hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
5,999 Commits 1,671 Branches 157 Tags
49adba0b51a9c981eb75b980393d42865324d3d2
Commit Graph

1793 Commits

Author SHA1 Message Date
Jonas Jensen
c112a4dd20 Merge pull request #1285 from geoffw0/rnperf 
CPP: Improve performance of RedundantNullCheckSimple.ql
 2019-04-29 08:41:43 +02:00
Ziemowit Laski
4a760b1561 [CPP-340] Delete ArgumentsToImplicit.ql and associated files. 
Reduce MistypedFunctionArguments.ql precision to `medium`.
 2019-04-28 13:49:46 -07:00
Jonas Jensen
bdb678a318 Merge pull request #1267 from rdmarsh2/rdmarsh/cpp/def-by-ref-taint 
C++: add taint edges to DefinitionByReferenceNode
 2019-04-26 08:50:20 +02:00
Robert Marsh
f5c57b77e6 C++: fix whitespace 2019-04-25 16:16:27 -07:00
Geoffrey White
63b6942d0d CPP: Improve performance of RedundantNullCheckSimple.ql. 2019-04-25 15:56:49 +01:00
Jonas Jensen
48a3385809 C++: Work around extractor issue CPP-383 
This fixes `PointlessComparison.ql` on https://github.com/an-tao/drogon.
The QL is a bit obfuscated because it looks for a pattern that's
impossible according to the dbscheme. There is no accompanying test
because we haven't been able to boil this problem down to a simple test
case. If we could, we'd fix it directly in the extractor instead.
 2019-04-25 15:05:27 +02:00
Ziemowit Laski
ac58bdfc58 [CPP-340] For MistypedFunctionArguments.ql, add support for pointers to pointers and pointers to arrays. 2019-04-24 14:54:01 -07:00
Jonas Jensen
1dcfd21a5c Merge pull request #1264 from geoffw0/redundantnullperf 
CPP: Add qhelp for RedundantNullCheckSimple.ql.
 2019-04-24 10:25:23 +02:00
Robert Marsh
919f5c616f C++: comment and test for taint flow via memcpy 2019-04-23 11:17:18 -07:00
Geoffrey White
6234b26496 CPP: Make some repairs manually. 2019-04-23 14:45:27 +01:00
Geoffrey White
e395f5215f CPP: Autoformat 'Critical'. 2019-04-23 14:45:27 +01:00
Robert Marsh
262f724235 C++: add taint edges to DefinitionByReferenceNode 2019-04-22 10:39:02 -07:00
Robert Marsh
45a35a8572 Merge pull request #1265 from rdmarsh2/rdmarsh/cpp/gvn-string-pooling 
C++: string pooling in IR value numbering
 2019-04-22 09:29:44 -07:00
Ziemowit Laski
36b2c14f88 [CPP-340] Minor formatting tweaks 2019-04-19 11:46:54 -07:00
Robert Marsh
e7ca6c8bd9 C++: test for value number string pooling 2019-04-19 10:50:52 -07:00
Ziemowit Laski
62b030d27f [CPP-340] Add a fourth query, ArgumentsToImplicit.ql, to deal strictly with implicitly declared 
functions.  TooManyArguments.ql will now deal with explicitly declared/prototyped functions.
 2019-04-18 17:56:41 -07:00
Robert Marsh
3907ef98a3 C++: value number string constants 2019-04-18 16:14:54 -07:00
Robert Marsh
c6f01265be Merge pull request #1263 from geoffw0/bufferoverflowqueries 
CPP: Resolve overlap between OverflowCalculated.ql and NoSpaceForZeroTerminator.ql
 2019-04-18 13:21:57 -04:00
Geoffrey White
eaed0004a3 CPP: Add qhelp for RedundantNullCheckSimple.ql. 2019-04-18 12:47:07 +01:00
Geoffrey White
57a4e52b47 CPP: Remove the overlap between these two queries. 2019-04-18 10:33:33 +01:00
Geoffrey White
ca6ba36d87 CPP: Unify and improve the MallocCall classes. 2019-04-18 10:30:18 +01:00
Geoffrey White
1ba8364c3b CPP: Add more test cases. 2019-04-18 10:28:34 +01:00
Geoffrey White
8856442f7f CPP: Add NoSpaceForZeroTerminator to the OverflowCalculated test. 2019-04-18 09:19:44 +01:00
Geoffrey White
12650f85c5 CPP: Rename a test file. 2019-04-18 09:16:55 +01:00
Geoffrey White
c674f54129 Merge pull request #1259 from xiemaisi/cpp/typo-fix 
CPP: Fix two doc comments.
 2019-04-17 16:48:23 +01:00
Nick Rolfe
bf204ecdf8 C++: update expected extractor arguments to match qltest runner changes 2019-04-17 12:30:04 +01:00
Max Schaefer
599185e125 CPP: Fix two doc comments. 2019-04-17 10:49:38 +01:00
Geoffrey White
f33b24c917 Merge pull request #1239 from jbj/qlformat-1 
C++: Autoformat QL code in Architecture and Best Practices
 2019-04-17 09:56:29 +01:00
Ziemowit Laski
65130c40ab [CPP-340] Add white list (for false positive suppression) to TooManyArguments.ql 2019-04-16 14:02:34 -07:00
Robert Marsh
09d0548c81 Merge pull request #1237 from geoffw0/commentedoutcode2 
CPP: Fix FPs from detecting commented out preprocessor logic
 2019-04-16 10:31:42 -07:00
Geoffrey White
2d15163e30 CPP: Test of a comment inside #if 0. 2019-04-16 15:37:21 +01:00
Ziemowit Laski
61c91b67aa [CPP-340] Refactor MistypedFunctionArguments.ql further. 2019-04-14 11:31:10 -07:00
Ziemowit Laski
b58f414ede [CPP-340] Add more test case; exclude K&R definitions of functions when looking 
up ()-declarations; refactor QL code.
 2019-04-12 17:25:33 -07:00
Jonas Jensen
29aa5f550c C++: Tidy up code so it looks good after qlformat 2019-04-12 10:43:24 +02:00
Nick Rolfe
baf091235c C++: change expected test output following extractor frontend upgrade 2019-04-11 17:45:35 +01:00
Geoffrey White
1e0e3192bb CPP: Restrict to #elif, #else, #endif. 2019-04-11 15:14:21 +01:00
Geoffrey White
2dad62acf4 CPP: Additional test cases. 2019-04-11 15:06:41 +01:00
Jonas Jensen
ac3421f6be Merge pull request #1238 from geoffw0/newtests 
CPP: New test cases
 2019-04-11 14:43:03 +02:00
Jonas Jensen
6049c2ccfd C++: Autoformat Architecture + Best Practices 2019-04-11 14:27:07 +02:00
Geoffrey White
3ceacff0d4 CPP: Add a test of IncorrectConstructorDelegation.ql. 2019-04-11 12:24:16 +01:00
Geoffrey White
7dd7bf346d CPP: Add a test of placement new in CWE-772 (this case came up recently but has already been fixed). 2019-04-11 12:23:33 +01:00
Geoffrey White
4a8b4b32d5 CPP: Fix indentation. 2019-04-11 11:38:50 +01:00
Geoffrey White
2c0ccf4a85 CPP: Exclude unusual header files such as config.h. 2019-04-11 11:28:45 +01:00
Geoffrey White
f381768a1e CPP: Create HeaderFile.noTopLevelCode from existing logic. 2019-04-11 11:21:53 +01:00
Geoffrey White
9e6b178d48 CPP: Resolve #endif FPs. 2019-04-11 11:05:53 +01:00
Geoffrey White
4beb77588a CPP: Add tests based on false positive results. 2019-04-11 10:14:32 +01:00
Dave Bartolomeo
878cdf7cb6 C++: Fix false positive in PointlessComparison 
We avoid putting a variable into SSA if its address is ever taken in a way that could allow mutation of the variable via indirection. We currently just look to see if the address is either "pointer to non-const" or "reference to non-const". However, if the address was cast to an integral type (e.g. `uintptr_t n = (uintptr_t)&x;`), we were treating it as unescaped. This change makes the conservative assumption that casting a pointer to an integer may result in the pointed-to value being modified later.

This fixes a customer-reported false positive (#2 from https://discuss.lgtm.com/t/2-false-positives-in-c-for-comparison-is-always-same/1943)
 2019-04-11 01:56:22 -07:00
Geoffrey White
c974693b58 CPP: Add a test case for CWE-120. 2019-04-10 18:52:03 +01:00
Ziemowit Laski
d76138f189 [CPP-340] Remove use of getUnderlyingType() predicate as it does 
not appear necessary.  Correct comment to refer to
           arguments rather than parameters.
 2019-04-10 10:51:22 -07:00
Geoffrey White
7ea6c1bcbe CPP: Add a test of AV Rule 186.ql. 2019-04-10 18:08:10 +01:00