hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,676 Commits 1,672 Branches 157 Tags
yo-h/java15
Commit Graph

5006 Commits

Author SHA1 Message Date
Geoffrey White
c73d3ebbb6 CPP: Pre-autoformat. 2019-11-22 15:34:50 +00:00
Geoffrey White
3895a7e1f0 CPP: Queries: Improve NoSpaceForZeroTerminator query. 2019-11-22 15:27:08 +00:00
Geoffrey White
3c9432d7b7 CPP: Queries: Improve OverflowCalculated query. 2019-11-22 15:19:00 +00:00
Geoffrey White
1e7bd9e987 CPP: Queries: Similar dataflow simplification in OverflowCalculated.ql to that made recently in NoSpaceForZeroTerminator.ql. 2019-11-22 15:19:00 +00:00
Geoffrey White
1fa30306dc CPP: Libraries: Separate deallocation libraries. 2019-11-22 15:18:59 +00:00
Geoffrey White
a51da53013 CPP: Libraries: Split into interface and implementation. 2019-11-22 15:18:59 +00:00
Geoffrey White
356356f71b CPP: Libraries: Overridable classes. 2019-11-22 15:18:59 +00:00
Geoffrey White
0d01ea66c6 CPP: Libraries: Move interfaces into the models directory. 2019-11-22 15:18:59 +00:00
Geoffrey White
64ed97b584 CPP: Libraries: Add FreeFunction and DeallocationExpr to malloc.qll. 2019-11-22 15:18:59 +00:00
Geoffrey White
5dab91cb51 CPP: Libraries: Update uses of the Alloc.qll library. 2019-11-22 15:18:59 +00:00
Geoffrey White
376ef2fc8e CPP: Libraries: Add MallocFunction and AllocationExpr to malloc.qll. 2019-11-22 15:18:59 +00:00
Geoffrey White
5f798314d1 CPP: Tests: NoSpaceForZeroTerminator test cases for calloc and realloc. 2019-11-22 15:18:59 +00:00
Geoffrey White
a2c0532a84 CPP: Tests: CWE-120 test cases for calloc, realloc and new. 2019-11-22 15:16:32 +00:00
Geoffrey White
d67ea4d768 CPP: Tests: AV Rule 79 test cases for calloc, realloc and new. 2019-11-22 15:16:32 +00:00
Geoffrey White
7190dd2ef4 CPP: Tests: Rearrange a test prior to changes. 2019-11-22 15:16:32 +00:00
Geoffrey White
5014432472 CPP: Tests: Add a test of NewArrayExpr.getAllocatedType() and NewArrayExpr.getExtent(). 2019-11-22 15:16:32 +00:00
Geoffrey White
d6cbc674b6 CPP: Autoformat. 2019-11-22 15:13:06 +00:00
Geoffrey White
bbe6a1aa76 CPP: Additional test case. 2019-11-22 15:13:05 +00:00
Jonas Jensen
eb0b0d1e7f C++: Fix remaining FP on MAME 
This should fix a FP in libretro/mame2003-plus-libretro.
 2019-11-22 16:05:17 +01:00
Geoffrey White
9471134064 Merge pull request #2417 from jbj/enclosing-reeval 
C++: Prevent cached stages from being re-evaluated
 2019-11-22 09:55:01 +00:00
Jonas Jensen
bd4fa10ffb C++: Tie macro exclusion to <, not + 
This fixes a failing qltest and makes the exclusion similar to what's in
`PointerOverflow.ql`. It's possible we should exclude based on both `+`
and `<`, but we can revisit that if false positives show up.
 2019-11-22 09:20:00 +01:00
Jonas Jensen
0e4ed1cbbf C++: Prevent cached stages from being re-evaluated 
Before this change, evaluating `cpp/constant-comparison` followed by
`cpp/signed-overflow-check` would result in re-evaluation of almost all
the cached stages they share: CFG, basic blocks, SSA, and range
analysis. The same effect could be seen on `cpp/bad-strncpy-size`, which
also uses the GVN library.
 2019-11-22 08:45:49 +01:00
Robert Marsh
05aebeff79 Merge branch 'master' into rdmarsh/cpp/ir-callee-side-effects 2019-11-21 13:45:31 -08:00
Dave Bartolomeo
fb67d3eae4 C++: Fix override errors in MagicDraw.qll 2019-11-21 13:18:45 -07:00
Dave Bartolomeo
27cc6b1e4f C++/C#: Fix compilation error in PrintSSA.qll 
We were privately importing `semmle.code.<lang>.ir.internal.Overlap`, but `PrintSSA.qll` was depending on it being public. This is made a little more complicated by the presence of cross-langage pyrameterized modules.
 2019-11-21 13:18:25 -07:00
Robert Marsh
dbe885fd38 Merge pull request #1926 from jbj/ir-dataflow-toString 
C++: DataFlow::Node.toString consistency
 2019-11-21 10:20:35 -08:00
Geoffrey White
676e8a2c2e Merge pull request #2399 from jbj/ExprHasNoEffect-templates 
C++: Suppress ExprHasNoEffect on template code
 2019-11-21 18:01:41 +00:00
Jonas Jensen
f98cd673fd C++: Autoformat 2019-11-21 14:02:53 +01:00
Jonas Jensen
7f26f078eb C++: Fix isFromMacroDefinition join order 
This fixes the performance of `SignedOverflowCheck.ql` on
jluttine/suitesparse.
 2019-11-21 11:01:50 +01:00
Jonas Jensen
82499b035b C++: Use isFromMacroDefinition for exclusion 
The `SignedOverflowCheck.ql` query was very slow on certain snapshots
(jluttine/suitesparse and Chromium) due to bad magic in
`MacroInvocation::getAnAffectedElement_dispred#fb`. This commit doesn't
fix the bad magic but changes the exclusion mechanism to use a predicate
where we can better control the magic and optimization.

The query should also give more good results due to this new exclusion
mechanism, which is the same one used in its sibling,
`PointerOverflow.ql`.
 2019-11-21 10:40:36 +01:00
Robert Marsh
34593701b2 Merge branch 'master' into rdmarsh/cpp/ir-callee-side-effects 2019-11-20 10:03:32 -08:00
Geoffrey White
403899ecbc Merge pull request #2391 from jbj/CompareWhereAssignMeant-decltype 
C++: Fix FP for expression SFINAE with decltype
 2019-11-20 17:34:09 +00:00
Geoffrey White
2212c47db2 CPP: Use dataflow more consistently. 2019-11-20 15:34:40 +00:00
Geoffrey White
e6ea705ff2 CPP: Switch from a blacklist to whitelist approach for determining null termination. 2019-11-20 15:34:38 +00:00
Geoffrey White
fbd9d9bdab CPP: Add a test case involving the std::string constructor. 2019-11-20 15:20:21 +00:00
Jonas Jensen
ff96e3a8ea C++: Also suppress ExprHasNoEffect in declspec etc 2019-11-20 15:44:39 +01:00
Geoffrey White
6fc9cc5952 CPP: Add a test case using 'new'. 2019-11-20 14:27:19 +00:00
Geoffrey White
57c7a87af9 CPP: Add tests with different proof of zero-termination. 2019-11-20 14:27:19 +00:00
Geoffrey White
3c9fe91581 CPP: Add proof of zero-termination to tests. 2019-11-20 14:27:19 +00:00
Jonas Jensen
b325427d29 C++: Suppress ExprHasNoEffect on template code 2019-11-20 15:12:25 +01:00
Tom Hvitved
acc7d5298d Data flow: Sync files 2019-11-20 14:10:02 +01:00
Tom Hvitved
6c0dbcfca2 Java/C++: Add DataFlowErasedType aliases 2019-11-20 14:09:53 +01:00
Jonas Jensen
4dafa16572 C++: Fix FP on unevaluated code 
This fixes false positives on tenzir/vast.
 2019-11-20 10:42:36 +01:00
Geoffrey White
9cf819929d Merge pull request #2383 from jbj/field-isStatic 
C++: Don't check if a Field is static
 2019-11-20 09:05:03 +00:00
Robert Marsh
53709deb9d Merge pull request #2342 from jbj/overflow-doc-fixes 
C++: Signed Overflow Check qhelp improvements
 2019-11-19 15:37:52 -08:00
Jonas Jensen
a1af96e521 C++: Reproduce a reported FP 2019-11-19 16:17:49 +01:00
Jonas Jensen
c41114334f Merge remote-tracking branch 'upstream/master' into ir-dataflow-toString 
Solved conflicts in `*.expected` by re-running the tests.
 2019-11-19 14:27:27 +01:00
Jonas Jensen
fbf2ef8625 C++: Don't check if a Field is static 
A `Field` in the C++ QL libraries can't be static, but I'd for some
reason written two checks for `Field`s being static in the data-flow
library.
 2019-11-19 13:20:21 +01:00
Jonas Jensen
b43cbeb17f Merge pull request #2372 from geoffw0/qhelpms 
CPP: Improve TlsSettingsMisconfiguration qhelp
 2019-11-19 13:05:52 +01:00
Jonas Jensen
466f7fe6b2 C++: Use <ol> for recommendations 2019-11-19 12:57:02 +01:00