hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-26 05:36:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
12,040 Commits 1,673 Branches 157 Tags
ce106981b3434dd585da50056ef5a6af244fcdfd
Commit Graph

154 Commits

Author SHA1 Message Date
Jonas Jensen
c970e8a52e Merge remote-tracking branch 'upstream/rc/1.24' into mergeback-2020-04-17 2020-04-17 10:42:27 +02:00
Robert Marsh
b5c0a0f77d C++: remove all uses of Declaration::isDefined 2020-04-14 10:54:06 -07:00
Geoffrey White
ba3a8d0872 C++: Improve naming and QLDoc. 2020-04-09 15:06:23 +01:00
Geoffrey White
a7979fdc12 C++: Base results purely on allocations now, not multiplications by a sizeof. 2020-04-09 15:05:29 +01:00
Jonas Jensen
58366b19e9 C++: Path explanations in the last two queries 
For some reason I thought that these two queries were special because
they manipulate `SecurityOptions` to change the taint-tracking sources.
It turns out it was just the opposite: the queries used to be special
because they invalidated the cache for the `tainted` predicate, but that
predicate is no longer used, so these queries are no longer special.
 2020-04-04 16:47:06 +02:00
Jonas Jensen
108d5177b8 C++: Fix two bugs found by @rdmarsh2 
Co-Authored-By: Robert Marsh <rdmarsh2@gmail.com>
 2020-04-04 15:24:44 +02:00
Jonas Jensen
5822cd7b84 C++: Put paths in the remaining LGTM-suite queries 2020-04-03 17:10:47 +02:00
Jonas Jensen
3ec1f691c2 C++: First query with flow-paths through globals 2020-04-03 16:45:00 +02:00
Jonas Jensen
e916f07a8e C++: Formatting fixups 2020-04-03 15:52:13 +02:00
Jonas Jensen
207c76b855 C++: Path explanations in DefaultTaintTracking 
The first three queries are migrated to use path explanations.
 2020-04-01 20:51:05 +02:00
Geoffrey White
75a50a1714 C++: Understand formatting function varargs as needing null termination. 2020-02-11 15:25:59 +00:00
Geoffrey White
de8d84dfff C++: Clearer comments in NoSpaceForZeroTerminator.ql. 2020-02-11 15:25:59 +00:00
Anders Schack-Mulligen
96e4a57edd C++: Autoformat. 2020-01-29 13:11:50 +01:00
Geoffrey White
50c0ec1cb1 CPP: Optimize isRandValue. 2020-01-09 12:12:00 +00:00
Geoffrey White
0da826f0c3 Merge branch 'master' into overflowcalc 2019-12-16 13:48:38 +00:00
Geoffrey White
b752a6c8ed Merge pull request #2381 from jbj/StackVariable 
C++: Add StackVariable class, preferred over LocalScopeVariable
 2019-12-03 10:35:16 +00:00
Jonas Jensen
5b24b1efc3 Merge remote-tracking branch 'upstream/rc/1.23' into mergeback-20191202 
Conflicts solved:
	javascript/extractor/src/com/semmle/js/extractor/Main.java
	javascript/ql/test/query-tests/Statements/UseOfReturnlessFunction/tst.js
 2019-12-02 09:57:34 +01:00
Jonas Jensen
763b18cd11 Merge remote-tracking branch 'upstream/master' into StackVariable 
Conflicts:
      change-notes/1.24/analysis-cpp.md
      cpp/ql/src/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql
 2019-11-28 17:51:20 +01:00
Jonas Jensen
b1745f588c Merge pull request #2402 from geoffw0/nospace 
CPP: Make NoSpaceForZeroTerminator.ql more conservative.
 2019-11-26 13:36:05 +01:00
Jonas Jensen
5ee19c5a66 C++: Stricter loop-variant check 
The `loopVariant` predicate in `ComparisonWithWiderType.ql` is intended
to identify loop counters, but it was too much of a stretch to apply it
to any subexpression of the small side of the comparison.

This change fixes two false positives on arvidn/libtorrent and many
others seen in the wild (on Linux, CoreCLR, ffmpeg, ...).
 2019-11-25 11:31:41 +01:00
Geoffrey White
794a3deba9 CPP: Break up a long sentence in query description. 2019-11-22 16:07:59 +00:00
Geoffrey White
3895a7e1f0 CPP: Queries: Improve NoSpaceForZeroTerminator query. 2019-11-22 15:27:08 +00:00
Geoffrey White
d6cbc674b6 CPP: Autoformat. 2019-11-22 15:13:06 +00:00
Geoffrey White
2212c47db2 CPP: Use dataflow more consistently. 2019-11-20 15:34:40 +00:00
Geoffrey White
e6ea705ff2 CPP: Switch from a blacklist to whitelist approach for determining null termination. 2019-11-20 15:34:38 +00:00
Jonas Jensen
140575ee71 C++: Use StackVariable where SSA/def-use are used 
These changes should not affect semantics since these uses of
`LocalScopeVariable` were already constrained to stack variables by
their use of SSA or def-use.
 2019-11-19 11:31:34 +01:00
Jonas Jensen
8a9ee8fcdd Merge pull request #2300 from geoffw0/names 
CPP: Rename/relocate some queries and libraries
 2019-11-13 09:11:24 +01:00
Dave Bartolomeo
5b33255e44 Merge pull request #1585 from rdmarsh2/rdmarsh/cpp/hasGlobalOrStdName 
C++: add Declaration.hasGlobalOrStdName()
 2019-11-12 12:00:17 -07:00
Geoffrey White
ea9e3bb1a8 CPP: Rename VirtualDispatch again. 2019-11-12 16:17:03 +00:00
Geoffrey White
d198b56b3a CPP: Move VirtualDispatch.qll into the controlflow directory (I don't see the point in having a subdirectory for one file, when we don't anticipate any other files ever being added there). 2019-11-12 09:55:23 +00:00
Jonas Jensen
d9bdb2cd4e Merge pull request #2274 from geoffw0/oddsends 
CPP: Clean up new queries and libraries
 2019-11-11 16:05:20 +01:00
Felicity Chapman
c4f958d396 Merge pull request #2263 from sauyon/master 
Update links to OWASP cheat sheet
 2019-11-11 08:51:52 +00:00
Robert Marsh
7e8a67a046 Merge branch 'master' into rdmarsh/cpp/hasGlobalOrStdName 2019-11-08 11:33:35 -08:00
Sauyon Lee
0040c9fb4c Update links to OWASP cheat sheet 2019-11-06 20:21:47 -08:00
Geoffrey White
0c3f4e530f CPP: Make some library predicates private. 2019-11-06 16:07:28 +00:00
Geoffrey White
399ac1f112 CPP: Rename 'getAssertedFalseCondition' to something less misleading. 2019-11-06 15:57:44 +00:00
Jonas Jensen
8ffd7c1055 Merge pull request #2222 from geoffw0/libraryperf 
CPP: Improvements for ConditionallyInitializedVariable.ql
 2019-11-06 15:54:16 +01:00
Geoffrey White
7456a92d6d CPP: Autoformat. 2019-11-05 13:10:19 +00:00
Geoffrey White
5106626bd0 CPP: QLDoc helper predicates. 2019-11-05 13:06:43 +00:00
alistair
27d0b51c6b CPP & C#: Review of qhelp 
PR #2151 got merged without a review of the qhelp
by a technical writer.
The current PR makes changes I would have suggested on that PR.
 2019-10-30 16:10:03 +00:00
Geoffrey White
3584c0b2e5 CPP: Speed up InitializationFunctions.qll's getTarget. 2019-10-28 19:54:10 +00:00
Geoffrey White
d693eb8c20 CPP: Correct the ConditionallyUninitializedVariable examples. 2019-10-28 17:39:45 +00:00
Jonas Jensen
d63cc3d287 Merge remote-tracking branch 'upstream/master' into infinite-loops-visible 
Moved the change note to 1.23.
 2019-10-25 15:44:03 +02:00
Geoffrey White
ae20e9ace1 CPP: Fix autoformat. 2019-10-22 16:28:53 +01:00
Geoffrey White
63003894c3 CPP: Fixes. 2019-10-22 14:51:17 +01:00
Geoffrey White
31dd3cae84 CPP: Autoformat. 2019-10-22 09:55:48 +01:00
Raul Garcia (MSFT)
cb8dcf7db2 Publishing queries to the OSS Semmle repository 2019-10-22 09:55:39 +01:00
Robert Marsh
5c084f8b39 C++: respond to more PR comments 2019-10-07 14:17:56 -07:00
Robert Marsh
4018ed67a6 C++: respond to PR comments 2019-10-02 11:38:20 -07:00
Robert Marsh
03f72d207c C++: use Declaration.hasGlobalOrStdName 2019-10-02 11:37:37 -07:00