hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
35,614 Commits 1,671 Branches 157 Tags
c20ee76826e10318f8f39c6fae901b743c2e8254
Commit Graph

7750 Commits

Author SHA1 Message Date
Robert Marsh
4fdc992cd9 C++: IRGuards uses Operand; fix CP in SignAnalysis 2018-11-08 14:43:51 -08:00
Robert Marsh
72bb7c9c42 C++: remove double backtick in qldoc 2018-11-08 11:39:47 -08:00
Robert Marsh
0d9e2098f2 C++: test for bounded bounds in sign analysis 2018-11-08 11:38:34 -08:00
Dave Bartolomeo
a141f4c81a Allow mixed whitespace in C#, C++, and Java test sources 2018-11-08 11:06:42 -08:00
Felicity Chapman
48a7565a7f Fix tag error spotted by PR check 2018-11-08 18:43:32 +00:00
Felicity Chapman
3d779ddebb Bring qhelp inline with current guidelines 2018-11-08 18:37:41 +00:00
Felicity Chapman
8a444b6034 Update qhelp with content and remove autogenerated qhelp files 2018-11-08 16:16:50 +00:00
Geoffrey White
5b09e11a52 CPP: Repair macro case. 2018-11-08 10:01:07 +00:00
Geoffrey White
d6f27f0b2d CPP: Add a test of macros. 2018-11-08 09:58:59 +00:00
Robert Marsh
1d7e802157 C++: move sign analysis to new Operand type 2018-11-07 16:07:37 -08:00
Geoffrey White
57dafe2734 CPP: BinaryArithmeticOperation -> AddExpr. 2018-11-07 15:14:39 -08:00
Geoffrey White
313624fd2e CPP: Support builtin offsetof. 2018-11-07 15:14:39 -08:00
Geoffrey White
79ff559f7a CPP: Don't require alloc in memberMayBeVarSize. 2018-11-07 15:11:53 -08:00
Geoffrey White
19a53cde79 CPP: Fix array size bug in memberMayBeVarSize. 2018-11-07 15:11:53 -08:00
Geoffrey White
3610d35321 CPP: Include offsetof type calculations in memberMayBeVarSize. 2018-11-07 15:11:52 -08:00
Geoffrey White
b9c727c772 CPP: Include sizeof(expr) expressions in isDynamicallyAllocatedWithDifferentSize. 2018-11-07 15:11:52 -08:00
Raul Garcia
f9edaba5aa Fixing typo. 
Restricting to analyze only logical & and | operations
 2018-11-07 13:26:09 -08:00
Dave Bartolomeo
5bf88f0f0a C++: Fix mixed tabs and spaces in non-test code 2018-11-07 11:32:17 -08:00
Aditya Sharad
ed49c623f1 Version: Bump to 1.18.2 release. 2018-11-07 14:36:40 +00:00
Geoffrey White
7bf9200a18 CPP: Fix (it looks like we already had a similar test, both are fixed. 2018-11-07 14:12:52 +00:00
Geoffrey White
73b186a695 CPP: Add test case. 2018-11-07 13:34:42 +00:00
Jonas Jensen
9ee4d3b187 Merge pull request #378 from nickrolfe/uuidof0 
C++: handle __uuidof(0)
 2018-11-07 12:53:44 +01:00
Aditya Sharad
194042348a Eclipse plugins: Remove plugin metadata. 
This is only needed to build QL for Eclipse, and will be moved into the internal Semmle repository.
 2018-11-07 11:01:05 +00:00
Jonas Jensen
6f2fd05480 Merge pull request #354 from geoffw0/return-exception 
CPP: Remove successor edges after calls to non-returning functions
 2018-11-07 09:24:41 +01:00
semmle-qlci
b38effd55b Merge pull request #402 from geoffw0/tag-typos 
Approved by dave-bartolomeo
 2018-11-07 00:59:21 +00:00
Raul Garcia
5a35edfbe2 cpp: Incorrect not opeartor usage 
Marked as Low precision as Linux kernel code mix the usage of logical operators and bit-wise opeartors.
warning C6317: incorrect operator: logical-not (!) is not interchangeable with ones-complement (~)
 2018-11-06 12:49:33 -08:00
Robert Marsh
9d2d381e68 C++: test fixes for sign analysis 2018-11-06 12:02:39 -08:00
Robert Marsh
2d04d9ea04 C++: sync NegateInstruction between IR passes 2018-11-06 12:02:39 -08:00
Robert Marsh
6d06db7989 C++: fix comments 2018-11-06 12:02:39 -08:00
Robert Marsh
d9e6a6ea24 Move cached predicates to cached module 2018-11-06 12:02:38 -08:00
Robert Marsh
bf946c3ec3 C++: remove comments about Java implies predicates 
The Java guards library includes a set of "implies" predicates to handle
short-circuiting conditionals. C++ handles those in IR generation, so
dominance on the IR produces correct results for controlling blocks.
 2018-11-06 12:02:38 -08:00
Robert Marsh
554fea46c7 C++: Sign analysis for casts and unsigned integers 2018-11-06 12:02:38 -08:00
Robert Marsh
d1ae939c9c C++: use guards and operands in sign analysis 2018-11-06 12:02:38 -08:00
Robert Marsh
08e9eea1f2 Add NegateInstruction 2018-11-06 12:02:38 -08:00
Robert Marsh
a3c6b8e575 C++: port sign analysis library from Java 2018-11-06 12:02:38 -08:00
Jonas Jensen
e03b4f0cb6 Merge pull request #293 from geoffw0/zerosizebuffer 
CPP: Better handling of zero-sized buffers
 2018-11-06 20:08:39 +01:00
Dave Bartolomeo
62a5aef0de Merge pull request #410 from jbj/range-analysis-tests 
C++: Tests for two range analysis bugs
 2018-11-06 10:51:12 -08:00
Geoffrey White
ee4cfe8eb7 CPP: Update expected output for changes elsewhere. 2018-11-06 17:58:33 +00:00
Geoffrey White
e6e0d69b7d CPP: Re-apply effect of discover_walk. 2018-11-06 17:53:18 +00:00
Geoffrey White
301c133bef CPP: More descriptive. 2018-11-06 17:53:18 +00:00
Geoffrey White
2042c9c863 CPP: Extend the CPP-205 test (results prior to discover_walk). 2018-11-06 17:53:18 +00:00
Geoffrey White
9c97176896 CPP: Tabs/spaces. 2018-11-06 17:01:30 +00:00
Jonas Jensen
9382c9d528 C++: Regression tests for AV Rule 82 
Without the last commit, this addition to the test gives the following
results:

```
+| AV Rule 82.cpp:176:14:176:22 | operator= | Assignment operator in class Forgivable does not return a reference to *this. |
+| AV Rule 82.cpp:181:14:181:22 | operator= | Assignment operator in class Forgivable does not return a reference to *this. |
```
 2018-11-06 16:13:44 +01:00
Geoffrey White
792369917a CPP: Fix CWE tags. 2018-11-06 14:36:12 +00:00
Geoffrey White
dd8aa5a8d9 CPP: Fix StrncpyFlippedArgs.ql as well. 2018-11-06 14:29:08 +00:00
Geoffrey White
ad44416189 CPP: Move the fix into Buffer.qll so that it applies to other queries. 2018-11-06 14:29:08 +00:00
Sauyon Lee
f99f44a571 If a destination buffer has size 0, there's probably some hackery going on 2018-11-06 14:29:08 +00:00
Jonas Jensen
da73a033e5 C++: Restore exists(getBlock()) in AV Rule 82 
I removed this condition in #362, thinking it was covered by the new
conditions on return statements, but it turns out it wasn't in at least
the following cases.

1. Assignment operators that are deleted or marked private in order to
   make them inaccessible.
2. Templates whose body was not extracted.

While some of these results are technically valid, they are not nearly
as interesting as the results that this query was designed to produce.
 2018-11-06 13:42:20 +01:00
Aditya Sharad
553c2f5d34 Merge master into next. 
As of 2846d80f1c.
 2018-11-06 11:52:51 +00:00
Jonas Jensen
4a02b3946d C++: Tests for two range analysis bugs 2018-11-06 11:57:41 +01:00