hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 02:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity
22,989 Commits 1,741 Branches 165 Tags
d476459727ba1fe8072ce77b98afa6aad8bc6fcc
Commit Graph

36 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
8765c33847 C++: Also check the number of parameters to keep the tests happy. 2021-06-01 10:17:57 +02:00
Mathias Vorreiter Pedersen
615c805b2c C++: Only use std::rand as a source of randomness. 2021-06-01 09:28:06 +02:00
Mathias Vorreiter Pedersen
41c93d92d7 C++: Remove FPs from right shifts and explicitly bounded random functions. 2021-05-31 15:40:02 +02:00
Mathias Vorreiter Pedersen
d46452e8de Merge pull request #5903 from MathiasVP/tainted-allocation-size-barrier 
C++: Add barriers to `cpp/uncontrolled-allocation-size`
 2021-05-17 15:24:45 +02:00
Mathias Vorreiter Pedersen
2d0a56128d C++: Prevent flow out of pointer-difference expressions. 2021-05-14 13:49:48 +02:00
Mathias Vorreiter Pedersen
5031b73f35 C++: Add barrier to cpp/uncontrolled-allocation-size that blocks flow when overflow isn't possible. 2021-05-14 13:43:20 +02:00
Mathias Vorreiter Pedersen
e94dab70b5 C++: Add sanitizers to cpp/uncontrolled-arithmetic. 2021-05-12 15:44:09 +02:00
Mathias Vorreiter Pedersen
d55db836cb C++: Remove implied conjunct. 2021-05-10 16:13:54 +02:00
Mathias Vorreiter Pedersen
c0b65314be C++: Fix false positive by restricting _both_ the old (unconverted) expression _and_ all of the conversions. 2021-05-10 15:18:42 +02:00
Mathias Vorreiter Pedersen
c91ed80e6c C++: Fix false positive by computing range of the converted expression. 2021-05-10 10:12:43 +02:00
Mathias Vorreiter Pedersen
86822f6c61 C++: Exclude pointer results from cpp/integer-overflow-tainted. 2021-04-23 16:01:53 +02:00
Geoffrey White
3d60756d40 C++: Downgrade the query precision. 2020-08-13 15:45:57 +01:00
Geoffrey White
ba3a8d0872 C++: Improve naming and QLDoc. 2020-04-09 15:06:23 +01:00
Geoffrey White
a7979fdc12 C++: Base results purely on allocations now, not multiplications by a sizeof. 2020-04-09 15:05:29 +01:00
Jonas Jensen
58366b19e9 C++: Path explanations in the last two queries 
For some reason I thought that these two queries were special because
they manipulate `SecurityOptions` to change the taint-tracking sources.
It turns out it was just the opposite: the queries used to be special
because they invalidated the cache for the `tainted` predicate, but that
predicate is no longer used, so these queries are no longer special.
 2020-04-04 16:47:06 +02:00
Jonas Jensen
207c76b855 C++: Path explanations in DefaultTaintTracking 
The first three queries are migrated to use path explanations.
 2020-04-01 20:51:05 +02:00
Anders Schack-Mulligen
96e4a57edd C++: Autoformat. 2020-01-29 13:11:50 +01:00
Geoffrey White
50c0ec1cb1 CPP: Optimize isRandValue. 2020-01-09 12:12:00 +00:00
Jonas Jensen
5ee19c5a66 C++: Stricter loop-variant check 
The `loopVariant` predicate in `ComparisonWithWiderType.ql` is intended
to identify loop counters, but it was too much of a stretch to apply it
to any subexpression of the small side of the comparison.

This change fixes two false positives on arvidn/libtorrent and many
others seen in the wild (on Linux, CoreCLR, ffmpeg, ...).
 2019-11-25 11:31:41 +01:00
Jonas Jensen
d63cc3d287 Merge remote-tracking branch 'upstream/master' into infinite-loops-visible 
Moved the change note to 1.23.
 2019-10-25 15:44:03 +02:00
Jonas Jensen
4ef5c9af62 C++: Autoformat everything 
Some files that will change in #1736 have been spared.

    ./build -j4 target/jars/qlformat
    find ql/cpp/ql -name "*.ql"  -print0 | xargs -0 target/jars/qlformat --input
    find ql/cpp/ql -name "*.qll" -print0 | xargs -0 target/jars/qlformat --input
    (cd ql && git checkout 'cpp/ql/src/semmle/code/cpp/ir/implementation/**/*SSA*.qll')
    buildutils-internal/scripts/pr-checks/sync-identical-files.py --latest
 2019-09-09 11:25:53 +02:00
Geoffrey White
707f95c829 CPP: Alignment. 2019-09-04 09:59:21 +01:00
Jonas Jensen
83e618d49e C++: Make cpp/comparison-with-wider-type visible 
The results from this query look good on real-world projects, so let's
make it visible by default.
 2019-07-09 14:48:36 +02:00
Robert Marsh
e899120270 C++: replace getType().getUnspecifiedType() 2019-05-20 15:08:28 +01:00
Geoffrey White
743b17af50 CPP: Autoformat. 2019-03-28 15:49:36 +00:00
Geoffrey White
8c75e730e4 CPP: Widen TaintedAllocationSize.ql. 2019-03-28 15:49:36 +00:00
Geoffrey White
b0805f8e79 CPP: Adjust ArithmeticTainted.ql so that it can work on non-VariableAccesses. 2019-01-28 17:36:56 +00:00
Geoffrey White
6088ca5d5b CPP: Update our uses of MacroInvocationExpr. 2019-01-09 12:17:29 +00:00
Dave Bartolomeo
aa267c8302 C++: Force LF for .c,.cpp,.h,.hpp 2018-09-23 16:23:52 -07:00
Geoffrey White
074894298c CPP: Adjust precisions for the CWE-190 queries. 2018-08-31 16:15:53 +01:00
Jonas Jensen
418a16772b Merge pull request #105 from geoffw0/samate-crement 
CPP: Support crement operations in CWE-190
 2018-08-29 09:03:29 +02:00
Geoffrey White
0d6373924c CPP: De-conflate cause and effect strings. 2018-08-28 16:39:10 +01:00
Geoffrey White
87fb447c4b CPP: Improve the logic in ArithmeticWithExtremeValues.ql. 2018-08-28 16:39:10 +01:00
Geoffrey White
d2fd986f40 CPP: Support crement operations in CWE-190. 2018-08-28 16:39:09 +01:00
Dave Bartolomeo
2af82d9485 LF for .qhelp files too 2018-08-26 21:12:51 -07:00
Pavel Avgustinov
b55526aa58 QL code and tests for C#/C++/JavaScript. 2018-08-02 17:53:23 +01:00