hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-11 17:59:29 +02:00
Code Issues Packages Projects Releases Wiki Activity
8,085 Commits 1,754 Branches 167 Tags
aa841c306dd0a2ca2e732a29df4883ace4bba4ad
Commit Graph

1155 Commits

Author SHA1 Message Date
Jonas Jensen
aa841c306d C++: Use virtual dispatch in DefaultTaintTracking 
This bit is only used by the compatibility code that sends flow into
parameters of functions without body.
 2019-11-06 14:04:07 +01:00
Jonas Jensen
ec9ef33486 C++: IR data flow through inheritance conversions 
This makes IR data flow behave more like AST data flow, and it makes IR
virtual dispatch work without further changes.
 2019-11-06 14:04:07 +01:00
Jonas Jensen
49008c9ff5 C++: IR data flow local virtual dispatch 
This is just good enough to cause no performance regressions and pass
the virtual-dispatch tests we have for `security.TaintTracking`. In
particular, it fixes the tests for `UncontrolledProcessOperation.ql`
when enabling `DefaultTaintTracking.qll`.
 2019-11-06 14:04:02 +01:00
Jonas Jensen
df2fbfb3d0 C++: localInstruction{Flow,Taint} helpers 
These are analogous to the existing `localExpr{Flow,Taint}` predicates.
 2019-11-05 14:13:20 +01:00
Geoffrey White
3e8b28a0a8 Merge pull request #2213 from jbj/BarrierGuard 
C++: Implement DataFlow::BarrierGuard for AST+IR
 2019-11-04 11:08:36 +00:00
Dave Bartolomeo
ea23c2daac Merge pull request #2188 from jbj/printast-override 
C++: Add a sample class in PrintAST.ql
 2019-10-31 17:02:20 -07:00
Dave Bartolomeo
e6f632b44e Merge pull request #2228 from jbj/DefaultTaintTracking-getASTVariable 
C++: Use getASTVariable in DefaultTaintTracking
 2019-10-31 17:00:49 -07:00
Robert Marsh
9477bd5698 Merge branch 'master' of github.com:Semmle/ql into rdmarsh/cpp/ir-buffer-read-call-se 2019-10-31 11:00:01 -07:00
Robert Marsh
24c9b8b9b1 C++: fix unbound variables 2019-10-30 14:06:19 -07:00
Jonas Jensen
1e6c983d62 C++: Use getASTVariable in DefaultTaintTracking 
This library is not yet used in a query or test, so it broke silently
when `VariableAddressInstruction.getVariable` was removed.
 2019-10-30 13:42:17 +01:00
Jonas Jensen
311963906b C++: Only give the best delta in range analysis 
This mirrors Java's 6b85fe087a.
 2019-10-29 11:49:49 +01:00
Jonas Jensen
ff62afb575 C++: Rename parameter to b to match QLDoc 2019-10-29 10:38:23 +01:00
Jonas Jensen
b13535ac7d C++: Implement DataFlow::BarrierGuard for AST+IR 
The change note is copied from the Java change note.
 2019-10-28 16:22:23 +01:00
Dave Bartolomeo
cc5a689293 C++/C#: Fix up after merge from master 2019-10-25 14:11:34 -07:00
Dave Bartolomeo
f5e320e988 Merge from master 2019-10-25 13:24:19 -07:00
Dave Bartolomeo
56cbd0c152 C++/C#: Make AliasedUse access only non-local memory 
The `AliasedUse` instruction is supposed to represent future uses of aliased memory after the function returns. Since local variables from that function are no longer allocated after the function returns, the `AliasedUse` instruction should access only the set of aliased locations that does not include locals from the current stack frame.
 2019-10-25 13:10:39 -07:00
Jonas Jensen
22de0efc58 Merge pull request #2008 from dave-bartolomeo/dave/IRType2 
C++: Implement language-neutral IR type system
 2019-10-25 09:42:23 +02:00
Dave Bartolomeo
80e29dce8b C++: Fix comment and remove unnecessary max() 2019-10-24 14:15:59 -07:00
Dave Bartolomeo
956c18f976 C++/C#: Fix formatting 2019-10-24 13:54:09 -07:00
Tom Hvitved
6d22e351f1 Merge pull request #2151 from raulgarciamsft/users/raul/oss 
Users/raul/oss
 2019-10-24 19:35:40 +02:00
Jonas Jensen
8f58e7e6c9 C++: Clarify qldoc 2019-10-24 17:34:01 +02:00
Jonas Jensen
73e217a51e C++: Un-deprecate class Qualifier 
It turns out this was used in the internal repo.
 2019-10-24 16:47:29 +02:00
Jonas Jensen
6c069ff444 C++: The update of a for-loop is ExprInVoidContext 2019-10-24 15:27:54 +02:00
Jonas Jensen
edc9e23a9d C++: Deprecate class Qualifier 
It's not used anywhere outside `VoidContext.qll`, where it was defined.
The use in `VoidContext.qll` is 10 years old and was a workaround for an
extractor bug that no longer exists.
 2019-10-24 15:22:44 +02:00
Jonas Jensen
8e31b8167a C++: Add a sample class in PrintAST.ql 
I've found myself typing out this class whenever I want to print the AST
of one function. I hope it will be useful to others too.
 2019-10-24 14:46:10 +02:00
Dave Bartolomeo
d03a4f86e5 C++/C#: Add AliasedUse instruction to all functions 
This new instruction is the dual of the existing `AliasedDefinition` instruction. Whereas that instruction defines the contents of aliased memory before the function was called, `AliasedUse` represents the potential use of all aliased memory after the function returns. This ensures that writes to aliased memory do not appear "dead", even if there are no further reads from aliased memory within the function itself.
 2019-10-23 11:59:05 -07:00
Dave Bartolomeo
0219dbeeed C++: Fix override warning 2019-10-22 11:50:48 -07:00
Robert Marsh
9f0499cce9 Merge pull request #2063 from jbj/dataflow-ref-parameter 
C++: Data flow through reference parameters
 2019-10-22 09:40:15 -07:00
Geoffrey White
31dd3cae84 CPP: Autoformat. 2019-10-22 09:55:48 +01:00
Raul Garcia (MSFT)
cb8dcf7db2 Publishing queries to the OSS Semmle repository 2019-10-22 09:55:39 +01:00
Dave Bartolomeo
1c8e275b40 C++/C#: Autoformat all the things 2019-10-21 15:00:05 -07:00
Dave Bartolomeo
7241c1aae6 C++/C#: More sanity checks for IRType 2019-10-21 14:22:46 -07:00
Dave Bartolomeo
958754bed8 C++: Use max to handle mixed 32/64-bit extraction 2019-10-21 11:56:12 -07:00
Dave Bartolomeo
5776077bf6 C++: Add comment about enum signedness 2019-10-21 11:37:18 -07:00
Dave Bartolomeo
debb662b8c C++: Reformat comment 2019-10-21 10:55:59 -07:00
Dave Bartolomeo
71a6b5dffe C++/C#: Fix some duplicate IRType problems, and add a sanity test 2019-10-21 10:46:30 -07:00
Jonas Jensen
defe99503d Merge pull request #2113 from raulgarciamsft/users/raulga/boost 
Users/raulga/boost
 2019-10-20 13:14:44 +02:00
Dave Bartolomeo
f871c72660 C++: Fix PR feedback 2019-10-18 12:54:03 -07:00
Dave Bartolomeo
8ec15933f5 C++/C#: Blob -> Opaque 2019-10-18 12:51:25 -07:00
Geoffrey White
5a97a16945 CPP: Autoformat. 2019-10-18 09:46:04 +01:00
Robert Marsh
5451c394a2 C++/C#: autoformat 2019-10-17 12:20:36 -07:00
Robert Marsh
b29f88450b C++: buffer read side effects on unmodeled funcs 2019-10-17 12:10:23 -07:00
Robert Marsh
30d7238921 C++: fix missing getPrimaryInstruction 2019-10-16 17:05:37 -07:00
Robert Marsh
fffe3c2432 C++: add sanity test for side effect primaries 2019-10-16 16:53:55 -07:00
Dave Bartolomeo
6e61b1dcd0 C++: Fix up after merge from master 
The one interesting piece that needed to be fixed up was the type of an `Indirect[Read|Write]SideEffect` operand/result. If the parameter type is a pointer or reference to an incomplete type, we need to set the type of the side effect memory access to `Unknown`, because we don't model incomplete types in the IR type system.

I also added minimal support for `__assume` (generated as a `NoOp`), because lack of `__assume` support got in the way of debugging the other issue above.
 2019-10-16 15:55:56 -07:00
Dave Bartolomeo
167d2289c4 Merge from master 2019-10-16 10:10:10 -07:00
Geoffrey White
6f96d1759f Merge pull request #2077 from jbj/cfg-enable-pr 
C++: enable the QL-based CFG code
 2019-10-16 14:06:22 +01:00
Geoffrey White
33ae7ee802 Merge pull request #2130 from jbj/cfg-pos-int 
C++: Implement Pos and Spec as int, not newtype
 2019-10-16 09:56:14 +01:00
Jonas Jensen
bca1be0601 Merge pull request #2135 from zlaski-semmle/zlaski/memset-model 
[zlaski/memset-model] Add side effect modeling to Memset.
 2019-10-16 08:49:24 +02:00
Ziemowit Laski
fcc1938143 [zlaski/memset-model] Ctrl+Shift+F. 2019-10-15 15:03:58 -07:00