hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-24 16:36:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
25,524 Commits 1,714 Branches 163 Tags
ba72a1cde7a8a57f18da2ac3ecccbf44fd630ae2
Commit Graph

6420 Commits

Author SHA1 Message Date
Dave Bartolomeo
ba72a1cde7 Make TranslatedSideEffect abstract 
This is step two of fixing the ordering of call side effects. This commit refactors the existing `TranslatedSideEffect` class into an abstract `TranslatedSideEffect` class, which contains functionality common to all kinds of side effect, and a concrete `TranslatedArgumentSideEffect` class, which is the implementation of argument side effects. A future commit will add additional concrete classes for conservative call side effects and allocation side effects.

This change has zero diffs to the generated IR.
 2021-09-03 11:31:14 -04:00
Dave Bartolomeo
47e16b0480 Move logic for determining CallSideEffect opcode out of TranslatedCall. 
This is the first step to fixing the order of side effects on call instructions. The goal is to move all side effects (argument side effects, allocation side effects, and conservative call side effects) to be treated as elements in a single sequence of side effects, which will then be handled in a single place similar to how we already handle argument side effects.
 2021-09-03 09:58:31 -04:00
Remco Vermeulen
7310590f90 Update qldoc FunctionAccess class 
The `FunctionAccess` class doesn't capture accesses of functions in function call expressions.
This update makes that explicit.
 2021-09-01 15:36:00 +02:00
Remco Vermeulen
ffd2a388a9 Update qldoc for the Access class 
The access class does not capture function accesses that are part of a function call expression.
This updates makes that explicit
 2021-09-01 15:30:33 +02:00
Alexandre Boulgakov
10bc2568b7 C++: Add support for default member initializers. 2021-08-26 12:32:30 +01:00
Jonas Jensen
abdf993e47 Merge pull request #6537 from andersfugmann/implicit_downcast_involving_references 
Implicit downcast involving references
 2021-08-25 09:45:32 +02:00
Anders Peter Fugmann
67a267d971 Update cpp/change-notes/2021-08-24-implicit-downcast-from-bitfield.md 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2021-08-25 08:58:44 +02:00
Jonas Jensen
19ee64d9ad C++:Lower potentially-dangerous-function precision 
There have been multiple reports of false positives from this query over
time. Now that it has `@security-severity 10.0`, these false positives
look even worse.

The query looks purely for calls to functions with certain names, not
at whether the calls happen in a dangerous context. To justify a higher
precision, the query should only flag calls that happen in a thread or
another non-reentrant context.
 2021-08-24 17:14:42 +02:00
Anders Fugmann
6b66f5dbb4 C++: Add change note for implicit downcasting involving references 2021-08-24 10:26:25 +02:00
Anders Fugmann
6d4b7c828c C++: Remove superfluous 'and any()' 2021-08-24 09:37:39 +02:00
Ian Lynagh
43355feaeb Merge pull request #6536 from github/igfoo/getPrimaryQlClasses 
All languages: Add getPrimaryQlClasses()
 2021-08-23 19:49:37 +01:00
Geoffrey White
bc9994774a Merge pull request #6515 from MathiasVP/clarify-initialization-vs-assignment-in-docs 
C++: Clarify difference between 'Initializer' and 'Assignment'.
 2021-08-23 18:00:36 +01:00
Ian Lynagh
1e06808105 Update cpp/change-notes/2021-08-23-getPrimaryQlClasses.md 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2021-08-23 16:52:07 +01:00
Ian Lynagh
a9db1c52e5 All languages: Add getPrimaryQlClasses() 
This is a non-overridable predicate that concatenates all the
getAPrimaryQlClass() results into a comma-separated string.
 2021-08-23 15:49:10 +01:00
Anders Fugmann
c04ba7b724 C++: Revert benign change of return type from 'unsigned int' to 'int' in testcase, and add 'GOOD' annotation to the testcase 2021-08-23 14:58:43 +02:00
Anders Fugmann
9324d8f348 C++: Fix case where implicit downcasts were not detected when using reference 2021-08-23 14:44:49 +02:00
Anders Fugmann
8939a9b2c1 C++: Add tests for implicit downcast involving references 2021-08-23 14:42:36 +02:00
Andrew Eisenberg
39533317ff Merge pull request #6524 from github/aeisenberg/cpp/move-file 
C++: Move file from src to lib
 2021-08-19 13:46:31 -07:00
Andrew Eisenberg
2b36378917 C++: Move file from src to lib 
Neglected to do this one earlier.
 2021-08-19 13:12:42 -07:00
Mathias Vorreiter Pedersen
207dcb08a7 C++: Make it clear that 'getAnAssignment' also gets the expression from the initializer. 2021-08-19 13:38:32 +02:00
Mathias Vorreiter Pedersen
586c5b90c1 C++: Mention Variable.getAnAssignedValue() in the QLDoc for getAnAssignment. 2021-08-19 12:27:03 +02:00
Alexandre Boulgakov
89e52bf500 C++: Move element tests to internal repo. 2021-08-19 09:48:13 +01:00
Mathias Vorreiter Pedersen
01dfab2aec Update cpp/ql/lib/semmle/code/cpp/exprs/Assignment.qll 
Co-authored-by: Matan Merom <1010225+matan7890@users.noreply.github.com>
 2021-08-19 10:32:46 +02:00
Mathias Vorreiter Pedersen
f5c23c9c52 C++: Clarify the difference between 'Initializer' and 'Assignment' in the QLDoc for these classes. 2021-08-19 08:33:27 +02:00
Alexandre Boulgakov
1eb804a072 Merge pull request #6496 from sashabu/sashabu/c_linkage 
C++: Allow querying for "C" language linkage on routine types.
 2021-08-18 17:46:44 +01:00
Mathias Vorreiter Pedersen
24638418f1 Merge pull request #6503 from andersfugmann/model_strdupa_functions 
C++: Model strdupa and strndupa
 2021-08-18 17:48:04 +02:00
Alexandre Boulgakov
3ba308a69f C++: Allow querying for "C" language linkage on routine types. 2021-08-18 15:35:30 +01:00
Anders Fugmann
0b98b39f91 C++: Test dataflow tests for strdupa and strndupa functions 2021-08-18 15:22:14 +02:00
Anders Fugmann
44752d5ee0 C++: Model strdupa and strndupa string functions returning memory allocated with alloca 2021-08-18 13:12:08 +02:00
Erik Krogh Kristensen
dd59f79947 use min() instead of rank[1]() 2021-08-18 11:09:03 +02:00
Andrew Eisenberg
03d6b15401 Merge branch 'main' into aeisenberg/pack/cpp 2021-08-17 15:28:47 -07:00
Andrew Eisenberg
88ceb42356 Packaging: Migrate cpp experimental/semmle folder to lib 
Also, fix up some library path dependencies.
 2021-08-17 14:41:41 -07:00
Andrew Eisenberg
d8e4e25c1e Packaging: Fix query pack references 
We can't have recursive references to query packs.
 2021-08-17 13:03:40 -07:00
Andrew Eisenberg
2c5dd2dfa3 Packaging: Refactor the cpp libraries 
This PR separates the core cpp packs into `codeql/cpp-queries` and
`codeql/cpp-all`.

There are very few lines of code changed. Almost all changes are moving
files around.
 2021-08-17 11:22:36 -07:00
Anders Fugmann
666d5917fa C++: Avoid inclusion of standard headers 2021-08-17 15:56:28 +02:00
Anders Fugmann
469f8a638b C++: Add more tests for buffer overruns 2021-08-17 15:21:33 +02:00
Anders Fugmann
35b7808866 C++: Fix wrong comment on what is tested 2021-08-17 15:21:03 +02:00
Andrew Eisenberg
e566fb9c5a Packaging: Update suite-helpers qlpack 
Uses new style naming scheme.
 2021-08-16 17:51:33 -07:00
ihsinme
6988912b72 Update UndefinedOrImplementationDefinedBehavior.ql 2021-08-16 15:20:00 +03:00
ihsinme
c63dff639c Update UndefinedOrImplementationDefinedBehavior.expected 2021-08-16 14:15:10 +03:00
ihsinme
74f372d547 Update UndefinedOrImplementationDefinedBehavior.ql 2021-08-16 14:11:28 +03:00
Alexandre Boulgakov
00466e4bb0 Merge pull request #6464 from sashabu/sashabu/auto 
C++: Expose trailing return type presence.
 2021-08-11 18:43:39 +01:00
Alexandre Boulgakov
490498899b C++: Expose trailing return type presence. 2021-08-11 16:04:07 +01:00
Geoffrey White
3f72a1abea Merge pull request #6471 from MathiasVP/fix-fp-in-incorrect-allocation-error-handling 
C++: Fix false-positive in 'cpp/incorrect-allocation-error-handling'
 2021-08-11 15:56:55 +01:00
Mathias Vorreiter Pedersen
8d594dbf08 Update cpp/ql/test/query-tests/Security/CWE/CWE-570/test.cpp 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2021-08-11 16:18:18 +02:00
Mathias Vorreiter Pedersen
0d1884d7a6 C++: Fix FP and accept test changes. 2021-08-11 15:38:57 +02:00
Mathias Vorreiter Pedersen
c2b1da0010 C++: Add FP testcase with an 'new' that has a 'std::nothrow&' parameter, but not a 'noexcept' specifier. This case was previously not reported because of the 'noexcept' specifier, and apparently the 'std::nothrow' case was broken all along. 2021-08-11 15:38:03 +02:00
Mathias Vorreiter Pedersen
89ce25f247 Merge pull request #6083 from ihsinme/ihsinme-patch-275 
CPP: Add query for CWE-783 Operator Precedence Logic Error When Use Bitwise Or Logical Operations
 2021-08-11 14:40:09 +02:00
ihsinme
6d24047626 Update OperatorPrecedenceLogicErrorWhenUseBitwiseOrLogicalOperations.ql 2021-08-11 14:34:20 +03:00
Geoffrey White
e679eac008 C++: Rename test directories to match the test names, where possible. 2021-08-03 18:43:02 +01:00