hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-10 04:01:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
54,887 Commits 1,689 Branches 160 Tags
codeql-cli/v2.13.3
Commit Graph

54887 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
semmle-qlci
a7d9a50dcf Merge pull request #1176 from xiemaisi/js/fix-socket-io-type-tracking 
Approved by asger-semmle
 2019-04-01 13:57:13 +01:00
Jonas Jensen
71659594c8 C++: Let data flow past definition by reference 
This commit changes how data flow works in the following code.

    MyType x = source();
    defineByReference(&x);
    sink(x);

The question here is whether there should be flow from `source` to
`sink`. Such flow is desirable if `defineByReference` doesn't write to
all of `x`, but it's undesirable if `defineByReference` is a typical
init function in `C` that writes to every field or if
`defineByReference` is `memcpy` or `memset` on the full range.

Before 1.20.0, there would be flow from `source` to `sink` in case `x`
happened to be modeled with `BlockVar` but not in case `x` happened to
be modelled with SSA. The choice of modelling depends on an analysis of
how `x` is used elsewhere in the function, and it's supposed to be an
internal implementation detail that there are two ways to model
variables. In 1.20.0, I changed the `BlockVar` behavior so it worked the
same as SSA, never allowing that flow. It turns out that this change
broke a customer's query.

This commit reverts `BlockVar` to its old behavior of letting flow
propagate past the `defineByReference` call and then regains consistency
by changing all variables that are ever defined by reference to be
modelled with `BlockVar` instead of SSA. This means we now get too much
flow in certain cases, but that appears to be better overall than
getting too little flow. See also the discussion in CPP-336.
 2019-04-01 14:13:47 +02:00
calum
932961bf19 C#: Remove static SHA1CryptoServiceProvider 2019-04-01 10:46:39 +01:00
Arthur Baars
4b95fbbb39 C++ Fix select statements of AV 3 and 81 2019-04-01 11:20:12 +02:00
Arthur Baars
ba7fdddafb Change @kind to 'table' for test and sanity checks queries that don't select problems 2019-04-01 11:20:12 +02:00
Esben Sparre Andreasen
6908c54df6 JS: change notes 2019-04-01 09:25:07 +02:00
Esben Sparre Andreasen
364ba1b4ac JS: use RegExpLiteral as a SourceNode 2019-04-01 09:19:25 +02:00
Esben Sparre Andreasen
7923c9d77c JS: add tests for missing flow of regular expressions 2019-04-01 09:19:25 +02:00
Esben Sparre Andreasen
42d3012f81 JS: let RegExpLiteral be a DataFlow::SourceNode 2019-04-01 09:19:25 +02:00
Jonas Jensen
04a48e9034 Merge remote-tracking branch 'upstream/master' into SimpleRangeAnalysis-use-after-cast 2019-04-01 09:10:57 +02:00
Jonas Jensen
76caad0fb4 Merge pull request #1119 from geoffw0/wprintf2 
CPP: Better handling of %s/%c/%S/%C in Printf/FormattingFunction.qll
 2019-04-01 08:47:20 +02:00
Ziemowit Laski
8a653b9adc [CPP-340] Fix TooFewArguments.c to actually provide a ()-prototype. 2019-03-29 20:34:49 -07:00
Ziemowit Laski
59a54df149 [CPP-340] cpp/too-many-arguments should remain as cpp/futile-params. 2019-03-29 20:30:40 -07:00
Ziemowit Laski
2ea9f81c7f [CPP-340] Refer to C coding standard, not C++. 2019-03-29 20:27:25 -07:00
Ziemowit Laski
cb5bbd2197 [CPP-340] When warning about mismatched parameters, follow what C 
compilers do.  Various integral and floating-point types
          are treated as mutually implicitly convertible.  Remaining
          warnings deal with misuse of pointer and array types.
 2019-03-29 20:19:45 -07:00
semmle-qlci
ed0ef36427 Merge pull request #1035 from asger-semmle/firebase 
Approved by xiemaisi
 2019-03-29 13:44:02 +00:00
Asger F
4c99c01c1a JS: review comments 2019-03-29 13:42:22 +00:00
Max Schaefer
e4c4f7a5ae Update javascript/ql/src/semmle/javascript/DOM.qll 
Co-Authored-By: asger-semmle <42069257+asger-semmle@users.noreply.github.com>
 2019-03-29 13:42:00 +00:00
Max Schaefer
10479eaf4d Update javascript/ql/src/semmle/javascript/DOM.qll 
Co-Authored-By: asger-semmle <42069257+asger-semmle@users.noreply.github.com>
 2019-03-29 13:40:59 +00:00
Max Schaefer
a0b06c267c Update javascript/ql/src/semmle/javascript/DOM.qll 
Co-Authored-By: asger-semmle <42069257+asger-semmle@users.noreply.github.com>
 2019-03-29 13:40:46 +00:00
Max Schaefer
62c895de3e JavaScript: Introduce Type(Back)Tracker::continue predicate. 2019-03-29 11:45:18 +00:00
Geoffrey White
a6e0296c0c CPP: Be slash/case insensitive. 2019-03-29 11:19:20 +00:00
Geoffrey White
c8caca3305 CPP: Add test cases for %ls, %hs. 2019-03-29 11:19:20 +00:00
Geoffrey White
f5a7d7a035 CPP: Correct a few comments. 2019-03-29 11:19:19 +00:00
Geoffrey White
d22c93f101 CPP: Change note. 2019-03-29 11:19:19 +00:00
Geoffrey White
66e87fc34c CPP: Detect Microsoft compilations even more reliably. 2019-03-29 11:18:32 +00:00
Geoffrey White
5911699c55 CPP: Clean up some remaining old 'isWideCharDefault' logic that has caused confusion. 2019-03-29 11:18:31 +00:00
Geoffrey White
eef050dd47 CPP: Improve deduction of %S types in FormattingFunction.qll. 2019-03-29 11:18:31 +00:00
Geoffrey White
4a25c37ecc CPP: Detect Microsoft compilations somewhat more reliably. 2019-03-29 11:18:31 +00:00
Geoffrey White
975a0bbf0d CPP: Handle %s/%c/%S/%C correctly on non-MS platforms. 2019-03-29 11:18:31 +00:00
Geoffrey White
648cdbab6c CPP: Add FormattingFunction.getFormatCharType() and test. 2019-03-29 11:18:31 +00:00
Geoffrey White
162c9981bd CPP: Add some test cases. 2019-03-29 11:18:31 +00:00
Asger F
e90a889f76 JS: Refactor DOM libs to use DataFlow more 2019-03-29 11:15:30 +00:00
Max Schaefer
8bb91bf001 JavaScript: Autoformat. 2019-03-29 08:30:05 +00:00
Max Schaefer
41a3ad3f82 JavaScript: Tweak some regexes in Files.qll. 
It seems preferable to use the same regex everywhere, even if it's overly general for a few cases.
 2019-03-29 08:30:05 +00:00
Max Schaefer
f5279b2a1d JavaScript: Resolve AMD imports based on absolute paths if there is only a single candidate. 2019-03-29 08:30:05 +00:00
Max Schaefer
b29b3dff4d JavaScript: Use proper camel-case for AMD-related class names. 2019-03-29 08:14:07 +00:00
Jonas Jensen
752ca94402 Merge pull request #854 from geoffw0/taintedmalloc 
CPP: Improve TaintedAllocationSize.ql
 2019-03-29 09:13:18 +01:00
Jonas Jensen
68a19d7d3e Merge branch 'master' into taintedmalloc 2019-03-29 09:12:38 +01:00
Max Schaefer
d541bd58fb JavaScript: Unify (most) overrides of getAnImportedModule. 2019-03-29 08:11:29 +00:00
Max Schaefer
6a78e37d93 JavaScript: Make AMD dependencies Imports. 2019-03-29 08:11:29 +00:00
Jonas Jensen
fcf04abb84 Merge pull request #1120 from jcreedcmu/jcreed/nan 
C++: Teach range analysis to pay attention to NaNs.
 2019-03-29 07:51:27 +01:00
Jason Reed
e52bbe7784 C++: Add change note. 2019-03-28 20:47:03 -04:00
Jason Reed
d03b5bca31 C++: Fix non-private imports. 2019-03-28 20:39:29 -04:00
Jason Reed
9c0be34fd4 C++: Remove accidental redundancy. 2019-03-28 20:39:29 -04:00
Jason Reed
23ee7ee928 C++: Teach range analysis to pay attention to NaNs. 2019-03-28 20:39:29 -04:00
Jonas Jensen
886e52468d Merge pull request #1177 from geoffw0/qhelp 
CPP: Add a reference about include optimization for AV Rule 35
 2019-03-28 20:44:39 +01:00
Geoffrey White
f358e61719 CPP: Add a reference about include optimization to the qhelp for AV Rule 35. 2019-03-28 16:37:50 +00:00
Geoffrey White
a7e349c2a2 CPP: Add change note. 2019-03-28 15:50:37 +00:00
Geoffrey White
faa23a53be CPP: Update expected for changes elsewhere. 2019-03-28 15:49:36 +00:00