hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
49,684 Commits 1,671 Branches 157 Tags
dd31be43e07d901bafb543c8f65be8e9b5abb364
Commit Graph

8731 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
56b5010f6b C++: Convert the SimpleRangeAnalysis test to an InlineExpectationsTest. 2022-09-30 14:23:18 +01:00
Mathias Vorreiter Pedersen
d14b2c2880 C++: Put quotes around expectation comments with spaces. 2022-09-30 14:23:18 +01:00
Mathias Vorreiter Pedersen
c4c7c95db2 C++: Add SimpleRangeAnalysis test file to the new range-analysis library test directory. 2022-09-30 14:23:14 +01:00
Nora Dimitrijević
28606c561d C++: Simplify normalizeExpr 
This has a comparable but different set of FPs as the previous version.
But arguably it's an improvement.
 2022-09-30 14:35:54 +02:00
Nora Dimitrijević
9a94222dbe C++: Exclude commas from SwitchStmt.getExpr() 2022-09-30 12:32:03 +02:00
Nora Dimitrijević
4938de9185 C++: Fix docstring per suggestion 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2022-09-30 12:28:18 +02:00
Mathias Vorreiter Pedersen
fa12bd3cdf C++: Fix spelling. 2022-09-30 11:22:26 +01:00
Mathias Vorreiter Pedersen
483ff58c39 C++: Replace the giant list of predicate parameters with a module signature. 2022-09-30 10:36:03 +01:00
Mathias Vorreiter Pedersen
b0af4cba30 C++: Fix Code Scanning alert. 2022-09-30 10:05:45 +01:00
Mathias Vorreiter Pedersen
6d5de66e6a C++: Add QLDoc to the parameterized module components in 'Allocation.qll'. 2022-09-30 10:04:57 +01:00
Nora Dimitrijević
c37c6a004e Merge branch 'main' into cpp/comma-before-misleading-indentation 2022-09-30 00:28:33 +02:00
Nora Dimitrijević
818be2765e C++: Add Change Note 2022-09-30 00:28:12 +02:00
Nora Dimitrijević
6eac4f52d9 C++: Accept Test Output 
Some tricky FPs are preserved in there.
 2022-09-30 00:13:23 +02:00
Nora Dimitrijević
a124dcf436 C++: Update QLDoc 
Arguably warning, not just recommendation; it may be a logic error.

TODO: What CWE/CVEs should I tag this with?
 2022-09-30 00:06:53 +02:00
Nora Dimitrijević
981a9798b8 C++: Update .qhelp with precision disclaimer. 2022-09-29 23:59:22 +02:00
Nora Dimitrijević
68b473377a C++: Fix QL-on-QL Redundant Cast warning 2022-09-29 23:19:49 +02:00
Nora Dimitrijević
2a046352ce C++: Simplify 2022-09-29 23:06:17 +02:00
Robert Marsh
f17b563692 C++: handle interprocedural flows 
This currently copy-pastes some predicates from InvalidPointerDeref.ql.
Those should be moved to a library file in a followup
 2022-09-29 16:09:48 -04:00
Mathias Vorreiter Pedersen
2a514d60d4 C++: Add 'isBarrierIn' to prevent path duplication. 2022-09-29 19:55:58 +01:00
Mathias Vorreiter Pedersen
d12a76559a C++: Use the new class in 'cpp/invalid-pointer-deref'. 2022-09-29 19:54:03 +01:00
Mathias Vorreiter Pedersen
a9710453f4 C++: Add class with heuristics to detect allocations. 2022-09-29 19:54:03 +01:00
Robert Marsh
99d7512881 C++: tests for constant-size off-by-one query 2022-09-29 13:33:13 -04:00
Nora Dimitrijević
891bc342be C++: Fix another implicit/explicit this FP 2022-09-29 18:42:23 +02:00
Nora Dimitrijević
28bd591107 C++: Fix explicit this-> FP. 2022-09-29 17:04:11 +02:00
Robert Marsh
447c11cd07 C++: move ConstantSizeArrayOffByOne.ql to CWE-193 2022-09-29 10:56:29 -04:00
Robert Marsh
e46b215c9d C++: fix metadata and result format 2022-09-29 10:53:29 -04:00
Nora Dimitrijević
29d7c0e21b C++: Exclude commas in if-conditions. 2022-09-29 16:29:57 +02:00
Nora Dimitrijević
64903336f7 C++: Exclude all parenthesized CommaExprs. 2022-09-29 15:49:29 +02:00
Mathias Vorreiter Pedersen
4e3b445515 C++: Accept test changes. 2022-09-29 13:35:23 +01:00
Mathias Vorreiter Pedersen
70837dbd93 C++: Use range analysis to properly deduce the initial 'state2' instead of traversing the AST. Also fix state-passing related to negative states. 2022-09-29 13:32:39 +01:00
Mathias Vorreiter Pedersen
6537c817ef C++: Add more CWE-199 tests that allocates memory based on the result of a SubExpr. 2022-09-29 13:31:34 +01:00
Nora Dimitrijević
909b36a078 C++: Fix implicit-this FP, uncovered non-funptr FP 2022-09-29 13:14:36 +02:00
Nora Dimitrijević
19a9c5d7d3 C++: Identified another real-life FP 2022-09-28 21:19:45 +02:00
Nora Dimitrijević
96c73bcb19 C++: Fix FP: bad Location for FieldAccess exprs 2022-09-28 20:37:22 +02:00
Nora Dimitrijević
6d5df14547 C++: Remove arguable FPs re: sizeof/decltype 2022-09-28 20:01:14 +02:00
Nora Dimitrijević
592bc18a97 C++: Reduce FPs by excluding all commas in loop heads 
This leads to a 50% reduction of alerts in MRVA 1000.
 2022-09-28 19:38:41 +02:00
Nora Dimitrijević
823b0109f0 C++: Mark FPs that are hard to solve w/o source code 2022-09-28 16:20:13 +02:00
Mathias Vorreiter Pedersen
4ab676774e C++: Add qhelp to new query. 2022-09-28 15:17:08 +01:00
Mathias Vorreiter Pedersen
769ff5c6f3 C++: Add 'isAdditionalFlowStep' predicates for both configurations in the product dataflow library and use them to fix missing results in the 'cpp/overrun-write' query. 2022-09-28 15:17:04 +01:00
Mathias Vorreiter Pedersen
ccbbb5754e C++: Use range analysis in 'cpp/overrun-write' and accept test changes. 2022-09-28 15:14:29 +01:00
Mathias Vorreiter Pedersen
51758aa928 C++: Add tests to 'cpp/overrun-write'. 2022-09-28 15:14:29 +01:00
Nora Dimitrijević
0128b1702e C++: Fix "LHS-end = RHS-begin" FP 2022-09-28 15:36:01 +02:00
Nora Dimitrijević
e7c1fadd94 C++: Fix member-call- and C-cast-related FPs 2022-09-28 15:02:22 +02:00
Robert Marsh
82bbe67267 Merge pull request #10593 from MathiasVP/fix-fp-on-cwe-193 
C++: Fix FPs on `cpp/invalid-pointer-deref`
 2022-09-27 17:38:17 -04:00
Tom Hvitved
df2b586e7c Merge pull request #10577 from hvitved/dataflow/get-a-read-content-fan-in 
Data flow: Fix bad join-order when getAReadContent has large fan-in
 2022-09-27 20:04:58 +02:00
Nora Dimitrijević
cacf78838c C++: Tests (w/ FPs) from MRVA top 1000 run 2022-09-27 18:48:32 +02:00
Mathias Vorreiter Pedersen
549eca1b17 C++: Fix 'implicit use of this'. 2022-09-27 16:29:30 +01:00
Mathias Vorreiter Pedersen
e4305948ef C++: Fix FP on CWE-193 by blocking flow through back-edges of phi nodes. 2022-09-27 16:28:03 +01:00
Tom Hvitved
335e1a8233 Address review comments 2022-09-27 13:36:52 +02:00
Mathias Vorreiter Pedersen
0c79c2836c Merge pull request #10573 from erik-krogh/cpp-unqueryable 
C: deprecate/delete some unused code
 2022-09-27 10:13:24 +01:00