hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
35,614 Commits 1,672 Branches 157 Tags
c20ee76826e10318f8f39c6fae901b743c2e8254
Commit Graph

7750 Commits

Author SHA1 Message Date
Andrew Eisenberg
6a47fcaf1f Packaging: Normalize all qlpack.yml files for all languages 
This commit ensures consistency among all of our qlpacks. Here are the
changes:

1. Ensure only modern references are used (codeql-{lang} is converted to
   codeql/{lang}-all or codeql/{lang}-queries where appropriate).
2. Use consistent version numbers. All languages are at 0.0.2 except
   javascript, which is 0.0.3.
3. Convert all `libraryPathDependencies` to `dependencies` with version
   constraints
4. Dependencies from query packs to other packs are always `"*"` since
   these dependencies are always from source and we should get the
   latest.
5. Dependencies from codeql/{lang}-lib to codeql/{lang}-upgrades must
   be strict since there is a tight connection between the libary
   and its relevant upgrades.
 2021-09-03 11:53:28 -07:00
Dave Bartolomeo
ba72a1cde7 Make TranslatedSideEffect abstract 
This is step two of fixing the ordering of call side effects. This commit refactors the existing `TranslatedSideEffect` class into an abstract `TranslatedSideEffect` class, which contains functionality common to all kinds of side effect, and a concrete `TranslatedArgumentSideEffect` class, which is the implementation of argument side effects. A future commit will add additional concrete classes for conservative call side effects and allocation side effects.

This change has zero diffs to the generated IR.
 2021-09-03 11:31:14 -04:00
Geoffrey White
4e60fd5fc7 C++:Add the ImproperNullTerminationTainted.ql query to the test. 2021-09-03 15:53:24 +01:00
Geoffrey White
ccf1a44a2b C++: Extend tests for cpp/improper-null-termination. 2021-09-03 15:48:36 +01:00
Dave Bartolomeo
47e16b0480 Move logic for determining CallSideEffect opcode out of TranslatedCall. 
This is the first step to fixing the order of side effects on call instructions. The goal is to move all side effects (argument side effects, allocation side effects, and conservative call side effects) to be treated as elements in a single sequence of side effects, which will then be handled in a single place similar to how we already handle argument side effects.
 2021-09-03 09:58:31 -04:00
Geoffrey White
f2047ee4d0 C++: Actually fix expected files after layout changes. 2021-09-03 09:13:41 +01:00
Anders Fugmann
d962fc4ce1 C++: Improve predicate upperBound in SimpleRangeAnalysis 
If an expression has an immediate guardPhi node, this is used as a strict upper bound
 2021-09-02 21:46:18 +02:00
Anders Fugmann
c110508b4e C++: Add tests to expose potential improvements available to SimpleRangeAnalysis 2021-09-02 21:20:33 +02:00
Geoffrey White
a0b712d44b C++: Add notice about the SAMATE Juliet tests. 2021-09-02 17:34:48 +01:00
Geoffrey White
d73604d1c5 C++: Fix a few glitches and accept line number changes in expected files. 2021-09-02 17:34:47 +01:00
Geoffrey White
f755659f5d C++: More directory structure consistency / cleanup. 2021-09-02 17:34:47 +01:00
Geoffrey White
d1ab2d2e8c C++: Remove some irrelevant macro logic and main functions. 2021-09-02 17:34:46 +01:00
Geoffrey White
fdb4a2acdb C++: Clean up header comments. 2021-09-02 17:34:46 +01:00
Geoffrey White
75d367a6c5 C++: Add ad-hoc SAMATE Juliet test cases (that were previously internal). Directory structures cleaned up in a few places. 2021-09-02 17:34:45 +01:00
ihsinme
1e88470ad8 Add files via upload 2021-09-02 10:22:49 +03:00
ihsinme
9f4b7255aa Add files via upload 2021-09-02 10:21:07 +03:00
Tom Hvitved
c3ecae503b Data flow: Sync files 2021-09-01 19:58:47 +02:00
Remco Vermeulen
7310590f90 Update qldoc FunctionAccess class 
The `FunctionAccess` class doesn't capture accesses of functions in function call expressions.
This update makes that explicit.
 2021-09-01 15:36:00 +02:00
Remco Vermeulen
ffd2a388a9 Update qldoc for the Access class 
The access class does not capture function accesses that are part of a function call expression.
This updates makes that explicit
 2021-09-01 15:30:33 +02:00
Geoffrey White
d6368c3d1b C++: Add QLDoc comments. 2021-08-31 19:03:45 +01:00
Geoffrey White
49807c080b C++: Understand *=. 2021-08-31 18:25:52 +01:00
Geoffrey White
436b18a11f C++: Add test cases. 2021-08-31 18:23:15 +01:00
Geoffrey White
6bbed9d624 C++: Test layout. 2021-08-31 18:09:21 +01:00
Alexandre Boulgakov
10bc2568b7 C++: Add support for default member initializers. 2021-08-26 12:32:30 +01:00
Jonas Jensen
abdf993e47 Merge pull request #6537 from andersfugmann/implicit_downcast_involving_references 
Implicit downcast involving references
 2021-08-25 09:45:32 +02:00
Anders Peter Fugmann
67a267d971 Update cpp/change-notes/2021-08-24-implicit-downcast-from-bitfield.md 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2021-08-25 08:58:44 +02:00
Jonas Jensen
19ee64d9ad C++:Lower potentially-dangerous-function precision 
There have been multiple reports of false positives from this query over
time. Now that it has `@security-severity 10.0`, these false positives
look even worse.

The query looks purely for calls to functions with certain names, not
at whether the calls happen in a dangerous context. To justify a higher
precision, the query should only flag calls that happen in a thread or
another non-reentrant context.
 2021-08-24 17:14:42 +02:00
Anders Fugmann
6b66f5dbb4 C++: Add change note for implicit downcasting involving references 2021-08-24 10:26:25 +02:00
Anders Fugmann
6d4b7c828c C++: Remove superfluous 'and any()' 2021-08-24 09:37:39 +02:00
Ian Lynagh
43355feaeb Merge pull request #6536 from github/igfoo/getPrimaryQlClasses 
All languages: Add getPrimaryQlClasses()
 2021-08-23 19:49:37 +01:00
Geoffrey White
bc9994774a Merge pull request #6515 from MathiasVP/clarify-initialization-vs-assignment-in-docs 
C++: Clarify difference between 'Initializer' and 'Assignment'.
 2021-08-23 18:00:36 +01:00
Ian Lynagh
1e06808105 Update cpp/change-notes/2021-08-23-getPrimaryQlClasses.md 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2021-08-23 16:52:07 +01:00
Ian Lynagh
a9db1c52e5 All languages: Add getPrimaryQlClasses() 
This is a non-overridable predicate that concatenates all the
getAPrimaryQlClass() results into a comma-separated string.
 2021-08-23 15:49:10 +01:00
Anders Fugmann
c04ba7b724 C++: Revert benign change of return type from 'unsigned int' to 'int' in testcase, and add 'GOOD' annotation to the testcase 2021-08-23 14:58:43 +02:00
Anders Fugmann
9324d8f348 C++: Fix case where implicit downcasts were not detected when using reference 2021-08-23 14:44:49 +02:00
Anders Fugmann
8939a9b2c1 C++: Add tests for implicit downcast involving references 2021-08-23 14:42:36 +02:00
Andrew Eisenberg
39533317ff Merge pull request #6524 from github/aeisenberg/cpp/move-file 
C++: Move file from src to lib
 2021-08-19 13:46:31 -07:00
Andrew Eisenberg
2b36378917 C++: Move file from src to lib 
Neglected to do this one earlier.
 2021-08-19 13:12:42 -07:00
Mathias Vorreiter Pedersen
207dcb08a7 C++: Make it clear that 'getAnAssignment' also gets the expression from the initializer. 2021-08-19 13:38:32 +02:00
Mathias Vorreiter Pedersen
586c5b90c1 C++: Mention Variable.getAnAssignedValue() in the QLDoc for getAnAssignment. 2021-08-19 12:27:03 +02:00
Alexandre Boulgakov
89e52bf500 C++: Move element tests to internal repo. 2021-08-19 09:48:13 +01:00
Mathias Vorreiter Pedersen
01dfab2aec Update cpp/ql/lib/semmle/code/cpp/exprs/Assignment.qll 
Co-authored-by: Matan Merom <1010225+matan7890@users.noreply.github.com>
 2021-08-19 10:32:46 +02:00
Mathias Vorreiter Pedersen
f5c23c9c52 C++: Clarify the difference between 'Initializer' and 'Assignment' in the QLDoc for these classes. 2021-08-19 08:33:27 +02:00
Alexandre Boulgakov
1eb804a072 Merge pull request #6496 from sashabu/sashabu/c_linkage 
C++: Allow querying for "C" language linkage on routine types.
 2021-08-18 17:46:44 +01:00
Mathias Vorreiter Pedersen
24638418f1 Merge pull request #6503 from andersfugmann/model_strdupa_functions 
C++: Model strdupa and strndupa
 2021-08-18 17:48:04 +02:00
Alexandre Boulgakov
3ba308a69f C++: Allow querying for "C" language linkage on routine types. 2021-08-18 15:35:30 +01:00
Anders Fugmann
0b98b39f91 C++: Test dataflow tests for strdupa and strndupa functions 2021-08-18 15:22:14 +02:00
Anders Fugmann
44752d5ee0 C++: Model strdupa and strndupa string functions returning memory allocated with alloca 2021-08-18 13:12:08 +02:00
Erik Krogh Kristensen
dd59f79947 use min() instead of rank[1]() 2021-08-18 11:09:03 +02:00
Andrew Eisenberg
03d6b15401 Merge branch 'main' into aeisenberg/pack/cpp 2021-08-17 15:28:47 -07:00