hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-14 06:54:48 +01:00
Code Issues Packages Projects Releases Wiki Activity
8,488 Commits 1,680 Branches 158 Tags
09356a377f7ce5bc0422b403d92bb8f512acef14
Commit Graph

2003 Commits

Author SHA1 Message Date
Geoffrey White
7408726f41 Merge pull request #2312 from jbj/pointer-wraparound-query 
C++: New query: Pointer overflow check
 2019-11-14 16:13:04 +00:00
Nick Rolfe
f5513342d6 C++: add missing backtick in qldoc comment 2019-11-14 13:20:41 +00:00
Jonas Jensen
c7176e50ca C++: Tweak wording in docs 2019-11-14 13:03:34 +01:00
Jonas Jensen
931b0f1445 Apply suggestions from code review 
Co-Authored-By: Alistair <54933897+hubwriter@users.noreply.github.com>
 2019-11-14 12:06:02 +01:00
Dave Bartolomeo
08620046ab Merge pull request #2068 from rdmarsh2/rdmarsh/cpp/ir-constructor-side-effects 
C++: side effect instrs for constructor qualifiers
 2019-11-13 14:56:24 -07:00
Jonas Jensen
4ddac749af C++: Add change note 
Also fix discrepancies between `SignedOverflowCheck.ql` and its change
note.
 2019-11-13 14:43:30 +01:00
Jonas Jensen
2d72a9cdec C++: Rename query 
This new name is similar to its sister query "Signed overflow check".
 2019-11-13 14:40:27 +01:00
Jonas Jensen
1b849dbf0e C++: More principled macro exclusion 
We no longer exclude macros based on their name, which means we can now
find results inside arguments to the `likely` macro in Linux (except
that Linux is compiled with `-fno-strict-overflow`).
 2019-11-13 14:22:38 +01:00
Jonas Jensen
8d79634f8c C++: Factor out isFromMacroDefinition predicate 
This trick for excluding elements from macro bodies but not macro
arguments looks promising and should probably be used much more. With
this commit, it's now easy to use from any query.

Performance is still good because the new predicate gets appropriately
magiced.
 2019-11-13 14:07:33 +01:00
Jonas Jensen
d2009c53dc C++: Support GCC flags making ptr overflow defined 2019-11-13 14:07:33 +01:00
Jonas Jensen
8ed991759c C++: Rename PointerWrapAround to PointerOverflow 
Overflow was the terminology I found for this in the C standard (C11
6.5.6-8).
 2019-11-13 14:06:58 +01:00
Jonas Jensen
bd08c64933 C++: Apply my own review comments from #2218 2019-11-13 14:05:23 +01:00
Jonas Jensen
8a9ee8fcdd Merge pull request #2300 from geoffw0/names 
CPP: Rename/relocate some queries and libraries
 2019-11-13 09:11:24 +01:00
Robert Marsh
3de590763e C++: autoformat 2019-11-12 13:57:49 -08:00
Dave Bartolomeo
5b33255e44 Merge pull request #1585 from rdmarsh2/rdmarsh/cpp/hasGlobalOrStdName 
C++: add Declaration.hasGlobalOrStdName()
 2019-11-12 12:00:17 -07:00
Robert Marsh
47f87c214c Merge branch 'master' into rdmarsh/cpp/ir-constructor-side-effects 2019-11-12 10:31:04 -08:00
Robert Marsh
9554513cd6 autoformat 2019-11-12 10:16:01 -08:00
Geoffrey White
ea9e3bb1a8 CPP: Rename VirtualDispatch again. 2019-11-12 16:17:03 +00:00
Geoffrey White
5c87ed5ab2 CPP: Remove unused code. 2019-11-12 14:45:43 +00:00
Geoffrey White
0343bd6b9c CPP: Inline BufferAccess into NtohlArrayNoBound.qll (we'd prefer other queries to be written with the models library or Security.BufferAccess). 2019-11-12 14:44:20 +00:00
Geoffrey White
f50dd84c49 CPP: Rename good and bad example files. 2019-11-12 14:09:54 +00:00
Geoffrey White
d198b56b3a CPP: Move VirtualDispatch.qll into the controlflow directory (I don't see the point in having a subdirectory for one file, when we don't anticipate any other files ever being added there). 2019-11-12 09:55:23 +00:00
Geoffrey White
dff490e658 CPP: Remove the 'boostorg' subdirectory (these queries could be extended to support other libraries, as their names and descriptions already suggest). 2019-11-12 09:55:22 +00:00
Geoffrey White
784c3047da CPP: Merge the duplicate IgnoreReturnValueSAL.ql query into the older existing one. 2019-11-12 09:54:56 +00:00
Geoffrey White
2b9428df32 CPP: Remove the 'Buffer Overflow' subdirectory (we have many buffer overflow queries, putting one in a special directory will only create confusion). 2019-11-12 09:54:46 +00:00
Geoffrey White
b917264770 CPP: Rename NtohlArrayNoBoundOpenSource.ql -> NtohlArrayNoBound.ql (I believe the 'OpenSource' part is a remnant from the way the contributor organizes their queries). 2019-11-12 09:53:59 +00:00
Jonas Jensen
18cc539c8d Merge branch 'master' into pointer-wraparound-query 2019-11-12 10:22:46 +01:00
Jonas Jensen
c36b73f09c Merge pull request #2232 from geoffw0/formatsymbols 
CPP: Fully support n$ in format strings
 2019-11-12 09:43:20 +01:00
Dave Bartolomeo
303bab61b5 Merge pull request #2289 from jbj/ConvertToNonVirtualBaseInstruction 
C++ IR: clearly distinguish between virtual and non-virtual base conversions
 2019-11-11 13:37:07 -07:00
Jonas Jensen
ec79bfacf8 Merge pull request #2249 from geoffw0/tlsperf 
CPP: TlsSettingsMisconfiguration.ql performance and cleanup
 2019-11-11 16:47:53 +01:00
Geoffrey White
a4250be72f CPP: Un-deprecate getNumArgNeeded(n). Turns out I missed a place where it's used. 2019-11-11 15:28:09 +00:00
Geoffrey White
ed87f25886 CPP: Performance improvement. 2019-11-11 15:28:09 +00:00
Geoffrey White
a9fbe221ba CPP: Try to make the predicate names and qldoc a bit more consistent. 2019-11-11 15:27:23 +00:00
Geoffrey White
dff21e02db CPP: Fully support positional arguments. 2019-11-11 15:27:23 +00:00
Geoffrey White
2430bf4c83 CPP: Deprecate helper version of getNumArgNeeded. 2019-11-11 15:27:23 +00:00
Geoffrey White
27478640f2 CPP: Bring the logic for argument indices together in getFormatArgumentIndexFor. 2019-11-11 15:27:22 +00:00
Jonas Jensen
f2a9876c2a Merge pull request #2003 from geoffw0/formatarg 
CPP: WrongTypeFormatArguments.ql Fix
 2019-11-11 16:07:37 +01:00
Jonas Jensen
d9bdb2cd4e Merge pull request #2274 from geoffw0/oddsends 
CPP: Clean up new queries and libraries
 2019-11-11 16:05:20 +01:00
Geoffrey White
e77fefaf9e Merge pull request #2295 from jbj/self-comparison-templates 
C++: Suppress PointlessSelfComparison.ql on templates
 2019-11-11 14:12:55 +00:00
Jonas Jensen
97cc0ebc8c C++: Suppress PointlessSelfComparison on templates 
It's a bit crude to suppress all results in instantiations, but we're
already using this kind of suppression in `PointlessComparison.ql`
(without the `Self`) because there is no convenient alternative. It
means we lose some good results but also suppress a new false positive
in Boost that surfaced after we added support for non-type template
parameters.
 2019-11-11 14:00:00 +01:00
Felicity Chapman
c4f958d396 Merge pull request #2263 from sauyon/master 
Update links to OWASP cheat sheet
 2019-11-11 08:51:52 +00:00
Jonas Jensen
751263db91 C++: Use ConvertToBaseInstruction in IR data flow 
This should make virtual dispatch work also for virtual bases.
 2019-11-10 11:17:35 +01:00
Jonas Jensen
7758b43e34 C++: Add ConvertToBase{Opcode,Instruction} classes 
These should make it easy to match base-class conversions when it's not
important whether the base class is virtual.
 2019-11-10 11:09:54 +01:00
Jonas Jensen
279fc16b60 C++: ConvertToBase -> ConvertToNonVirtualBase 
This rename was done with

    perl -p -i -e's/ConvertToBase/ConvertToNonVirtualBase/g' **/*.ql* **/*.expected

followed by re-running the affected tests.
 2019-11-10 10:35:53 +01:00
Jonas Jensen
f3e691b5ec Merge pull request #2075 from zlaski-semmle/zlaski/cpp434 
[CPP-434] Detect signed overflow checks
 2019-11-09 09:57:23 +01:00
Ziemowit Laski
7a4c4b62f6 [zlaski/pointer-overflow-check] Rename PointerOverflowCheck -> PointerWrapAround. 2019-11-08 14:54:20 -08:00
Ziemowit Laski
f2105867a8 [zlaski/pointer-overflow-check] Enhance qhelp and test case. 2019-11-08 14:36:33 -08:00
Robert Marsh
64b34ad975 Merge branch 'master' of github.com:Semmle/ql into rdmarsh/cpp/ir-constructor-side-effects 2019-11-08 14:06:36 -08:00
Robert Marsh
1dc0cb89d0 Merge branch 'master' of github.com:Semmle/ql into rdmarsh/cpp/ir-constructor-side-effects 2019-11-08 12:47:27 -08:00
Robert Marsh
7e8a67a046 Merge branch 'master' into rdmarsh/cpp/hasGlobalOrStdName 2019-11-08 11:33:35 -08:00