codeql

mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00

Author	SHA1	Message	Date
github-actions[bot]	d1aa0d7dd3	Release preparation for version 2.10.1	2022-07-14 08:56:03 +00:00
Jeroen Ketema	c18428f1a9	Merge pull request #9785 from bdrodes/main C++: Nullness.qll bug fixes	2022-07-12 21:43:44 +02:00
ihsinme	e77a989133	Update DangerousUseMbtowc.expected	2022-07-12 20:22:31 +03:00
ihsinme	98af52fba5	Update DangerousUseMbtowc.ql	2022-07-12 20:19:59 +03:00
Geoffrey White	f29104ccce	C++: Accept test results.	2022-07-12 16:49:04 +01:00
Jeroen Ketema	f7c4fa691d	Apply suggestions from code review Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>	2022-07-12 16:59:15 +02:00
Jeroen Ketema	8f9d419441	C++: Add change note	2022-07-12 15:24:09 +02:00
Jeroen Ketema	e5eabc4e47	C++: Slightly tweak nullness test and update test results	2022-07-12 15:23:33 +02:00
Jeroen Ketema	d63b0946d9	C++: Use `ConditionDeclExpr` in `AnalysedExpr::isDef`	2022-07-12 15:22:13 +02:00
Jeroen Ketema	2ceb25dc9a	C++: Order left and right operands in the logical left to right order	2022-07-12 15:21:37 +02:00
Jeroen Ketema	c75599c3da	C++: Clarify the "most-specific" part of `FunctionCall:getTarget`	2022-07-12 10:28:19 +02:00
Ben Rodes	a6048dd594	Merge branch 'github:main' into main	2022-07-11 08:49:13 -04:00
Jeroen Ketema	93a4a32527	Merge pull request #9786 from jketema/lossy C++: LossyFunctionResultCast updates	2022-07-11 14:14:33 +02:00
Robert Marsh	bbd7e62341	Merge pull request #9793 from jketema/nullness C++: Add tests for `AnalysedExpr::isNullCheck` and `AnalysedExpr::isValidCheck`	2022-07-11 08:07:24 -04:00
Jeroen Ketema	6b2154eb8b	C++: Add tests for `AnalysedExpr::isNullCheck` and `AnalysedExpr::isValidCheck`	2022-07-11 11:54:48 +02:00
$REDMOND\brodes$ REDMOND\brodes	4379aa4398	Adding Initializer in condition as an occurance of isDef	2022-07-07 10:32:36 -04:00
Jeroen Ketema	0b471c2007	C++: Improve LossyFunctionResultCast join order Before on wireshark: ``` Tuple counts for #select#ff@eca61bf2: 180100 ~2% {2} r1 = SCAN Type::Type::getUnderlyingType#dispred#f0820431#ff OUTPUT In.1, In.0 84 ~2% {2} r2 = JOIN r1 WITH project#Type::FloatingPointType#class#2e8eb3ef#fffff ON FIRST 1 OUTPUT Lhs.1, Rhs.0 2021 ~0% {2} r3 = JOIN r2 WITH Function::Function::getType#dispred#f0820431#fb_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1 2437 ~0% {2} r4 = JOIN r3 WITH Call::FunctionCall::getTarget#dispred#f0820431#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1, Rhs.1 2150 ~0% {2} r5 = r4 AND NOT LossyFunctionResultCast::whiteListWrapped#377b528a#f(Lhs.1) 2150 ~0% {2} r6 = SCAN r5 OUTPUT In.1, In.0 313 ~0% {3} r7 = JOIN r6 WITH exprconv ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0 313 ~0% {3} r8 = JOIN r7 WITH Cast::Conversion#class#1f33e835#b ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2 148 ~3% {2} r9 = JOIN r8 WITH Expr::Expr::isCompilerGenerated#f0820431#b ON FIRST 1 OUTPUT Lhs.2, Lhs.1 148 ~1% {3} r10 = JOIN r9 WITH Expr::Expr::getActualType#dispred#f0820431#bf ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0 21 ~0% {3} r11 = JOIN r10 WITH Type::IntegralType#class#2e8eb3ef#ff ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Lhs.0 21 ~0% {3} r12 = JOIN r11 WITH Element::ElementBase::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Rhs.1 21 ~0% {2} r13 = JOIN r12 WITH Element::ElementBase::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.1, ("Return value of type " ++ Lhs.2 ++ " is implicitly converted to " ++ Rhs.1 ++ " here.") return r13 ``` After: ``` Tuple counts for #select#ff@a5a185eg: 20 ~0% {2} r1 = SCAN project#Type::FloatingPointType#class#2e8eb3ef#fffff OUTPUT In.0, In.0 20 ~0% {2} r2 = JOIN r1 WITH project#Type::FloatingPointType#class#2e8eb3ef#fffff ON FIRST 1 OUTPUT Lhs.1, Lhs.0 84 ~2% {2} r3 = JOIN r2 WITH Type::Type::getUnderlyingType#dispred#f0820431#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1 2021 ~0% {2} r4 = JOIN r3 WITH Function::Function::getType#dispred#f0820431#fb_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1 2437 ~0% {2} r5 = JOIN r4 WITH Call::FunctionCall::getTarget#dispred#f0820431#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1, Rhs.1 2150 ~0% {2} r6 = r5 AND NOT LossyFunctionResultCast::whiteListWrapped#377b528a#f(Lhs.1) 2150 ~0% {2} r7 = SCAN r6 OUTPUT In.1, In.0 313 ~0% {3} r8 = JOIN r7 WITH exprconv ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0 313 ~0% {3} r9 = JOIN r8 WITH Cast::Conversion#class#1f33e835#b ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2 148 ~3% {2} r10 = JOIN r9 WITH Expr::Expr::isCompilerGenerated#f0820431#b ON FIRST 1 OUTPUT Lhs.2, Lhs.1 148 ~1% {3} r11 = JOIN r10 WITH Expr::Expr::getActualType#dispred#f0820431#bf ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0 21 ~0% {3} r12 = JOIN r11 WITH Type::IntegralType#class#2e8eb3ef#ff ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Lhs.0 21 ~0% {3} r13 = JOIN r12 WITH Element::ElementBase::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Rhs.1 21 ~0% {2} r14 = JOIN r13 WITH Element::ElementBase::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.1, ("Return value of type " ++ Lhs.2 ++ " is implicitly converted to " ++ Rhs.1 ++ " here.") return r14 ```	2022-07-06 21:53:12 +02:00
Jeroen Ketema	7d6fb7f91a	C++: Rename LossyFunctionResultCast tests to be correctly named	2022-07-06 21:52:13 +02:00
$REDMOND\brodes$ REDMOND\brodes	74ff579dbc	Fixing logic bug with LogicalAndExpr	2022-07-06 15:19:36 -04:00
ihsinme	8967f57bbc	Update DangerousUseMbtowc.ql	2022-07-04 11:17:12 +03:00
ihsinme	4e28887689	Create test3.cpp	2022-07-04 11:13:07 +03:00
ihsinme	1ce42dcd30	Create test2.cpp	2022-07-04 11:12:34 +03:00
ihsinme	6d800de377	Create test1.cpp	2022-07-04 11:11:49 +03:00
ihsinme	f53adca108	Update DangerousUseMbtowc.ql	2022-07-04 11:10:02 +03:00
Mathias Vorreiter Pedersen	3bacb18315	Merge pull request #9770 from MathiasVP/nomagic-use-in-own-init C++: Add `nomagic` to `VariableAccessInInitializer`	2022-07-02 16:35:45 +01:00
Mathias Vorreiter Pedersen	e4636be8db	C++: Add 'nomagic' to the charpred of 'VariableAccessInInitializer'.	2022-07-01 11:07:18 +01:00
Jeroen Ketema	08b1c5495a	Merge pull request #9767 from igfoo/igfoo/typo C++: Typo: intrepret	2022-06-30 20:00:03 +02:00
Ian Lynagh	57e026d617	C++: Typo: intrepret	2022-06-30 18:22:17 +01:00
Andrew Eisenberg	fbeecd6c08	Merge pull request #9744 from github/aeisenberg/move-contextual-queries	2022-06-29 11:44:33 -07:00
Andrew Eisenberg	ddf06f8617	Add change notes and qldoc for moved files	2022-06-29 10:03:12 -07:00
Andrew Eisenberg	a3f4d1bf66	Move contextual queries from src to lib With this change, users are now able to run View AST command in vscode within vscode workspaces that do not include the core libraries. The relevant core library only needs to be installed in the package cache.	2022-06-29 07:51:26 -07:00
Jeroen Ketema	55e052af26	Merge pull request #9686 from aschackmull/dataflow/no-node-scan Dataflow performance: Avoid node scans	2022-06-29 10:38:56 +02:00
Jeroen Ketema	8b13d1fab8	Merge pull request #9726 from github/rdmarsh2/stack-address-join-order C++: fix join order in UsingExpiredStackAddress	2022-06-29 09:35:47 +02:00
Jeroen Ketema	a7956ad422	C++: Add change note	2022-06-28 15:32:43 +02:00
Jeroen Ketema	82c9b8b494	C++: Ensure only one `Variable` exists for every global variable Depending on the extraction order, before this change there might be multiple `GlobalVariable`s per declared global variable. See the tests in `cpp/ql/test/library-tests/variables/global`. This change ensures that only one of those `GlobalVariable`s is visible to the user if we can locate a unique definition. If not, the old situation persists. Note that an exception needs to be made for templated variables. Here, the definition refers to the non-instantiated template, while a declaration that is not a definition refers to an instantiation. In case the instantiation refers to a template parameter, the mangled names of the template and the instantiation will be identical. This happens for example in the following case: ``` template <typename T> T x = T(42); // Uninstantiated templated variable template <typename T> class C { T y = x<T>; // Instantiation using a template parameter }; ``` Since the uninstantiated template and the instantiation are two different entities, we do not unify them as described above.	2022-06-28 15:32:43 +02:00
Robert Marsh	829fdd1ff6	C++: fix join order in UsingExpiredStackAddress	2022-06-27 15:28:14 -04:00
ihsinme	65c9a7b278	Update BufferAccessWithIncorrectLengthValue.ql	2022-06-26 13:49:44 +03:00
github-actions[bot]	d506f448ef	Post-release preparation for codeql-cli-2.10.0	2022-06-24 07:36:33 +00:00
Robert Marsh	4a522831c4	C++: update change note for IR global var flow	2022-06-23 14:39:13 -04:00
Robert Marsh	e45c982dd1	C++: change note for global variables in dataflow	2022-06-23 14:32:52 -04:00
Anders Schack-Mulligen	dc517a758e	Autoformat	2022-06-23 14:44:40 +02:00
Anders Schack-Mulligen	4a317a25d3	Dataflow: Sync.	2022-06-23 14:34:52 +02:00
Asger F	d3df2033f0	Update cpp/ql/lib/change-notes/released/0.3.0.md	2022-06-23 14:11:11 +02:00
Asger F	bef38a64c3	Update cpp/ql/lib/CHANGELOG.md	2022-06-23 14:10:09 +02:00
github-actions[bot]	a74051c658	Release preparation for version 2.10.0	2022-06-23 11:17:46 +00:00
ihsinme	c1f0940b6a	Update cpp/ql/src/experimental/Security/CWE/CWE-805/BufferAccessWithIncorrectLengthValue.ql Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>	2022-06-23 12:50:59 +03:00
Geoffrey White	20c3182437	Merge pull request #9087 from ihsinme/ihsinme-patch-88 CPP: Add query for CWE-670: Always-Incorrect Control Flow Implementation when use SSL_shutdown	2022-06-23 09:16:55 +01:00
Jeroen Ketema	b3ac7bda35	C++: Remove redundant parentheses	2022-06-23 07:25:53 +02:00
Jeroen Ketema	9cfd1a84b6	C++: Remove out-of-date comment, as we use mangled names in `ResolveClass.qll`	2022-06-23 07:24:04 +02:00
Robert Marsh	813a8548d7	C++: accept test changes for globals in data flow	2022-06-22 16:42:42 -04:00

... 15 16 17 18 19 ...

8760 Commits