hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
6,355 Commits 1,671 Branches 157 Tags
503cbf13bb6ac5e804562d00595e55b278faf944
Commit Graph

1926 Commits

Author SHA1 Message Date
Jonas Jensen
503cbf13bb C++: Flow from parameters to ConstructorFieldInit 
Because `ConstructorFieldInit` (member initializer lists) are not part
of the control flow graph, there was no data flow from the initial value
of parameters to their uses in member initializers. This commit adds the
necessary flow under the assumption that parameters are not overwritten
in member initializers.
 2019-08-16 09:10:31 +02:00
Jonas Jensen
45eefdb218 C++: Field flow through ConstructorFieldInit 
This allows a member initializer list to be seen as a sequence of field
assignments. For example, the constructor

    C() : a(taint()) { }

now has data flow similar to

    C() { this.a = taint(); }
 2019-08-16 09:10:17 +02:00
Jonas Jensen
1be2380511 C++: Rephrase ThisFlow to get space for ctor inits 2019-08-16 08:46:11 +02:00
Jonas Jensen
f3f89ffe3f Merge pull request #1742 from geoffw0/lambdataint 
CPP: Tests for taint through lambdas
 2019-08-16 08:45:14 +02:00
Geoffrey White
a6902bdb37 CPP: Test dataflow through lambdas. 2019-08-15 19:43:24 +01:00
Dave Bartolomeo
f1bbc9bb7e Merge pull request #1745 from jbj/ast-field-flow-ABC 
C++: Annotate field-flow tests in [ABC].cpp
 2019-08-15 09:13:26 -07:00
Dave Bartolomeo
230ff92c03 Merge pull request #1743 from nickrolfe/hmap 
C++: delete headermaps test
 2019-08-15 09:01:23 -07:00
Geoffrey White
1bd4aeebad CPP: Effects of #1715. 2019-08-15 14:05:09 +01:00
Geoffrey White
02e1edd640 CPP: Test taint through lambdas. 2019-08-15 14:00:45 +01:00
Geoffrey White
b6cf341124 Merge pull request #1715 from jbj/ast-field-flow 
C++: Initial AST-based flow through fields
 2019-08-15 13:38:58 +01:00
Nick Rolfe
c26aef2381 C++: delete headermaps test 2019-08-15 12:39:58 +01:00
Jonas Jensen
fdd8de79da C++: Remove redundant toString override 
This time I left a comment to prevent myself from getting confused again
and adding the override in the future.
 2019-08-15 11:32:11 +02:00
Jonas Jensen
ed1e3ed1ef C++: Annotate field-flow tests in [ABC].cpp 
This brings the annotation style in sync with how we annotate new tests
these days. I also changed a few annotations to have different expected
outcome based on my understanding of the code.
 2019-08-15 10:30:46 +02:00
Jonas Jensen
e94dbe926b C++: Add forgotten toString override 
This makes `PostConstructorCallNode`s show up in the test output.
 2019-08-14 16:26:49 +02:00
Anders Schack-Mulligen
1938ac4937 Java/C++/C#: Sync. 2019-08-14 10:32:15 +02:00
yh-semmle
badfc23ce4 Merge pull request #1718 from aschackmull/java/barrierguard 
Java/C++/C#: Add support for BarrierGuards.
 2019-08-13 14:11:54 -04:00
Anders Schack-Mulligen
411bc16f44 Java/C++/C#: Address review comment. 2019-08-13 16:57:48 +02:00
Anders Schack-Mulligen
9e902066ad Java/C++/C#: Elaborate qldoc. 2019-08-13 16:57:48 +02:00
Anders Schack-Mulligen
4550175b16 Java/C++/C#: Add support for BarrierGuards. 2019-08-13 16:57:48 +02:00
Jonas Jensen
e93598e476 Merge pull request #1716 from geoffw0/qldoceg4 
CPP: Add syntax examples to QLDoc in Function.qll
 2019-08-13 16:27:20 +02:00
Geoffrey White
e4bbfb9a79 CPP: Corrections. 2019-08-13 11:25:39 +01:00
Tom Hvitved
36043d04bd Merge pull request #1729 from xiemaisi/data-flow-nodes-location 
Java/C++/C#: Provide path-node locations via `hasLocationInfo`, not `getLocation`.
 2019-08-13 12:22:59 +02:00
Jonas Jensen
38ec693ead C++: Improved ConstructorCall field flow 
This commit changes C++ `ConstructorCall` to behave like
`new`-expressions in Java: they are both `ExprNode`s and
`PostUpdateNodes`, and there's a "pre-update node" (here called
`PreConstructorCallNode`) to play the role of the qualifier argument
when calling a constructor.
 2019-08-13 11:05:13 +02:00
Jonas Jensen
18c3bfe596 Merge pull request #1731 from geoffw0/qldoceg5 
CPP: Add syntax examples to QLDoc in Initializer.qll, Parameter.qll
 2019-08-13 08:52:05 +02:00
Jonas Jensen
1f1824cb9b C++: Exclude BlockVar computation for "large" vars 2019-08-12 16:53:48 +02:00
Dave Bartolomeo
5d6ac2bb74 Merge pull request #1583 from jbj/ir-sanity-qlcfg 
C++: Share tests between IR and QL-CFG
 2019-08-12 07:04:40 -07:00
Jonas Jensen
3f531380d1 C++: Reduce number of SubBasicBlocks in FlowVar 
by cutting basic blocks at the same place for the `x.a` partial
definition in `x.a = ...` as they were already cut for assignment to
`a`.
 2019-08-12 15:58:35 +02:00
Dave Bartolomeo
19d2f3a54e Merge pull request #1550 from jbj/array-aggregate-perf 
C++ IR: Fix performance of large value-initialized arrays
 2019-08-12 06:53:16 -07:00
Geoffrey White
2d2890e401 CPP: Add examples Parameter.qll. 2019-08-12 13:29:07 +01:00
Geoffrey White
ceec0278e5 CPP: Add examples Initializer.qll. 2019-08-12 13:16:34 +01:00
Max Schaefer
eb8087f4ea Java/C++/C#: Provide path-node locations via hasLocationInfo, not getLocation. 2019-08-12 12:52:30 +01:00
Jonas Jensen
0652d2a92b Merge pull request #1705 from geoffw0/qldoceg2 
CPP: Add syntax examples to QLDoc in Enum.qll.
 2019-08-12 13:39:05 +02:00
Geoffrey White
dc1ec635fb CPP: Undo an accidentally committed change to the test. 2019-08-12 11:17:02 +01:00
Jonas Jensen
5724fb0df0 Merge pull request #1706 from geoffw0/qldoceg3 
CPP: Add syntax examples to QLDoc in Struct.qll, Union.qll.
 2019-08-12 07:57:40 +02:00
Geoffrey White
208f533245 CPP: Brace placement. 2019-08-09 17:48:57 +01:00
Geoffrey White
11d17b891e CPP: Brace placement. 2019-08-09 17:44:55 +01:00
Geoffrey White
e149b6a332 CPP: Brace placement. 2019-08-09 17:42:02 +01:00
Jonas Jensen
0507d51f0c C++: Prune getAReachedBlockVarSBB using live vars 
On a Postgres snapshot, where the `getAReachedBlockVarSBB` predicate
performs badly because of a Yacc-generated 20,000-line parser loop, that
predicate is reduced from 4m22s to 1m32s plus 5.2s for the live
variables analysis.

This change removes 17,142 rows from `BlockVar.getAnAccess` on Postgres.
I sampled some of them, and they were all of the following form:

    while (...) {
      T x;
      f1(&x); // access
      f2(&x); // definition
    }

Such accesses are ruled out now because we deliberately lose track of
variables when they go out of scope.
 2019-08-09 16:06:28 +02:00
Jonas Jensen
b348803a66 Merge pull request #1594 from geoffw0/erafix7 
CPP: Add test coverage for LeapYearFieldAccess.isModifiedByArithmeticOperation.
 2019-08-09 15:57:35 +02:00
Jonas Jensen
8aa24fe5c9 C++: Improve QLDoc on assignmentLikeOperation 2019-08-09 15:06:19 +02:00
Geoffrey White
67eb37f460 CPP: Update test annotations. 2019-08-09 09:31:47 +01:00
Jonas Jensen
605b56f8ca Merge pull request #1563 from geoffw0/constexprif 
CPP: Test cases for EmptyBlock.ql with 'if constexpr'
 2019-08-08 20:57:28 +02:00
Geoffrey White
1173daefca CPP: Minor changes. 2019-08-08 17:55:50 +01:00
Geoffrey White
950bc6e3d0 CPP: Brace placement. 2019-08-08 17:51:27 +01:00
Geoffrey White
c406746190 CPP: Brace placement. 2019-08-08 17:16:47 +01:00
Geoffrey White
5bdaefd504 CPP: Brace placement. 2019-08-08 17:13:58 +01:00
Geoffrey White
f0e6730eba Update cpp/ql/src/semmle/code/cpp/Union.qll 
Co-Authored-By: Jonas Jensen <jbj@knef.dk>
 2019-08-08 17:11:05 +01:00
Geoffrey White
a1cf7b50a9 Update cpp/ql/src/semmle/code/cpp/Struct.qll 
Co-Authored-By: Jonas Jensen <jbj@knef.dk>
 2019-08-08 17:10:52 +01:00
Geoffrey White
7086004f8a Update cpp/ql/src/semmle/code/cpp/Union.qll 
Co-Authored-By: Jonas Jensen <jbj@knef.dk>
 2019-08-08 17:06:44 +01:00
Geoffrey White
b3bcc33bce Update cpp/ql/src/semmle/code/cpp/Struct.qll 
Co-Authored-By: Jonas Jensen <jbj@knef.dk>
 2019-08-08 17:06:17 +01:00