hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
9,601 Commits 1,673 Branches 157 Tags
db2212e33ec60f9541da41824a1472e61eea37c4
Commit Graph

2897 Commits

Author SHA1 Message Date
Jonas Jensen
53e10e4c7f Merge pull request #2634 from MathiasVP/overrideable-taint-sources 
C++: Overrideable taint sources in DefaultTaintTracking
 2020-01-17 13:01:03 +01:00
Jonas Jensen
5d08a0e338 Merge pull request #2558 from MathiasVP/ast-classes-should-not-be-abstract 
C++: Ast classes should not be abstract
 2020-01-17 08:47:55 +01:00
Mathias Vorreiter Pedersen
87c59e0017 C++: Overrideable taint sources in DefaultTaintTracking 2020-01-16 11:10:43 +01:00
Mathias Vorreiter Pedersen
603b1c26a7 Merge branch 'master' into ast-classes-should-not-be-abstract 2020-01-16 10:16:03 +01:00
Dave Bartolomeo
48301e1187 Merge pull request #2594 from rdmarsh2/ir-overlappingVariableMemoryLocations 
C++: compute overlap on irvars with vvar indexes
 2020-01-15 13:06:33 -07:00
Robert Marsh
a91f10fe40 Merge pull request #2629 from dbartol/dbartol/missing-vvars 
C++/C#: Fix missing virtual variables
 2020-01-15 08:32:43 -08:00
Tom Hvitved
f7278d36e1 Merge pull request #2498 from aschackmull/java/taint-getter 
Java/C++/C#: Add support for taint-getter/setter summaries in data flow.
 2020-01-15 09:55:19 +01:00
Dave Bartolomeo
e60f902c36 C++/C#: Fix missing virtual variables 
The aliased SSA code was assuming that, for every automatic variable, there would be at least one memory access that reads or writes the entire variable. We've encountered a couple cases where that isn't true due to extractor issues. As a workaround, we now always create the `VariableMemoryLocation` for every local variable.

I've also added a sanity test to detect this condition in the future.

Along the way, I had to fix a perf issue in the PrintIR code. When determining the ID of a result based on line number, we were considering all `Instruction`s generated for a particular line, regardless of whether they were all in the same `IRFunction`. In addition, the predicate had what appeared to be a bad join order that made it take forever on large snapshots. I've scoped it down to just consider `Instruction`s in the same function, and outlined that predicate to fix the join order issue. This causes some numbering changes, but they're for the better. I don't think there was actually any nondeterminism there before, but now the numbering won't depend on the number of instantiations of a template, either.
 2020-01-14 17:57:15 -07:00
Robert Marsh
42be28b211 C++: autoformat 2020-01-14 13:17:57 -08:00
Robert Marsh
5a5832b7de Merge pull request #2569 from jbj/ir-total-chi-flow 
C++: IR data flow through total chi operands
 2020-01-14 12:47:58 -08:00
Anders Schack-Mulligen
241b8a05e4 Java/C++/C#: Address review comment. 2020-01-14 11:59:55 +01:00
Anders Schack-Mulligen
041bcc5812 Java/C++/C#: Small perf improvement and simplification. 2020-01-13 17:00:56 +01:00
Jonas Jensen
b8ee5a63db Merge pull request #2614 from geoffw0/arithun 
CPP: Speed up ArithmeticUncontrolled.ql
 2020-01-13 15:25:12 +01:00
Jonas Jensen
3183893a98 Merge pull request #2530 from geoffw0/hiddenqueries2 
CPP: Speed up nullCheckAssert in InconsistentCheckReturnNull.ql.
 2020-01-13 15:23:55 +01:00
Geoffrey White
9176529799 Merge pull request #2599 from MathiasVP/assign-where-compare-meant-false-positives 
Assign where compare meant false positives
 2020-01-10 13:39:39 +00:00
Mathias Vorreiter Pedersen
111f1dbd19 Merge branch 'assign-where-compare-meant-false-positives' of github.com:MathiasVP/ql into assign-where-compare-meant-false-positives 2020-01-10 13:14:00 +01:00
Mathias Vorreiter Pedersen
f80c13abd7 C++: Fixed incorrect comments in testcases 2020-01-10 12:24:43 +01:00
Mathias Vorreiter Pedersen
f181753c35 Typo fix 
Co-Authored-By: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2020-01-10 11:49:03 +01:00
Mathias Vorreiter Pedersen
21c99d1827 Typo fix 
Co-Authored-By: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2020-01-10 11:46:14 +01:00
Geoffrey White
1d615d311c CPP: Autoformat. 2020-01-09 13:48:58 +00:00
Geoffrey White
f6f7df4e8f CPP: Speed up nullCheckAssert in InconsistentCheckReturnNull.ql. 2020-01-09 13:48:13 +00:00
Geoffrey White
50c0ec1cb1 CPP: Optimize isRandValue. 2020-01-09 12:12:00 +00:00
Robert Marsh
9b361f1701 Merge pull request #2601 from dbartol/dbartol/OpcodeProperties 
C++: Consolidate opcode properties onto `Opcode` class
 2020-01-08 11:05:41 -08:00
Geoffrey White
cf5dd85944 Merge pull request #2577 from MathiasVP/multiplication-overflow-not-possible-due-to-type-width 
Multiplication overflow not possible due to type width
 2020-01-08 17:18:33 +00:00
Dave Bartolomeo
6c8de44800 Merge pull request #2604 from geoffw0/returnthis 
CPP: Exclude template classes from cpp/assignment-does-not-return-this
 2020-01-08 09:12:22 -07:00
Geoffrey White
b6e1f35ff6 CPP: Generalize the fix to all template code. 2020-01-08 13:36:59 +00:00
Geoffrey White
527d29ba23 CPP: Exclude template classes from the query. 2020-01-08 13:16:38 +00:00
Geoffrey White
d527dbe47a CPP: Add test case. 2020-01-08 13:13:06 +00:00
Mathias Vorreiter Pedersen
100ace532f C++: Fixed handling of false negative. Query now supports global variables 2020-01-07 22:57:21 +01:00
Mathias Vorreiter Pedersen
db08076fed C++: Fixed false negative 2020-01-07 22:20:04 +01:00
Mathias Vorreiter Pedersen
229da0a9c0 C++: Add testcase demonstrating false negative 2020-01-07 22:12:34 +01:00
Dave Bartolomeo
690d23d15e C++: Fix formatting 2020-01-07 13:23:36 -07:00
Dave Bartolomeo
9df37399f8 C++: Consolidate opcode properties onto Opcode class 
Previously, we had several predicates on `Instruction` and `Operand` whose values were determined solely by the opcode of the instruction. For large snapshots, this meant that we would populate large tables mapping each of the millions of `Instruction`s to the appropriate value, times three (once for each IR flavor).

This change moves all of these opcode properties onto `Opcode` itself, with inline wrapper predicates on `Instruction` and `Operand` where necessary. On smaller snapshots, like ChakraCore, performance is a wash, but this did speed up Wireshark by about 4%.

Even ignoring the modest performance benefit, having these properties defined on `Opcode` seems like a better organization than having them on `Instruction` and `Operand`.
 2020-01-07 13:17:27 -07:00
Dave Bartolomeo
3072e9c7da Merge pull request #2598 from geoffw0/av114_asm 
CPP: Exclude functions containing asm from cpp/missing-return
 2020-01-07 09:04:14 -07:00
Mathias Vorreiter Pedersen
633c42ced0 C++: Removed comment 2020-01-07 14:41:37 +01:00
Mathias Vorreiter Pedersen
d9f931da3c C++: Fix false positives 2020-01-07 14:16:50 +01:00
Mathias Vorreiter Pedersen
6bbe2c48bf C++: Add testcase demonstrating false positive 2020-01-07 14:13:34 +01:00
Geoffrey White
72b4792391 CPP: Exception for AsmStmts. 2020-01-07 12:46:07 +00:00
Geoffrey White
0a85637fef CPP: Add a test. 2020-01-07 12:46:07 +00:00
Mathias Vorreiter Pedersen
9a841636dc C++: Fix false positive 2020-01-07 13:22:07 +01:00
Mathias Vorreiter Pedersen
faa9d83567 C++: Add testcase demonstrating false positive 2020-01-07 13:18:38 +01:00
Mathias Vorreiter Pedersen
bdd0589223 C++: Fix false positive 2020-01-07 13:16:47 +01:00
Mathias Vorreiter Pedersen
428e357488 C++: Add testcase demonstrating false positive 2020-01-07 11:41:48 +01:00
Robert Marsh
ba9741f552 C++: compute overlap on irvars with vvar indexes 2020-01-06 09:14:03 -08:00
Anders Schack-Mulligen
9ba169b346 Java: Fix bad join-order. 2020-01-06 16:52:06 +01:00
Mathias Vorreiter Pedersen
9ed1510a8c C++: Improved query precision using SimpleRangeAnalysis 2020-01-06 14:16:52 +01:00
Mathias Vorreiter Pedersen
7b5dd56009 C++: Added .stats file 2020-01-06 09:45:58 +01:00
Mathias Vorreiter Pedersen
e926966e73 C++: Added more tests 2020-01-03 14:08:12 +01:00
Mathias Vorreiter Pedersen
cea78879b2 C++: Rename variables in tests to reflect their types 2020-01-03 14:07:19 +01:00
Mathias Vorreiter Pedersen
7dbb191531 C++: Improve query precision 2020-01-02 15:53:22 +01:00