hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-26 01:08:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
7,451 Commits 1,717 Branches 163 Tags
03f72d207cbcc02cedc5973d9ffcb0cd2f00ea00
Commit Graph

2197 Commits

Author SHA1 Message Date
Jonas Jensen
34a5368101 C++: Ignore templates in AmbiguouslySignedBitField 
If it's possible that the type is not fully resolved, it's better to
avoid giving an alert.

This fixes a FP in https://github.com/heremaps/flatdata.
 2019-09-19 14:21:53 +02:00
Jonas Jensen
0ed0951d43 C++: Demonstrate AmbiguouslySignedBitField FP 2019-09-19 14:19:34 +02:00
Jonas Jensen
307b92feed C++: Unknown template literals are constant 2019-09-19 10:23:26 +02:00
Jonas Jensen
9b805c01cc Merge pull request #1951 from pavgust/fix/hashcons-perf 
C++: Fix HashCons library performance
 2019-09-19 08:10:34 +02:00
Jonas Jensen
e0d1da3b67 C++: Test for template enum constant CFG 2019-09-18 15:17:24 +02:00
Jonas Jensen
7d8396fa65 C++: Constant template pointer-to-member literals 2019-09-18 14:44:25 +02:00
Jonas Jensen
d644150ead C++: Test for template pointer-to-member CFG 2019-09-18 14:30:18 +02:00
Jonas Jensen
0f2731064d C++: Annotate tellDifferent with template status 
This is helpful for turning real-world cases into test cases.
 2019-09-18 14:23:52 +02:00
Jonas Jensen
c90fd32a78 C++: Pointer-to-member-function is constant 2019-09-18 13:55:56 +02:00
Pavel Avgustinov
eca31908ab HashCons: Make some functionality apparent. 
The user knows that an expression functionally determines its
hashCons value, and that an expression functionally determines
its number of children, but this is not provable from the
definitions, and so not usable by the optimiser. By storing
the result of those known-functional calls in a variable,
rather than repeating the call, we enable better join orders.
 2019-09-18 12:54:48 +01:00
Pavel Avgustinov
03502863cf Distribute a recursive call into a recursive disjunction. 
As the linearity of the disjuncts is different, this enables us to
pick better join orders for each disjunct separately.
 2019-09-18 12:54:48 +01:00
Jonas Jensen
55edfe4224 C++: Test for pointer-to-member-function CFG 2019-09-18 13:37:52 +02:00
Tom Hvitved
d8074ddfa6 Sync files 2019-09-18 13:36:15 +02:00
Jonas Jensen
571c96bb2f C++: Autoformat five files 
These files have come out of autoformat since the big commit that
autoformatted everything.
 2019-09-18 11:55:19 +02:00
Jonas Jensen
e7d8fa4251 Merge pull request #1945 from geoffw0/more-tests 
CPP: Add a test of ConditionalDeclExpr.
 2019-09-18 11:11:16 +02:00
Geoffrey White
07e29bb627 CPP: Add a test of ConditionalDeclExpr. 2019-09-17 17:38:54 +01:00
Jonas Jensen
b2df18ab78 C++: Document tests better 
This addresses PR comments by @rdmarsh2.
 2019-09-17 13:17:25 +02:00
Jonas Jensen
ef601cf78e C++: Annotate changes in struct_init.c test 2019-09-17 13:16:36 +02:00
Jonas Jensen
655f940085 C++: Accept changes in CWE-{119,120} tests 
These new results seem better than the previous ones, but the previous
ones are still there. Perhaps the `Buffer.qll` library could use some
adjustment, but this seems like an improvement in isolation.
 2019-09-17 13:16:36 +02:00
Jonas Jensen
fd6d06fe6f C++: Data flow through address-of operator (&) 
The data flow library conflates pointers and their objects in some
places but not others. For example, a member function call `x.f()` will
cause flow from `x` of type `T` to `this` of type `T*` inside `f`. It
might be ideal to avoid that conflation, but that's not realistic
without using the IR.

We've had good experience in the taint tracking library with conflating
pointers and objects, and it improves results for field flow, so perhaps
it's time to try it out for all data flow.
 2019-09-17 13:16:34 +02:00
Dave Bartolomeo
21f6ab787d C++: Rename predicates in FunctionInputsAndOutputs.qll and add QLDoc 2019-09-16 12:06:06 -07:00
Dave Bartolomeo
553238a9e8 Merge pull request #1922 from jbj/qlcfg-const-pointer-to-member 
C++: Add PointerToFieldLiteral class
 2019-09-13 10:44:52 -07:00
Tom Hvitved
f5cae9b6ea Merge pull request #1881 from aschackmull/java/pathgraph-nodes 
Java/C++/C#: Add nodes predicate to PathGraph.
 2019-09-13 10:32:47 +02:00
Dave Bartolomeo
e8cf3f876e Merge pull request #1660 from zlaski-semmle/zlaski/builtin-va-list 
Add a `__builtin_va_list` type, to complement `__builtin_va_*`
 2019-09-12 14:04:55 -07:00
Dave Bartolomeo
9072f6231f Merge pull request #1928 from jbj/autoformat-ssa 
C++: Autoformat IR SSA files
 2019-09-12 14:03:20 -07:00
zlaski-semmle
45640395a9 Merge pull request #1803 from geoffw0/qldoceg9 
CPP: Add syntax examples to QLDoc in Variable.qll
 2019-09-12 12:32:58 -07:00
Jonas Jensen
0c092e21b0 C++: Autoformat IR SSA files 
One autoformat omission had also slipped into
`DefaultTaintTracking.qll`.
 2019-09-12 15:45:08 +02:00
Jonas Jensen
10270cb36d C++: Turn a comment into QLDoc 2019-09-12 15:44:04 +02:00
Jonas Jensen
c7e6081079 C++: Add DataFlow::instructionNode 
This is for symmetry with `exprNode` etc., and it should be handy for
the same reasons. I found one caller of `asInstruction` that got simpler
by using the new predicate instead.
 2019-09-12 11:44:17 +02:00
Anders Schack-Mulligen
61e4e61087 C++: Adjust qltest expected output. 2019-09-12 11:00:49 +02:00
Anders Schack-Mulligen
95e2f162d9 Java/C++/C#: Adjust toString of empty accesspath. 2019-09-12 11:00:49 +02:00
Anders Schack-Mulligen
0a4b15d40b Java/C++/C#: Add nodes predicate to PathGraph. 2019-09-12 11:00:49 +02:00
semmle-qlci
10076a6b2b Merge pull request #1886 from jbj/ir-taint-shared 
Approved by rdmarsh2
 2019-09-12 06:48:24 +01:00
Robert Marsh
e71a39f6b6 Merge pull request #1912 from jbj/tainttracking-ir-1 
C++: Stub replacement for security.TaintTracking
 2019-09-11 13:44:39 -07:00
Geoffrey White
d1cc28e253 CPP: Address review comments. 2019-09-11 17:14:05 +01:00
Geoffrey White
ee07c705a4 CPP: More review suggestions. 2019-09-11 17:14:05 +01:00
Geoffrey White
8134d80c46 CPP: Review suggestions. 2019-09-11 17:14:05 +01:00
Geoffrey White
120b0c0c2c CPP: Modernize the TemplateVariables test and have the TemplateVariables actually included in the scope of the test. 2019-09-11 17:14:05 +01:00
Geoffrey White
68196df561 CPP: Examples Variable.qll. 2019-09-11 17:11:53 +01:00
Jonas Jensen
6912cafc54 C++: Use the RelationalOperation class 2019-09-11 15:21:49 +02:00
Jonas Jensen
0d0ab9157c C++: Address review comments 2019-09-11 15:20:36 +02:00
Jonas Jensen
6021b4f04a C++: Remove local flow from additional taint step 
This case was not supposed to be there -- that was the whole point of
having the `localAdditionalTaintStep` predicate.
 2019-09-11 14:09:17 +02:00
Jonas Jensen
ee16b239de C++: Add PointerToFieldLiteral class 
Marking these expressions as constants fixes the CFG discrepancies that
can be observed on the affected test and on snapshots of MySQL.
 2019-09-11 13:40:24 +02:00
Jonas Jensen
bd59029e2b C++: Add pointer-to-member test to syntax-zoo 
This test was inspired by problems observed in a MySQL snapshot. The
results show there are problems with both the QL CFG and the IR.
 2019-09-10 16:23:23 +02:00
Jonas Jensen
de4e2a259e C++: Stub replacement for security.TaintTracking 
This commit adds a `semmle.code.cpp.ir.dataflow.DefaultTaintTracking`
library that's API-compatible with the
`semmle.code.cpp.security.TaintTracking` library. The new library is
implemented on top of the IR data flow library.

The idea is to evolve this library until it can replace
`semmle.code.cpp.security.TaintTracking` without decreasing our SAMATE
score. Then we'll have the IR in production use, and we will have one
less taint-tracking library in production.
 2019-09-10 13:40:45 +02:00
Jonas Jensen
d6fba0ef46 C++: Don't create partial defs for calls to const 
These partial defs don't do any harm, but they could hurt performance.
In typical C++ snapshots, between 5% and 20% of all calls are to `const`
functions.
 2019-09-10 09:49:16 +02:00
Jonas Jensen
fd3615d120 C++: Show that there are too many partial defs 2019-09-10 09:44:07 +02:00
Jonas Jensen
7b09e4177e C++: Add localExprTaint for IR 
This is for ODASA-8053.
 2019-09-10 09:40:31 +02:00
Jonas Jensen
80a0027808 C++: Shared TaintTrackingImpl for IR TaintTracking 2019-09-10 09:40:27 +02:00
Jonas Jensen
770212567f C++: Fix up IR data flow QLDoc 2019-09-10 09:34:54 +02:00