hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-23 10:23:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
18,545 Commits 1,693 Branches 161 Tags
80db155d54ad037486cd719c44ae78e42c8b2ae9
Commit Graph

59 Commits

Author SHA1 Message Date
Geoffrey White
80db155d54 C++: Fix example and test. 2020-12-09 16:46:48 +00:00
Jonas Jensen
9cf318b72c C++: Autoformat the new query 
Tweak whitespace, also in the alert message.
 2020-12-04 13:27:07 +01:00
Jonas Jensen
bf88df8134 C++: CRLF -> LF line endings 2020-12-04 13:25:32 +01:00
ihsinme
69ed608a11 Update UnsignedDifferenceExpressionComparedZero.ql 2020-12-04 09:47:11 +03:00
ihsinme
d088d5b0f3 CPP: Add query for CWE-191 
into experimental this reveals a dangerous comparison
 2020-11-28 15:52:00 +03:00
Geoffrey White
f109e8ccbc C++: Remove duplicate import. 2020-11-10 13:31:47 +00:00
Gulshan Singh
662736eb2d Fix compiler error after removing getLOp/getROp 2020-10-07 12:45:08 -07:00
Gulshan Singh
7233ffa50f Address review comments 2020-10-07 00:21:06 -07:00
Gulshan Singh
f026d3a1e6 C++: Improve bitwise and range analysis 2020-10-01 23:30:51 -07:00
Geoffrey White
282d3e8f7e Merge pull request #4322 from jbj/range-analysis-custom-defs 
C++: Support custom defs in SimpleRangeAnalysis
 2020-09-30 15:43:32 +01:00
Jonas Jensen
b7d0939f4a C++: ExtendedRangeAnalysis stub implementation 
Just to demonstrate how things fit together, I've created
`SubtractSelf.qll` that adds a (hopefully sound) version of the test
extension that was already used in `extensibility.ql`.
 2020-09-23 15:50:07 +02:00
Jonas Jensen
d1f453be36 C++: import SimpleRangeAnalysisInternal 
This ensures that `getFullyConverted{Lower,Upper}Bounds` are available
where they need to be called.
 2020-09-22 15:54:54 +02:00
Jonas Jensen
8065bf15ad C++: Per-variable overrides 
Without these changes, there was no way to tell which variables were
overridden by a given instance of `SimpleRangeAnalysisDefinition`. All
four overrides are needed because they fit into different mutual
recursions of the `SimpleRangeAnalysis` implementation.
 2020-09-22 15:53:22 +02:00
Jonas Jensen
7dce4d0a6e C++: Rename: name the file the same as the class 2020-09-22 15:48:36 +02:00
lcartey@github.com
eb5782d908 C++: Support customizable ranges for RangeSsaDefinitions. 2020-09-11 17:12:10 +01:00
Jonas Jensen
ab90f06ddf C++: Rename Block -> BlockStmt 2020-09-08 08:40:20 +02:00
Jonas Jensen
c507b337f2 Merge pull request #3921 from catenacyber/NullCheckParam 
C++: Adds another redundant null check rule
 2020-08-27 16:07:13 +02:00
Philippe Antoine
07610e0899 Format document 2020-08-24 13:12:54 +02:00
Jonas Jensen
bf7732ec9d C++: Silence QL compiler errors 2020-08-14 12:27:30 +02:00
Jonas Jensen
1deb1e6429 C++: Add SimpleRangeAnalysisExpr.dependsOnChild 2020-08-14 12:27:30 +02:00
Jonas Jensen
1b5b374a8e C++: Move getFullyConverted{Upper,Lower}Bounds 
Rather than being public, these internal predicates are now exposed
through a `SimpleRangeAnalysisInternal` module so it's clear that they
are not for general use.
 2020-08-14 12:27:30 +02:00
Jonas Jensen
1c0e83a374 C++: Autoformat fixup 2020-08-14 12:27:30 +02:00
Jonas Jensen
aa78c6e750 C++: Move to experimental 
And rename to `SimpleRangeAnalysisExpr` to clarify which of our range
analysis libraries this belongs to.
 2020-08-14 12:27:30 +02:00
Robert Marsh
e80cc63219 Merge pull request #3861 from dilanbhalla/privatedata 
C++: Private Data File/Buffer Writes
 2020-08-11 15:49:31 -04:00
Jonas Jensen
0476b97f63 Merge pull request #3789 from dilanbhalla/cpp 
C++ Memory Unsafe Functions
 2020-08-11 10:09:37 +02:00
dilanbhalla
7bd5464b01 Update cpp/ql/src/experimental/Security/CWE/CWE-120/MemoryUnsafeFunctionScan.qhelp 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2020-08-10 15:43:16 -07:00
dilanbhalla
4dcaa7be57 pr fixes 2020-08-10 15:30:09 -07:00
dilanbhalla
dcfbb86674 pr fixes 2020-08-10 15:14:12 -07:00
dilanbhalla
48e540fa9a minor fixes 2020-07-13 01:25:42 -07:00
dilanbhalla
db6d5c329f file/buffer write dataflow queries complete 2020-07-13 00:57:05 -07:00
Philippe Antoine
bf7e3a004e Reverting to enclosing block logic 2020-07-10 14:58:00 +02:00
Philippe Antoine
50b2b12ce2 put back missing condition 2020-07-10 14:41:35 +02:00
Philippe Antoine
3117c67a66 Updates result message to be more precise 2020-07-10 14:26:09 +02:00
Philippe Antoine
50f2f69f5f indent comments 2020-07-09 16:14:26 +02:00
Philippe Antoine
06c8a0bf20 move to experimental 2020-07-09 16:09:57 +02:00
Mathias Vorreiter Pedersen
7029739691 C++: Replace getResultType() with getResultIRType() in IR range analysis 2020-07-09 15:53:54 +02:00
dilanbhalla
6e6921b11e implemented pr fixes 2020-07-08 09:23:52 -07:00
dilanbhalla
05a4798b5e working on implementing pr fixes 2020-07-08 09:19:46 -07:00
dilanbhalla
3b9daa2db2 added pr fixes 2020-07-07 11:05:39 -07:00
dilanbhalla
d201c4ba8a fixed pr suggestions for tags/formatting 2020-07-07 09:34:04 -07:00
dilanbhalla
263f00784f formatting 2020-07-01 09:25:09 -07:00
dilanbhalla
25bfc3a168 fixed references and used autoformat 2020-07-01 09:23:36 -07:00
dilanbhalla
259654b1a4 moved library to experimental 2020-06-30 18:04:41 -07:00
dilanbhalla
e1130a2bfa moved privatedata to experimental 2020-06-30 17:58:24 -07:00
dilanbhalla
3fdd11a9b5 scanf fixes, still need to update qhelp file 2020-06-30 17:22:29 -07:00
Robert Marsh
fb6e578618 C++: move IR range analysis to experimental 2020-06-24 12:50:14 -07:00
Cornelius Riemenschneider
3596ff7c51 Address review. 2020-05-10 19:34:16 +02:00
Cornelius Riemenschneider
1c9fa4eb1d This library proves that a subset of pointer dereferences in a program are safe, i.e. in-bounds. 
It does so by first defining what a pointer dereference is (on the IR
`Instruction` level), and then using the array length analysis and the range
analysis together to prove that some of these pointer dereferences are safe.
 2020-05-06 16:36:48 +02:00
Cornelius Riemenschneider
264763080e Autoformat, address review. 2020-05-05 08:52:52 +02:00
Cornelius Riemenschneider
bab893d2d1 Address review. 2020-05-02 15:27:56 +02:00