hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-23 16:06:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
48be57c8fd05928ed0405306afceec3cd882f40a
codeql/change-notes/1.25/analysis-cpp.md
Dave Bartolomeo 12688f80ce Merge pull request #3559 from jbj/vcs-remove 
C++: Remove VCS.qll and all queries using it
2020-05-25 14:30:31 -04:00

1.5 KiB
Raw Blame History

Improvements to C/C++ analysis

The following changes in version 1.25 affect C/C++ analysis in all applications.

General improvements

New queries

Query Tags Purpose

Changes to existing queries

Query Expected impact Change

Changes to libraries

  • The library VCS.qll and all queries that imported it have been removed.
  • The data-flow library has been improved, which affects most security queries by potentially adding more results. Flow through functions now takes nested field reads/writes into account. For example, the library is able to track flow from taint() to sink() via the method getf2f1() in 
    struct C {
    int f1;
};

struct C2
{
    C f2;

    int getf2f1() {
        return f2.f1; // Nested field read
    }

    void m() {
        f2.f1 = taint();
        sink(getf2f1()); // NEW: taint() reaches here
    }
};
  • The security pack taint tracking library (semmle.code.cpp.security.TaintTracking) now considers that equality checks may block the flow of taint. This results in fewer false positive results from queries that use this library.