hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-17 13:06:48 +01:00
Code Issues Packages Projects Releases Wiki Activity
18,062 Commits 1,714 Branches 162 Tags
c146e044ca9a15fa391a95a13da888a4fd7713f2
Commit Graph

175 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
715f233360 C++: Add a new model class describing pure memory functions, and use this new model in DefaultSafeExternalAPIFunction. 2020-11-18 12:47:33 +01:00
Mathias Vorreiter Pedersen
09c5caa3bd C++: Move ExternalAPI files into query directory to prevent out-of-tree use. 2020-11-18 10:18:03 +01:00
Mathias Vorreiter Pedersen
f16591dffc C++: Respond to qhelp review comments. 2020-11-18 09:18:14 +01:00
Mathias Vorreiter Pedersen
52bbb326ca QLDoc: Wrap lines and disambiguate explanation. 2020-11-17 16:23:27 +01:00
Mathias Vorreiter Pedersen
d93d3c8699 C++: Use the getSourceType predicate on RemoteFlowSources for better alert messages. 2020-11-17 16:23:27 +01:00
Mathias Vorreiter Pedersen
dea16d4d62 QLDoc/C++: Rename {IR}ExternalAPIsUsedWithUntrustedData to {IR}CountUntrustedDataToExternalAPI 2020-11-17 16:23:13 +01:00
Mathias Vorreiter Pedersen
c37093f4bc C++: Add copies of qhelp files for IR. 2020-11-17 12:28:31 +01:00
Mathias Vorreiter Pedersen
3b8580efaf C++: Add qhelp and example files (modeled after the Java examples). 2020-11-17 12:27:53 +01:00
Mathias Vorreiter Pedersen
5ad18eb748 C++: Add ExternalAPI query files (for AST and IR). 2020-11-17 12:27:40 +01:00
Mathias Vorreiter Pedersen
d0dd71ba10 Apply suggestions from code review 
Co-authored-by: hubwriter <54933897+hubwriter@users.noreply.github.com>
 2020-10-22 12:53:35 +02:00
Mathias Vorreiter Pedersen
056a553976 C++: Fix broken qhelp links 2020-10-21 17:26:46 +02:00
Geoffrey White
493b80c44d C++: Fix incorrect translations to hasQualifiedName. 2020-10-08 17:56:57 +01:00
Geoffrey White
d93b37d5c5 C++: Autoformat some more files. 2020-10-05 15:11:23 +01:00
Geoffrey White
3536d84bdf C++: Use [, ...] syntax more widely. 2020-10-02 18:04:03 +01:00
Chris Smowton
578ea1ae43 Fix OWASP broken links 2020-10-01 13:09:52 +01:00
Geoffrey White
3d60756d40 C++: Downgrade the query precision. 2020-08-13 15:45:57 +01:00
Geoffrey White
fc69c16ba6 C++: Deprecate some old terminology. 2020-06-29 18:03:16 +01:00
Jonas Jensen
e0ba23d2c7 C++: @precision high for tainted-format-string* 
I think these queries have excellent results on lgtm.com. Many of the
results come from projects that use `sprintf` like it's a templating
engine, trusting that values from `argv` or `getenv` contain the correct
number of `%s`. I think we want to flag that.

The structure of the change note is modeled after 91af51cf46.
 2020-06-17 09:03:13 +02:00
Geoffrey White
9b4884dfaf C++: Backticks. 2020-05-01 14:26:34 +01:00
Shati Patel
5c80cd5032 Merge branch 'rc/1.24' into mergeback 2020-04-29 08:05:53 +01:00
Jonas Jensen
718f4cd3f9 C++: Speed up SuspiciousAddWithSizeof select 
This `select` clause had become very slow after we started caching
`ElementBase::toString` because the query used string concatenation to
produce alert messages, and those string concatenations were done very
early in the pipeline, producing lots of strings that would be discarded
moments later.

By using `$@` to interpolate elements into strings, the concatenation is
done outside of QL.

Testing on a Chromium snapshot, this commit takes us from

    #select#ff ................ 6m2s

to

    #select#cpe#134#fff ....... 15.2s
 2020-04-24 16:18:18 +02:00
Jonas Jensen
c970e8a52e Merge remote-tracking branch 'upstream/rc/1.24' into mergeback-2020-04-17 2020-04-17 10:42:27 +02:00
Robert Marsh
b5c0a0f77d C++: remove all uses of Declaration::isDefined 2020-04-14 10:54:06 -07:00
Geoffrey White
ba3a8d0872 C++: Improve naming and QLDoc. 2020-04-09 15:06:23 +01:00
Geoffrey White
a7979fdc12 C++: Base results purely on allocations now, not multiplications by a sizeof. 2020-04-09 15:05:29 +01:00
Jonas Jensen
58366b19e9 C++: Path explanations in the last two queries 
For some reason I thought that these two queries were special because
they manipulate `SecurityOptions` to change the taint-tracking sources.
It turns out it was just the opposite: the queries used to be special
because they invalidated the cache for the `tainted` predicate, but that
predicate is no longer used, so these queries are no longer special.
 2020-04-04 16:47:06 +02:00
Jonas Jensen
108d5177b8 C++: Fix two bugs found by @rdmarsh2 
Co-Authored-By: Robert Marsh <rdmarsh2@gmail.com>
 2020-04-04 15:24:44 +02:00
Jonas Jensen
5822cd7b84 C++: Put paths in the remaining LGTM-suite queries 2020-04-03 17:10:47 +02:00
Jonas Jensen
3ec1f691c2 C++: First query with flow-paths through globals 2020-04-03 16:45:00 +02:00
Jonas Jensen
e916f07a8e C++: Formatting fixups 2020-04-03 15:52:13 +02:00
Jonas Jensen
207c76b855 C++: Path explanations in DefaultTaintTracking 
The first three queries are migrated to use path explanations.
 2020-04-01 20:51:05 +02:00
Geoffrey White
75a50a1714 C++: Understand formatting function varargs as needing null termination. 2020-02-11 15:25:59 +00:00
Geoffrey White
de8d84dfff C++: Clearer comments in NoSpaceForZeroTerminator.ql. 2020-02-11 15:25:59 +00:00
Anders Schack-Mulligen
96e4a57edd C++: Autoformat. 2020-01-29 13:11:50 +01:00
Geoffrey White
50c0ec1cb1 CPP: Optimize isRandValue. 2020-01-09 12:12:00 +00:00
Geoffrey White
0da826f0c3 Merge branch 'master' into overflowcalc 2019-12-16 13:48:38 +00:00
Geoffrey White
b752a6c8ed Merge pull request #2381 from jbj/StackVariable 
C++: Add StackVariable class, preferred over LocalScopeVariable
 2019-12-03 10:35:16 +00:00
Jonas Jensen
5b24b1efc3 Merge remote-tracking branch 'upstream/rc/1.23' into mergeback-20191202 
Conflicts solved:
	javascript/extractor/src/com/semmle/js/extractor/Main.java
	javascript/ql/test/query-tests/Statements/UseOfReturnlessFunction/tst.js
 2019-12-02 09:57:34 +01:00
Jonas Jensen
763b18cd11 Merge remote-tracking branch 'upstream/master' into StackVariable 
Conflicts:
      change-notes/1.24/analysis-cpp.md
      cpp/ql/src/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql
 2019-11-28 17:51:20 +01:00
Jonas Jensen
b1745f588c Merge pull request #2402 from geoffw0/nospace 
CPP: Make NoSpaceForZeroTerminator.ql more conservative.
 2019-11-26 13:36:05 +01:00
Jonas Jensen
5ee19c5a66 C++: Stricter loop-variant check 
The `loopVariant` predicate in `ComparisonWithWiderType.ql` is intended
to identify loop counters, but it was too much of a stretch to apply it
to any subexpression of the small side of the comparison.

This change fixes two false positives on arvidn/libtorrent and many
others seen in the wild (on Linux, CoreCLR, ffmpeg, ...).
 2019-11-25 11:31:41 +01:00
Geoffrey White
794a3deba9 CPP: Break up a long sentence in query description. 2019-11-22 16:07:59 +00:00
Geoffrey White
3895a7e1f0 CPP: Queries: Improve NoSpaceForZeroTerminator query. 2019-11-22 15:27:08 +00:00
Geoffrey White
d6cbc674b6 CPP: Autoformat. 2019-11-22 15:13:06 +00:00
Geoffrey White
2212c47db2 CPP: Use dataflow more consistently. 2019-11-20 15:34:40 +00:00
Geoffrey White
e6ea705ff2 CPP: Switch from a blacklist to whitelist approach for determining null termination. 2019-11-20 15:34:38 +00:00
Jonas Jensen
140575ee71 C++: Use StackVariable where SSA/def-use are used 
These changes should not affect semantics since these uses of
`LocalScopeVariable` were already constrained to stack variables by
their use of SSA or def-use.
 2019-11-19 11:31:34 +01:00
Jonas Jensen
8a9ee8fcdd Merge pull request #2300 from geoffw0/names 
CPP: Rename/relocate some queries and libraries
 2019-11-13 09:11:24 +01:00
Dave Bartolomeo
5b33255e44 Merge pull request #1585 from rdmarsh2/rdmarsh/cpp/hasGlobalOrStdName 
C++: add Declaration.hasGlobalOrStdName()
 2019-11-12 12:00:17 -07:00
Geoffrey White
ea9e3bb1a8 CPP: Rename VirtualDispatch again. 2019-11-12 16:17:03 +00:00