hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
46,021 Commits 1,672 Branches 157 Tags
ad0b36a0c901b694ba5d4e1f586128305ebcd28b
Commit Graph

8469 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
78535dc70b C++: Autoformat. 2022-09-18 12:02:32 +01:00
Mathias Vorreiter Pedersen
dc00643ad1 C++: More QLDoc. 2022-09-16 17:14:29 +01:00
Mathias Vorreiter Pedersen
031f20a0eb C++: Respond to review comments. 2022-09-16 16:19:06 +01:00
github-actions[bot]
67ce442674 Post-release preparation for codeql-cli-2.10.5 2022-09-16 14:23:44 +00:00
Mathias Vorreiter Pedersen
4482669d7e C++: Add a new 'InvalidPointerDeref' query to experimental. 2022-09-15 17:47:15 +01:00
Mathias Vorreiter Pedersen
b8a5aa5d85 C++: Fix a couple of range analysis issues: 
1. The new query is expecting pointer arithmetic operations to generate
range-analysis bounds, but this wasn't true on main.
2. The bounds generated by `boundFlowCond` was incorrectly inferred as
non-strict when comparing a pointers (unlike when comparing values of
integral types). This gave FPs in the new query.

This also fixes a couple of missing results in existing queries that
use the new range-analysis library.
 2022-09-15 17:46:52 +01:00
Mathias Vorreiter Pedersen
d981f898e4 C++: Add flow states to the product dataflow library. 2022-09-15 15:54:09 +01:00
Philip Ginsbach
26099d6ab7 remove more upper-case variable names 2022-09-15 14:36:02 +01:00
Geoffrey White
6b21563018 C++: Update change note. 2022-09-15 13:37:20 +01:00
Philip Ginsbach
c5703898b0 remove upper-case NamedExpression variable names 2022-09-14 16:35:24 +01:00
Philip Ginsbach
8f7f631211 upper-case variable names are deprecated 2022-09-14 14:50:26 +01:00
Mathias Vorreiter Pedersen
c7ccff2e20 C++: Accept test changes. 2022-09-13 12:11:22 +01:00
Mathias Vorreiter Pedersen
4130616ab1 C++: Use experimental dataflow for the product flow library. 2022-09-13 09:41:03 +01:00
Robert Marsh
ededfaa40b C++: use-use flow in ArrayAccessProductFlow 2022-09-13 09:39:39 +01:00
Robert Marsh
0fcfe5772f C++: query-specific model for ffmpeg allocator 2022-09-13 09:39:31 +01:00
Robert Marsh
61017a7997 C++: prevent a bad join order 2022-09-13 09:39:11 +01:00
Mathias Vorreiter Pedersen
7f6b400b78 Merge pull request #10366 from MathiasVP/use-use-flow-in-experimental 
C++: Use-use flow in `experimental`
 2022-09-13 09:30:48 +01:00
intrigus
894a0f1c3b Add string to int sanitizer. 2022-09-12 21:02:18 +02:00
Mathias Vorreiter Pedersen
6e4b3c242f Merge pull request #10377 from geoffw0/deprecate-pointsto 
C++: Put a warning on the PointsTo library.
 2022-09-12 16:25:40 +01:00
Mathias Vorreiter Pedersen
d2b150eaf5 C++: Fix QLDoc on the model predicates used by the new experimental use-use code. 2022-09-12 16:00:49 +01:00
Mathias Vorreiter Pedersen
bb1c088fe0 C++: Undo changes to iterator models. 2022-09-12 15:58:49 +01:00
Geoffrey White
842af4bf74 C++: Specifically suggest DataFlow as an alternative. 2022-09-12 14:25:45 +01:00
erik-krogh
bae4490620 add change-note 2022-09-12 12:12:18 +02:00
Mathias Vorreiter Pedersen
c988547e9c C++: Accept test changes. 2022-09-11 18:31:53 +01:00
Geoffrey White
8ac3e10896 C++: Put a warning on the PointsTo library. 2022-09-09 18:03:23 +01:00
Mathias Vorreiter Pedersen
6dcfe0348b C++: Copy over the required changes to non-experimental libraries. 2022-09-09 17:26:58 +01:00
Mathias Vorreiter Pedersen
5509562fe6 C++: Repair a few broken models that were incorrectly a pointer 
as tainted (instead of the pointee), or vice versa. Because of
existing dataflow pointer/pointee conflation we never noticed that,
but since this PR removes those imprecisions we now need to update
these models.
 2022-09-09 17:04:36 +01:00
Mathias Vorreiter Pedersen
6d313ace2d C++: Copy the new use-use flow code to experimental. 2022-09-09 14:20:10 +01:00
Tony Torralba
569fad667a Merge pull request #10360 from atorralba/atorralba/fix-taint-implicit-reads 
Dataflow: Fix implicit reads in taint tracking when FlowStates are used
 2022-09-09 14:28:39 +02:00
Geoffrey White
6011ae9ecc Merge branch 'main' into cleartext-perf 2022-09-09 11:40:47 +01:00
Geoffrey White
edefda9213 C++: Make QL-for-QL happy. 2022-09-09 11:26:42 +01:00
Geoffrey White
813d166ad7 C++: Restore results in cpp/cleartext-storage-database using . 2022-09-09 11:03:29 +01:00
erik-krogh
26d8553f6e ensure consistent casing of names 2022-09-09 10:34:14 +02:00
Tony Torralba
1078cf091e Add change notes for all languages 2022-09-09 10:28:36 +02:00
Tony Torralba
7db1eb98f5 Sync files 2022-09-08 17:32:03 +02:00
Robert Marsh
0feeafd0ac Merge pull request #10339 from MathiasVP/dont-use-get-unique-id-in-range-analysis 
C++: Don't use `getUniqueId` in range analysis
 2022-09-08 11:13:43 -04:00
Mathias Vorreiter Pedersen
594c40a375 Merge pull request #10355 from MathiasVP/fix-unequalIntegralSsa-standard-order 
C++: Avoid bad standard order in range analysis
 2022-09-08 14:58:44 +01:00
Tom Hvitved
b3653cc3d0 Merge pull request #10216 from hvitved/ssa/shared-lib 
SSA: Create a new `codeql/shared-ssa` library pack and move implementation there
 2022-09-08 15:39:29 +02:00
Mathias Vorreiter Pedersen
f119b50c2f C++: Predicate factoring to prevent a bad standard order. 2022-09-08 13:55:27 +01:00
github-actions[bot]
a9d80a5a48 Release preparation for version 2.10.5 2022-09-08 11:35:54 +00:00
Jeroen Ketema
6330be3902 C++: Update DB scheme stats file 2022-09-08 10:06:57 +02:00
Jeroen Ketema
04000be050 C++: Add DB scheme upgrade and downgrade scripts 2022-09-08 10:06:57 +02:00
Jeroen Ketema
1140d27bda C++: Add tests for newly supported builtin operations 2022-09-08 10:06:57 +02:00
Jeroen Ketema
2410321acf C++: Add change note for newly supported builtin operations 2022-09-08 10:06:57 +02:00
Jeroen Ketema
23b9b07f28 C++: Support more builtin operations 2022-09-08 10:06:57 +02:00
Mathias Vorreiter Pedersen
7062263885 C++: Accept test changes. 2022-09-07 21:11:52 +01:00
Mathias Vorreiter Pedersen
a052614dbf C++: Two fixes to ensure we don't use getUniqueId in the new range analysis library. (1) don't use it to rank basic blocks, and (2) don't use it in 'toString' on bounds. 2022-09-07 18:45:43 +01:00
Mathias Vorreiter Pedersen
e37848ec6d C++: Remove 'IRConfiguration' since we no longer generate bad IR for range analysis. 2022-09-07 16:39:45 +01:00
Mathias Vorreiter Pedersen
86259ced97 Merge branch 'main' into rdmarsh2/cpp/product-flow 2022-09-07 16:38:42 +01:00
Robert Marsh
55a10d99b4 Merge pull request #10305 from MathiasVP/ql-workaround-for-missing-decl-entries 
C++: Synthesize `DeclarationEntry`s for IR construction
 2022-09-07 11:34:28 -04:00