hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 19:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,467 Commits 1,672 Branches 157 Tags
b51c85597b942ed2f2ea1828d4cce3fe53e7eeee
Commit Graph

6891 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
68385dfab5 Merge pull request #7386 from github/redsun82/cpp-overrunning-write-precision-split 
C++: split `cpp/overrunning-write` into two
 2022-01-14 09:11:39 +00:00
Anders Schack-Mulligen
0b24af901d Merge pull request #7349 from aschackmull/dataflow/state 
Dataflow: Add support for flow state
 2022-01-14 09:12:38 +01:00
Andrew Eisenberg
4ffd8c62ac Merge pull request #7579 from github/aeisenberg/changenote-upgrades-removal 
Changenotes: Add changenotes for upgrades refactoring
 2022-01-13 09:09:06 -08:00
Anders Schack-Mulligen
c44cf29992 Merge pull request #7587 from owen-mc/add-default-taint-sanitizer-guard 
Dataflow: Add default taint sanitizer guard
 2022-01-13 14:44:55 +01:00
Anders Schack-Mulligen
f7cf327e71 Dataflow: Sync 2022-01-13 13:28:43 +01:00
Paolo Tranquilli
e6763c858d C++: add bindingset to private Printf predicate 
That predicate turned out to create a lot of tuples, of which only a
minimal part was then used in the query.
 2022-01-13 11:59:48 +00:00
Paolo Tranquilli
64d15d6226 C++: fix inc.qhelp files and change notes 2022-01-13 11:59:48 +00:00
Paolo Tranquilli
7b4300e4cf C++: Apply suggestions in documentation 
Co-authored-by: Sarah Edwards <skedwards88@github.com>
 2022-01-13 11:59:48 +00:00
Paolo Tranquilli
9d49ad9f20 C++: use includes in OverrunWrite qhelp files 
Also added the relevant CERT C _and_ C++ standard references where they
were missing, and did some minor stylistic tweaks to
`OverrunWriteFloat.qhelp`.
 2022-01-13 11:59:48 +00:00
Paolo Tranquilli
c117a1e21f C++: demote VeryLikelyOverrunWrite cast results 
There were some false positives where something like

    int x;
    // ...
    sprintf(buff, "%ld", (long)x);

was considered as if the parameter had a non-trivial range analysis only
because the range of `int` is smaller than the range for `long`, without
any non-trivial range analysis actually done on `x`.

These will now be reported by `OverrunWrite` instead.
 2022-01-13 11:59:48 +00:00
Paolo Tranquilli
630982cc31 C++: auto format Printf.qll 2022-01-13 11:59:48 +00:00
Paolo Tranquilli
9f811b2439 C++: remove unused variables and fix tests 2022-01-13 11:59:47 +00:00
Paolo Tranquilli
013216d5e6 C++: exclude widening from VeryLikelyOverrunWrite 
This also restrict what we consider "non-trivial" range analysis, as we
now require both ends to be non-trivially bounded for signed integers.
This avoids false positives stemming from a non trivial upper bound but
no meaningful lower bound, for example.
 2022-01-13 11:59:47 +00:00
Paolo Tranquilli
aac029841a C++: doc fixes to VeryLikelyOverrunWrite 2022-01-13 11:59:47 +00:00
Paolo Tranquilli
c8741f6475 C++: update 2021-12-14-overruning-write-split.md 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2022-01-13 11:59:47 +00:00
Paolo Tranquilli
1e4861a944 C++: shorten VeryLikelyOverrunWrite @name 2022-01-13 11:59:47 +00:00
Paolo Tranquilli
106400238a C++: tweak overrunning write qhelp files 2022-01-13 11:59:47 +00:00
Paolo Tranquilli
8ac34f3db5 C++: NoSpecifiedEstimateReasonUnspecified... 2022-01-13 11:59:47 +00:00
Paolo Tranquilli
97f1a5bac0 C++: add VeryLikelyOverrunWrite.qhelp 2022-01-13 11:59:47 +00:00
Paolo Tranquilli
10b62154a1 C++: add cpp/very-likely-overruning-write help 
Also update the help of `cpp/overruning-write`, as the case shown there
will actually not be flagged by that query any more.
 2022-01-13 11:59:47 +00:00
Paolo Tranquilli
b979f02e5d C++: fix OverrunWrite for backward compatibility 
Rather than testing for `TypeBoundsAnalysis`, we test that the reason is
not `ValueFlowAnalysis` (which is reported by the new
`cpp/very-likely-overruning-write` query), so that if a client has
overridden `BufferWrite::getMaxData` the `NoSpecifiedEstimateReason` is
taken into account.
 2022-01-13 11:59:47 +00:00
Paolo Tranquilli
db6214fdff C++: add change note for new overrun write query 2022-01-13 11:59:47 +00:00
Paolo Tranquilli
a0059202db C++: split cpp/overrunning-write into two 
This splits the `cpp/overruning-write` into two separate queries based
off on the reason for the estimation. If the overrun is detected based
on non-trivial range analysis, the results are now marked by the new
`cpp/very-likely-overruning-write` high precision query. If it is based
on less precise, usually type based bounds, then it will still be marked
by `cpp/overruning-write` which remains at medium precision.
 2022-01-13 11:59:47 +00:00
Andrew Eisenberg
e435a3e9c3 Changenotes: Add changenotes for upgrades refactoring 2022-01-12 11:36:31 -08:00
Robert Marsh
5031d6c4a3 Merge pull request #7566 from MathiasVP/smaller-join-in-reachesRefParameter 
C++: Smaller join in `reachesRefParameter`
 2022-01-12 10:04:35 -05:00
Owen Mansel-Chan
8e8278764b Add predicate defaultTaintSanitizerGuard for each language 
This was done manually, as these files are not synced by sync-files.py.
 2022-01-12 14:44:56 +00:00
Owen Mansel-Chan
c112980b81 Sync TaintTrackingImpl.qll 
Done automatically using sync-files.py
 2022-01-12 14:44:55 +00:00
Andrew Eisenberg
07228672df Merge branch 'main' into aeisenberg/remove-upgrades 2022-01-11 11:25:27 -08:00
Mathias Vorreiter Pedersen
c45127fdd6 Merge pull request #7541 from github/rdmarsh2/dataflow-ipa-params 
C++: Use an IPA type rather than negative indexes for argument/parameter matching in data flow
 2022-01-11 16:52:13 +00:00
Mathias Vorreiter Pedersen
b3a7090068 C++: Fix join in reachesRefParameter by joining with 'getEnd' instead 
of 'getANode'.

Before:

Tuple counts for FlowVar::FlowVar::reachesRefParameter_dispred#ff/2@956ac39i after 229ms:
  24806   ~1%     {2} r1 = JOIN FlowVar::FlowVar_internal::parameterIsNonConstReference#f WITH Parameter::Parameter::getFunction_dispred#ff ON FIRST 1 OUTPUT Lhs.0 'p', Rhs.1
  56985   ~3%     {3} r2 = JOIN r1 WITH num#FlowVar::FlowVar_internal::TBlockVar#fff_12#join_rhs ON FIRST 1 OUTPUT Rhs.1 'this', Lhs.0 'p', Lhs.1
  2384489 ~4%     {4} r3 = JOIN r2 WITH FlowVar::FlowVar_internal::getAReachedBlockVarSBB#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.2, Lhs.1 'p', Lhs.0 'this'
  49457   ~0%     {2} r4 = JOIN r3 WITH SubBasicBlocks::SubBasicBlock::getANode_dispred#fb ON FIRST 2 OUTPUT Lhs.3 'this', Lhs.2 'p'
                  return r4

After:

Tuple counts for FlowVar::FlowVar::reachesRefParameter_dispred#ff/2@46f8bfn7 after 32ms:
  24806 ~1%     {2} r1 = JOIN FlowVar::FlowVar_internal::parameterIsNonConstReference#f WITH Parameter::Parameter::getFunction_dispred#ff ON FIRST 1 OUTPUT Lhs.0 'p', Rhs.1
  56985 ~1%     {3} r2 = JOIN r1 WITH num#FlowVar::FlowVar_internal::TBlockVar#fff_12#join_rhs ON FIRST 1 OUTPUT Lhs.1, Lhs.0 'p', Rhs.1 'this'
  56985 ~1%     {3} r3 = JOIN r2 WITH SubBasicBlocks::SubBasicBlock::getEnd_dispred#fb_10#join_rhs ON FIRST 1 OUTPUT Lhs.2 'this', Rhs.1, Lhs.1 'p'
  49457 ~0%     {2} r4 = JOIN r3 WITH FlowVar::FlowVar_internal::getAReachedBlockVarSBB#ff ON FIRST 2 OUTPUT Lhs.0 'this', Lhs.2 'p'
                return r4
 2022-01-11 13:48:20 +00:00
Tom Hvitved
d2ebbe0819 Merge pull request #7469 from hvitved/csharp/promote-adhoc-consistency-checks 
C#: Promote existing ad-hoc consistency checks to consistency queries
 2022-01-10 11:10:25 +01:00
Mathias Vorreiter Pedersen
a5ccd6a23b Merge pull request #7521 from rdmarsh2/rdmarsh2/cpp/use-guards-in-overflow 2022-01-09 14:09:04 +00:00
Robert Marsh
673399719e C++: autoformat DataFlowPrivate 2022-01-07 15:23:24 -05:00
Robert Marsh
78b8d113bb C++: PR comments on DataFlow Position 2022-01-07 14:21:56 -05:00
Robert Marsh
4322a39807 C++: fix typo in Overflow.qll abs handling 2022-01-07 14:09:47 -05:00
Robert Marsh
a126154dfb C++: use -1 for this in dataflow Position 2022-01-07 11:39:26 -05:00
Robert Marsh
1890a14026 C++: IPA for pointer arg instead of negative index 
This takes advantage of the new ArgumentPosition and ParameterPosition
types in the shared DataFlow library interface to represent indirections
with an IPA type rather than the negative-index system in use previously
 2022-01-07 11:39:26 -05:00
Robert Marsh
4f23cce63b C++: Accept more test output 2022-01-07 11:27:45 -05:00
Mathias Vorreiter Pedersen
4ee653378e Merge pull request #7517 from MathiasVP/avoid-self-joins-in-toctou-query 
C++: Remove bad self joins in `cpp/toctou-race-condition`.
 2022-01-07 13:08:30 +00:00
Robert Marsh
c6da1f2be0 C++: re-add comment 2022-01-06 12:43:22 -05:00
Robert Marsh
355fc0ae63 C++: Use Guards library in Overflow.qll 
Replaces the ad-hoc guard handling with the Guards library. Fixes an
observed false positive pattern, and (hopefully) means some pragmas are
no longer necessary for performance.
 2022-01-06 12:15:37 -05:00
Robert Marsh
617bdbc5ba C++: test for guard-by-return in Overflow.qll 2022-01-06 12:15:37 -05:00
Mathias Vorreiter Pedersen
173cefd7e4 C++: Respond to PR reviews. 2022-01-06 15:39:40 +00:00
Mathias Vorreiter Pedersen
671954025d C++: Fix qldoc. 2022-01-06 11:02:15 +00:00
Mathias Vorreiter Pedersen
2f42054f8f C++: Rename 'hasRankInBlock' to 'hasIndexInBlock' since it's not really a rank computation anymore. 2022-01-06 10:31:05 +00:00
Mathias Vorreiter Pedersen
fdb9fb588c C++: Remove the rank aggregate from 'SsaInternals.qll'. 2022-01-06 10:30:31 +00:00
Mathias Vorreiter Pedersen
f5062c7d80 C++: Remove a bunch of bad self joins from 'cpp/toctou-race-condition'. 2022-01-05 15:28:53 +00:00
Anders Schack-Mulligen
ef714f7328 Dataflow: Sync 2022-01-05 14:25:35 +01:00
Mathias Vorreiter Pedersen
23b8b776ab C++: Add change-note. 2022-01-05 10:12:20 +00:00
Mathias Vorreiter Pedersen
37c72cae3e Merge branch 'main' into promote-arithmetic-uncontrolled 2022-01-05 08:12:47 +00:00