hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-12 22:14:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
11,388 Commits 1,681 Branches 158 Tags
207c76b8558b324dec2fa279ce9830c574128cf7
Commit Graph

145 Commits

Author SHA1 Message Date
Jonas Jensen
207c76b855 C++: Path explanations in DefaultTaintTracking 
The first three queries are migrated to use path explanations.
 2020-04-01 20:51:05 +02:00
Geoffrey White
75a50a1714 C++: Understand formatting function varargs as needing null termination. 2020-02-11 15:25:59 +00:00
Geoffrey White
de8d84dfff C++: Clearer comments in NoSpaceForZeroTerminator.ql. 2020-02-11 15:25:59 +00:00
Anders Schack-Mulligen
96e4a57edd C++: Autoformat. 2020-01-29 13:11:50 +01:00
Geoffrey White
50c0ec1cb1 CPP: Optimize isRandValue. 2020-01-09 12:12:00 +00:00
Geoffrey White
0da826f0c3 Merge branch 'master' into overflowcalc 2019-12-16 13:48:38 +00:00
Geoffrey White
b752a6c8ed Merge pull request #2381 from jbj/StackVariable 
C++: Add StackVariable class, preferred over LocalScopeVariable
 2019-12-03 10:35:16 +00:00
Jonas Jensen
5b24b1efc3 Merge remote-tracking branch 'upstream/rc/1.23' into mergeback-20191202 
Conflicts solved:
	javascript/extractor/src/com/semmle/js/extractor/Main.java
	javascript/ql/test/query-tests/Statements/UseOfReturnlessFunction/tst.js
 2019-12-02 09:57:34 +01:00
Jonas Jensen
763b18cd11 Merge remote-tracking branch 'upstream/master' into StackVariable 
Conflicts:
      change-notes/1.24/analysis-cpp.md
      cpp/ql/src/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql
 2019-11-28 17:51:20 +01:00
Jonas Jensen
b1745f588c Merge pull request #2402 from geoffw0/nospace 
CPP: Make NoSpaceForZeroTerminator.ql more conservative.
 2019-11-26 13:36:05 +01:00
Jonas Jensen
5ee19c5a66 C++: Stricter loop-variant check 
The `loopVariant` predicate in `ComparisonWithWiderType.ql` is intended
to identify loop counters, but it was too much of a stretch to apply it
to any subexpression of the small side of the comparison.

This change fixes two false positives on arvidn/libtorrent and many
others seen in the wild (on Linux, CoreCLR, ffmpeg, ...).
 2019-11-25 11:31:41 +01:00
Geoffrey White
794a3deba9 CPP: Break up a long sentence in query description. 2019-11-22 16:07:59 +00:00
Geoffrey White
3895a7e1f0 CPP: Queries: Improve NoSpaceForZeroTerminator query. 2019-11-22 15:27:08 +00:00
Geoffrey White
d6cbc674b6 CPP: Autoformat. 2019-11-22 15:13:06 +00:00
Geoffrey White
2212c47db2 CPP: Use dataflow more consistently. 2019-11-20 15:34:40 +00:00
Geoffrey White
e6ea705ff2 CPP: Switch from a blacklist to whitelist approach for determining null termination. 2019-11-20 15:34:38 +00:00
Jonas Jensen
140575ee71 C++: Use StackVariable where SSA/def-use are used 
These changes should not affect semantics since these uses of
`LocalScopeVariable` were already constrained to stack variables by
their use of SSA or def-use.
 2019-11-19 11:31:34 +01:00
Jonas Jensen
8a9ee8fcdd Merge pull request #2300 from geoffw0/names 
CPP: Rename/relocate some queries and libraries
 2019-11-13 09:11:24 +01:00
Dave Bartolomeo
5b33255e44 Merge pull request #1585 from rdmarsh2/rdmarsh/cpp/hasGlobalOrStdName 
C++: add Declaration.hasGlobalOrStdName()
 2019-11-12 12:00:17 -07:00
Geoffrey White
ea9e3bb1a8 CPP: Rename VirtualDispatch again. 2019-11-12 16:17:03 +00:00
Geoffrey White
d198b56b3a CPP: Move VirtualDispatch.qll into the controlflow directory (I don't see the point in having a subdirectory for one file, when we don't anticipate any other files ever being added there). 2019-11-12 09:55:23 +00:00
Jonas Jensen
d9bdb2cd4e Merge pull request #2274 from geoffw0/oddsends 
CPP: Clean up new queries and libraries
 2019-11-11 16:05:20 +01:00
Felicity Chapman
c4f958d396 Merge pull request #2263 from sauyon/master 
Update links to OWASP cheat sheet
 2019-11-11 08:51:52 +00:00
Robert Marsh
7e8a67a046 Merge branch 'master' into rdmarsh/cpp/hasGlobalOrStdName 2019-11-08 11:33:35 -08:00
Sauyon Lee
0040c9fb4c Update links to OWASP cheat sheet 2019-11-06 20:21:47 -08:00
Geoffrey White
0c3f4e530f CPP: Make some library predicates private. 2019-11-06 16:07:28 +00:00
Geoffrey White
399ac1f112 CPP: Rename 'getAssertedFalseCondition' to something less misleading. 2019-11-06 15:57:44 +00:00
Jonas Jensen
8ffd7c1055 Merge pull request #2222 from geoffw0/libraryperf 
CPP: Improvements for ConditionallyInitializedVariable.ql
 2019-11-06 15:54:16 +01:00
Geoffrey White
7456a92d6d CPP: Autoformat. 2019-11-05 13:10:19 +00:00
Geoffrey White
5106626bd0 CPP: QLDoc helper predicates. 2019-11-05 13:06:43 +00:00
alistair
27d0b51c6b CPP & C#: Review of qhelp 
PR #2151 got merged without a review of the qhelp
by a technical writer.
The current PR makes changes I would have suggested on that PR.
 2019-10-30 16:10:03 +00:00
Geoffrey White
3584c0b2e5 CPP: Speed up InitializationFunctions.qll's getTarget. 2019-10-28 19:54:10 +00:00
Geoffrey White
d693eb8c20 CPP: Correct the ConditionallyUninitializedVariable examples. 2019-10-28 17:39:45 +00:00
Jonas Jensen
d63cc3d287 Merge remote-tracking branch 'upstream/master' into infinite-loops-visible 
Moved the change note to 1.23.
 2019-10-25 15:44:03 +02:00
Geoffrey White
ae20e9ace1 CPP: Fix autoformat. 2019-10-22 16:28:53 +01:00
Geoffrey White
63003894c3 CPP: Fixes. 2019-10-22 14:51:17 +01:00
Geoffrey White
31dd3cae84 CPP: Autoformat. 2019-10-22 09:55:48 +01:00
Raul Garcia (MSFT)
cb8dcf7db2 Publishing queries to the OSS Semmle repository 2019-10-22 09:55:39 +01:00
Robert Marsh
5c084f8b39 C++: respond to more PR comments 2019-10-07 14:17:56 -07:00
Robert Marsh
4018ed67a6 C++: respond to PR comments 2019-10-02 11:38:20 -07:00
Robert Marsh
03f72d207c C++: use Declaration.hasGlobalOrStdName 2019-10-02 11:37:37 -07:00
Jonas Jensen
4ef5c9af62 C++: Autoformat everything 
Some files that will change in #1736 have been spared.

    ./build -j4 target/jars/qlformat
    find ql/cpp/ql -name "*.ql"  -print0 | xargs -0 target/jars/qlformat --input
    find ql/cpp/ql -name "*.qll" -print0 | xargs -0 target/jars/qlformat --input
    (cd ql && git checkout 'cpp/ql/src/semmle/code/cpp/ir/implementation/**/*SSA*.qll')
    buildutils-internal/scripts/pr-checks/sync-identical-files.py --latest
 2019-09-09 11:25:53 +02:00
Jonas Jensen
95f53639b1 C++: Fixes to avoid confusing autoformat 
These issues were found by Geoffrey in PR review.
 2019-09-09 11:04:04 +02:00
Robert Marsh
a3290503ec Merge pull request #1806 from jbj/localExprFlow 
C++: Add localExprFlow and localExprTaint
 2019-09-04 10:38:46 -07:00
Geoffrey White
707f95c829 CPP: Alignment. 2019-09-04 09:59:21 +01:00
Jonas Jensen
f1d7fde49d C++: Use localExprFlow in existing queries 
This shortens the queries a bit and ensures test coverage of the new
predicate.
 2019-09-02 09:29:12 +02:00
Jonas Jensen
83e618d49e C++: Make cpp/comparison-with-wider-type visible 
The results from this query look good on real-world projects, so let's
make it visible by default.
 2019-07-09 14:48:36 +02:00
Geoffrey White
73c7bc1db9 CPP: Generalize a little. 2019-07-04 17:27:40 +01:00
Geoffrey White
7fc31f263a CPP: Basic fix. 2019-07-04 17:27:40 +01:00
Jonas Jensen
cf96035d8c C++: Suspicious pointer scaling: @precision medium 
This query is not producing good enough results to justify `@precision
high`. It's fundamentally looking for a pattern that should correlate
with memory management errors, but it doesn't look for the errors
themselves.
 2019-06-06 21:08:20 -07:00