hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-21 06:57:09 +01:00
Code Issues Packages Projects Releases Wiki Activity
45,761 Commits 1,712 Branches 163 Tags
30f15473db047e070eeefac71f5385da202db352
Commit Graph

8503 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
30f15473db C++: Use 'max' instead of 'unique.' 2022-11-01 16:55:45 +00:00
Mathias Vorreiter Pedersen
1b50168d08 C++: Add an initial pruning stage to prevent this 
large TC in 'localFlowToExpr':
```
Evaluated relational algebra for predicate Buffer#61e3d199::localFlowStepToExpr#2#ff@0a49913i with tuple counts:
    4713946   ~0%    {2} r1 = SCAN DataFlowUtil#47741e1f::simpleLocalFlowStep#2#ff OUTPUT In.1, In.0

  40897385  ~46%    {2} r2 = JOIN boundedFastTC:Buffer#61e3d199::localFlowToExprStep#2#ff_10#higher_order_body:DataFlowUtil#47741e1f::simpleLocalFlowStep#2#ff_0#higher_order_body WITH DataFlowUtil#47741e1f::simpleLocalFlowStep#2#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1

  45611331  ~43%    {2} r3 = r1 UNION r2
    3376553  ~14%    {2} r4 = JOIN r3 WITH DataFlowUtil#47741e1f::ExprNode::getExpr#0#dispred#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1
                    return r4
```

After this commit the tuple counts looks like:
```
Evaluated relational algebra for predicate Buffer#61e3d199::localFlowStepToExpr#2#ff@8cc38x5k on iteration 2 running pipeline standard with tuple counts:
         51367   ~3%    {2} r1 = JOIN Buffer#61e3d199::getBufferSize0#1#f#prev_delta WITH DataFlowUtil#47741e1f::ExprNode::getExpr#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.0

        124933  ~18%    {2} r2 = JOIN r1 WITH #Buffer#61e3d199::localFlowToExprStep#2Plus#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1

        176300  ~17%    {2} r3 = r1 UNION r2
        184685  ~22%    {2} r4 = JOIN r3 WITH DataFlowUtil#47741e1f::simpleLocalFlowStep#2#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1
         56646  ~47%    {2} r5 = JOIN r4 WITH DataFlowUtil#47741e1f::ExprNode::getExpr#0#dispred#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1
         44635  ~16%    {2} r6 = r5 AND NOT Buffer#61e3d199::localFlowStepToExpr#2#ff#prev(Lhs.0, Lhs.1)
                        return r6
```
 2022-10-30 14:20:15 +01:00
Mathias Vorreiter Pedersen
aa8214addf C++: Simplify 'Buffer.qll' by avoiding 'asIndirectExpr'. This removes the flow from 'x' to 'x++', which makes the whole library a lot simpler. 2022-10-30 12:58:53 +01:00
Mathias Vorreiter Pedersen
18d3801c92 Merge pull request #11033 from MathiasVP/exclude-void-calls 
C++: Don't create `DataFlow::Node`s for `void`-typed instructions
 2022-10-28 20:46:33 +02:00
Mathias Vorreiter Pedersen
f3be58e2ba C++: Accept more test changes. 2022-10-28 14:53:24 +02:00
Mathias Vorreiter Pedersen
f6ff9c9c66 Update cpp/ql/src/Likely Bugs/Leap Year/LeapYear.qll 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2022-10-28 14:32:08 +02:00
Mathias Vorreiter Pedersen
9888de8acb Merge branch 'replace-ast-with-ir-use-usedataflow' into rdmarsh2/repair-365-days-per-year 2022-10-28 13:48:12 +02:00
Mathias Vorreiter Pedersen
3261612a8c C++: Exclude void-typed instructions from 'DataFlow::Node'. These nodes can never contain any data so we don't need dataflow nodes for them. 2022-10-28 13:00:23 +02:00
Mathias Vorreiter Pedersen
2098489bb0 C++: Make QL-for-QL happy. 2022-10-28 12:35:52 +02:00
Mathias Vorreiter Pedersen
172261495f Merge branch 'replace-ast-with-ir-use-usedataflow' into fix-as-expr 2022-10-28 10:32:31 +02:00
Robert Marsh
a334dc9b2b C++: repair Adding365DaysPerYear.ql 2022-10-27 15:06:48 -04:00
Robert Marsh
b7e42e805b Merge pull request #10994 from rdmarsh2/rdmarsh2/return-cstr-repair 
C++: repair the ReturnCstr query
 2022-10-27 14:25:22 -04:00
Robert Marsh
24cb36a1e2 C++: constrain indirect out node to constructors 2022-10-27 11:48:17 -04:00
Mathias Vorreiter Pedersen
20bd30060f C++: Fix 'StackPointerFlowsToUse' import. 2022-10-27 16:34:04 +02:00
Mathias Vorreiter Pedersen
b4c8a52117 C++: Accept more test changes. 2022-10-27 14:44:43 +02:00
Mathias Vorreiter Pedersen
2fc7e6159e C++: Accept test changes. 2022-10-27 12:12:34 +02:00
Mathias Vorreiter Pedersen
e2a0d62adf C++: Fix 'asIndirectExpr' when the underlying instruction is a 'VariableAddressInstruction'. 2022-10-27 12:12:34 +02:00
Robert Marsh
25a1148e04 C++: autoformat 2022-10-26 14:11:37 -04:00
Robert Marsh
8e2d34f0b6 C++: Accept dataflow test changes 2022-10-26 14:10:23 -04:00
Mathias Vorreiter Pedersen
e43422a090 Merge pull request #10975 from rdmarsh2/rdmarsh2/inconsistent-loop-direction-repair 
C++: repair InconsistentLoopDirection
 2022-10-26 18:17:53 +02:00
Mathias Vorreiter Pedersen
562f052eb0 C++: Accept test changes. 2022-10-26 17:06:38 +02:00
Mathias Vorreiter Pedersen
bc9cd63ef0 C++: Add an 'IndirectExprNode(Base)' class similar to 'ExprNode(Base)' to structure conversions between indirect daaflow nodes and expressions. 2022-10-26 17:05:01 +02:00
Robert Marsh
de89b4c69f C++: repair the ReturnCstr query 2022-10-26 11:02:23 -04:00
Robert Marsh
fc9f239a3b C++: make ConstructorCall df nodes the qualifier 
This makes the dataflow node for a ConstructorCall be the outnode of the
qualifier, which is the resulting constructed object. This should make
`asExpr` on a ConstructorCall do the "right thing" rather than selecting
the void-typed CallInstruction.
 2022-10-26 11:01:53 -04:00
Robert Marsh
adeb69e396 C++: autoformat 2022-10-26 10:49:06 -04:00
Mathias Vorreiter Pedersen
4bcba16748 Merge pull request #10833 from MathiasVP/repair-badly-bounded-write-2 
C++: Prepare `Buffer.qll` for IR-based use-use dataflow
 2022-10-26 16:38:33 +02:00
Mathias Vorreiter Pedersen
2ba94f7c89 Merge pull request #10838 from MathiasVP/repair-cleartext-transmission-2 
C++: Prepare `cpp/cleartext-transmission` for IR-based use-use dataflow
 2022-10-26 13:43:56 +02:00
Robert Marsh
8a125d1ae5 C++: repair InconsistentLoopDirection 2022-10-25 13:34:08 -04:00
Jeroen Ketema
3befa1cd96 Merge pull request #10965 from MathiasVP/fix-gettypeimpl-in-ir-dataflow 
C++: Fix `getType` in IR dataflow
 2022-10-25 15:02:45 +02:00
Mathias Vorreiter Pedersen
557b94cd83 Merge pull request #10966 from jketema/spelling-comments 
C++: Spelling fixes and documentation clarification
 2022-10-25 14:34:49 +02:00
Mathias Vorreiter Pedersen
1bd48f8d02 Merge branch 'replace-ast-with-ir-use-usedataflow' into repair-cleartext-transmission-2 2022-10-25 14:27:33 +02:00
Mathias Vorreiter Pedersen
c8f81bc6b8 Merge branch 'replace-ast-with-ir-use-usedataflow' into repair-badly-bounded-write-2 2022-10-25 14:24:38 +02:00
Mathias Vorreiter Pedersen
39b268194a C++: Accept test changes. 2022-10-25 14:10:51 +02:00
Jeroen Ketema
2ad3119fab C++: Clarify getType based on the QLDoc of Instruction::getResultType() 2022-10-25 13:34:49 +02:00
Jeroen Ketema
21acefb0b4 C++: Fix some spelling mistakes that were earlier fixed in "experimental" 2022-10-25 13:32:29 +02:00
Mathias Vorreiter Pedersen
23b07e5589 Merge branch 'replace-ast-with-ir-use-usedataflow' into fix-gettypeimpl-in-ir-dataflow 2022-10-25 12:52:33 +02:00
Mathias Vorreiter Pedersen
b85d3bc829 Merge branch 'main' into replace-ast-with-ir-use-usedataflow 2022-10-25 12:51:30 +02:00
Mathias Vorreiter Pedersen
a4d434ee05 C++: Fix 'getType' for indirect dataflow nodes in IR dataflow. 2022-10-25 12:24:11 +02:00
Mathias Vorreiter Pedersen
75de0f5c65 C++: Respond to review comments. 2022-10-24 15:13:50 +02:00
Mathias Vorreiter Pedersen
a7d6f4ff19 C++: Fix pointer/pointee conflation and handle flow through '++' when tracking indirect flow. 2022-10-24 14:23:43 +02:00
Paolo Tranquilli
15e5faf5b6 Merge branch 'main' into templ-func-prototype 2022-10-24 09:19:46 +02:00
github-actions[bot]
be7693283b Post-release preparation for codeql-cli-2.11.2 2022-10-21 08:07:17 +00:00
Jeroen Ketema
4b5674af32 C++: Update test result after extractor changes 2022-10-20 22:18:32 +02:00
github-actions[bot]
9a0848bbc4 Release preparation for version 2.11.2 2022-10-20 11:05:19 +00:00
Geoffrey White
73f977c98c Merge pull request #10510 from geoffw0/staticfn 
C++: Fix FPs for cpp/unused-static-function in files that were not extracted completely
 2022-10-18 14:53:49 +01:00
Robert Marsh
500004dbe0 Merge pull request #10841 from MathiasVP/repair-command-line-injection-2 
C++: Prepare `cpp/command-line-injection` for IR-based use-use dataflow
 2022-10-17 13:42:32 -04:00
Robert Marsh
ccea372fd0 Merge pull request #10842 from MathiasVP/repair-non-constant-format-2 
C++: Prepare `cpp/non-constant-format` for IR-based use-use dataflow
 2022-10-17 13:39:56 -04:00
Robert Marsh
2f0c7729ff Merge pull request #10818 from github/mathiasvp/fix-join-in-ssa-internals 
C++: Fix join in `SsaInternals`
 2022-10-17 13:36:32 -04:00
Geoffrey White
2b3ab180fa Merge pull request #10077 from intrigus-lgtm/cpp/wexpand-commmand-injection 
Add query for tainted `wordexp` calls.
 2022-10-17 11:18:38 +01:00
Jeroen Ketema
45a0b66f73 C++: Fix test after spelling fixes 2022-10-15 14:23:08 +02:00