hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
13,002 Commits 1,672 Branches 157 Tags
7dc30e3fdcd502ae74265b1545050f18e29e4712
Commit Graph

3913 Commits

Author SHA1 Message Date
Robert Marsh
7dc30e3fdc C++: add output indirections for this 2020-05-28 15:30:41 -07:00
Robert Marsh
d8b5d3bce8 C++: accept test fixes 2020-05-28 08:45:01 -07:00
Robert Marsh
693789c2cc Merge branch 'master' into ir-this-parameter 
Bring in new tests so their output can be fixed
 2020-05-28 08:32:10 -07:00
Jonas Jensen
688f540843 Merge pull request #3582 from MathiasVP/qldoc-for-controlflow 
C++: QLDoc for BasicBlock, ControlFlowGraph and Dataflow
 2020-05-28 13:52:43 +02:00
Mathias Vorreiter Pedersen
52da5755b3 C++: Respond to review comments. 2020-05-28 11:20:13 +02:00
Mathias Vorreiter Pedersen
3d27b6bbde C++: QLDoc for BasicBlock, ControlFlowGraph and Dataflow 2020-05-28 10:10:26 +02:00
Robert Marsh
54ed5d647a C++:autoformat 2020-05-27 19:30:02 -07:00
Robert Marsh
58673c449a C++: switch to TranslatedThisParameter 2020-05-27 19:29:29 -07:00
Robert Marsh
593d4c0f32 Merge pull request #3567 from MathiasVP/ir-partial-definition 
Implement `asPartialDefinition` for IR dataflow nodes
 2020-05-27 13:51:41 -07:00
Robert Marsh
be74616b2b C++: accept consistency test fixes 2020-05-27 12:39:54 -07:00
Mathias Vorreiter Pedersen
bd97fe627c Merge branch 'master' into remove-field-conflation-from-ir-fieldflow 2020-05-27 17:08:19 +02:00
Mathias Vorreiter Pedersen
db557a45e7 Merge pull request #3570 from geoffw0/mysprintftest 
C++: Fix mysprintf in taint test
 2020-05-27 09:19:54 +02:00
Mathias Vorreiter Pedersen
97edd97778 C++: Add getLocation to TNode IPA type in testcase 2020-05-27 08:28:18 +02:00
Robert Marsh
b45473ec4c C++: more specific type in IndirectParameterAlloc 2020-05-26 14:07:26 -07:00
Robert Marsh
70f62538af C++: autoformat 2020-05-26 14:06:22 -07:00
Robert Marsh
fb46002332 C++: Fix ThisParameterNode after IR changes 2020-05-26 13:35:08 -07:00
Robert Marsh
7ad45d50c0 C++: add test case from issue 2020-05-26 11:38:14 -07:00
Geoffrey White
95537ed26f C++: Fix mysprintf in test. 2020-05-26 18:06:14 +01:00
Geoffrey White
d96bf797ef C++: Test layout. 2020-05-26 18:06:06 +01:00
Robert Marsh
43520b8f9b C++/C#: Fix copy/pasted qldoc 2020-05-26 09:47:30 -07:00
Robert Marsh
2429e22709 Merge pull request #3548 from dbartol/github/codeql-c-analysis-team/69 
C++: Fix duplicate result types
 2020-05-26 09:44:12 -07:00
Geoffrey White
dea7be0884 Merge pull request #3557 from jbj/qldoc-external 
C++: QLDoc for legacy libraries in `external` dir
 2020-05-26 15:01:03 +01:00
Mathias Vorreiter Pedersen
08fa3141cd C++: Fix accidential removal of private annotations 2020-05-26 14:15:46 +02:00
Jonas Jensen
5deeda0337 Merge pull request #3387 from geoffw0/tostringperf 
C++: Eliminate recursion from toString().
 2020-05-26 13:24:43 +02:00
Mathias Vorreiter Pedersen
251240376b C++: Fix asPartialDefinition for IR dataflow nodes and accept testcases 2020-05-26 13:14:38 +02:00
Mathias Vorreiter Pedersen
c5c3ffaef0 C++: Add asPartialDefinition testcases 2020-05-26 13:14:11 +02:00
Mathias Vorreiter Pedersen
b205d36933 C++: Remove chi -> load rule from simpleLocalFlowStep and accept tests 2020-05-26 11:40:26 +02:00
Mathias Vorreiter Pedersen
5fb76df44f Merge pull request #3556 from jbj/qldoc-CodeDuplication 
C++/JavaScript: Improve CodeDuplication.qll QLDoc
 2020-05-26 09:17:28 +02:00
semmle-qlci
64aefc612f Merge pull request #3554 from jbj/too-few-arguments-ambiguous 
Approved by dbartol
 2020-05-26 07:26:53 +01:00
Dave Bartolomeo
5c20d56134 Merge pull request #3558 from jbj/qldoc-default-objc 
C++: Properly deprecate objc.qll and default.qll
 2020-05-25 14:31:25 -04:00
Dave Bartolomeo
12688f80ce Merge pull request #3559 from jbj/vcs-remove 
C++: Remove VCS.qll and all queries using it
 2020-05-25 14:30:31 -04:00
Jonas Jensen
e28ed848a4 C++: Remove VCS.qll and all queries using it 
All these queries have been deprecated since 2018. There is
unfortunately no way to deprecate a library, but it's been years since
we populated any databases using the VCS library, so nobody should be
using it.
 2020-05-25 19:28:06 +02:00
Jonas Jensen
85df60ea65 C++: Replace import default with import cpp 
Some tests still used the old name for the top-level library.
 2020-05-25 19:07:28 +02:00
Jonas Jensen
5fc2a3de92 C++: QLDoc for default.qll and objc.qll 
These are both deprecated.
 2020-05-25 19:05:41 +02:00
Jonas Jensen
357e14b2d2 C++: QLDoc for legacy libraries in external dir 
These docs were taken from the corresponding files in JavaScript, and
parameter names were changed to match.
 2020-05-25 19:03:14 +02:00
Jonas Jensen
6fc9e1d84c C++/JavaScript: Improve CodeDuplication.qll QLDoc 
I took most of the docs from the corresponding predicates in
JavaScript's `CodeDuplication.qll`. Where JavaScript had a corresponding
predicate but didn't have QLDoc, I added new QLDoc to both.
 2020-05-25 18:59:48 +02:00
Jonas Jensen
bc09720704 Merge pull request #3479 from geoffw0/fp2762 
C++: Allow equality to block taint (security taint tracking)
 2020-05-25 15:11:10 +02:00
Jonas Jensen
3d58e6f7af Merge pull request #3515 from hvitved/dataflow/remove-deprecated 
Data flow: Remove deprecated predicates
 2020-05-25 15:08:28 +02:00
Jonas Jensen
b4c32a00d8 C++: Fix up QLDoc in TooFewArguments.qll 2020-05-25 14:49:02 +02:00
Jonas Jensen
b1edc1d255 C++: Only give alert when no def fits arg count 
The `cpp/too-few-arguments` query produced alerts for ambiguous
databases where a function had multiple possible declarations, with some
declarations having the right number of parameters and some having too
many. With this change, the query errs on the side of caution in those
cases and does not produce an alert.

This fixes false positives on racket/racket.

The new `hasDefiniteNumberOfParameters` is exactly the negation of the
old `hasZeroParamDecl`.
 2020-05-25 14:48:57 +02:00
Robert Marsh
b4a947ddf1 C++: add getIRVariable for this temp variables 2020-05-22 15:43:34 -07:00
Robert Marsh
8a53dc882d C++: treat this as a parameter in IR 2020-05-22 15:35:34 -07:00
Dave Bartolomeo
df834ac031 C++: Fix duplicate result types 
In a couple of cases, we use `glval<unknown>` as the result type of an instruction because we can't come up with anything better. Two examples are the result of `VariableAddress[#ellipsis]`, and the address of the temp variable that holds the lvalue result of the conditional operator in `(a ? b : c) = y`. In both cases, we call `getTypeForGLValue(any(UnknownType t))`, but that would have multiple results because `result.hasType(any(UnknownType t), true)` also holds for `CppFunctionGLValueType`. I tightened the result type to ensure we get the right one.
 2020-05-22 16:20:33 -04:00
Geoffrey White
0f4723aee4 Merge pull request #3520 from dbartol/github/codeql-c-analysis-team/79 
C++: Mark deprecated overrides as deprecated
 2020-05-21 14:55:39 +01:00
Mathias Vorreiter Pedersen
617ef32464 C++: Remove [FALSE POSITIVE] annotations 2020-05-21 02:22:57 +02:00
Dave Bartolomeo
5641b2c140 C++: Remove deprecated predicate from File 2020-05-20 14:14:49 -04:00
Dave Bartolomeo
ff1e70efce C++: Undo changes to shared XML.qll 2020-05-20 14:14:31 -04:00
Mathias Vorreiter Pedersen
3c167125e5 C++: Accept test output 2020-05-20 18:18:34 +02:00
Mathias Vorreiter Pedersen
218a3cf93d C++: Remove field conflation 2020-05-20 18:18:26 +02:00
Geoffrey White
9babd5dc10 C++: Another positive effect of the change. 2020-05-20 12:49:01 +01:00