hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-28 13:53:10 +01:00
Code Issues Packages Projects Releases Wiki Activity
4,667 Commits 1,684 Branches 159 Tags
5e789901dfde45c6b8917ec9fe488c27603b1122
Commit Graph

83 Commits

Author SHA1 Message Date
Jonas Jensen
5e789901df C++: Remove all uses of hasQualifiedName/1 2019-05-03 10:37:48 +02:00
Jonas Jensen
64a87a863c C++: Remove uses of getQualifiedName 
This removes all uses of `Declaration.getQualifiedName` that I think can
be removed without changing any behaviour. The following uses in the
LGTM default suite remain:

* `cpp/ql/src/Security/CWE/CWE-121/UnterminatedVarargsCall.ql` (in `select`).
* `cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowDispatch.qll` (needs template args).
* `cpp/ql/src/semmle/code/cpp/security/FunctionWithWrappers.qll` (used for alert messages).
 2019-05-03 10:37:48 +02:00
Geoffrey White
ca6ba36d87 CPP: Unify and improve the MallocCall classes. 2019-04-18 10:30:18 +01:00
Jonas Jensen
fedd652de8 Merge remote-tracking branch 'upstream/rc/1.20' into mergeback-20190408 2019-04-08 08:39:44 +02:00
Jonas Jensen
f7dda1b3a4 Merge pull request #1213 from geoffw0/pointerscaling2 
CPP: De-duplicate the PointerScaling queries.
 2019-04-05 14:42:28 +02:00
Geoffrey White
f040755b3b CPP: Remove unnecessary imports. 2019-04-05 11:44:50 +01:00
Geoffrey White
44d68a761d CPP: Move 'baseType' into IncorrectPointerScalingCommon.qll. 2019-04-05 11:43:47 +01:00
Geoffrey White
695df232e3 CPP: Equalize the definitions of 'baseType'. 2019-04-05 11:28:11 +01:00
Geoffrey White
0a0bcdf939 CPP: Move some code into IncorrectPointerScalingCommon.qll. 2019-04-04 18:08:18 +01:00
Geoffrey White
7aee334baf CPP: Update the qhelp. 2019-04-04 16:48:14 +01:00
Geoffrey White
a437e6c103 CPP: Extend coverage. 2019-04-04 16:31:02 +01:00
Jonas Jensen
842aafc888 C++: Fix new UnsafeDaclSecurityDescriptor FP 
This query uses data flow for nullness analysis, which is always going
to be a large overapproximation. The overapproximation became too big
for one of the test cases after the recent change to make data flow go
across assignment by reference.

To make this query more conservative, it will now only report that the
`pDacl` argument can be null if there isn't also evidence that it can be
non-null.
 2019-04-02 11:31:12 +02:00
Geoffrey White
743b17af50 CPP: Autoformat. 2019-03-28 15:49:36 +00:00
Geoffrey White
8c75e730e4 CPP: Widen TaintedAllocationSize.ql. 2019-03-28 15:49:36 +00:00
Jonas Jensen
76ff250593 C++: Don't repeat work in BrokenCryptoAlgorithm.ql 
The main source of slowness in `BrokenCryptoAlgorithm.ql` was that the
regexp on function (macro) names was evaluated once per call
(invocation) instead of once per name. Factoring out separate predicates
for the problematic functions (macros) fixes this.

On https://github.com/ericniebler/range-v3, this change reduces the run
time of the two slowest predicates from

    BrokenCryptoAlgorithm::InsecureMacroSpec#class#f .... 35.1s
    BrokenCryptoAlgorithm::InsecureFunctionCall#class#f . 12.8s

to

    BrokenCryptoAlgorithm::getAnInsecureFunction#f . 1.2s
    BrokenCryptoAlgorithm::getAnInsecureMacro#f .... 12ms
 2019-03-18 12:01:37 +01:00
Max Schaefer
7f5e2630a1 Merge pull request #1032 from xiemaisi/master-for-merge 
Merge master into rc/1.20
 2019-03-04 21:23:51 +00:00
Jonas Jensen
4f9ffb38e6 C++: Set cpp/command-line-injection precision=low 
This query is only appropriate for setuid programs. Since such programs
are at most 0.1% of all code we analyse, I would say this query has a
precision of at most 0.1%.
 2019-03-04 09:51:33 +01:00
Jonas Jensen
0ed1618824 C++: Use getQualifiedName() = "gets", not hasName 
This fixes false positives on
https://lgtm.com/projects/g/brandonpelfrey/Construct caused by a member
function named `gets` -- probably short for "get s".
 2019-03-04 09:01:20 +01:00
Geoffrey White
c05df6ea4c CPP: Add reference. 2019-02-05 17:58:30 +00:00
Geoffrey White
f73a3a6a24 CPP: Explain the danger of gets a bit more in qhelp. 2019-02-05 17:58:30 +00:00
Geoffrey White
f7e7737789 CPP: Update qhelp. 2019-02-05 17:58:30 +00:00
Geoffrey White
87a25f0cbe CPP: Update CWE tags. 2019-02-05 17:58:30 +00:00
Geoffrey White
429f53ed74 CPP: Move the 'gets' case. 2019-02-05 17:58:30 +00:00
Geoffrey White
bbc8e7886b CPP: Rearrange PotentiallyDangerousFunction.ql. 2019-02-05 17:58:30 +00:00
Geoffrey White
b0805f8e79 CPP: Adjust ArithmeticTainted.ql so that it can work on non-VariableAccesses. 2019-01-28 17:36:56 +00:00
Jonas Jensen
2aca40a021 Merge pull request #736 from geoffw0/macroinv2 
CPP: Deprecate MacroInvocationExpr and MacroInvocationStmt
 2019-01-25 09:02:02 +01:00
Jonas Jensen
169bbcdfa0 Merge pull request #682 from geoffw0/suspiciousaddsizeof 
CPP: Fix false positive in SuspiciousAddWithSizeof.ql
 2019-01-21 09:06:18 +01:00
Geoffrey White
6088ca5d5b CPP: Update our uses of MacroInvocationExpr. 2019-01-09 12:17:29 +00:00
Geoffrey White
e443eb8889 CPP: Fix type logic. 2018-12-13 09:49:32 +00:00
Aditya Sharad
f92456fcad Merge master into next. 
Conflict in `cpp/ql/test/library-tests/sideEffects/functions/sideEffects.expected`,
resolved by accepting test output (combining changes).
 2018-12-12 17:26:18 +00:00
Geoffrey White
9857a85817 CPP: Fix similar queries. 2018-12-07 18:43:28 +00:00
Geoffrey White
0f268cac40 CPP: Fix the issue. 2018-12-07 18:43:27 +00:00
Geoffrey White
453529e3bf Merge pull request #575 from jbj/UnsafeCreateProcessCall-nullValue 
C++: Avoid using nullValue predicate (rc/1.19)
 2018-11-30 09:54:17 +00:00
Jonas Jensen
8654ebcbbd C++: Avoid using nullValue predicate 
The `nullValue` predicate performs a slow custom data-flow analysis to
find possible null values. It's so slow that it timed out after 1200s on
Wireshark.

In `UnsafeCreateProcessCall.ql`, the values found with `nullValue` were
used as sources in another data-flow analysis. By using the `NullValue`
class as sink instead of `nullValue`, we avoid the slow-down of doing
data flow twice. The `NullValue` class is essentially the base case of
`nullValue`. Confusing names, yes.
 2018-11-29 13:33:45 +01:00
Pavel Avgustinov
d4b2c01634 Lift out intermediate helper predicate. 2018-11-23 14:22:44 +00:00
Geoffrey White
e9499b59e4 CPP: Exclude switch statements. 2018-10-19 10:24:29 +01:00
Raul Garcia
7ab723ae79 Fixing typos & incorporating feedback. 
(MSFT feedback) Adding a new tag in the header @msrc.severity important
 2018-10-16 10:00:51 -07:00
Raul Garcia
22d54801e5 Removed one false-positive scenario (no space on lpCommandLine) 
Improved the query to avoid multiple calls to hasGlobalName
Fixed typos
Simplified the test case file
 2018-10-15 15:53:02 -07:00
Raul Garcia
cd5e788aa7 Update UnsafeCreateProcessCall.ql 2018-10-15 13:41:21 -07:00
Raul Garcia
1d853691eb Update UnsafeCreateProcessCall.qhelp 2018-10-15 13:40:40 -07:00
Raul Garcia
b8f8c99529 Update UnsafeCreateProcessCall.qhelp 2018-10-15 13:39:46 -07:00
Raul Garcia
242d40369b Merge branch 'master' into users/raulga/c6277 2018-10-12 15:59:54 -07:00
Raul Garcia
85283d63ce C++ : NULL application name with an unquoted path in call to CreateProcess 
Calling a function of the CreatePorcess* family of functions, which may result in a security vulnerability if the path contains spaces.
 2018-10-12 15:57:01 -07:00
Jonas Jensen
4b59c0cb80 Merge branch 'master' into hresult-boolean-qhelp 2018-10-09 14:56:58 +02:00
Geoffrey White
e0140f9112 CPP: Change some uses of WideCharType to Wchar_t. 2018-10-05 22:03:47 +01:00
Raul Garcia
3873cbdde0 Chnaging the @name & @description. 2018-10-03 15:32:34 -07:00
Raul Garcia
492b511cdf Merge operation 2018-10-02 11:27:39 -07:00
Raul Garcia
230724c085 Updates based on feedback 2018-10-02 11:17:23 -07:00
Raul Garcia
99e6708b2b Merge branch 'master' into users/raulga/c6276 2018-10-01 10:28:54 -07:00
Raul Garcia
253b8d1287 C++ : cpp/incorrect-string-type-conversion 
Cast between semantically different string types: char* from/to wchar_t*
NOTE: Please let me know if you want to use a different CWE than CWE-704
 2018-10-01 10:25:49 -07:00