github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
47 017 коммитов 1 541 ветка 132 Теги 497 MiB
Граф коммитов

8511 Коммитов

Автор SHA1 Сообщение Дата
Geoffrey White fd571538fb
Merge pull request #10706 from geoffw0/vaheuristic 
C++: Tune cpp/unterminated-variadic-call
 2022-10-10 13:39:40 +01:00
Geoffrey White 059864587e C++: Add 'mremap' to whitelist. 2022-10-10 11:00:18 +01:00
Tom Hvitved 296ec94a2a Data flow: Sync files 2022-10-09 19:48:45 +02:00
Dave Bartolomeo 5ee7986649
Merge pull request #10736 from github/post-release-prep/codeql-cli-2.11.1 
Post-release preparation for codeql-cli-2.11.1
 2022-10-07 14:23:31 -04:00
github-actions[bot] b8ef9e0ddc Post-release preparation for codeql-cli-2.11.1 2022-10-07 15:59:45 +00:00
erik-krogh 66c9705502
fix some more style-guide violations in the alert-messages 2022-10-07 11:19:46 +02:00
github-actions[bot] a02dcdc5e1 Release preparation for version 2.11.1 2022-10-07 02:20:28 +00:00
Mathias Vorreiter Pedersen e147a6032e C++: Replace 'IRType' with 'Type' in dataflow. This means we're more compatible with the old AST library. 2022-10-06 17:26:56 +01:00
Mathias Vorreiter Pedersen 65a538ed41 C++: Exclude a few more operands from the dataflow graph. These aren't ever used for dataflow, and it should give us a slight speedup. 2022-10-06 17:22:09 +01:00
Mathias Vorreiter Pedersen 3fcb825e7f C++: Change a few indirectionIndex ranges from '[0 .. n - 1]' to '[1 .. n]'. This simplifies some arithmetic in a few predicates. 2022-10-06 17:21:09 +01:00
Henry Mercer 7a7d164b07
Merge pull request #10698 from github/henrymercer/successfully-extracted-files-tag 
Tag successfully extracted files queries
 2022-10-06 13:21:52 +01:00
Geoffrey White c6b7bb436d C++: Make the ql-for-ql checks happy. 2022-10-06 11:25:22 +01:00
Mathias Vorreiter Pedersen a856bc8678
Merge pull request #10562 from rdmarsh2/rdmarsh2/cpp/field-off-by-one 
C++: prototype for off-by-one in array-typed field
 2022-10-06 11:04:12 +01:00
Mathias Vorreiter Pedersen 32d0b58923 C++: Fix qhelp example. 2022-10-06 10:19:53 +01:00
Geoffrey White 86756538f2 C++: Change note. 2022-10-06 09:14:25 +01:00
Geoffrey White 3f78a244b9 C++: Make the tests use more repetitions. 2022-10-06 09:14:24 +01:00
Geoffrey White 9a365d83cf C++: Tighten up the heuristic in cpp/unterminated-variadic-call. 2022-10-06 09:14:16 +01:00
Henry Mercer d80d39504f Tag successfully extracted files queries 
Tag the successfully extracted files queries with
`successfully-extracted-files` to make them easier to identify
programmatically in a language-independent way.
This follows the prior art for lines of code queries, which are tagged
`lines-of-code`.
 2022-10-05 19:19:43 +01:00
Nora Dimitrijević ec2549a38b
Merge branch 'main' into cpp/comma-before-misleading-indentation 2022-10-05 12:02:12 +02:00
Mathias Vorreiter Pedersen fcd69a005f C++: Remove redundant pragma. 2022-10-05 09:56:24 +01:00
Nora Dimitrijević d8cfdc5e26 C++: Tag with CWE-1078, CWE-670 2022-10-05 00:04:56 +02:00
Mathias Vorreiter Pedersen 4d697cd369 C++: Rephrase QLDoc. 2022-10-04 17:15:08 +01:00
Mathias Vorreiter Pedersen 32839021f8 C++: Fix join that might blow up in the future. 2022-10-04 16:43:02 +01:00
Robert Marsh 98f4caf76f
Merge pull request #10645 from MathiasVP/add-more-range-analysis-tests 
C++: Port SimpleRangeAnalysis tests to the new range-analysis
 2022-10-03 14:34:56 -04:00
Robert Marsh 84f9c9b224 C++: query help for ConstantSizeArrayOffByOne.ql 2022-09-30 15:15:24 -04:00
Robert Marsh 159f11cd28 C++: fill in more query metadata 2022-09-30 15:07:08 -04:00
Robert Marsh 8972176242 C++: autoformat 2022-09-30 14:22:33 -04:00
Mathias Vorreiter Pedersen cd65e73ade C++: Fix database inconsistency issue from ODR violation. 2022-09-30 17:04:23 +01:00
Robert Marsh 8ac8101a75 C++: convert to path-problem 2022-09-30 11:35:02 -04:00
Robert Marsh 423e0bf99a C++: respond to style comments on PR 2022-09-30 11:27:14 -04:00
Mathias Vorreiter Pedersen 56b5010f6b C++: Convert the SimpleRangeAnalysis test to an InlineExpectationsTest. 2022-09-30 14:23:18 +01:00
Mathias Vorreiter Pedersen d14b2c2880 C++: Put quotes around expectation comments with spaces. 2022-09-30 14:23:18 +01:00
Mathias Vorreiter Pedersen c4c7c95db2 C++: Add SimpleRangeAnalysis test file to the new range-analysis library test directory. 2022-09-30 14:23:14 +01:00
Nora Dimitrijević 28606c561d C++: Simplify normalizeExpr 
This has a comparable but different set of FPs as the previous version.
But arguably it's an improvement.
 2022-09-30 14:35:54 +02:00
Nora Dimitrijević 9a94222dbe C++: Exclude commas from SwitchStmt.getExpr() 2022-09-30 12:32:03 +02:00
Nora Dimitrijević 4938de9185
C++: Fix docstring per suggestion 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2022-09-30 12:28:18 +02:00
Mathias Vorreiter Pedersen fa12bd3cdf C++: Fix spelling. 2022-09-30 11:22:26 +01:00
Mathias Vorreiter Pedersen 483ff58c39 C++: Replace the giant list of predicate parameters with a module signature. 2022-09-30 10:36:03 +01:00
Mathias Vorreiter Pedersen b0af4cba30 C++: Fix Code Scanning alert. 2022-09-30 10:05:45 +01:00
Mathias Vorreiter Pedersen 6d5de66e6a C++: Add QLDoc to the parameterized module components in 'Allocation.qll'. 2022-09-30 10:04:57 +01:00
Nora Dimitrijević c37c6a004e
Merge branch 'main' into cpp/comma-before-misleading-indentation 2022-09-30 00:28:33 +02:00
Nora Dimitrijević 818be2765e C++: Add Change Note 2022-09-30 00:28:12 +02:00
Nora Dimitrijević 6eac4f52d9 C++: Accept Test Output 
Some tricky FPs are preserved in there.
 2022-09-30 00:13:23 +02:00
Nora Dimitrijević a124dcf436 C++: Update QLDoc 
Arguably warning, not just recommendation; it may be a logic error.

TODO: What CWE/CVEs should I tag this with?
 2022-09-30 00:06:53 +02:00
Nora Dimitrijević 981a9798b8 C++: Update .qhelp with precision disclaimer. 2022-09-29 23:59:22 +02:00
Nora Dimitrijević 68b473377a C++: Fix QL-on-QL Redundant Cast warning 2022-09-29 23:19:49 +02:00
Nora Dimitrijević 2a046352ce C++: Simplify 2022-09-29 23:06:17 +02:00
Robert Marsh f17b563692 C++: handle interprocedural flows 
This currently copy-pastes some predicates from InvalidPointerDeref.ql.
Those should be moved to a library file in a followup
 2022-09-29 16:09:48 -04:00
Mathias Vorreiter Pedersen 2a514d60d4 C++: Add 'isBarrierIn' to prevent path duplication. 2022-09-29 19:55:58 +01:00
Mathias Vorreiter Pedersen d12a76559a C++: Use the new class in 'cpp/invalid-pointer-deref'. 2022-09-29 19:54:03 +01:00
Mathias Vorreiter Pedersen a9710453f4 C++: Add class with heuristics to detect allocations. 2022-09-29 19:54:03 +01:00
Robert Marsh 99d7512881 C++: tests for constant-size off-by-one query 2022-09-29 13:33:13 -04:00
Nora Dimitrijević 891bc342be C++: Fix another implicit/explicit this FP 2022-09-29 18:42:23 +02:00
Nora Dimitrijević 28bd591107 C++: Fix explicit this-> FP. 2022-09-29 17:04:11 +02:00
Robert Marsh 447c11cd07 C++: move ConstantSizeArrayOffByOne.ql to CWE-193 2022-09-29 10:56:29 -04:00
Robert Marsh e46b215c9d C++: fix metadata and result format 2022-09-29 10:53:29 -04:00
Nora Dimitrijević 29d7c0e21b C++: Exclude commas in if-conditions. 2022-09-29 16:29:57 +02:00
Nora Dimitrijević 64903336f7 C++: Exclude all parenthesized CommaExprs. 2022-09-29 15:49:29 +02:00
Mathias Vorreiter Pedersen 4e3b445515 C++: Accept test changes. 2022-09-29 13:35:23 +01:00
Mathias Vorreiter Pedersen 70837dbd93 C++: Use range analysis to properly deduce the initial 'state2' instead of traversing the AST. Also fix state-passing related to negative states. 2022-09-29 13:32:39 +01:00
Mathias Vorreiter Pedersen 6537c817ef C++: Add more CWE-199 tests that allocates memory based on the result of a SubExpr. 2022-09-29 13:31:34 +01:00
Nora Dimitrijević 909b36a078 C++: Fix implicit-this FP, uncovered non-funptr FP 2022-09-29 13:14:36 +02:00
Nora Dimitrijević 19a9c5d7d3 C++: Identified another real-life FP 2022-09-28 21:19:45 +02:00
Nora Dimitrijević 96c73bcb19 C++: Fix FP: bad Location for FieldAccess exprs 2022-09-28 20:37:22 +02:00
Nora Dimitrijević 6d5df14547 C++: Remove arguable FPs re: sizeof/decltype 2022-09-28 20:01:14 +02:00
Nora Dimitrijević 592bc18a97 C++: Reduce FPs by excluding all commas in loop heads 
This leads to a 50% reduction of alerts in MRVA 1000.
 2022-09-28 19:38:41 +02:00
Nora Dimitrijević 823b0109f0 C++: Mark FPs that are hard to solve w/o source code 2022-09-28 16:20:13 +02:00
Mathias Vorreiter Pedersen 4ab676774e C++: Add qhelp to new query. 2022-09-28 15:17:08 +01:00
Mathias Vorreiter Pedersen 769ff5c6f3 C++: Add 'isAdditionalFlowStep' predicates for both configurations in the product dataflow library and use them to fix missing results in the 'cpp/overrun-write' query. 2022-09-28 15:17:04 +01:00
Mathias Vorreiter Pedersen ccbbb5754e C++: Use range analysis in 'cpp/overrun-write' and accept test changes. 2022-09-28 15:14:29 +01:00
Mathias Vorreiter Pedersen 51758aa928 C++: Add tests to 'cpp/overrun-write'. 2022-09-28 15:14:29 +01:00
Nora Dimitrijević 0128b1702e C++: Fix "LHS-end = RHS-begin" FP 2022-09-28 15:36:01 +02:00
Nora Dimitrijević e7c1fadd94 C++: Fix member-call- and C-cast-related FPs 2022-09-28 15:02:22 +02:00
Robert Marsh 82bbe67267
Merge pull request #10593 from MathiasVP/fix-fp-on-cwe-193 
C++: Fix FPs on `cpp/invalid-pointer-deref`
 2022-09-27 17:38:17 -04:00
Tom Hvitved df2b586e7c
Merge pull request #10577 from hvitved/dataflow/get-a-read-content-fan-in 
Data flow: Fix bad join-order when getAReadContent has large fan-in
 2022-09-27 20:04:58 +02:00
Nora Dimitrijević cacf78838c C++: Tests (w/ FPs) from MRVA top 1000 run 2022-09-27 18:48:32 +02:00
Mathias Vorreiter Pedersen 549eca1b17 C++: Fix 'implicit use of this'. 2022-09-27 16:29:30 +01:00
Mathias Vorreiter Pedersen e4305948ef C++: Fix FP on CWE-193 by blocking flow through back-edges of phi nodes. 2022-09-27 16:28:03 +01:00
Tom Hvitved 335e1a8233 Address review comments 2022-09-27 13:36:52 +02:00
Mathias Vorreiter Pedersen 0c79c2836c
Merge pull request #10573 from erik-krogh/cpp-unqueryable 
C: deprecate/delete some unused code
 2022-09-27 10:13:24 +01:00
Anders Schack-Mulligen 9f1bbf2bbd
Merge pull request #10575 from aschackmull/dataflow/cleanup-module 
Dataflow: Minor visibility cleanup
 2022-09-27 10:10:53 +02:00
Tom Hvitved 45fc62f16b Data flow: Sync files 2022-09-26 20:39:48 +02:00
Tom Hvitved 1273db5a22 Data flow: Fix bad join-order when `getAReadContent` has large fan-in 
Before (terminated before completion)
```
Evaluated relational algebra for predicate DataFlowImplForHttpClientLibraries#c536b619::store#5#fffff@e5ef07bh with tuple counts:
            151500     ~0%    {4} r1 = SCAN DataFlowImplCommon#4f8df883::Cached::store#4#ffff OUTPUT In.1, In.0, In.2, In.3
            150500     ~0%    {5} r2 = JOIN r1 WITH DataFlowImplCommon#4f8df883::Cached::MkTypedContent#fff_20#join_rhs ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Lhs.2, Lhs.3, Rhs.1
            149500     ~0%    {5} r3 = JOIN r2 WITH num#DataFlowImplForHttpClientLibraries#c536b619::TNodeNormal#ff ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Lhs.3, Lhs.4, Rhs.1
            148500     ~0%    {5} r4 = JOIN r3 WITH num#DataFlowImplForHttpClientLibraries#c536b619::TNodeNormal#ff ON FIRST 1 OUTPUT Lhs.3, Lhs.1, Lhs.2, Lhs.4, Rhs.1
        2003849000     ~0%    {5} r5 = JOIN r4 WITH DataFlowPublic#e1781e31::ContentSet::getAReadContent#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3, Lhs.4
         105066500  ~9036%    {5} r6 = JOIN r5 WITH project#DataFlowImplForHttpClientLibraries#c536b619::readSet#4#ffff ON FIRST 1 OUTPUT Lhs.3, Lhs.1, Lhs.4, Lhs.2, Rhs.1
                              return r6
```

After
```
Evaluated relational algebra for predicate DataFlowImplForHttpClientLibraries#c536b619::readProj#2#ff@302620cn with tuple counts:
        1461867  ~0%    {2} r1 = SCAN DataFlowPrivate#462ff392::Cached::TContent#f OUTPUT In.0, In.0
        3549054  ~1%    {2} r2 = JOIN r1 WITH DataFlowPublic#e1781e31::ContentSet::getAReadContent#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1
        5772824  ~5%    {2} r3 = JOIN r2 WITH project#DataFlowImplForHttpClientLibraries#c536b619::readSet#4#ffff ON FIRST 1 OUTPUT Lhs.1, Rhs.1
                        return r3

Evaluated relational algebra for predicate DataFlowImplForHttpClientLibraries#c536b619::store#5#fffff@016cd9o1 with tuple counts:
         267905  ~0%    {4} r1 = SCAN DataFlowImplCommon#4f8df883::Cached::store#4#ffff OUTPUT In.1, In.0, In.2, In.3
         267905  ~0%    {5} r2 = JOIN r1 WITH DataFlowImplCommon#4f8df883::Cached::MkTypedContent#fff_20#join_rhs ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Lhs.2, Lhs.3, Rhs.1
         267905  ~0%    {5} r3 = JOIN r2 WITH num#DataFlowImplForHttpClientLibraries#c536b619::TNodeNormal#ff ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Lhs.3, Lhs.4, Rhs.1
         267905  ~0%    {5} r4 = JOIN r3 WITH num#DataFlowImplForHttpClientLibraries#c536b619::TNodeNormal#ff ON FIRST 1 OUTPUT Lhs.3, Lhs.1, Lhs.2, Lhs.4, Rhs.1
        2109240  ~0%    {5} r5 = JOIN r4 WITH DataFlowImplForHttpClientLibraries#c536b619::readProj#2#ff ON FIRST 1 OUTPUT Lhs.3, Lhs.1, Lhs.4, Lhs.2, Rhs.1
                        return r5
```
 2022-09-26 20:37:53 +02:00
erik-krogh 0f1a8a6f5b
deleted unused internal code 2022-09-26 20:20:52 +02:00
erik-krogh b83ca08854
deprecate class documented as deprecated 2022-09-26 20:09:54 +02:00
Mathias Vorreiter Pedersen 11b2a12392
Merge pull request #10572 from MathiasVP/add-cwe-193-fp 
C++: Add FP test for `CWE-193`
 2022-09-26 17:22:47 +01:00
Anders Schack-Mulligen 1687d08587 Dataflow: Sync. 2022-09-26 16:10:03 +02:00
Mathias Vorreiter Pedersen 1c55bbe2e8 C++: Add FP for CWE-193. 2022-09-26 11:53:03 +01:00
Erik Krogh Kristensen c2b5c39436
Merge pull request #10507 from erik-krogh/cpp-followMsg 
CPP: Make more alert-messages follow the style guide
 2022-09-24 17:26:11 +02:00
Dave Bartolomeo 3bd456e52d
Merge pull request #10565 from github/post-release-prep/codeql-cli-2.11.0 
Post-release preparation for codeql-cli-2.11.0
 2022-09-23 18:13:59 -04:00
github-actions[bot] 6cef0af5df Post-release preparation for codeql-cli-2.11.0 2022-09-23 21:01:40 +00:00
Robert Marsh b93a2b06bf C++: prototype for off-by-one in array-typed field 2022-09-23 14:38:06 -04:00
Mathias Vorreiter Pedersen 73f279d6e7
Merge pull request #10555 from MathiasVP/testcase-for-php-cve 
C++: Fix missing bounds in range analysis
 2022-09-23 16:55:51 +01:00
Robert Marsh c2dfbd47a3
Merge pull request #10398 from MathiasVP/further-work-on-buffer-over-queries 
C++: Further work on buffer-overflow queries
 2022-09-23 11:06:32 -04:00
erik-krogh 96b46de7c8
update alert-messages based on review feedback 2022-09-23 14:53:54 +02:00
erik-krogh edd03020c2
fix the casing in the alert-message of cpp/unclear-array-index-validation 2022-09-23 14:48:01 +02:00
Mathias Vorreiter Pedersen 639aaff9c7 C++: Add more metadata. 2022-09-23 13:47:02 +01:00
erik-krogh 9e4843d53e
update the alert-message of cpp/file-may-not-be-closed based on feedback 2022-09-23 14:46:00 +02:00
erik-krogh 2351884352
update some alert-messages based on review feedback 2022-09-23 14:45:59 +02:00
erik-krogh a3c051bf96
add change-note 2022-09-23 14:45:59 +02:00
erik-krogh 40bea78186
remove more instances of the alert-loc being repeated as a link 2022-09-23 14:45:59 +02:00
erik-krogh d55993a37b
autoformat 2022-09-23 14:45:59 +02:00
erik-krogh 33165f4f55
CPP: update expected output 2022-09-23 14:45:59 +02:00
erik-krogh a30c38f38c
CPP: make more alert messages follow the style-guide 2022-09-23 14:45:59 +02:00
Mathias Vorreiter Pedersen ce3654c6ec C++: Make ql-for-ql happy. 2022-09-23 13:07:07 +01:00
Mathias Vorreiter Pedersen f3212fe01c C++: Autoformat. 2022-09-23 13:00:22 +01:00
Mathias Vorreiter Pedersen 162ec2884e C++: Also fix 'OverrunWriteProductFlow.ql' 2022-09-23 12:59:27 +01:00
Mathias Vorreiter Pedersen 8056131901 C++: Autoformat. 2022-09-23 12:26:37 +01:00
Mathias Vorreiter Pedersen 494afdde96 C++: Accept test changes. 2022-09-23 12:21:31 +01:00
Mathias Vorreiter Pedersen ac03242cfc C++: Add an SSAVariable for pointer-arithmetic expressions in guards. 2022-09-23 12:21:31 +01:00
Geoffrey White d60a829569 C++: Remove ErrorExpr case. 2022-09-23 12:17:09 +01:00
Mathias Vorreiter Pedersen 6d06234048 C++: Add testcase demonstrating missing result for 'cpp/invalid-pointer-deref' query. 2022-09-23 11:41:16 +01:00
Nora Dimitrijević 0e9b77e7c3 C++: Initial .qhelp file 2022-09-23 11:46:31 +02:00
Tom Hvitved 8b424d181a
Merge pull request #10505 from hvitved/dataflow/viable-impl-in-ctx-consistency 
Data flow: Guard against `viableImplInCallContext` not being a subset of `viableCallable`
 2022-09-23 10:38:48 +02:00
github-actions[bot] f5cf8cffa3 Release preparation for version 2.11.0 2022-09-22 20:14:12 +00:00
Dave Bartolomeo cee0e8e137
Merge pull request #10532 from github/henrymercer/3.7-mergeback 
Final mergeback from `rc/3.7`
 2022-09-22 13:42:59 -04:00
Nora Dimitrijević dca13f5c89 C++: Initial `cpp/comma-before-misleading-indentation` 
MRVA top 1000 run at: https://github.com/github/semmle-code/actions/runs/3106828111
 2022-09-22 17:44:18 +02:00
Mathias Vorreiter Pedersen c4afb3a2b5 Merge branch 'main' into further-work-on-buffer-over-queries 2022-09-22 16:35:52 +01:00
Nora Dimitrijević f1efc76e8c C++: Initial commit of `cpp/comma-before-missing-indentation` 2022-09-22 17:06:04 +02:00
Tom Hvitved 7a694d5da5 C++: Update expected test output 2022-09-22 15:01:40 +02:00
Tom Hvitved ad6b870f94 Data flow: Sync files 2022-09-22 15:01:33 +02:00
Tom Hvitved f0f4fe7286
Merge pull request #10444 from hvitved/ruby/stmt-sequence-post-update 
Ruby: Add post-update nodes for compound arguments
 2022-09-22 13:18:51 +02:00
Henry Mercer f8f99af8b7 Bump the minor version of packs we regularly release 2022-09-22 12:14:19 +01:00
Robert Marsh 32ab636c77 C++: adjust test so size flows from malloc to field 2022-09-21 12:43:44 -04:00
Robert Marsh fcd0bb13b3 C++: add paths to ArrayAccessProductFlow 2022-09-21 12:37:31 -04:00
Andrew Eisenberg 99e8cb78b0
Merge pull request #10496 from aeisenberg/aeisenberg/merge-rc3.7-into-main 
Aeisenberg/merge rc3.7 into main
 2022-09-21 08:09:47 -07:00
Geoffrey White 518b45bc8e C++: Add two more test cases. 2022-09-21 15:41:27 +01:00
Geoffrey White 0584191b6c C++: Add pragma[noinline]. 2022-09-21 11:49:28 +01:00
Geoffrey White 1cdaaf7882 C++: Performance fix. 2022-09-21 11:11:11 +01:00
Geoffrey White e319c1773e C++: Change note. 2022-09-21 10:45:29 +01:00
Geoffrey White 2756c0e7af C++: Don't report results in files with compilation errors. 2022-09-21 10:45:28 +01:00
Tom Hvitved db8b6ac69a Data flow: Sync files 2022-09-21 11:02:24 +02:00
Andrew Eisenberg 58e4861b45 Merge branch 'main' into rc/3.7 2022-09-20 12:43:20 -07:00
Geoffrey White 9ddb485405 Merge branch 'main' into cleartext-perf 2022-09-20 17:56:18 +01:00
Geoffrey White c599b02e98 C++: Add test case. 2022-09-20 15:23:13 +01:00
Mathias Vorreiter Pedersen 74ccec75c8 C++: Sync identical files. 2022-09-20 13:37:54 +01:00
Mathias Vorreiter Pedersen 79654d978d C++: Sync identical files. 2022-09-20 12:57:21 +01:00
Mathias Vorreiter Pedersen 7c41219376
Merge pull request #10438 from MathiasVP/invalid-pointer-deref-query 
C++: Add a `cpp/invalid-pointer-deref` query to experimental
 2022-09-20 10:41:31 +01:00
Erik Krogh Kristensen a4cd913aea
Merge pull request #10312 from erik-krogh/fix-caseDiff 
ensure consistent casing of names
 2022-09-19 10:43:12 +02:00
Mathias Vorreiter Pedersen 02076074ff C++: Add more comments. 2022-09-18 12:48:13 +01:00
Mathias Vorreiter Pedersen 3e6576bfaf C++: Add example of missing result. 2022-09-18 12:18:04 +01:00
Mathias Vorreiter Pedersen d1cf688abf C++: Fix test function naming. 2022-09-18 12:17:46 +01:00
Mathias Vorreiter Pedersen 78535dc70b C++: Autoformat. 2022-09-18 12:02:32 +01:00
Mathias Vorreiter Pedersen dc00643ad1 C++: More QLDoc. 2022-09-16 17:14:29 +01:00
Mathias Vorreiter Pedersen 031f20a0eb C++: Respond to review comments. 2022-09-16 16:19:06 +01:00
github-actions[bot] 67ce442674 Post-release preparation for codeql-cli-2.10.5 2022-09-16 14:23:44 +00:00
Mathias Vorreiter Pedersen 4482669d7e C++: Add a new 'InvalidPointerDeref' query to experimental. 2022-09-15 17:47:15 +01:00
Mathias Vorreiter Pedersen b8a5aa5d85 C++: Fix a couple of range analysis issues: 
1. The new query is expecting pointer arithmetic operations to generate
range-analysis bounds, but this wasn't true on main.
2. The bounds generated by `boundFlowCond` was incorrectly inferred as
non-strict when comparing a pointers (unlike when comparing values of
integral types). This gave FPs in the new query.

This also fixes a couple of missing results in existing queries that
use the new range-analysis library.
 2022-09-15 17:46:52 +01:00
Mathias Vorreiter Pedersen d981f898e4 C++: Add flow states to the product dataflow library. 2022-09-15 15:54:09 +01:00
Philip Ginsbach 26099d6ab7 remove more upper-case variable names 2022-09-15 14:36:02 +01:00
Geoffrey White 6b21563018 C++: Update change note. 2022-09-15 13:37:20 +01:00
Philip Ginsbach c5703898b0 remove upper-case NamedExpression variable names 2022-09-14 16:35:24 +01:00
Philip Ginsbach 8f7f631211 upper-case variable names are deprecated 2022-09-14 14:50:26 +01:00
Mathias Vorreiter Pedersen c7ccff2e20 C++: Accept test changes. 2022-09-13 12:11:22 +01:00
Mathias Vorreiter Pedersen 4130616ab1 C++: Use experimental dataflow for the product flow library. 2022-09-13 09:41:03 +01:00
Robert Marsh ededfaa40b C++: use-use flow in ArrayAccessProductFlow 2022-09-13 09:39:39 +01:00
Robert Marsh 0fcfe5772f C++: query-specific model for ffmpeg allocator 2022-09-13 09:39:31 +01:00
Robert Marsh 61017a7997 C++: prevent a bad join order 2022-09-13 09:39:11 +01:00
Mathias Vorreiter Pedersen 7f6b400b78
Merge pull request #10366 from MathiasVP/use-use-flow-in-experimental 
C++: Use-use flow in `experimental`
 2022-09-13 09:30:48 +01:00
intrigus 894a0f1c3b Add string to int sanitizer. 2022-09-12 21:02:18 +02:00
Mathias Vorreiter Pedersen 6e4b3c242f
Merge pull request #10377 from geoffw0/deprecate-pointsto 
C++: Put a warning on the PointsTo library.
 2022-09-12 16:25:40 +01:00
Mathias Vorreiter Pedersen d2b150eaf5 C++: Fix QLDoc on the model predicates used by the new experimental use-use code. 2022-09-12 16:00:49 +01:00
Mathias Vorreiter Pedersen bb1c088fe0 C++: Undo changes to iterator models. 2022-09-12 15:58:49 +01:00
Geoffrey White 842af4bf74 C++: Specifically suggest DataFlow as an alternative. 2022-09-12 14:25:45 +01:00
erik-krogh bae4490620
add change-note 2022-09-12 12:12:18 +02:00
Mathias Vorreiter Pedersen c988547e9c C++: Accept test changes. 2022-09-11 18:31:53 +01:00
Geoffrey White 8ac3e10896 C++: Put a warning on the PointsTo library. 2022-09-09 18:03:23 +01:00
Mathias Vorreiter Pedersen 6dcfe0348b C++: Copy over the required changes to non-experimental libraries. 2022-09-09 17:26:58 +01:00
Mathias Vorreiter Pedersen 5509562fe6 C++: Repair a few broken models that were incorrectly a pointer 
as tainted (instead of the pointee), or vice versa. Because of
existing dataflow pointer/pointee conflation we never noticed that,
but since this PR removes those imprecisions we now need to update
these models.
 2022-09-09 17:04:36 +01:00
Mathias Vorreiter Pedersen 6d313ace2d C++: Copy the new use-use flow code to experimental. 2022-09-09 14:20:10 +01:00
Tony Torralba 569fad667a
Merge pull request #10360 from atorralba/atorralba/fix-taint-implicit-reads 
Dataflow: Fix implicit reads in taint tracking when FlowStates are used
 2022-09-09 14:28:39 +02:00
Geoffrey White 6011ae9ecc Merge branch 'main' into cleartext-perf 2022-09-09 11:40:47 +01:00
Geoffrey White edefda9213 C++: Make QL-for-QL happy. 2022-09-09 11:26:42 +01:00
Geoffrey White 813d166ad7 C++: Restore results in cpp/cleartext-storage-database using . 2022-09-09 11:03:29 +01:00
erik-krogh 26d8553f6e
ensure consistent casing of names 2022-09-09 10:34:14 +02:00
Tony Torralba 1078cf091e Add change notes for all languages 2022-09-09 10:28:36 +02:00
Tony Torralba 7db1eb98f5 Sync files 2022-09-08 17:32:03 +02:00
Robert Marsh 0feeafd0ac
Merge pull request #10339 from MathiasVP/dont-use-get-unique-id-in-range-analysis 
C++: Don't use `getUniqueId` in range analysis
 2022-09-08 11:13:43 -04:00
Mathias Vorreiter Pedersen 594c40a375
Merge pull request #10355 from MathiasVP/fix-unequalIntegralSsa-standard-order 
C++: Avoid bad standard order in range analysis
 2022-09-08 14:58:44 +01:00
Tom Hvitved b3653cc3d0
Merge pull request #10216 from hvitved/ssa/shared-lib 
SSA: Create a new `codeql/shared-ssa` library pack and move implementation there
 2022-09-08 15:39:29 +02:00
Mathias Vorreiter Pedersen f119b50c2f C++: Predicate factoring to prevent a bad standard order. 2022-09-08 13:55:27 +01:00
github-actions[bot] a9d80a5a48 Release preparation for version 2.10.5 2022-09-08 11:35:54 +00:00
Jeroen Ketema 6330be3902
C++: Update DB scheme stats file 2022-09-08 10:06:57 +02:00
Jeroen Ketema 04000be050
C++: Add DB scheme upgrade and downgrade scripts 2022-09-08 10:06:57 +02:00
Jeroen Ketema 1140d27bda
C++: Add tests for newly supported builtin operations 2022-09-08 10:06:57 +02:00
Jeroen Ketema 2410321acf
C++: Add change note for newly supported builtin operations 2022-09-08 10:06:57 +02:00
Jeroen Ketema 23b9b07f28
C++: Support more builtin operations 2022-09-08 10:06:57 +02:00
Mathias Vorreiter Pedersen 7062263885 C++: Accept test changes. 2022-09-07 21:11:52 +01:00
Mathias Vorreiter Pedersen a052614dbf C++: Two fixes to ensure we don't use getUniqueId in the new range analysis library. (1) don't use it to rank basic blocks, and (2) don't use it in 'toString' on bounds. 2022-09-07 18:45:43 +01:00
Mathias Vorreiter Pedersen e37848ec6d C++: Remove 'IRConfiguration' since we no longer generate bad IR for range analysis. 2022-09-07 16:39:45 +01:00
Mathias Vorreiter Pedersen 86259ced97 Merge branch 'main' into rdmarsh2/cpp/product-flow 2022-09-07 16:38:42 +01:00
Robert Marsh 55a10d99b4
Merge pull request #10305 from MathiasVP/ql-workaround-for-missing-decl-entries 
C++: Synthesize `DeclarationEntry`s for IR construction
 2022-09-07 11:34:28 -04:00
Mathias Vorreiter Pedersen 7833de19b5 Merge branch 'main' into rdmarsh2/cpp/product-flow 2022-09-07 16:00:43 +01:00
Mathias Vorreiter Pedersen ddeae090a3 C++: Remove CP. 2022-09-07 15:11:16 +01:00
Mathias Vorreiter Pedersen 011d15aca3 C++: Accept test changes. 2022-09-07 14:56:08 +01:00
Mathias Vorreiter Pedersen e0a5d18d7d C++: Respond to Schack feedback. 2022-09-07 11:16:35 +01:00
Mathias Vorreiter Pedersen 5ce47d97b2 Merge branch 'main' into rdmarsh2/cpp/product-flow 2022-09-07 11:14:42 +01:00
Mathias Vorreiter Pedersen d6b8f25312 C++: Add more tests. 2022-09-06 15:22:10 +01:00
Mathias Vorreiter Pedersen 9745073024 C++: Speedup 'cpp/using-expired-stack-address' by avoiding a large negation. 2022-09-06 14:33:33 +01:00
Mathias Vorreiter Pedersen 02c18e714b C++: Mention 'range-based for-loops' in the QLDoc for 'IRDeclarationEntry'. 2022-09-06 10:40:13 +01:00