensen
27345c64f3 C++: Also accept PointlessComparison test changes 2020-08-18 09:32:05 +02:00
Geoffrey White
5d485859af Merge remote-tracking branch 'upstream/main' into 
uncontrolled-alloc-size
 2020-08-17 20:49:35 +01:00
Geoffrey White
390af0d7d2 C++: Autoformat. 2020-08-17 17:55:52 +01:00
Geoffrey White
0234bca6ca C++: Fix a hole in StdStringAppend and clarify comments. 2020-08-17 17:55:44 +01:00
Robert Marsh
9decb47bf0 Merge pull request #4076 from jbj/SimpleRangeAnalysis-AssignOperation 
C++: Fix SimpleRangeAnalysis for AssignOperation
 2020-08-17 12:55:26 -04:00
Geoffrey White
a11ca06189 C++: Implement more std::string models. 2020-08-17 17:33:09 +01:00
Geoffrey White
9204940830 C++: Add test cases for std::string methods. 2020-08-17 17:31:26 +01:00
Geoffrey White
789e781eb7 C++: Add prototypes for std::string methods to test. 2020-08-17 16:01:25 +01:00
Mathias Vorreiter Pedersen
bb3254d4ab Merge branch 'main' into alternative-instruction-operand-flow 2020-08-17 16:21:10 +02:00
Geoffrey White
4b4b8a9faa Merge pull request #4074 from jbj/SimpleRangeAnalysis-extensible 
C++: extensible range analysis
 2020-08-17 14:46:57 +01:00
Tom Hvitved
a2fc92b9db Data flow: Address review comments 2020-08-17 15:46:43 +02:00
Jonas Jensen
e03fe81ce7 C++: Accept float.toString changes in tests 2020-08-17 15:07:00 +02:00
Jonas Jensen
edc5e5fbcf C++: Simplify defDependsOnDef for AssignOperation 
These cases were unnecessarily transitive. There is no need for
`defDependsOnDef` to be transitive since that's handled in
`defDependsOnDefTransitively`.

The dependency information from the LHS of an `AssignmentOperation` is
now deduced the say way as the information from the RHS: by calling
`exprDependsOnDef`. This should effectively give us the same information
and recursion structure as if the operation (`x += e`) were desugared
(`x = x + e`).
 2020-08-17 11:06:39 +02:00
Geoffrey White
89c2b6dc4b Merge remote-tracking branch 'upstream/master' into split 2020-08-14 14:03:34 +01:00
Jonas Jensen
fe72b559d3 C++: Range analysis for unsigned AssignMulExpr 
This is essentially a copy-paste job of `AssignAddExpr`, together with
the math from the `UnsignedMulExpr` support.
 2020-08-14 14:19:54 +02:00
Jonas Jensen
f90d779122 C++: Fix SimpleRangeAnalysis for AssignOperation 
The range analysis wasn't producing useful bounds for `AssignOperation`s
(`+=`, `-=`) unless their RHS involved a variable. This is because a
shortcut was made in the `analyzableDef` predicate, which used to
specify that an analyzable definition was one for which we'd specified
the dependencies. But we can't distinguish between having _no
dependencies_ and having _no specification of the dependencies_.

The fix is to be more explicit about which definitions are analyzable.
To avoid too much repetition I'm still calling out to `analyzableExpr`
in the new code.
 2020-08-14 14:15:58 +02:00
Jonas Jensen
e01e702f46 Merge pull request #4060 from bgianfo/patch-1 
C++: Detect GoogleTest tests cases in FNumberOfTests.ql
 2020-08-14 12:42:12 +02:00
Jonas Jensen
f7273b8665 C++: Add custom modeling to extensibility.ql 2020-08-14 12:27:30 +02:00
Jonas Jensen
ee3312503e C++: Add test for extensible range analysis 
This commit demonstrates that the range is too wide before custom
modeling has been added to the test.
 2020-08-14 12:27:30 +02:00
Jonas Jensen
bf7732ec9d C++: Silence QL compiler errors 2020-08-14 12:27:30 +02:00