hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
4,323 Commits 1,673 Branches 157 Tags
cf7d0a7ea598cb8f5f8617f5cd5014f974e890ff
Commit Graph

1292 Commits

Author SHA1 Message Date
Jonas Jensen
fedd652de8 Merge remote-tracking branch 'upstream/rc/1.20' into mergeback-20190408 2019-04-08 08:39:44 +02:00
Geoffrey White
5dce09b179 Revert "CPP: Workaround improvement for File.compiledAsMicrosoft." 
This reverts commit c3ec7b55b7.
 2019-04-05 17:37:44 +01:00
Geoffrey White
918f7043af Revert "CPP: Add '/' case." 
This reverts commit 5e71207a23.
 2019-04-05 17:37:39 +01:00
Jonas Jensen
f7dda1b3a4 Merge pull request #1213 from geoffw0/pointerscaling2 
CPP: De-duplicate the PointerScaling queries.
 2019-04-05 14:42:28 +02:00
Jonas Jensen
19b05c57d7 Merge pull request #1204 from geoffw0/badlock 
CPP: Add a test of common mistakes using locking classes.
 2019-04-05 14:34:32 +02:00
Geoffrey White
f040755b3b CPP: Remove unnecessary imports. 2019-04-05 11:44:50 +01:00
Geoffrey White
44d68a761d CPP: Move 'baseType' into IncorrectPointerScalingCommon.qll. 2019-04-05 11:43:47 +01:00
Geoffrey White
695df232e3 CPP: Equalize the definitions of 'baseType'. 2019-04-05 11:28:11 +01:00
Geoffrey White
373075e06d CPP: Extend the test. 2019-04-05 11:09:13 +01:00
Geoffrey White
34fbc7b194 CPP: Guard the delete. 2019-04-05 10:00:55 +01:00
Jonas Jensen
d619a8c693 Merge pull request #1192 from geoffw0/severity 
CPP: Change some query severities
 2019-04-05 09:23:27 +02:00
Jonas Jensen
8c17278808 Merge pull request #1191 from geoffw0/microsoft 
CPP: Workaround improvement for File.compiledAsMicrosoft.
 2019-04-05 09:22:08 +02:00
Geoffrey White
0a0bcdf939 CPP: Move some code into IncorrectPointerScalingCommon.qll. 2019-04-04 18:08:18 +01:00
Geoffrey White
7aee334baf CPP: Update the qhelp. 2019-04-04 16:48:14 +01:00
Geoffrey White
a437e6c103 CPP: Extend coverage. 2019-04-04 16:31:02 +01:00
Geoffrey White
a1e503f428 CPP: Add test cases for PotentiallyDangerousFunction. 2019-04-04 16:26:53 +01:00
Geoffrey White
5e71207a23 CPP: Add '/' case. 2019-04-04 14:32:22 +01:00
Geoffrey White
cb09d23069 CPP: Add a test of common mistakes using locking and similar classes. 2019-04-04 11:23:06 +01:00
Anders Schack-Mulligen
15fa4f8b7a Merge pull request #1007 from jbj/dataflow-dispatch-no-ctx 
C++: Simplify stubs in DataFlowDispatch.qll
 2019-04-04 11:25:50 +02:00
Jonas Jensen
d0091b28ee Merge pull request #1199 from geoffw0/printfld 
CPP: Support %Ld in printf.qll
 2019-04-03 15:38:16 +02:00
Geoffrey White
d4c931cf11 CPP: Permit %Ld and similar. 2019-04-03 11:46:48 +01:00
Geoffrey White
b3fd7ab757 CPP: Add test cases. 2019-04-03 11:46:30 +01:00
Jonas Jensen
f9c9efeabe Merge pull request #1188 from geoffw0/donotedit 
CPP: Consider more files to be generated.
 2019-04-03 09:52:28 +02:00
Robert Marsh
fa8b771944 Merge pull request #1186 from jbj/dataflow-defbyref-1.20-fixes 
C++: Let data flow past definition by reference
 2019-04-02 13:36:37 -07:00
Robert Marsh
65d0412692 Merge pull request #1194 from geoffw0/dead-goto 
CPP: Fix false positive from DeadCodeGoto.ql
 2019-04-02 10:03:15 -07:00
Jonas Jensen
eae2fe5a16 Merge pull request #1190 from Semmle/rc/1.20 
Merge 1.20 into master
 2019-04-02 15:29:12 +02:00
Geoffrey White
8979361255 CPP: Exclude functions containing preprocessor logic. 2019-04-02 14:24:37 +01:00
Geoffrey White
5cb30b04cc CPP: Add a test case. 2019-04-02 13:15:40 +01:00
Geoffrey White
1542fdc44b CPP: Change AV Rule 107.ql to a recommendation. 2019-04-02 12:19:33 +01:00
Geoffrey White
96136a1c55 CPP: Change SloppyGlobal.ql to a recommendation. 2019-04-02 12:18:22 +01:00
Geoffrey White
c3ec7b55b7 CPP: Workaround improvement for File.compiledAsMicrosoft. 2019-04-02 11:40:49 +01:00
Jonas Jensen
842aafc888 C++: Fix new UnsafeDaclSecurityDescriptor FP 
This query uses data flow for nullness analysis, which is always going
to be a large overapproximation. The overapproximation became too big
for one of the test cases after the recent change to make data flow go
across assignment by reference.

To make this query more conservative, it will now only report that the
`pDacl` argument can be null if there isn't also evidence that it can be
non-null.
 2019-04-02 11:31:12 +02:00
Geoffrey White
bce6ee5c27 CPP: Consider more files to be generated. 2019-04-02 09:19:55 +01:00
Arthur Baars
5eb58f3ba2 C++: fix HubClasses.ql by changing its kind to 'table' 2019-04-01 16:17:23 +02:00
Jonas Jensen
71659594c8 C++: Let data flow past definition by reference 
This commit changes how data flow works in the following code.

    MyType x = source();
    defineByReference(&x);
    sink(x);

The question here is whether there should be flow from `source` to
`sink`. Such flow is desirable if `defineByReference` doesn't write to
all of `x`, but it's undesirable if `defineByReference` is a typical
init function in `C` that writes to every field or if
`defineByReference` is `memcpy` or `memset` on the full range.

Before 1.20.0, there would be flow from `source` to `sink` in case `x`
happened to be modeled with `BlockVar` but not in case `x` happened to
be modelled with SSA. The choice of modelling depends on an analysis of
how `x` is used elsewhere in the function, and it's supposed to be an
internal implementation detail that there are two ways to model
variables. In 1.20.0, I changed the `BlockVar` behavior so it worked the
same as SSA, never allowing that flow. It turns out that this change
broke a customer's query.

This commit reverts `BlockVar` to its old behavior of letting flow
propagate past the `defineByReference` call and then regains consistency
by changing all variables that are ever defined by reference to be
modelled with `BlockVar` instead of SSA. This means we now get too much
flow in certain cases, but that appears to be better overall than
getting too little flow. See also the discussion in CPP-336.
 2019-04-01 14:13:47 +02:00
Arthur Baars
4b95fbbb39 C++ Fix select statements of AV 3 and 81 2019-04-01 11:20:12 +02:00
Arthur Baars
ba7fdddafb Change @kind to 'table' for test and sanity checks queries that don't select problems 2019-04-01 11:20:12 +02:00
Geoffrey White
a6e0296c0c CPP: Be slash/case insensitive. 2019-03-29 11:19:20 +00:00
Geoffrey White
c8caca3305 CPP: Add test cases for %ls, %hs. 2019-03-29 11:19:20 +00:00
Geoffrey White
f5a7d7a035 CPP: Correct a few comments. 2019-03-29 11:19:19 +00:00
Geoffrey White
66e87fc34c CPP: Detect Microsoft compilations even more reliably. 2019-03-29 11:18:32 +00:00
Geoffrey White
5911699c55 CPP: Clean up some remaining old 'isWideCharDefault' logic that has caused confusion. 2019-03-29 11:18:31 +00:00
Geoffrey White
eef050dd47 CPP: Improve deduction of %S types in FormattingFunction.qll. 2019-03-29 11:18:31 +00:00
Geoffrey White
4a25c37ecc CPP: Detect Microsoft compilations somewhat more reliably. 2019-03-29 11:18:31 +00:00
Geoffrey White
975a0bbf0d CPP: Handle %s/%c/%S/%C correctly on non-MS platforms. 2019-03-29 11:18:31 +00:00
Geoffrey White
648cdbab6c CPP: Add FormattingFunction.getFormatCharType() and test. 2019-03-29 11:18:31 +00:00
Geoffrey White
162c9981bd CPP: Add some test cases. 2019-03-29 11:18:31 +00:00
Jonas Jensen
68a19d7d3e Merge branch 'master' into taintedmalloc 2019-03-29 09:12:38 +01:00
Jason Reed
d03b5bca31 C++: Fix non-private imports. 2019-03-28 20:39:29 -04:00
Jason Reed
9c0be34fd4 C++: Remove accidental redundancy. 2019-03-28 20:39:29 -04:00