hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-21 10:24:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
63,241 Commits 1,684 Branches 158 Tags
94075ef14846cd235ea244851907dbbe2f85ec06
Commit Graph

117 Commits

Author SHA1 Message Date
erik-krogh
8be7eadace delete outdated deprecations 2024-01-22 09:11:35 +01:00
Ben Rodes
250ed48bf3 Update cpp/ql/lib/semmle/code/cpp/commons/StringConcatenation.qll 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2024-01-05 08:19:11 -05:00
Benjamin Rodes
e9bb3b4b28 Limiting << operator to ostream, and putting this check at the same location as the check for basic_string for + operator. 2024-01-04 15:25:47 -05:00
Ben Rodes
8d84540a54 Update cpp/ql/lib/semmle/code/cpp/commons/StringConcatenation.qll 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2024-01-04 09:09:20 -05:00
Benjamin Rodes
f26330e6bd Removing redundant/bad string type check. 2023-12-19 09:41:29 -05:00
Benjamin Rodes
48866e5358 Updates to address PR comments. 2023-12-19 09:33:07 -05:00
Ben Rodes
387eddadad Update cpp/ql/lib/semmle/code/cpp/commons/StringConcatenation.qll 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2023-12-19 08:48:51 -05:00
Ben Rodes
29a0da6cd9 Update cpp/ql/lib/semmle/code/cpp/commons/StringConcatenation.qll 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2023-12-19 08:48:20 -05:00
Ben Rodes
49728571cf Update cpp/ql/lib/semmle/code/cpp/commons/StringConcatenation.qll 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2023-12-19 08:47:58 -05:00
Ben Rodes
66f725dd05 Update cpp/ql/lib/semmle/code/cpp/commons/StringConcatenation.qll 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2023-12-19 08:47:48 -05:00
Benjamin Rodes
94a0420040 Updated getResultExpr to getResultNode. Added strlcat. Added tests. 2023-11-29 16:03:41 -05:00
Benjamin Rodes
4919c4a424 Added StringConcatenation.qll 2023-11-29 13:00:57 -05:00
Henry Mercer
1a370bfbbe Merge pull request #14443 from github/post-release-prep/codeql-cli-2.15.0 
Post-release preparation for codeql-cli-2.15.0
 2023-10-11 17:39:04 +01:00
erik-krogh
689eda4dae CPP: delete the deprecated AnalysedString class 2023-10-09 09:14:54 +02:00
Mathias Vorreiter Pedersen
2f39ab1977 C++: Project away 'why' to prevent tuple duplication in 'Buffer.qll'. 2023-10-05 13:32:52 +02:00
Kasper Svendsen
c46898cb75 C++: Make implicit this receivers explicit 2023-05-09 15:35:54 +02:00
Mathias Vorreiter Pedersen
00450d10bb Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2023-03-13 14:50:17 +01:00
erik-krogh
6c1ebd999e Merge branch 'main' into delOldDeps 2023-03-13 11:00:29 +01:00
Mathias Vorreiter Pedersen
63690066c5 Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2023-03-07 13:06:43 +00:00
Jeroen Ketema
391d9bed5b C++: Add deprecated to predicates that are deprecated according to the QLDoc 2023-03-03 17:15:47 +01:00
erik-krogh
f96d6accbb delete old deprecations 2023-03-03 09:23:02 +01:00
Jeroen Ketema
ecdeb9a970 C++: Revert semmle.code.cpp.dataflow to its old state 
While here make sure all queries and tests use IR dataflow when appropriate.
 2023-02-10 14:21:44 +01:00
Mathias Vorreiter Pedersen
8b01dfe696 Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2023-01-10 17:30:29 +00:00
Tony Torralba
3fcc99e5cb C++: Remove omittable exists variables 2023-01-10 13:36:01 +01:00
Mathias Vorreiter Pedersen
c06f7259cf C++: Make the 'getBufferSize' a lot more like the pre-use-use flow implementation. 2022-12-16 12:58:45 +00:00
Jeroen Ketema
bb256514c0 Merge remote-tracking branch 'upstream/main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2022-12-14 15:52:20 +01:00
erik-krogh
698e05f85a Swift/C++: Use instanceof in more places 2022-12-12 16:58:13 +01:00
Mathias Vorreiter Pedersen
2617e6d7c6 C++: Inline a predicate that was only used once. 2022-11-04 09:35:34 +00:00
Mathias Vorreiter Pedersen
b42e81c32d C++: Speed up 'Buffer.qll'. 2022-11-03 20:31:55 +00:00
Mathias Vorreiter Pedersen
18802a2883 Merge pull request #11042 from MathiasVP/simplify-buffer.qll 
C++: Simplify `buffer.qll` repair
 2022-11-03 09:18:39 +00:00
Mathias Vorreiter Pedersen
30f15473db C++: Use 'max' instead of 'unique.' 2022-11-01 16:55:45 +00:00
Jeroen Ketema
80ef3b39ff Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2022-10-31 18:26:34 +01:00
Mathias Vorreiter Pedersen
1b50168d08 C++: Add an initial pruning stage to prevent this 
large TC in 'localFlowToExpr':
```
Evaluated relational algebra for predicate Buffer#61e3d199::localFlowStepToExpr#2#ff@0a49913i with tuple counts:
    4713946   ~0%    {2} r1 = SCAN DataFlowUtil#47741e1f::simpleLocalFlowStep#2#ff OUTPUT In.1, In.0

  40897385  ~46%    {2} r2 = JOIN boundedFastTC:Buffer#61e3d199::localFlowToExprStep#2#ff_10#higher_order_body:DataFlowUtil#47741e1f::simpleLocalFlowStep#2#ff_0#higher_order_body WITH DataFlowUtil#47741e1f::simpleLocalFlowStep#2#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1

  45611331  ~43%    {2} r3 = r1 UNION r2
    3376553  ~14%    {2} r4 = JOIN r3 WITH DataFlowUtil#47741e1f::ExprNode::getExpr#0#dispred#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1
                    return r4
```

After this commit the tuple counts looks like:
```
Evaluated relational algebra for predicate Buffer#61e3d199::localFlowStepToExpr#2#ff@8cc38x5k on iteration 2 running pipeline standard with tuple counts:
         51367   ~3%    {2} r1 = JOIN Buffer#61e3d199::getBufferSize0#1#f#prev_delta WITH DataFlowUtil#47741e1f::ExprNode::getExpr#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.0

        124933  ~18%    {2} r2 = JOIN r1 WITH #Buffer#61e3d199::localFlowToExprStep#2Plus#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1

        176300  ~17%    {2} r3 = r1 UNION r2
        184685  ~22%    {2} r4 = JOIN r3 WITH DataFlowUtil#47741e1f::simpleLocalFlowStep#2#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1
         56646  ~47%    {2} r5 = JOIN r4 WITH DataFlowUtil#47741e1f::ExprNode::getExpr#0#dispred#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1
         44635  ~16%    {2} r6 = r5 AND NOT Buffer#61e3d199::localFlowStepToExpr#2#ff#prev(Lhs.0, Lhs.1)
                        return r6
```
 2022-10-30 14:20:15 +01:00
Mathias Vorreiter Pedersen
aa8214addf C++: Simplify 'Buffer.qll' by avoiding 'asIndirectExpr'. This removes the flow from 'x' to 'x++', which makes the whole library a lot simpler. 2022-10-30 12:58:53 +01:00
Mathias Vorreiter Pedersen
c8f81bc6b8 Merge branch 'replace-ast-with-ir-use-usedataflow' into repair-badly-bounded-write-2 2022-10-25 14:24:38 +02:00
Mathias Vorreiter Pedersen
a7d6f4ff19 C++: Fix pointer/pointee conflation and handle flow through '++' when tracking indirect flow. 2022-10-24 14:23:43 +02:00
Geoffrey White
0d030d2b13 C++: Fix FormatLiteral.getMaxConvertedLength bug. 2022-10-21 17:29:55 +01:00
Josh Soref
df7bdcd0ab spelling: determined 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-14 15:08:43 -04:00
Josh Soref
0fe91cb97f spelling: approximation 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-14 15:08:43 -04:00
Mathias Vorreiter Pedersen
3ec60f11bb C++: Repair 'Buffer.qll'. 2022-10-14 12:25:17 +02:00
erik-krogh
b83ca08854 deprecate class documented as deprecated 2022-09-26 20:09:54 +02:00
Nora Dimitrijević
ce1e4ad422 Merge branch 'main' into missing-check-scanf-squashed 2022-08-30 11:34:00 +02:00
erik-krogh
cc7a9ef97a rename more acronyms 2022-08-25 20:52:27 +02:00
Nora Dimitrijević
d8800c03b6 C++: new helper predicates in ScanfFunctionCall 
Extract some of the logic from the `cpp/missing-check-scanf` query into
the more generally useful `getOutputArgument(int index)`, `getAnOutputArgument()`,
and `getNumberOfOutputArguments()` predicates.
 2022-08-25 14:32:15 +02:00
Geoffrey White
cd4ff54743 C++: Improve performance of Printf::callsVariadicFormatter. 2022-06-01 13:17:10 +01:00
Erik Krogh Kristensen
86e97c32d6 fix all ql/use-string-compare 2022-05-17 14:11:05 +02:00
Nick Rolfe
12a43b6fae C++: fix another use of AnalysedString 2022-05-12 10:38:13 +01:00
Nick Rolfe
e1b277386a Fix non-US spellings: s/analyse/analyze 2022-05-11 17:48:27 +01:00
Jeroen Ketema
dee0f09197 C++: Cover variable sized member arrays without a size in Buffer.qll 
Currently the extractor incorrectly emits 0 for the array `data` below:
```
struct myStruct { // c
   ...
   char data[]; // v
};
```
This will change in the future, and  no size will be emitted anymore.
This commit makes sure `Buffer.qll` handles arrays without sizes.
 2022-04-22 16:57:24 +02:00
Jeroen Ketema
a09fd8c35e C++: Fix the layout of comments in getBufferSize 2022-04-21 17:42:10 +02:00