hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 05:05:12 +02:00
Code Issues Packages Projects Releases Wiki Activity
21,518 Commits 1,741 Branches 166 Tags
cae0060a890f2d30ac2c3acfa577fc9aaa1b453f
Commit Graph

386 Commits

Author SHA1 Message Date
Denis Levin
1b8117ba3a C++: Mishandling Japanese Era and Leap Year in calculations 2019-05-21 14:49:40 -07:00
Ziemowit Laski
ae55b7b643 [CPP-370] Add new test file for testing procedurally nested format 
argument violations.
 2019-05-21 07:08:13 -07:00
Ziemowit Laski
92054e2481 [CPP-370] Reformat test cases so that the .expect files line up with what was 
checked in initially.  Check for DataFlow::DefinitionByReferenceNode
          when computing isSource() for our taint analysis.
 2019-05-21 06:54:41 -07:00
Ziemowit Laski
098b6543f5 [CPP-370] Rewrite of NonConstantFormat.ql using the taint tracking library. 2019-05-21 06:51:47 -07:00
Ziemowit Laski
d8b8dda439 [CPP-370] First attempt at isAdditionalFlowStep(). 2019-05-21 06:45:52 -07:00
Ziemowit Laski
dbec17f85b [CPP-370] Tentative implementation of NonConstantFormat.ql using the global 
DataFlow library.  This is intended solely for further discussion.
 2019-05-21 06:23:51 -07:00
Ziemowit Laski
6025c03857 [CPP-370] Add nested.cpp test case, for nested calls to ...printf functions. 2019-05-21 06:21:12 -07:00
Ziemowit Laski
b205951e6d [CPP-370] Reformat test cases so that the .expect files line up with what was 
checked in initially.  Check for DataFlow::DefinitionByReferenceNode
          when computing isSource() for our taint analysis.
 2019-05-21 06:18:31 -07:00
Ziemowit Laski
ed67c9fd5a [CPP-370] Rewrite of NonConstantFormat.ql using the taint tracking library. 2019-05-21 06:18:31 -07:00
Ziemowit Laski
fae55d5493 [CPP-370] First attempt at isAdditionalFlowStep(). 2019-05-21 06:18:30 -07:00
Ziemowit Laski
775861c386 [CPP-370] Minor textual tweaks. 2019-05-21 06:18:30 -07:00
Ziemowit Laski
de10598dd6 [CPP-370] NonConstantFormat.expected changed for some reason. 2019-05-21 06:18:30 -07:00
Ziemowit Laski
ffddc5bff6 [CPP-370] Update the NonConstantFormat.expected result template. 2019-05-21 06:18:30 -07:00
Ziemowit Laski
0c86d4c112 [CPP-370] Tentative implementation of NonConstantFormat.ql using the global 
DataFlow library.  This is intended solely for further discussion.
 2019-05-21 06:18:30 -07:00
Robert Marsh
e899120270 C++: replace getType().getUnspecifiedType() 2019-05-20 15:08:28 +01:00
Jonas Jensen
93658038bc C++: Use a smaller double literal in test 
This number got rounded differently on Linux and Windows, causing the
Windows test to fail.
 2019-05-03 09:06:10 +02:00
Jonas Jensen
3905cf70f4 Merge pull request #1255 from geoffw0/wrongtypeformatmore 
CPP: WrongTypeFormatArguments.ql Improvements
 2019-05-02 09:17:21 +02:00
Geoffrey White
1ee28fa15b CPP: Add a test cases that uses restrict. 2019-05-01 11:12:07 +01:00
Geoffrey White
a749b5b6d1 CPP: Improve WrongTypeFormatArguments logic when there is more than one possible expected argument type. 2019-05-01 11:12:06 +01:00
Geoffrey White
ac277ad7ad CPP: Fix %I length specifier. 2019-05-01 11:12:06 +01:00
Geoffrey White
98c3e1475e CPP: Add test cases of %I64 and similar. 2019-05-01 11:12:06 +01:00
Geoffrey White
3a0dfbd00f CPP: Normalize test cases between some of the WrongTypeFormatArguments tests. 2019-05-01 11:12:06 +01:00
Jonas Jensen
40aea2f76d C++: Shorten alert message 
We don't write the reason for the alert in the alert message.
 2019-05-01 08:33:36 +02:00
Jonas Jensen
e38ac9f88a C++: suppress alerts in tightly bounded loops 2019-05-01 08:33:35 +02:00
Jonas Jensen
54091e87fa Merge pull request #1136 from zlaski-semmle/cpp340a 
[CPP-340] Refinements to FutileParams.ql etc.
 2019-05-01 08:21:35 +02:00
Ziemowit Laski
17066cfe3e [CPP-340] Adjust annotations in test.c file. 2019-04-30 13:21:36 -07:00
Ziemowit Laski
be77eb7367 [CPP-340] Add new test cases to test.c; this required the .expected 
files to be regenerated.
 2019-04-29 15:30:28 -07:00
Ziemowit Laski
4a760b1561 [CPP-340] Delete ArgumentsToImplicit.ql and associated files. 
Reduce MistypedFunctionArguments.ql precision to `medium`.
 2019-04-28 13:49:46 -07:00
Ziemowit Laski
ac58bdfc58 [CPP-340] For MistypedFunctionArguments.ql, add support for pointers to pointers and pointers to arrays. 2019-04-24 14:54:01 -07:00
Ziemowit Laski
62b030d27f [CPP-340] Add a fourth query, ArgumentsToImplicit.ql, to deal strictly with implicitly declared 
functions.  TooManyArguments.ql will now deal with explicitly declared/prototyped functions.
 2019-04-18 17:56:41 -07:00
Ziemowit Laski
b58f414ede [CPP-340] Add more test case; exclude K&R definitions of functions when looking 
up ()-declarations; refactor QL code.
 2019-04-12 17:25:33 -07:00
Jonas Jensen
ac3421f6be Merge pull request #1238 from geoffw0/newtests 
CPP: New test cases
 2019-04-11 14:43:03 +02:00
Geoffrey White
3ceacff0d4 CPP: Add a test of IncorrectConstructorDelegation.ql. 2019-04-11 12:24:16 +01:00
Dave Bartolomeo
878cdf7cb6 C++: Fix false positive in PointlessComparison 
We avoid putting a variable into SSA if its address is ever taken in a way that could allow mutation of the variable via indirection. We currently just look to see if the address is either "pointer to non-const" or "reference to non-const". However, if the address was cast to an integral type (e.g. `uintptr_t n = (uintptr_t)&x;`), we were treating it as unescaped. This change makes the conservative assumption that casting a pointer to an integer may result in the pointed-to value being modified later.

This fixes a customer-reported false positive (#2 from https://discuss.lgtm.com/t/2-false-positives-in-c-for-comparison-is-always-same/1943)
 2019-04-11 01:56:22 -07:00
Ziemowit Laski
dc7497835e [CPP-340] Make the query more strict (again). 2019-04-10 09:55:37 -07:00
Geoffrey White
5101a5bc3d Merge pull request #1056 from jbj/SimpleRangeAnalysis-use-after-cast 
C++: Fix use-after-cast bug in SimpleRangeAnalysis
 2019-04-10 11:04:20 +01:00
Jonas Jensen
01fc721497 C++: Fixup test annotation 2019-04-10 09:28:06 +02:00
Jonas Jensen
ca71ac7c36 C++: Accept improved test output 2019-04-09 13:38:52 +02:00
Jonas Jensen
fd4967e6f1 C++: Fix SnprintfOverflow issues 
Requiring strict inclusion between types turned out to cause false
positives in `SnprintfOverflow`, which relied indirectly on
`RangeAnalysisUtils::linearAccessImpl` to identify acceptable bounds
checks. This query was particularly affected because `snprintf` returns
`int` (signed) but takes `size_t` (unsigned), so conversions are bound
to happen.
 2019-04-09 11:05:14 +02:00
Jonas Jensen
93286aabdf C++: Test for FP introduced by relOp changes 2019-04-08 11:19:57 +02:00
Ziemowit Laski
ef54b012e0 [CPP-340] Fixed .expected file to match new query. 2019-04-05 15:43:38 -07:00
Ziemowit Laski
970c45e896 Merge branch 'master' into cpp340a 2019-04-03 17:52:46 -07:00
Geoffrey White
d4c931cf11 CPP: Permit %Ld and similar. 2019-04-03 11:46:48 +01:00
Geoffrey White
b3fd7ab757 CPP: Add test cases. 2019-04-03 11:46:30 +01:00
Jonas Jensen
4b159fd2a5 C++: Fix the suppression for alerts about enums 
The suppression mechanism broke when I changed `relOpWithSwap` to take
fully-converted expressions as parameters.
 2019-04-03 10:45:39 +02:00
Ziemowit Laski
03aa86ed4d Merge branch 'master' into cpp340a 
So as to get to change-notes/1.21/analysis-cpp.md
 2019-04-01 18:51:03 -07:00
Ziemowit Laski
bd139829ea [CPP-340] Delete old 'UnspecifiedFunctions' folders 2019-04-01 18:44:49 -07:00
Ziemowit Laski
3ec988c39b [CPP-340] Rename 'UnspecifiedFunctions' to 'Unspecified Functions' 
Make MistypedFunctionArguments.ql more restrictive (allowing
          type matching only in the presence of no-op conversions).
 2019-04-01 18:39:46 -07:00
Jonas Jensen
04a48e9034 Merge remote-tracking branch 'upstream/master' into SimpleRangeAnalysis-use-after-cast 2019-04-01 09:10:57 +02:00
Ziemowit Laski
cb5bbd2197 [CPP-340] When warning about mismatched parameters, follow what C 
compilers do.  Various integral and floating-point types
          are treated as mutually implicitly convertible.  Remaining
          warnings deal with misuse of pointer and array types.
 2019-03-29 20:19:45 -07:00