Henry Mercer
d80d39504f
Tag successfully extracted files queries
...
Tag the successfully extracted files queries with
`successfully-extracted-files` to make them easier to identify
programmatically in a language-independent way.
This follows the prior art for lines of code queries, which are tagged
`lines-of-code`.
2022-10-05 19:19:43 +01:00
Nora Dimitrijević
ec2549a38b
Merge branch 'main' into cpp/comma-before-misleading-indentation
2022-10-05 12:02:12 +02:00
Mathias Vorreiter Pedersen
fcd69a005f
C++: Remove redundant pragma.
2022-10-05 09:56:24 +01:00
Nora Dimitrijević
d8cfdc5e26
C++: Tag with CWE-1078, CWE-670
2022-10-05 00:04:56 +02:00
Mathias Vorreiter Pedersen
4d697cd369
C++: Rephrase QLDoc.
2022-10-04 17:15:08 +01:00
Mathias Vorreiter Pedersen
32839021f8
C++: Fix join that might blow up in the future.
2022-10-04 16:43:02 +01:00
Robert Marsh
98f4caf76f
Merge pull request #10645 from MathiasVP/add-more-range-analysis-tests
...
C++: Port SimpleRangeAnalysis tests to the new range-analysis
2022-10-03 14:34:56 -04:00
Robert Marsh
84f9c9b224
C++: query help for ConstantSizeArrayOffByOne.ql
2022-09-30 15:15:24 -04:00
Robert Marsh
159f11cd28
C++: fill in more query metadata
2022-09-30 15:07:08 -04:00
Robert Marsh
8972176242
C++: autoformat
2022-09-30 14:22:33 -04:00
Mathias Vorreiter Pedersen
cd65e73ade
C++: Fix database inconsistency issue from ODR violation.
2022-09-30 17:04:23 +01:00
Robert Marsh
8ac8101a75
C++: convert to path-problem
2022-09-30 11:35:02 -04:00
Robert Marsh
423e0bf99a
C++: respond to style comments on PR
2022-09-30 11:27:14 -04:00
Mathias Vorreiter Pedersen
56b5010f6b
C++: Convert the SimpleRangeAnalysis test to an InlineExpectationsTest.
2022-09-30 14:23:18 +01:00
Mathias Vorreiter Pedersen
d14b2c2880
C++: Put quotes around expectation comments with spaces.
2022-09-30 14:23:18 +01:00
Mathias Vorreiter Pedersen
c4c7c95db2
C++: Add SimpleRangeAnalysis test file to the new range-analysis library test directory.
2022-09-30 14:23:14 +01:00
Nora Dimitrijević
28606c561d
C++: Simplify normalizeExpr
...
This has a comparable but different set of FPs as the previous version.
But arguably it's an improvement.
2022-09-30 14:35:54 +02:00
Nora Dimitrijević
9a94222dbe
C++: Exclude commas from SwitchStmt.getExpr()
2022-09-30 12:32:03 +02:00
Nora Dimitrijević
4938de9185
C++: Fix docstring per suggestion
...
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com >
2022-09-30 12:28:18 +02:00
Mathias Vorreiter Pedersen
fa12bd3cdf
C++: Fix spelling.
2022-09-30 11:22:26 +01:00
Mathias Vorreiter Pedersen
483ff58c39
C++: Replace the giant list of predicate parameters with a module signature.
2022-09-30 10:36:03 +01:00
Mathias Vorreiter Pedersen
b0af4cba30
C++: Fix Code Scanning alert.
2022-09-30 10:05:45 +01:00
Mathias Vorreiter Pedersen
6d5de66e6a
C++: Add QLDoc to the parameterized module components in 'Allocation.qll'.
2022-09-30 10:04:57 +01:00
Nora Dimitrijević
c37c6a004e
Merge branch 'main' into cpp/comma-before-misleading-indentation
2022-09-30 00:28:33 +02:00
Nora Dimitrijević
818be2765e
C++: Add Change Note
2022-09-30 00:28:12 +02:00
Nora Dimitrijević
6eac4f52d9
C++: Accept Test Output
...
Some tricky FPs are preserved in there.
2022-09-30 00:13:23 +02:00
Nora Dimitrijević
a124dcf436
C++: Update QLDoc
...
Arguably warning, not just recommendation; it may be a logic error.
TODO: What CWE/CVEs should I tag this with?
2022-09-30 00:06:53 +02:00
Nora Dimitrijević
981a9798b8
C++: Update .qhelp with precision disclaimer.
2022-09-29 23:59:22 +02:00
Nora Dimitrijević
68b473377a
C++: Fix QL-on-QL Redundant Cast warning
2022-09-29 23:19:49 +02:00
Nora Dimitrijević
2a046352ce
C++: Simplify
2022-09-29 23:06:17 +02:00
Robert Marsh
f17b563692
C++: handle interprocedural flows
...
This currently copy-pastes some predicates from InvalidPointerDeref.ql.
Those should be moved to a library file in a followup
2022-09-29 16:09:48 -04:00
Mathias Vorreiter Pedersen
2a514d60d4
C++: Add 'isBarrierIn' to prevent path duplication.
2022-09-29 19:55:58 +01:00
Mathias Vorreiter Pedersen
d12a76559a
C++: Use the new class in 'cpp/invalid-pointer-deref'.
2022-09-29 19:54:03 +01:00
Mathias Vorreiter Pedersen
a9710453f4
C++: Add class with heuristics to detect allocations.
2022-09-29 19:54:03 +01:00
Robert Marsh
99d7512881
C++: tests for constant-size off-by-one query
2022-09-29 13:33:13 -04:00
Nora Dimitrijević
891bc342be
C++: Fix another implicit/explicit this FP
2022-09-29 18:42:23 +02:00
Nora Dimitrijević
28bd591107
C++: Fix explicit this-> FP.
2022-09-29 17:04:11 +02:00
Robert Marsh
447c11cd07
C++: move ConstantSizeArrayOffByOne.ql to CWE-193
2022-09-29 10:56:29 -04:00
Robert Marsh
e46b215c9d
C++: fix metadata and result format
2022-09-29 10:53:29 -04:00
Nora Dimitrijević
29d7c0e21b
C++: Exclude commas in if-conditions.
2022-09-29 16:29:57 +02:00
Nora Dimitrijević
64903336f7
C++: Exclude all parenthesized CommaExprs.
2022-09-29 15:49:29 +02:00
Mathias Vorreiter Pedersen
4e3b445515
C++: Accept test changes.
2022-09-29 13:35:23 +01:00
Mathias Vorreiter Pedersen
70837dbd93
C++: Use range analysis to properly deduce the initial 'state2' instead of traversing the AST. Also fix state-passing related to negative states.
2022-09-29 13:32:39 +01:00
Mathias Vorreiter Pedersen
6537c817ef
C++: Add more CWE-199 tests that allocates memory based on the result of a SubExpr.
2022-09-29 13:31:34 +01:00
Nora Dimitrijević
909b36a078
C++: Fix implicit-this FP, uncovered non-funptr FP
2022-09-29 13:14:36 +02:00
Nora Dimitrijević
19a9c5d7d3
C++: Identified another real-life FP
2022-09-28 21:19:45 +02:00
Nora Dimitrijević
96c73bcb19
C++: Fix FP: bad Location for FieldAccess exprs
2022-09-28 20:37:22 +02:00
Nora Dimitrijević
6d5df14547
C++: Remove arguable FPs re: sizeof/decltype
2022-09-28 20:01:14 +02:00
Nora Dimitrijević
592bc18a97
C++: Reduce FPs by excluding all commas in loop heads
...
This leads to a 50% reduction of alerts in MRVA 1000.
2022-09-28 19:38:41 +02:00
Nora Dimitrijević
823b0109f0
C++: Mark FPs that are hard to solve w/o source code
2022-09-28 16:20:13 +02:00
