hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-28 01:51:23 +02:00
Code Issues Packages Projects Releases Wiki Activity
87,603 Commits 1,761 Branches 168 Tags
6e77a45fb3cd159fe59b41f9bbd333cc4ec235ba
Commit Graph

2946 Commits

Author SHA1 Message Date
Jeroen Ketema
3c4e22a8ba Merge pull request #21870 from jketema/jketema/generated 
C++: Add ability to see if one template was generated from another
 2026-05-22 15:46:06 +02:00
Mathias Vorreiter Pedersen
a7405bddaa Merge pull request #21856 from MathiasVP/scanf-safe-functions 
C++: Model secure versions of `scanf` as flow sources
 2026-05-22 12:34:54 +01:00
Jeroen Ketema
0e6257de2d C++: Fix QLDoc wording 2026-05-22 13:13:25 +02:00
Jeroen Ketema
a027665ab4 C++: Add ability to see if one template was generated from another 2026-05-22 13:13:21 +02:00
Mathias Vorreiter Pedersen
a33af09244 C++: Add models for _fscanf_s_l, fwscanf_s and _fwscanf_s_l. 2026-05-20 18:59:04 +01:00
Mathias Vorreiter Pedersen
25d20399f3 C++: Add models for _scanf_s_l, wscanf_s and _wscanf_s_l. 2026-05-20 18:43:07 +01:00
Mathias Vorreiter Pedersen
157424cca3 Merge pull request #21836 from MathiasVP/uncertain-def-more-complete 
C++: Support reasoning about whether a phi node overwrites the entire buffer
 2026-05-20 13:04:37 +01:00
Mathias Vorreiter Pedersen
f5113b1932 C++: Fix internal SCC edges and accept test changes. 2026-05-19 15:39:32 +01:00
Mathias Vorreiter Pedersen
c6ce13a012 C++: Simplify recursion in 'PhiCycle::isCertain' and do not restrict the definition to be a 'PhiNode'. 2026-05-19 15:27:23 +01:00
Mathias Vorreiter Pedersen
d93de54397 C++: Consistent use of 'this.getIndirection()' in 'toString'. 2026-05-19 12:16:37 +01:00
Jeroen Ketema
22a8123ee1 Merge pull request #21860 from jketema/jketema/alias-template 
C++: Support alias templates
 2026-05-19 10:46:56 +02:00
Mathias Vorreiter Pedersen
2c156994de C++: Add two more 'fopen'-like models. 2026-05-18 14:47:11 +01:00
Mathias Vorreiter Pedersen
5f10a88208 C++: Handle size arguments in 'getOutputArgument'. 2026-05-18 14:06:18 +01:00
Mathias Vorreiter Pedersen
5add24be59 C++: Add scanf_s models. 2026-05-18 14:06:16 +01:00
Mathias Vorreiter Pedersen
16235d7aca C++: Add a 'call' column to 'hasRemoteFlowSource' and 'hasLocalFlowSource' to support modeling of 'scanf_s'. 2026-05-18 14:06:05 +01:00
Jeroen Ketema
d14b8064b0 Update cpp/ql/lib/semmle/code/cpp/TypedefType.qll 2026-05-18 15:04:03 +02:00
Jeroen Ketema
7636bf560e Potential fix for pull request finding 
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
 2026-05-18 15:02:34 +02:00
Jeroen Ketema
c2e2770bbf C++: Simplify type alias class naming 2026-05-18 14:22:04 +02:00
Jeroen Ketema
336bbc229e C++: Add support for alias templates 
Add other missing cases to `isFromTemplateInstantiationRec` and
`isFromUninstantiatedTemplateRec` while here.
 2026-05-16 09:11:54 +02:00
Mathias Vorreiter Pedersen
4396e66f35 C++: Fix FP by providing an implementation of 'hasSocketInput'. 2026-05-15 21:12:34 +01:00
Mathias Vorreiter Pedersen
25c4d9d09b Potential fix for pull request finding 
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
 2026-05-13 13:27:04 +01:00
Mathias Vorreiter Pedersen
f40d42c575 C++: Perform an SCC reduction to simulate greatest fixed-point semantics. 2026-05-13 13:14:20 +01:00
Mathias Vorreiter Pedersen
8585bb616d C++: Some writes are always certain regardless of the address. 2026-05-13 13:14:13 +01:00
Mathias Vorreiter Pedersen
fc80a2472d C++: Slightly refactor certainty computation with a newtype. 2026-05-13 13:09:12 +01:00
Mathias Vorreiter Pedersen
6d5d57acca C++: Add missing overrides. 2026-05-13 13:09:10 +01:00
Mathias Vorreiter Pedersen
b753e7d228 C++: Make 'toString' on 'Ssa::Definition' more clear. 2026-05-13 13:09:01 +01:00
Jeroen Ketema
29dd56f83f C++: Make formatting of switch statement examples more uniform 2026-04-28 16:36:54 +02:00
Jeroen Ketema
0bc23c3af1 C++: Match example with text 2026-04-28 16:33:17 +02:00
Jeroen Ketema
f634b328ee C++: Fix join-order problem in getNextSwitchCase 
Before on `neovim`:
```
[2026-04-28 14:54:20] Evaluated non-recursive predicate Stmt::SwitchCase.getNextSwitchCase/0#dispred#2d3cb6d3@ac8178o2 in 68ms (size: 20848).
Evaluated relational algebra for predicate Stmt::SwitchCase.getNextSwitchCase/0#dispred#2d3cb6d3@ac8178o2 with tuple counts:
           21888  ~0%    {2} r1 = SCAN switch_case OUTPUT In.2, In.0
           21888  ~0%    {4}    | JOIN WITH #switch_caseMerge_21#join_rhs ON FIRST 1 OUTPUT Lhs.1, Lhs.0, _, Rhs.1
           21888  ~4%    {3}    | REWRITE WITH Tmp.2 := 1, Out.2 := (In.3 - Tmp.2) KEEPING 3
        24091916  ~0%    {3}    | JOIN WITH switch_case ON FIRST 1 OUTPUT Lhs.2, Rhs.2, Lhs.1
           20848  ~2%    {2}    | JOIN WITH #switch_caseMerge_12#join_rhs ON FIRST 2 OUTPUT Lhs.1, Lhs.2
                         return r1
```

After:
```
[2026-04-28 15:30:53] Evaluated non-recursive predicate Stmt::SwitchCase.getNextSwitchCase/0#dispred#2d3cb6d3@bf9801oj in 0ms (size: 20848).
Evaluated relational algebra for predicate Stmt::SwitchCase.getNextSwitchCase/0#dispred#2d3cb6d3@bf9801oj with tuple counts:
        21888  ~0%    {4} r1 = SCAN switch_case OUTPUT In.0, _, In.2, In.1
        21888  ~1%    {3}    | REWRITE WITH Tmp.1 := 1, Out.1 := (In.3 + Tmp.1) KEEPING 3
        20848  ~2%    {2}    | JOIN WITH switch_case ON FIRST 2 OUTPUT Lhs.2, Rhs.2
                      return r1
```
 2026-04-28 15:44:53 +02:00
Jeroen Ketema
fa8c1d6226 C++: Add a getSwitchCase predicate to SwitchStmt 2026-04-28 15:44:12 +02:00
Jeroen Ketema
ae89b2ee79 Merge pull request #21747 from jketema/join-order 
Fix two `QualifiedName` join orders
 2026-04-24 08:05:24 +02:00
Mathias Vorreiter Pedersen
14efb4502b C++: Fix join in getVariable. 2026-04-23 12:10:09 +01:00
Jeroen Ketema
076b020dc4 Fix two QualifiedName join orders 
Before on `StanfordLegion__legion` with `cpp/throwing-pointer`:
```
Pipeline standard for QualifiedName::Namespace.getQualifiedName/0#cbc0648a@7ff329j5 was evaluated in 2 iterations totaling 0ms (delta sizes total: 70).
        162061  ~0%    {2} r1 = JOIN `QualifiedName::Namespace.getQualifiedName/0#cbc0648a#prev_delta` WITH namespacembrs ON FIRST 1 OUTPUT Rhs.1, Lhs.1
            70  ~2%    {4}    | JOIN WITH namespaces ON FIRST 1 OUTPUT Lhs.0, _, Lhs.1, Rhs.1
            70  ~0%    {2}    | REWRITE WITH Tmp.1 := "::", Out.1 := (In.2 ++ Tmp.1 ++ In.3) KEEPING 2
            70  ~0%    {2}    | AND NOT `QualifiedName::Namespace.getQualifiedName/0#cbc0648a#prev`(FIRST 2)
                       return r1

Pipeline standard for QualifiedName::Namespace.getAQualifierForMembers/0#132b16e1@cfd47189 was evaluated in 2 iterations totaling 3ms (delta sizes total: 85).
            12   ~0%    {2} r1 = JOIN `QualifiedName::Namespace.getAQualifierForMembers/0#132b16e1#prev_delta` WITH _#namespace_inlineMerge_#namespacembrsMerge#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1

        162417   ~0%    {2} r2 = JOIN `QualifiedName::Namespace.getAQualifierForMembers/0#132b16e1#prev_delta` WITH namespacembrs ON FIRST 1 OUTPUT Rhs.1, Lhs.1
            73   ~1%    {4}    | JOIN WITH namespaces ON FIRST 1 OUTPUT Lhs.0, _, Lhs.1, Rhs.1
            73   ~0%    {2}    | REWRITE WITH Tmp.1 := "::", Out.1 := (In.2 ++ Tmp.1 ++ In.3) KEEPING 2

            85   ~0%    {2} r3 = r1 UNION r2
            85   ~0%    {2}    | AND NOT `QualifiedName::Namespace.getAQualifierForMembers/0#132b16e1#prev`(FIRST 2)
                        return r3
```

After:
```
Pipeline standard for QualifiedName::Namespace.getQualifiedName/0#cbc0648a@91677d3f was evaluated in 2 iterations totaling 0ms (delta sizes total: 70).
        70  ~0%    {4} r1 = JOIN `QualifiedName::Namespace.getQualifiedName/0#cbc0648a#prev_delta` WITH _#namespacembrsMerge_1#antijoin_rhs_#namespacembrsMerge_10#join_rhs_#namespacesMerge#join_rhs ON FIRST 1 OUTPUT Rhs.1, _, Lhs.1, Rhs.2
        70  ~0%    {2}    | REWRITE WITH Tmp.1 := "::", Out.1 := (In.2 ++ Tmp.1 ++ In.3) KEEPING 2
        70  ~0%    {2}    | AND NOT `QualifiedName::Namespace.getQualifiedName/0#cbc0648a#prev`(FIRST 2)
                   return r1

Pipeline standard for QualifiedName::Namespace.getAQualifierForMembers/0#132b16e1@3bbc99mb was evaluated in 2 iterations totaling 0ms (delta sizes total: 85).
        12   ~0%    {2} r1 = JOIN `QualifiedName::Namespace.getAQualifierForMembers/0#132b16e1#prev_delta` WITH _#namespace_inlineMerge_#namespacembrsMerge_1#antijoin_rhs__#namespacembrsMerge_#namespacembrsMerge___#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1

        73   ~0%    {4} r2 = JOIN `QualifiedName::Namespace.getAQualifierForMembers/0#132b16e1#prev_delta` WITH _#namespacembrsMerge_1#antijoin_rhs_#namespacesMerge__#namespacembrsMerge_#namespacembrsMerge_10#joi__#join_rhs ON FIRST 1 OUTPUT Rhs.1, _, Lhs.1, Rhs.2
        73   ~1%    {2}    | REWRITE WITH Tmp.1 := "::", Out.1 := (In.2 ++ Tmp.1 ++ In.3) KEEPING 2

        85   ~0%    {2} r3 = r1 UNION r2
        85   ~0%    {2}    | AND NOT `QualifiedName::Namespace.getAQualifierForMembers/0#132b16e1#prev`(FIRST 2)
                    return r3
```
 2026-04-23 10:37:12 +02:00
Jeroen Ketema
12868e5140 C++: Remove deprecated code added more than a year ago 2026-04-14 13:03:10 +02:00
Owen Mansel-Chan
7458674470 Merge pull request #21584 from owen-mc/shared/update-mad-comments 
Shared: update code comments explaining models-as-data format to include barriers and barrier guards
 2026-04-14 09:30:28 +01:00
Jeroen Ketema
26715fc95c C++: Rename rst to convSpec 2026-04-14 08:03:51 +02:00
Jeroen Ketema
19c4b2ff8f C++: Use getConvSpecString instead of getConvSpecOffset and substring 2026-04-13 15:44:41 +02:00
Jeroen Ketema
b19c648965 C++: Add heuristic for GNU autoconf config files 2026-04-07 10:43:15 +02:00
Mathias Vorreiter Pedersen
43d002e6b5 Merge pull request #21619 from MathiasVP/more-http-remote-flow-sources 
C++: Add flow sources from Windows' `http.h`
 2026-03-31 15:44:39 +01:00
Mathias Vorreiter Pedersen
16a7e39e95 C++: Fix pointer indirection. Currently, this does not have any effect because of a conflation bug in taint-tracking. 2026-03-31 15:26:15 +01:00
Jeroen Ketema
17ab87d1fc Merge pull request #21618 from jketema/meson-silence 
C++: Add heuristics for meson configuration files
 2026-03-31 15:24:22 +02:00
Mathias Vorreiter Pedersen
dc8dc61196 C++: Fix type name. 2026-03-31 13:54:30 +01:00
Mathias Vorreiter Pedersen
102221d0aa C++: Add lots of taint inheriting content related to '_HTTP_REQUEST'. 2026-03-31 11:30:39 +01:00
Jeroen Ketema
5122f7cf92 C++: Add heuristics for meson configuration files 2026-03-31 11:02:26 +02:00
Mathias Vorreiter Pedersen
5db069eb56 C++: Fix more consistency errors. 2026-03-30 12:08:08 +01:00
Mathias Vorreiter Pedersen
599b7a6653 C++: Handle fields in 'getThisType'. 2026-03-30 11:00:40 +01:00
Mathias Vorreiter Pedersen
9cb8edb41a C++: Change 'Function' to 'Declaration' in a few places to handle enclosing callables being fields. 2026-03-30 11:00:38 +01:00
Mathias Vorreiter Pedersen
eb35fa0d5e C++: Unify 'isSourceParameterOf' for this parameters with the implementation for positional parameters. 2026-03-30 11:00:37 +01:00
Jeroen Ketema
8349bd50ba Merge pull request #21391 from jketema/jketema/nsdmi 
C++: Handle field initialization via NSDMI in IR generation
 2026-03-30 11:35:06 +02:00
Owen Mansel-Chan
a7fdc4b543 Replace acceptingvalue with acceptingValue 2026-03-27 22:15:45 +00:00