codeql

mirror of https://github.com/github/codeql.git synced 2026-01-18 00:44:45 +01:00

Author	SHA1	Message	Date
Geoffrey White	408a550467	Merge pull request #15727 from geoffw0/qldoc4 C++: Mark internal files in the old dataflow library as deprecated	2024-02-26 17:45:05 +00:00
Geoffrey White	2e66392353	C++: Update deprecated note to respect identical files.	2024-02-26 16:38:27 +00:00
Geoffrey White	5c4543f167	C++: Mark internal files in the old dataflow library as deprecated (the public imports already are).	2024-02-26 14:49:10 +00:00
Tom Hvitved	62b16c0fa3	Share `getFileBySourceArchiveName` implementation	2024-02-23 11:25:49 +01:00
Mathias Vorreiter Pedersen	0bf29f0a62	Merge branch 'main' into model-experiments	2024-02-22 15:05:53 +00:00
Mathias Vorreiter Pedersen	350d5bf0ce	C++: Update QLDoc on 'modeledFlowBarrier'.	2024-02-22 13:30:39 +00:00
Mathias Vorreiter Pedersen	671904d58c	C++: Fix QLoc on 'PartialFlowFunction'.	2024-02-22 13:27:10 +00:00
Mathias Vorreiter Pedersen	aca3970c33	C++: Fix QLoc on 'isPartialWrite'.	2024-02-22 13:25:13 +00:00
github-actions[bot]	37f8fa3413	Post-release preparation for codeql-cli-2.16.3	2024-02-20 16:50:47 +00:00
github-actions[bot]	6d061fbc35	Release preparation for version 2.16.3	2024-02-20 14:26:23 +00:00
Jeroen Ketema	2becb3043e	Merge pull request #15638 from jketema/destructors5 C++: Support C++20 range-based for initializers	2024-02-19 16:22:23 +01:00
Jeroen Ketema	dd39fa0bde	C++: Support C++20 range-based for initializers	2024-02-16 15:20:14 +01:00
Mathias Vorreiter Pedersen	06ff46091d	C++: Fix joins in 'controlsBlock'.	2024-02-16 14:49:20 +01:00
Mathias Vorreiter Pedersen	b407c86d03	C++: Make Code Scanning happy.	2024-02-16 13:51:34 +01:00
Mathias Vorreiter Pedersen	57c1bf5835	C++: Add file-level QLDoc.	2024-02-16 13:47:02 +01:00
Mathias Vorreiter Pedersen	499ab0892f	C++: Currently, to catch flow in an example such as: ```cpp char* source(); void sink(const char); int sprintf(char , const char , ...); void call_sprintf(char path, char* data) { sprintf(path, "%s", "abc"); // (1) sprintf(path, "%s", data); // (2) } void foo() { char path[10]; call_sprintf(path, source()); // (3) sink(path); } ``` we identify that the `path [post update]` node at `// (2)` is a `ReturnNodeExt` and since `data` flows to that node flow will be carried out to `path [post update]` at // (3) and thus reach `sink(path)`. The reason `path [post update]` at `// 2` is recognized as a `ReturnNodeExt` is because it satisfies the following condition (which is identified by the shared dataflow library): There is flow from the parameter node `path` to the pre-update node of the post-update node `path [post update]` at `// (2)`. However, when we start recognizing that the call to `sprintf(path, ...)` at `// (1)` overrides the value of `path` and no longer provide use-use flow out of `path` the `path [post update]` node at `// (2)` is no longer recognized as a `ReturnNodeExt` (because it doesn't satisfy the above criteria). Thus, we need to identify the flow above without relying on the dataflow library's summary mechanism. That is, instead of relying on the dataflow library's mechanism to summarize the `data -> path` flow for `call_sprintf` we need to: - Ensure that the write to `path` at `// (2)` is recognized as the "final" write to the parameter, and - Ensure that there's flow out of that parameter and back to `path [post update]` at `// (3)`. Luckiky, we do all of this already to support flow out of writes to parameters that don't have post-update nodes. For example, in something like: ```cpp void set(int x, int y) { *x = y; } void test() { int x; set(&x, source()); sink(x); } ``` So in order to make the original example work, all we need to do is to remove the restrictions on this mechanism so that the same mechanism that makes the above example work also makes the original example work!	2024-02-16 13:09:45 +01:00
Mathias Vorreiter Pedersen	7e9bf2a880	C++: Add a model for 'partial updating' and extend models appropriately.	2024-02-16 12:56:19 +01:00
Mathias Vorreiter Pedersen	24a63ae94d	C++: Block flow by default.	2024-02-16 12:56:19 +01:00
Mathias Vorreiter Pedersen	c19ed4c17e	Merge pull request #15626 from MathiasVP/fix-constness-checking C++: Don't strip specifiers away in `TFinalParameterUse`	2024-02-16 10:09:43 +01:00
Jeroen Ketema	da3ff4813f	Merge pull request #15612 from jketema/destructors4a C++: Support `constexpr if` in the IR	2024-02-15 17:29:56 +01:00
Mathias Vorreiter Pedersen	532e8dac45	C++: Don't strip specifiers in 'TFinalParameterUse'.	2024-02-15 14:08:12 +01:00
Jeroen Ketema	33413129a5	C++: For unnamed local variable declaration entries consider the name of the variable	2024-02-14 15:03:04 +01:00
Jeroen Ketema	46bc311111	C++: Support `constexpr if` in the IR	2024-02-14 13:37:56 +01:00
Jeroen Ketema	caf09e0735	C++: Update IR comment that no longer applies	2024-02-13 21:30:58 +01:00
Jeroen Ketema	b3aea0f893	C++: Do not print the qualifier of `OverloadedPointerDereferenceExpr` twice in PrintAST	2024-02-13 21:29:21 +01:00
Mathias Vorreiter Pedersen	fb4bd53ec5	Revert "Merge pull request #15528 from MathiasVP/flow-barrier-interface" This reverts commit `c5dc88345d`, reversing changes made to `781486172e`.	2024-02-13 13:42:58 +00:00
Mathias Vorreiter Pedersen	cb7fe16ced	Revert "Merge pull request #15537 from MathiasVP/swap-also-clears-first-argument" This reverts commit `23677b23c2`, reversing changes made to `c5dc88345d`.	2024-02-13 13:42:58 +00:00
Mathias Vorreiter Pedersen	70c7c1a5e7	C++: Add flow from the fill character to the output pointer.	2024-02-12 16:51:16 +00:00
Anders Schack-Mulligen	566351a49a	Merge pull request #15549 from aschackmull/dataflow/empty-provenance Dataflow: Add empty provenance column to PathGraph.	2024-02-09 12:58:09 +01:00
Mathias Vorreiter Pedersen	a42c845b32	Merge pull request #15559 from MathiasVP/fix-constness-type C++: Don't strip specifiers in `Node.getType`	2024-02-09 11:00:13 +00:00
Mathias Vorreiter Pedersen	dd3d70134c	C++: Undo a change that wasn't actually necessary.	2024-02-09 10:28:24 +00:00
Anders Schack-Mulligen	b7d4a6926f	Dataflow: Add empty provenance column to PathGraph.	2024-02-09 11:27:30 +01:00
Mathias Vorreiter Pedersen	f7d1544ccf	C++: Fix Code Scanning errors.	2024-02-08 17:01:07 +00:00
Mathias Vorreiter Pedersen	1dfddaf9ab	C++: Also mark indirections of glvalue instructions as glvalue nodes.	2024-02-08 16:52:09 +00:00
Mathias Vorreiter Pedersen	4d01a93107	C++: Use 'getUnderlyingType' instead of 'getUnspecifiedType'.	2024-02-08 16:49:15 +00:00
Dave Bartolomeo	92bd550c55	Merge pull request #15531 from github/post-release-prep/codeql-cli-2.16.2 Post-release preparation for codeql-cli-2.16.2	2024-02-08 05:58:17 -08:00
Mathias Vorreiter Pedersen	ebefcb8d35	Merge pull request #15513 from microsoft/50-model-gettext-family-of-string-operations Added model for gettext variants.	2024-02-07 15:48:16 +00:00
Mathias Vorreiter Pedersen	0ee3c9987f	Merge pull request #15539 from MathiasVP/fix-ir-gen-for-conditional-decl-expr-without-var-access C++: Fix IR generation when `ConditionDeclExpr` does not have an immediate `VariableAccess`	2024-02-07 15:19:16 +00:00
Mathias Vorreiter Pedersen	edc7903c69	C++: Add a predicate for getting the 0'th child of a 'ConditionDeclExpr' without casting it to a 'VariableAccess' and use it in IR generation.	2024-02-07 11:45:13 +00:00
Mathias Vorreiter Pedersen	4b046ad670	C++: Also clear the 0'th argument of 'swap'.	2024-02-07 10:31:18 +00:00
Mathias Vorreiter Pedersen	c5dc88345d	Merge pull request #15528 from MathiasVP/flow-barrier-interface C++: Add an interface for models to block flow	2024-02-07 09:58:08 +00:00
github-actions[bot]	b5139078d0	Post-release preparation for codeql-cli-2.16.2	2024-02-06 19:22:35 +00:00
Mathias Vorreiter Pedersen	7948911415	C++: Delete dead code.	2024-02-06 17:38:22 +00:00
Mathias Vorreiter Pedersen	f7fe84adb4	C++: Add change note.	2024-02-06 16:23:59 +00:00
Mathias Vorreiter Pedersen	359b6e14c6	C++: Block flow out of 'swap'.	2024-02-06 16:15:21 +00:00
Mathias Vorreiter Pedersen	e539aca337	C++: Add an interface for blocking flow out of functions that reach a certain argument.	2024-02-06 16:15:21 +00:00
github-actions[bot]	c1b35fbf47	Release preparation for version 2.16.2	2024-02-05 17:58:57 +00:00
Ben Rodes	88a06ffc66	Update GetText.qll Fixing issue based on review.	2024-02-05 09:18:30 -05:00
Benjamin Rodes	022276badc	Added model for gettext variants.	2024-02-02 12:05:52 -05:00
Mathias Vorreiter Pedersen	8d53bce842	Merge pull request #15476 from geoffw0/preprocblock C++: Add PreprocBlock.qll library	2024-02-02 15:06:17 +00:00

1 2 3 4 5 ...

2278 Commits