hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-15 18:01:10 +02:00
Code Issues Packages Projects Releases Wiki Activity
22,629 Commits 1,785 Branches 169 Tags
31091c66c19fdb401967decc596621fa68db8d0a
Commit Graph

4657 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
2d0a56128d C++: Prevent flow out of pointer-difference expressions. 2021-05-14 13:49:48 +02:00
Mathias Vorreiter Pedersen
5031b73f35 C++: Add barrier to cpp/uncontrolled-allocation-size that blocks flow when overflow isn't possible. 2021-05-14 13:43:20 +02:00
Geoffrey White
8f152b7380 Merge pull request #5877 from MathiasVP/detect-more-abs-in-overflow-library 
C++: Detect more uses of `abs`
 2021-05-12 10:02:12 +01:00
Anders Schack-Mulligen
74ae2e0857 Merge pull request #5773 from hvitved/dataflow/aggressive-caching 
Data flow: Cache most language-dependent predicates
 2021-05-12 09:41:55 +02:00
Geoffrey White
d7e560c611 Merge pull request #5767 from ihsinme/ihsinme-patch-268 
CPP: Add query for CWE-1126: Declaration of Variable with Unnecessarily Wide Scope
 2021-05-11 15:24:25 +01:00
Tom Hvitved
d66506b0a3 Data flow: Rename {Argument,Parameter}NodeExt to {Arg,Param}Node 2021-05-11 14:40:10 +02:00
Mathias Vorreiter Pedersen
48e783184c C++: Fix false positive by recognizing more absolute value functions in Overflow.qll 2021-05-11 14:30:28 +02:00
Mathias Vorreiter Pedersen
5016c6436a Merge pull request #5859 from MathiasVP/fix-fp-in-comparison-with-wider-type 
C++: Fix false positive in `cpp/comparison-with-wider-type`
 2021-05-10 17:58:31 +02:00
Mathias Vorreiter Pedersen
d55db836cb C++: Remove implied conjunct. 2021-05-10 16:13:54 +02:00
Mathias Vorreiter Pedersen
c0b65314be C++: Fix false positive by restricting _both_ the old (unconverted) expression _and_ all of the conversions. 2021-05-10 15:18:42 +02:00
ihsinme
c8f2937df9 Update DeclarationOfVariableWithUnnecessarilyWideScope.ql 2021-05-10 14:16:11 +03:00
Mathias Vorreiter Pedersen
c91ed80e6c C++: Fix false positive by computing range of the converted expression. 2021-05-10 10:12:43 +02:00
Geoffrey White
65ac5b862d Merge pull request #5847 from MathiasVP/improve-wrong-in-detecting-and-handling-memory-allocation-errors 
Improve wrong in detecting and handling memory allocation errors
 2021-05-07 17:39:04 +01:00
Geoffrey White
75edcf0b4f Merge branch 'main' into unsigneddiff2 2021-05-07 16:35:16 +01:00
Geoffrey White
69468514f0 Update cpp/ql/src/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-05-07 16:26:42 +01:00
Geoffrey White
91be483c57 Update cpp/ql/src/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-05-07 16:26:36 +01:00
Geoffrey White
fc96c1c400 Update cpp/ql/src/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-05-07 16:26:23 +01:00
Geoffrey White
5db6abe2f4 Update cpp/ql/src/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-05-07 16:22:48 +01:00
Geoffrey White
894f5d523c Update cpp/ql/src/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-05-07 16:19:48 +01:00
Mathias Vorreiter Pedersen
90e8368258 C++: Properly handle conversions in convertedExprMayThrow. This recursive implementation idea is stolen from convertedExprMightOverflow in SimpleRangeAnalysis. 2021-05-07 12:31:43 +02:00
Mathias Vorreiter Pedersen
88e6cbaacd C++: Include Assignments in exprMayThrow and accept test changes. 2021-05-07 11:49:25 +02:00
Mathias Vorreiter Pedersen
08fa611700 C++: Avoid calling SwitchCase.getAStmt for performance reasons. This turns out to not be needed as the statements inside the switch case will get picked up by the BlockStmt.getAStmt case already. 2021-05-07 11:18:50 +02:00
Mathias Vorreiter Pedersen
856d512aa6 C++: Simplify noThrowInTryBlock. 2021-05-06 18:36:09 +02:00
Mathias Vorreiter Pedersen
7c1720a1d1 C++: Remove NoThrowAllocator and inline its (corrected) definition in ThrowingAllocator. 2021-05-06 18:02:05 +02:00
Mathias Vorreiter Pedersen
d1eb774737 C++: Remove implied conjunction. 2021-05-06 17:03:42 +02:00
Mathias Vorreiter Pedersen
e0606d61b6 C++: Fix qldoc. 2021-05-06 16:58:49 +02:00
Mathias Vorreiter Pedersen
c12837cff0 C++: Fix false negative. 2021-05-06 16:57:09 +02:00
Mathias Vorreiter Pedersen
47a419a5f1 C++: Respond to review comments. First: Avoid using locations to detect constructor and destructor calls. Second: Include missing statements in stmtMayThrow. 2021-05-06 16:37:26 +02:00
Mathias Vorreiter Pedersen
4463293dc4 C++: Move common code from NewExpr and NewArrayExpr into the NewOrNewArrayExpr class. 2021-05-06 16:35:41 +02:00
Mathias Vorreiter Pedersen
95e65dec8f C++: Make sure a CatchBlock that catches a const std::bad_alloc& is also a BadAllocCatchBlock. 2021-05-06 14:35:27 +02:00
Mathias Vorreiter Pedersen
6cdef782c8 Merge branch 'main' into improve-wrong-in-detecting-and-handling-memory-allocation-errors 2021-05-06 13:37:21 +02:00
Mathias Vorreiter Pedersen
420215931c C++: Rename query. 2021-05-06 13:35:08 +02:00
Mathias Vorreiter Pedersen
56d7342398 C++: Improve the cpp/detect-and-handle-memory-allocation-errors query. 2021-05-06 13:29:20 +02:00
ihsinme
976ccda135 Update DeclarationOfVariableWithUnnecessarilyWideScope.ql 2021-05-05 23:34:21 +03:00
ihsinme
b277082462 Update DeclarationOfVariableWithUnnecessarilyWideScope.qhelp 2021-05-05 23:28:04 +03:00
Jonas Jensen
390ee3a6b8 Merge pull request #5829 from MathiasVP/reorder-get-instruction-opcode 
C++: Reorder getInstructionOpcode
 2021-05-05 11:13:15 +02:00
Mathias Vorreiter Pedersen
066cdb55d7 C++: Add qldoc explaining column order. 2021-05-05 09:30:12 +02:00
Henning Makholm
4964ce347b CPP: fix semi-unused variables in WrongInDetectingAndHandlingMemoryAllocationErrors.ql 
The fact that `aex` and `it` was each used in just one disjunct of the
exists() body caused the optimizer to generate perfectly horrible
code, including a pointless cartesian product between them that caused
the evaluation to blow up.

Fix it such that each variable is logically scoped. That makes the
compiler much happier.
 2021-05-05 02:31:11 +02:00
Mathias Vorreiter Pedersen
d5793418f9 C++: Remove parent CWE tags. 2021-05-04 14:39:23 +02:00
Mathias Vorreiter Pedersen
ded377bcd2 C++: Reorder getInstructionOpcode to produce better RA. 2021-05-04 12:13:34 +02:00
Mathias Vorreiter Pedersen
2912c2e7f5 C++: Add more CWE tags to queries in the code scanning suite. 2021-05-03 16:58:47 +02:00
Jonas Jensen
c05ef1225c Merge pull request #5803 from MathiasVP/no-magic-in-getUnspecifiedType 
C++: Add nomagic to getUnspecifiedType
 2021-05-03 09:03:58 +02:00
ihsinme
0935c5a0f2 Update DeclarationOfVariableWithUnnecessarilyWideScope.ql 2021-05-02 22:58:30 +03:00
ihsinme
8c3980d80b Update cpp/ql/src/experimental/Security/CWE/CWE-1126/DeclarationOfVariableWithUnnecessarilyWideScope.c 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2021-05-02 22:54:43 +03:00
intrigus
08731fc6cf Fix typo. 2021-04-29 20:26:34 +02:00
Geoffrey White
c4069362ce Merge pull request #5804 from MathiasVP/improve-detect-and-handle-memory-allocation-errors 
C++: Improve qhelp and tests for cpp/detect-and-handle-memory-allocation-errors
 2021-04-29 14:34:41 +01:00
Mathias Vorreiter Pedersen
c67ab8f1f0 C++: Respond to review comments. 2021-04-29 14:01:04 +02:00
Mathias Vorreiter Pedersen
e81b40978e C++: Improve the description tag. 2021-04-29 12:10:29 +02:00
Mathias Vorreiter Pedersen
9e39b08325 C++: Improve the qhelp for cpp/detect-and-handle-memory-allocation-errors. 2021-04-29 11:58:36 +02:00
Mathias Vorreiter Pedersen
39c7816ede C++: Dont allow magic in getUnspecifiedType. 2021-04-29 10:09:46 +02:00