codeql

mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00

Author	SHA1	Message	Date
Erik Krogh Kristensen	559ec7ba56	Merge branch 'main' into repeatedWord	2022-08-09 21:22:47 +02:00
Geoffrey White	db8a3107b3	Merge pull request #9089 from ihsinme/ihsinme-patch-87 CPP: Add query for CWE-125 Out-of-bounds Read with different interpretation of the string when use mbtowc	2022-08-09 09:31:32 +01:00
ihsinme	4fdf4b23bd	Update DangerousWorksWithMultibyteOrWideCharacters.ql	2022-08-08 18:46:39 +03:00
ihsinme	212b1031b2	Update DangerousWorksWithMultibyteOrWideCharacters.qhelp	2022-08-08 18:42:54 +03:00
ihsinme	7cbf79b144	Rename DangerousUseMbtowc.ql to DangerousWorksWithMultibyteOrWideCharacters.ql	2022-08-08 18:39:41 +03:00
ihsinme	9b5154f878	Update and rename DangerousUseMbtowc.qlref to DangerousWorksWithMultibyteOrWideCharacters.qlref	2022-08-08 18:39:10 +03:00
ihsinme	bce395f201	Rename DangerousUseMbtowc.expected to DangerousWorksWithMultibyteOrWideCharacters.expected	2022-08-08 18:38:24 +03:00
ihsinme	ef04b8f5b3	Rename DangerousUseMbtowc.qhelp to DangerousWorksWithMultibyteOrWideCharacters.qhelp	2022-08-08 18:37:15 +03:00
ihsinme	5ee499389e	Rename DangerousUseMbtowc.cpp to DangerousWorksWithMultibyteOrWideCharacters.cpp	2022-08-08 18:36:53 +03:00
ihsinme	02bea35da2	Update DangerousUseMbtowc.qhelp	2022-08-08 18:35:25 +03:00
Anders Schack-Mulligen	3d47875b60	Dataflow: Generate shorter RA/DIL names.	2022-08-05 11:00:56 +02:00
Anders Schack-Mulligen	d3dcc3ce3a	Dataflow: Sync.	2022-08-05 11:00:56 +02:00
Jeroen Ketema	ba2cee07a9	Merge pull request #8596 from rdmarsh2/rdmarsh2/dataflow-global-vars C++: IR data flow through global variables	2022-08-05 10:07:00 +02:00
Alex Ford	33fbec1174	Merge pull request #9917 from github/post-release-prep/codeql-cli-2.10.2 Post-release preparation for codeql-cli-2.10.2	2022-08-03 15:17:00 +01:00
intrigus-lgtm	c59e6586f7	Add additional reference to CERT C coding standard	2022-08-03 14:19:53 +02:00
Rasmus Wriedt Larsen	8fb85a98d8	Merge branch 'main' into post-release-prep/codeql-cli-2.10.2	2022-08-03 10:42:02 +02:00
Mathias Vorreiter Pedersen	c582d17350	Merge pull request #9952 from MathiasVP/speedup-return-stack-allocated-memory C++: Speedup `cpp/return-stack-allocated-memory`	2022-08-03 09:41:38 +01:00
Alex Ford	8e3548efb3	Merge branch 'main' into post-release-prep/codeql-cli-2.10.2	2022-08-02 20:29:26 +01:00
Jeroen Ketema	a63df8fee9	Merge pull request #9930 from jketema/templ-var C++: Update test for indexing of static template variable template arguments	2022-08-02 16:59:56 +02:00
Mathias Vorreiter Pedersen	f385041ab3	C++: Add change note.	2022-08-02 14:07:22 +01:00
Mathias Vorreiter Pedersen	5181cc1295	C++: Add a 'allowInterproceduralFlow' predicate to the 'MustFlow' library to and use it instead of checking the enclosing callables after computing the dataflow graph.	2022-08-02 13:43:01 +01:00
Robert Marsh	3007c96c72	C++: fix a nit	2022-08-01 15:34:03 -04:00
Robert Marsh	f0697ff28b	C++: fix QL4QL warnings	2022-08-01 15:23:59 -04:00
Robert Marsh	6dbaae6bfc	Merge branch 'main' into rdmarsh2/dataflow-global-vars	2022-08-01 14:56:24 -04:00
Robert Marsh	4f8373f577	Merge branch 'main' into rdmarsh2/dataflow-global-vars	2022-08-01 14:55:45 -04:00
Mathias Vorreiter Pedersen	e3cb7cf9fe	C++: Remove internal 'microsoft' tags from queries.	2022-08-01 17:30:23 +01:00
ihsinme	96e220588e	Update DangerousUseMbtowc.ql	2022-07-31 13:44:50 +03:00
Jeroen Ketema	c02e7a4896	C++: Update test for indexing of static template variable template arguments	2022-07-31 09:58:29 +02:00
Jeroen Ketema	a27b1ee33a	C++: Improve `ErrorExpr` documentation to match current practise	2022-07-29 09:08:56 +02:00
Jeroen Ketema	5a59354d73	C++: Minor clean up of the builtin operations qldoc	2022-07-29 09:08:56 +02:00
Jeroen Ketema	bce253920c	C++: Fix `__builtin_shuffle` qldoc	2022-07-29 09:08:56 +02:00
Jeroen Ketema	afdd21eab7	C++: Update DB scheme stats file	2022-07-29 09:08:56 +02:00
Jeroen Ketema	295ecbb401	C++: Add upgrade and downgrade scripts for new builtins	2022-07-29 09:08:56 +02:00
Jeroen Ketema	1806b8933f	C++: Add change note for newly added builtins	2022-07-29 09:08:56 +02:00
Jeroen Ketema	20b66eaf34	C++: Support `__builtin_shuffle` builtin While here write gcc instead of GNU, which is more accurate.	2022-07-29 09:08:56 +02:00
Jeroen Ketema	81e687ea98	C++: Support `__builtin_bit_cast` builtin	2022-07-29 09:08:56 +02:00
Jeroen Ketema	a85d3f9b7f	C++: Support `__has_unique_object_representations` builtin	2022-07-29 09:08:56 +02:00
Jeroen Ketema	0c03935437	C++: Support `__is_aggregate` builtin Fix some whitespace issues while here.	2022-07-29 09:08:56 +02:00
Jeroen Ketema	c4283dd23f	C++: Support `__is_assignable` builtin While here fix the documentation of `__is_trivially_assignable` and `__is_nothrow_assignable`.	2022-07-29 09:08:56 +02:00
github-actions[bot]	e8747d3176	Post-release preparation for codeql-cli-2.10.2	2022-07-28 20:00:09 +00:00
github-actions[bot]	212786ed91	Release preparation for version 2.10.2	2022-07-28 13:38:35 +00:00
Jeroen Ketema	8cd0a9d245	Merge pull request #9735 from jketema/inline-yolo C++: Remove `pragma[noinline]` from `ResolveGlobalVariable.ql`	2022-07-25 11:25:26 +02:00
Robert Marsh	0a35f97074	Merge pull request #9872 from jketema/return-join C++: Fix join-order problem in `cpp/return-stack-allocated-memory`	2022-07-22 14:32:10 -04:00
Jeroen Ketema	a9d95a9418	C++: Remove `pragma[noinline]` from `ResolveGlobalVariable.ql`	2022-07-22 17:59:27 +02:00
Jeroen Ketema	23c19311fb	Merge pull request #9700 from jketema/resolve-global-variable C++: Ensure only one `Variable` exists for every global variable	2022-07-22 17:57:21 +02:00
Jeroen Ketema	ad8335d6f3	C++: Fix join-order problem in `cpp/return-stack-allocated-memory` Before on Abseil: ``` Evaluated relational algebra for predicate #select#cpe#12356#fffff@3ffb21o1 with tuple counts: 1235939 ~0% {2} r1 = SCAN functions OUTPUT In.0, In.0 1235939 ~0% {2} r2 = JOIN r1 WITH functions ON FIRST 1 OUTPUT Lhs.1, Lhs.0 33500841 ~0% {2} r3 = JOIN r2 WITH DataFlowUtil::Node::getEnclosingCallable#dispred#f0820431#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1 280683 ~3% {3} r4 = JOIN r3 WITH MustFlow::MkLocalPathNode#0227f5a1#fff ON FIRST 1 OUTPUT Rhs.2, Lhs.1, Lhs.0 40970 ~2% {4} r5 = JOIN r4 WITH MustFlow::MustFlowConfiguration::hasFlowPath#dispred#f0820431#fff#cpe#23_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.0 40970 ~0% {5} r6 = JOIN r5 WITH MustFlow::MkLocalPathNode#0227f5a1#fff_20#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3, Lhs.0 40970 ~1% {5} r7 = JOIN r6 WITH DataFlowUtil::Cached::TInstructionNode#47741e1f#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3, Lhs.4 40970 ~1% {5} r8 = JOIN r7 WITH project#Instruction::VariableAddressInstruction#class#577b6a83#ff ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2, Lhs.3, Lhs.4 40970 ~0% {6} r9 = JOIN r8 WITH SSAConstruction::Cached::getInstructionAst#2b11997e#ff ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2, Lhs.3, Lhs.4, Rhs.1 40970 ~2% {7} r10 = JOIN r9 WITH SSAConstruction::Cached::getInstructionAst#2b11997e#ff ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2, Lhs.3, Lhs.4, Lhs.5, Rhs.1 0 ~0% {6} r11 = JOIN r10 WITH Instruction::Instruction::getEnclosingFunction#dispred#f0820431#3#ff ON FIRST 2 OUTPUT Rhs.1, Lhs.2, Lhs.3, Lhs.4, Lhs.5, Lhs.6 0 ~0% {5} r12 = JOIN r11 WITH functions ON FIRST 1 OUTPUT Lhs.5, Lhs.1, Lhs.2, Lhs.3, Lhs.4 0 ~0% {5} r13 = JOIN r12 WITH Element::ElementBase::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.1, Lhs.3, Lhs.2, Lhs.4, Rhs.1 return r13 ``` After: ``` Evaluated relational algebra for predicate #select#cpe#12356#fffff@1dbc97kv with tuple counts: 40970 ~0% {2} r1 = SCAN MustFlow::MustFlowConfiguration::hasFlowPath#dispred#f0820431#fff#cpe#23 OUTPUT In.1, In.0 40970 ~0% {3} r2 = JOIN r1 WITH MustFlow::MkLocalPathNode#0227f5a1#fff_20#join_rhs ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Rhs.1 40970 ~7% {4} r3 = JOIN r2 WITH MustFlow::MkLocalPathNode#0227f5a1#fff_20#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.0, Lhs.1, Lhs.2 40970 ~2% {4} r4 = JOIN r3 WITH DataFlowUtil::Cached::TInstructionNode#47741e1f#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3 40970 ~2% {4} r5 = JOIN r4 WITH project#Instruction::VariableAddressInstruction#class#577b6a83#ff ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2, Lhs.3 40970 ~0% {5} r6 = JOIN r5 WITH SSAConstruction::Cached::getInstructionAst#2b11997e#ff ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2, Lhs.3, Rhs.1 40970 ~1% {6} r7 = JOIN r6 WITH SSAConstruction::Cached::getInstructionAst#2b11997e#ff ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2, Lhs.3, Lhs.4, Rhs.1 40970 ~0% {6} r8 = JOIN r7 WITH Instruction::Instruction::getEnclosingFunction#dispred#f0820431#3#ff ON FIRST 1 OUTPUT Lhs.3, Rhs.1, Lhs.1, Lhs.2, Lhs.4, Lhs.5 0 ~0% {5} r9 = JOIN r8 WITH DataFlowUtil::Node::getEnclosingCallable#dispred#f0820431#fb ON FIRST 2 OUTPUT Lhs.5, Lhs.2, Lhs.3, Lhs.0, Lhs.4 0 ~0% {5} r10 = JOIN r9 WITH Element::ElementBase::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.3, Lhs.1, Lhs.2, Lhs.4, Rhs.1 return r10 ```	2022-07-21 11:27:02 +02:00
Jeroen Ketema	694d6395d5	C++: Fix join-order problem in `cpp/command-line-injection` Before on Abseil Linux: ``` Evaluated relational algebra for predicate ExecTainted::ExecState#class#91000ffb#fff@41084cm7 with tuple counts: 40879811 ~0% {2} r1 = SCAN DataFlowUtil::Node::getLocation#dispred#f0820431#ff OUTPUT In.1, In.0 40879811 ~0% {2} r2 = JOIN r1 WITH Location::Location::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1 7527 ~3% {3} r3 = JOIN r2 WITH ExecTainted::interestingConcatenation#91000ffb#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0 7527 ~0% {4} r4 = JOIN r3 WITH DataFlowUtil::Node::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Lhs.0, Rhs.1 7527 ~0% {5} r5 = JOIN r4 WITH DataFlowUtil::Node::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Lhs.0, Lhs.3, Rhs.1 7527 ~0% {6} r6 = JOIN r5 WITH DataFlowUtil::Node::getLocation#dispred#f0820431#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.0, Lhs.3, Lhs.4 7527 ~0% {3} r7 = JOIN r6 WITH Location::Location::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT ((((((("ExecState (" ++ Rhs.1) ++ " \| ") ++ Lhs.4) ++ ", ") ++ Lhs.1) ++ " \| ") ++ Lhs.5 ++ ")"), Lhs.3, Lhs.2 return r7 ``` After: ``` Evaluated relational algebra for predicate ExecTainted::ExecState#class#91000ffb#fff@1ffe61ps with tuple counts: 7527 ~0% {3} r1 = JOIN ExecTainted::interestingConcatenation#91000ffb#ff WITH DataFlowUtil::Node::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Rhs.1 7527 ~0% {4} r2 = JOIN r1 WITH DataFlowUtil::Node::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2, Rhs.1 7527 ~1% {5} r3 = JOIN r2 WITH DataFlowUtil::Node::getLocation#dispred#f0820431#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0, Lhs.2, Lhs.3 7527 ~0% {5} r4 = JOIN r3 WITH Location::Location::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Lhs.3, Lhs.4, Rhs.1 7527 ~4% {6} r5 = JOIN r4 WITH DataFlowUtil::Node::getLocation#dispred#f0820431#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.0, Lhs.1, Lhs.2, Lhs.3, Lhs.4 7527 ~0% {3} r6 = JOIN r5 WITH Location::Location::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT ((((((("ExecState (" ++ Rhs.1) ++ " \| ") ++ Lhs.3) ++ ", ") ++ Lhs.5) ++ " \| ") ++ Lhs.4 ++ ")"), Lhs.1, Lhs.2 return r6 ```	2022-07-20 16:27:47 +02:00
Erik Krogh Kristensen	625e37a0da	fix typo Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>	2022-07-14 21:53:21 +02:00
github-actions[bot]	0ee476129a	Post-release preparation for codeql-cli-2.10.1	2022-07-14 14:38:49 +00:00
Erik Krogh Kristensen	85a652f3d1	remove a bunch of repeated words	2022-07-14 12:42:48 +02:00

... 9 10 11 12 13 ...

8505 Commits