hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
56,781 Commits 1,672 Branches 157 Tags
c01a494ea515c32be2f7209a28bfbc8d70d6b107
Commit Graph

9879 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
c01a494ea5 C/C++: Don't force-include XxeFlowStateTransformer steps in XXE.ql. 2023-07-19 11:41:15 +02:00
Anders Schack-Mulligen
ae24d68b5d C/C++/C#/Java/Python/Ruby/Swift: Adjust expected output. 2023-07-19 11:41:15 +02:00
Anders Schack-Mulligen
941aa7ae28 C/C++: Don't force-include default steps in DefaultTaintTrackingImpl. 2023-07-19 11:41:15 +02:00
Anders Schack-Mulligen
95d17045c9 Dataflow: Sync. 2023-07-19 11:41:15 +02:00
Jeroen Ketema
aad094bdd0 C++: Handle FunctionAccesses with qualifiers 
Also fix the IR generation for these and add more IR tests involving value
categories.
 2023-07-18 16:35:39 +02:00
Mathias Vorreiter Pedersen
d41d2bc29e Merge pull request #13699 from MathiasVP/final-config-to-invalid-pointer-deref 
C++: Handle call-contexts mismatches in `cpp/invalid-pointer-deref`
 2023-07-18 13:08:21 +01:00
Jeroen Ketema
5d8b203112 Merge pull request #13758 from jketema/val-cat-tests 
C++: Add more IR tests
 2023-07-18 11:02:27 +02:00
Jeroen Ketema
e2de94b233 C++: Add more IR tests 
These show the value categories for more static member calls, and show that
a load occurs when a `volatile` variable is being used in an empty context.
 2023-07-18 08:40:54 +02:00
Jeroen Ketema
a426010b06 Merge pull request #13621 from MathiasVP/deprecate-ast-dataflow 
C++: Deprecate AST dataflow
 2023-07-18 08:13:47 +02:00
Mathias Vorreiter Pedersen
d63ead55dc C++: Remove barrier that's no longer needed. 2023-07-17 15:59:35 +01:00
Mathias Vorreiter Pedersen
11f2681904 Merge pull request #13740 from MathiasVP/unique-entry-point 
C++: Exclude invalid functions from new range analysis
 2023-07-17 13:32:50 +01:00
Mathias Vorreiter Pedersen
8c21699040 C++: Accept test changes. 2023-07-17 10:51:42 +01:00
Mathias Vorreiter Pedersen
f9db6a9868 C++: Don't do range analysis on malformed IR. 2023-07-17 10:15:01 +01:00
Mathias Vorreiter Pedersen
c13f015b95 C++: No need to select the 'instruction' as the sink when the dataflow node has a better 'toString'. 2023-07-13 14:17:43 +01:00
Mathias Vorreiter Pedersen
5e06043120 C++: Completely get rid of merged path nodes. 2023-07-13 14:15:14 +01:00
Anders Schack-Mulligen
837df2ad37 Dataflow: Sync. 2023-07-13 10:55:39 +02:00
Jeroen Ketema
52ab215560 C++/Swift: Remove none() dataflow configuration predicates 
These now have default implementations that are also `none()`
 2023-07-12 23:49:29 +02:00
Ed Minnix
63299688d5 Add change notes for default implementations of isBarrier and isAdditionalFlowStep 2023-07-12 15:21:16 -04:00
Ed Minnix
2c0a456855 C++: Add default implementation of StateConfigSig::isAdditionalFlowStep/4 2023-07-12 15:06:24 -04:00
Ed Minnix
c73cd73001 C++: Add default implementation of StateConfigSig::isBarrier/2 2023-07-12 15:06:24 -04:00
Mathias Vorreiter Pedersen
2c2f9b9e17 C++: Fix comment. 2023-07-12 11:59:29 +01:00
Mathias Vorreiter Pedersen
19872d5adf Update cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2023-07-12 11:58:07 +01:00
Mathias Vorreiter Pedersen
3d5414b84c Update cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2023-07-12 11:57:51 +01:00
Mathias Vorreiter Pedersen
63c5684fbb C++: Join with 'invalidPointerToDerefSource' in 'hasFlowPath' to prevent conflation of paths. 2023-07-11 10:24:01 +01:00
Mathias Vorreiter Pedersen
a4c0063ab1 Merge pull request #13679 from MathiasVP/speedup-big-step 
DataFlow: Speed up the big step relation
 2023-07-11 09:44:17 +01:00
Jeroen Ketema
d217e1e87c Merge pull request #13647 from purs3lab/uninitialized-local 
C++: exclude uninitialized uses inside pure expression statements
 2023-07-11 10:31:33 +02:00
Jeroen Ketema
8cec884c59 Merge pull request #13701 from rdmarsh2/rdmarsh2/cpp/constant-array-overflow-tests-2 
C++: more constant array off-by-one tests
 2023-07-11 00:17:09 +02:00
Jeroen Ketema
3fe99dc4c7 Merge pull request #13704 from jketema/ir-test 
C++: Add assignment operation IR test where the result is being used
 2023-07-10 19:01:24 +02:00
Robert Marsh
5eea8e49b7 C++: more constant array off-by-one tests 2023-07-10 12:51:48 -04:00
Jeroen Ketema
de3251a634 C++: Add assignment operation IR test where the result is being used 2023-07-10 17:55:50 +02:00
Mathias Vorreiter Pedersen
3fe58d97bd C++: Accept test changes. 2023-07-10 13:53:04 +01:00
Mathias Vorreiter Pedersen
ae8ecc9076 C++: Add a final configuration to preserve call contexts between configuration transitions. 2023-07-10 13:52:32 +01:00
Mathias Vorreiter Pedersen
055aea6e1a C++: Add FP caused by missing call context. 2023-07-10 13:52:30 +01:00
Mathias Vorreiter Pedersen
44f23bfa59 Merge pull request #13690 from github/post-release-prep/codeql-cli-2.14.0 
Post-release preparation for codeql-cli-2.14.0
 2023-07-07 23:39:38 +01:00
Mingjie Shen
d8e0ffa52d Update cpp/ql/src/Likely Bugs/Memory Management/UninitializedLocal.ql 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2023-07-07 12:25:42 -04:00
github-actions[bot]
13cf054a9d Post-release preparation for codeql-cli-2.14.0 2023-07-07 14:55:41 +00:00
Mathias Vorreiter Pedersen
a826c8327a Merge pull request #13682 from jketema/ptr-comp 
C++: Support pointer addition and subtraction in the IRGuards library
 2023-07-07 11:32:43 +01:00
Jeroen Ketema
2c2903d58d C++: Add change note 2023-07-07 11:27:46 +02:00
github-actions[bot]
6484ee106e Release preparation for version 2.14.0 2023-07-07 08:22:14 +00:00
Mingjie Shen
4b4c0cd563 C++: add testcases for UninitializedLocal.ql 2023-07-06 20:07:58 -04:00
Mingjie Shen
9218afedbe C++: exclude uninitialized uses that are cast to void 
This eliminates FPs caused by casting a variable explicitly to
void type. Developers use this cast to suppress compiler warnings
on unused variables, e.g.
   (void) x;
 2023-07-06 17:43:42 -04:00
Dave Bartolomeo
139585fe5c Merge pull request #13681 from github/dbartol/mergeback-3.10 
Mergeback `rc/3.10` -> `main`
 2023-07-06 12:13:17 -04:00
Jeroen Ketema
572aa1330d Merge pull request #13680 from jketema/product-default 
C++: Add more default predicates to product flow
 2023-07-06 18:12:38 +02:00
Jeroen Ketema
8d05d8a4dc C++: Add change note 2023-07-06 17:14:49 +02:00
Jeroen Ketema
8bc8ef4dda C++: Support pointer addition and subtraction in the IRGuards library 
It seems this was something supported by the AST Guards library
 2023-07-06 16:54:44 +02:00
Dave Bartolomeo
9631e9f2f1 Bump minor version numbers post-GHES 2023-07-06 10:10:01 -04:00
Jeroen Ketema
fa2ee26379 C++: Add more default predicates to product flow 2023-07-06 16:06:36 +02:00
Dave Bartolomeo
2bb9adfbf1 Merge remote-tracking branch 'origin/main' into dbartol/mergeback-3.10 2023-07-06 10:00:46 -04:00
Mathias Vorreiter Pedersen
83d0dec0fb DataFlow: Sync identical files. 2023-07-06 14:00:00 +01:00
Mathias Vorreiter Pedersen
4cc2771bbf C++: Speed up the big step relation by specializing the 'isUnrachableInCall' predicate. 2023-07-06 13:59:52 +01:00