hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
77,810 Commits 1,671 Branches 157 Tags
6820cbabc8ac9eefda6ab6bc7a179990cf747aba
Commit Graph

12975 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
0c17786ed0 C++: Delete unused predicate 2025-03-14 10:51:22 +01:00
Jeroen Ketema
de2fb037d0 Merge pull request #18980 from LeStarch/jpl-c-basic-integral-types-fix 
Fixing BasicIntTypes to allow C Standard Integers and 'bool'
 2025-03-14 08:06:55 +01:00
M Starch
7b5d604607 Updating tests to allow new typedefs 2025-03-13 15:04:37 -07:00
M Starch
7f4905987e Addressing review comments 
Reduced the category to minorAnalysis.  Handled bools via a instanceof with BoolType.  Formatted the query correctly.
 2025-03-13 11:12:35 -07:00
Mathias Vorreiter Pedersen
6f4e9ed136 Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2025-03-13 16:00:36 +00:00
Mathias Vorreiter Pedersen
0e5fa1b5eb Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2025-03-13 16:00:23 +00:00
Mathias Vorreiter Pedersen
470321e8b6 Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2025-03-13 16:00:15 +00:00
Mathias Vorreiter Pedersen
9cde2bb94d Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2025-03-13 15:59:57 +00:00
Mathias Vorreiter Pedersen
68b414d169 Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2025-03-13 15:59:48 +00:00
Mathias Vorreiter Pedersen
0fe77154e1 C++: Add library change note. 2025-03-13 14:29:34 +00:00
Mathias Vorreiter Pedersen
aeb1acba97 C++: Use the new API in queries. 2025-03-12 17:09:05 +00:00
Mathias Vorreiter Pedersen
66e8b2d7e5 C++: Add an 'asDefinition' overload to check if a definition is certain or not. 2025-03-12 17:07:07 +00:00
M Starch
f01737a4c0 Fixing BasicIntTypes to allow C Standard Integers and 'bool' 
The purpose of this check is to ensure that all integral types used by the code point to some fixed size type (e.g. an unsigned 8-bit integer). However; the previous implementation only allowed JPL style typedefs (i.e. U8) and ignored C standard integer types (i.e. uint8_t). This causes the query to false-positive when a typedef resolves to a C standard int type.

'bool' has also be allowed as part of the exclusions list as it represents distinct values 'true' and 'false' in C++ code.
 2025-03-11 14:56:57 -07:00
Mathias Vorreiter Pedersen
f9a7ac4e89 C++: Accept test changes. 2025-03-07 19:59:06 +00:00
Mathias Vorreiter Pedersen
b06902a3b1 C++: Share more indirect operands and instructions. 2025-03-07 19:59:05 +00:00
Jeroen Ketema
87ee191409 Merge pull request #18928 from jketema/desc 
C++: Improve query description and fix alignment of the text
 2025-03-07 10:47:31 +01:00
Mathias Vorreiter Pedersen
38bf9c6835 Merge pull request #18908 from aschackmull/cpp/branchlimit-adjustment-refactor 
C++: Change countNumberOfBranchesUsingParameter to match qldoc closer.
 2025-03-05 11:21:38 +00:00
Jeroen Ketema
e50ebfc8c2 C++: Improve query description and fix alignment of the text 2025-03-04 20:50:27 +01:00
Jeroen Ketema
795a2e1175 Merge pull request #18923 from jketema/template-arguments 
C++: Update template test to also output the value of template arguments
 2025-03-04 17:56:14 +01:00
Jeroen Ketema
324499e447 C++: Update template test to also output the value of template arguments 
These values are currently the same as the result that `getTemplateArgument`
yields. However, this will change with the upcoming frontend update.
 2025-03-04 16:24:21 +01:00
Enrico Steffinlongo
e230166fe2 Add C++ query to extract the status of include file resolution 2025-03-04 13:57:17 +00:00
github-actions[bot]
58f355ae5a Post-release preparation for codeql-cli-2.20.6 2025-03-03 18:18:15 +00:00
github-actions[bot]
fa850cccb1 Release preparation for version 2.20.6 2025-03-03 17:13:19 +00:00
Geoffrey White
7f56c67544 Merge pull request #18837 from geoffw0/overflowbuffer 
C++: Improve and promote cpp/overflow-buffer
 2025-03-03 14:17:12 +00:00
Anders Schack-Mulligen
5d91f2e119 C++: Change countNumberOfBranchesUsingParameter to match qldoc closer. 2025-03-03 15:14:28 +01:00
Geoffrey White
7169c4be48 C++: Another attempt to make the fix more solid. I believe it can't produce negative numbers now. 2025-02-28 14:21:58 +00:00
Geoffrey White
998bec1efb C++: Fix the bug. 2025-02-27 21:24:07 +00:00
Geoffrey White
51d916263d C++: Another test. 2025-02-27 21:19:05 +00:00
Geoffrey White
3d19e2ad4a C++: Static buffer overflow change note. 2025-02-27 16:46:53 +00:00
Geoffrey White
1354bebd7c C++: Fix an issue with padding. 2025-02-26 17:43:25 +00:00
Geoffrey White
dbab845295 C++: Effect of this branch on the new test. 2025-02-26 17:18:48 +00:00
Geoffrey White
abb88e3dba C++: Add a test file that was internal (results as on main). 2025-02-26 17:14:43 +00:00
Geoffrey White
c41add896f C++: Accept regressions in SAMATE based test cases. 2025-02-26 16:34:10 +00:00
Geoffrey White
a7ac6b137b C++: Second change note. 2025-02-25 17:02:23 +00:00
Geoffrey White
7d7498ee32 C++: Avoid problems when a variable has multiple types. 2025-02-25 16:55:13 +00:00
Geoffrey White
812315df27 C++: Use existing getSize / getRootType to find more generous bounds for arrays inside classes (though it sometimes fails, costing us TPs). 2025-02-25 16:29:49 +00:00
Geoffrey White
07004bd6f9 C++: Test cases motivated by a real world FP. 2025-02-25 15:36:12 +00:00
Jeroen Ketema
7eca4b4d82 C++: Fix join-order problem with isBefore 
Reported here: https://github.com/github/codeql/issues/17743

Without this change on the query provided by the user:
```
[2025-02-25 12:42:01] Evaluated non-recursive predicate quickquery::UnrealFunctionAnnotation.annotates/1#dispred#9cd6c269@c668c8tv in 23846ms (size: 20381473).
Evaluated relational algebra for predicate quickquery::UnrealFunctionAnnotation.annotates/1#dispred#9cd6c269@c668c8tv with tuple counts:
                 1   ~0%    {0} r1 = CONSTANT()[]
             27323   ~0%    {2}    | JOIN WITH `Location::Location.getEndLine/0#dispred#83af84ae#bf` CARTESIAN PRODUCT OUTPUT Rhs.0, Rhs.1
        6162566035   ~0%    {4}    | JOIN WITH `Location::Location.getStartLine/0#d54f9e6c` CARTESIAN PRODUCT OUTPUT Lhs.0, Lhs.1, Rhs.0, Rhs.1
                            {4}    | REWRITE WITH TEST InOut.1 < InOut.3
        3894825644   ~5%    {2}    | SCAN OUTPUT In.2, In.0
          73148692   ~0%    {3}    | JOIN WITH fun_decls_40#join_rhs ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Rhs.1
          73148692   ~0%    {4}    | JOIN WITH `Location::Location.getFile/0#dispred#d1f8b5d1` ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Lhs.0, Lhs.2
            864579   ~0%    {2}    | JOIN WITH `Location::Location.getFile/0#dispred#d1f8b5d1` ON FIRST 2 OUTPUT Lhs.2, Lhs.3
          13010742   ~1%    {2}    | JOIN WITH macroinvocations_20#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1
          20653781   ~0%    {3}    | JOIN WITH `Macro::MacroAccess.getOutermostMacroAccess/0#d58b05db_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, _, Lhs.1
          20653781   ~4%    {3}    | REWRITE WITH Out.1 := 1
          20381473   ~8%    {2}    | JOIN WITH macroinvocations_03#join_rhs ON FIRST 2 OUTPUT Lhs.0, Lhs.2
                            return r1
```

With this change:
```
[2025-02-25 12:43:10] Evaluated non-recursive predicate quickquery::UnrealFunctionAnnotation.annotates/1#dispred#9cd6c269@11bf8956 in 928ms (size: 20381473).
Evaluated relational algebra for predicate quickquery::UnrealFunctionAnnotation.annotates/1#dispred#9cd6c269@11bf8956 with tuple counts:
            6873   ~3%    {2} r1 = SCAN fun_decls OUTPUT In.4, In.0
            6857   ~0%    {3}    | JOIN WITH `Location::Location.getStartLine/0#d54f9e6c` ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Rhs.1
            6857   ~2%    {3}    | JOIN WITH `Location::Location.getFile/0#dispred#d1f8b5d1` ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
         6193961   ~0%    {3}    | JOIN WITH `Location::Location.getFile/0#dispred#d1f8b5d1_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
        27389714   ~1%    {4}    | JOIN WITH macroinvocations_20#join_rhs ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2, Rhs.1
        27389714   ~1%    {4}    | JOIN WITH locations_default ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Lhs.3, Rhs.4
                          {4}    | REWRITE WITH TEST InOut.3 < InOut.1
        13010742   ~1%    {2}    | SCAN OUTPUT In.2, In.0
        20653781   ~0%    {3}    | JOIN WITH `Macro::MacroAccess.getOutermostMacroAccess/0#d58b05db_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, _, Lhs.1
        20653781   ~4%    {3}    | REWRITE WITH Out.1 := 1
        20381473   ~8%    {2}    | JOIN WITH macroinvocations_03#join_rhs ON FIRST 2 OUTPUT Lhs.0, Lhs.2
                          return r1
```
 2025-02-25 12:39:11 +01:00
Alexander Eyers-Taylor
ddfb16899a Merge pull request #18828 from alexet/alexet/fix-flakey-join-order 
CPP: Prevent forced bad join order which is saved by context.
 2025-02-24 17:54:16 +00:00
Geoffrey White
3681ace746 C++: Explore negative indices more in tests. 2025-02-24 10:36:43 +00:00
Geoffrey White
08913c551d Merge pull request #18827 from geoffw0/exectainted 
C++: Expand qldoc and tests for cpp/command-line-injection
 2025-02-24 08:53:49 +00:00
Geoffrey White
90758b37ef C++: Change notes. 2025-02-21 19:00:12 +00:00
Geoffrey White
fd32355ca8 C++: Give cpp/overflow-buffer medium precision, and upgrade severity so it will appear in security-extended. 2025-02-21 18:58:58 +00:00
Geoffrey White
ae25399a47 C++: Fix offsetof bug. 2025-02-21 18:58:56 +00:00
Geoffrey White
547b082ac3 C++: Even more test cases. 2025-02-21 18:58:42 +00:00
Geoffrey White
3aa1ba5876 C++: More additional test cases. 2025-02-21 18:09:41 +00:00
Alex Eyers-Taylor
57e985cc21 CPP: Simplify getClassAndNameImpl 2025-02-21 16:23:45 +00:00
Geoffrey White
89355991df C++: Additional test cases. 2025-02-20 16:28:35 +00:00
Geoffrey White
e77ebf0715 C++: Test spacing. 2025-02-20 16:23:35 +00:00
Alex Eyers-Taylor
53c5b8ff9e CPP: Prevent forced bad join order. 2025-02-20 16:06:42 +00:00