hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
43,047 Commits 1,673 Branches 157 Tags
70622638851886e88f014d04451628ebe51157a0
Commit Graph

7997 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
7062263885 C++: Accept test changes. 2022-09-07 21:11:52 +01:00
Mathias Vorreiter Pedersen
a052614dbf C++: Two fixes to ensure we don't use getUniqueId in the new range analysis library. (1) don't use it to rank basic blocks, and (2) don't use it in 'toString' on bounds. 2022-09-07 18:45:43 +01:00
Mathias Vorreiter Pedersen
ddeae090a3 C++: Remove CP. 2022-09-07 15:11:16 +01:00
Nora Dimitrijević
7584434b80 Merge pull request #10163 from d10c/missing-check-scanf-squashed 
C++: New Query: missing return-value check for scanf-like functions
 2022-09-01 23:43:21 +02:00
Mathias Vorreiter Pedersen
2223bc3d1f Merge pull request #10261 from MathiasVP/fix-join-in-sign-analysis 
C++: Fix join in sign analysis
 2022-09-01 16:49:05 +01:00
Edoardo Pirovano
8f332714f4 Merge pull request #10260 from github/edoardo/3.7-mergeback 
Merge `rc/3.7` into `main`
 2022-09-01 15:44:17 +01:00
Mathias Vorreiter Pedersen
a65e585db1 C++: 'nomagic' on 'binaryExprOperands'. 2022-09-01 15:34:59 +01:00
Nora Dimitrijević
f956999891 Merge branch 'main' into missing-check-scanf-squashed 2022-09-01 12:08:50 +02:00
Nora Dimitrijević
f5a30c7bbe C++: Add correctness tag 
As that seems to be appropriate for this query.
 2022-08-31 16:59:57 +02:00
Nora Dimitrijević
38f185bee4 C++: Correct CWE tags in metadata 2022-08-31 16:58:05 +02:00
Nora Dimitrijević
0729e42536 C++: Update metadata based on cwe-scores 
Though the codeql/cwe-scores update-queries.py script did not make any changes on its own,
I looked up the score of the CWEs that @geoffw0 suggested using the explain.py script.

As discussed elsewhere, this should be more of a warning than a recommendation.
 2022-08-31 15:50:37 +02:00
Tom Hvitved
7a2d43432e C++: Adapt to parameterized SSA implementation 2022-08-31 11:56:24 +02:00
Tom Hvitved
760c7beb94 SSA: Sync files 2022-08-31 11:45:15 +02:00
Nora Dimitrijević
ce1e4ad422 Merge branch 'main' into missing-check-scanf-squashed 2022-08-30 11:34:00 +02:00
Nora Dimitrijević
e10042be7d C++: Improve docs based on doc-review 
Thanks to @mchammer01 and @geoffw0 for the suggestions latest.
 2022-08-30 11:14:57 +02:00
github-actions[bot]
3b4ad3c4f1 Post-release preparation for codeql-cli-2.10.4 2022-08-26 09:32:11 +00:00
erik-krogh
cc7a9ef97a rename more acronyms 2022-08-25 20:52:27 +02:00
Nora Dimitrijević
7d24d96d80 C++: Optimize MissingCheckScanf/bigStep() 2022-08-25 17:12:25 +02:00
Nora Dimitrijević
02772ed20c Revert changes to .gitignore and .clang-format 
because they are potentially too global, belong in a separate PR.
 2022-08-25 16:37:39 +02:00
Nora Dimitrijević
2bd866cc82 C++: improve change note and move to right place 2022-08-25 16:00:25 +02:00
Ian Lynagh
5e06277b38 Update cpp/ql/lib/change-notes/released/0.3.4.md 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2022-08-25 14:23:38 +01:00
Ian Lynagh
badb2b7f13 Update cpp/ql/lib/CHANGELOG.md 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2022-08-25 14:23:25 +01:00
Nora Dimitrijević
ad56274a73 C++: Small improvements to query qldoc and message 2022-08-25 15:22:41 +02:00
Erik Krogh Kristensen
06afe9c0f4 Merge pull request #9816 from erik-krogh/msgConsis 
Make alert messages consistent across languages
 2022-08-25 15:20:01 +02:00
Nora Dimitrijević
a6a30b3725 C++: clarify ScanfOutput.getMinimumGuardConstant() 2022-08-25 15:07:39 +02:00
github-actions[bot]
0f63bc077f Release preparation for version 2.10.4 2022-08-25 12:52:26 +00:00
Nora Dimitrijević
e39229d59e C++: Remove unique-Instruction kludge in ScanfOutput 
Passes tests.
 2022-08-25 14:38:58 +02:00
Nora Dimitrijević
d8800c03b6 C++: new helper predicates in ScanfFunctionCall 
Extract some of the logic from the `cpp/missing-check-scanf` query into
the more generally useful `getOutputArgument(int index)`, `getAnOutputArgument()`,
and `getNumberOfOutputArguments()` predicates.
 2022-08-25 14:32:15 +02:00
Nora Dimitrijević
5c894ae40b Merge branch 'main' into missing-check-scanf-squashed 2022-08-24 21:14:57 +02:00
Nora Dimitrijević
170d12bf5a Write MissingCheckScanf.qhelp 2022-08-24 19:58:19 +02:00
Ian Lynagh
501a9b3c6b Make *.qll non-executable 2022-08-24 16:36:15 +01:00
erik-krogh
1c0f2251e2 Merge branch 'main' into msgConsis 2022-08-24 14:38:57 +02:00
Nora Dimitrijević
ca162a4365 C++: complete initial implementation of cpp/missing-check-scanf 
There are still some remaining FPs (haven't fully tested them)
that should be ironed out in a follow-up to increase the precision, e.g.:

  * if scanf(&i) != 1 return
    if maybe() && scanf(&i) != 1 return
    use(i) // should be OK on both counts

  * The minimum guard constant for the *_s variants may not be right.

  * int i[2]
    scanf(i, i+1) // second i is flagged as a use of the first

  * Maybe loosen the "unguarded or badly guarded use() = bad" policy to
    "unguarded but already-initialized = good" and "badly guarded = bad",
    since a lot of FPs in MRVA fall into the "unguarded but already-
    initialized" bucket.
 2022-08-24 11:25:06 +02:00
Nora Dimitrijević
69911d4f36 .clang-format: do not autoformat test.cpp 2022-08-24 11:25:05 +02:00
erik-krogh
a50234adb0 apply suggestion from review 2022-08-23 15:41:37 +02:00
erik-krogh
1a7d3ee831 update expected output after changing queries 2022-08-23 12:35:32 +02:00
erik-krogh
afadcd9b45 use a more detailed alert message in bitwise-sign-check 2022-08-23 11:18:45 +02:00
erik-krogh
d96d6721ba change the alert message of unused-local-variable 2022-08-23 11:15:11 +02:00
erik-krogh
82d9180892 only have one deprecated alias for XmlDtd 2022-08-23 10:38:23 +02:00
erik-krogh
f7846a598e add change-notes 2022-08-23 07:54:01 +02:00
erik-krogh
78ba7650b3 change the change-notes 2022-08-23 07:28:46 +02:00
erik-krogh
7e0bd5bde4 update expected output of tests 2022-08-22 21:41:47 +02:00
erik-krogh
678e433013 update cpp/missing-case-in-switch to match java 2022-08-22 21:41:45 +02:00
erik-krogh
ea2777fa3e update {cs/cpp}/equality-on-floats to use the same alert-message/description 2022-08-22 21:41:45 +02:00
erik-krogh
39c1832995 update {cpp/js}/bitwise-sign-check to match java 2022-08-22 21:41:45 +02:00
erik-krogh
cc41a83a8d update {py/cpp}/commented-out-code to match csharp/java/javascript 2022-08-22 21:41:45 +02:00
erik-krogh
698ccd8850 update {cpp/java}/unused-local to match python 2022-08-22 21:41:45 +02:00
erik-krogh
5a312cd0da update cpp/complex-block to match java/csharp 2022-08-22 21:41:45 +02:00
erik-krogh
b1c9843d15 update {cs/cpp}/empty-block so they have the same alert message 2022-08-22 21:41:45 +02:00
erik-krogh
28083ebe09 run the implicit-this patch 2022-08-22 21:23:31 +02:00