github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
12 438 коммитов 1 538 Ветки 130 Теги 478 MiB
Граф коммитов

3778 Коммитов

Автор SHA1 Сообщение Дата
Jonas Jensen cec73e689e
Merge pull request #3393 from dbartol/codeql-c-analysis-team/40/1 
C++: A few IR QLDoc comments
 2020-05-11 15:56:43 +02:00
Jonas Jensen 3369453bb1
Merge pull request #3427 from MathiasVP/remove-abstract-from-builtin-op 
C++: Remove abstract keyword from `BuiltInOperation`
 2020-05-11 14:16:46 +02:00
Jonas Jensen 4f5b8f7306
Merge pull request #3430 from MathiasVP/comments-about-comments 
C++: Add QLDoc to CaptionedComments.qll and CommentedOutCode.qll
 2020-05-11 12:36:54 +02:00
Mathias Vorreiter Pedersen 715fa9e446
Simplify comment 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2020-05-11 11:32:10 +02:00
Mathias Vorreiter Pedersen 104545f3a7
Replace 'Returns' with 'Gets' 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2020-05-11 11:31:51 +02:00
Mathias Vorreiter Pedersen 411e52a231 C++: Replace @buildin_op with @builtin_op 2020-05-11 11:12:48 +02:00
Jonas Jensen b3498bd0ad
Merge pull request #3425 from MathiasVP/remove-more-abstract-classes 
C++: Remove abstract keyword from a couple of AST classes
 2020-05-11 10:55:35 +02:00
Jonas Jensen 8ff045b6a2
Merge pull request #3432 from geoffw0/toctou 
C++: Add a test of TOCTOUFilesystemRace.ql
 2020-05-11 09:18:51 +02:00
Mathias Vorreiter Pedersen b34db333a5 C++: Add upgrade script 2020-05-09 13:41:39 +02:00
jcreedcmu c9788a7928
Merge pull request #3308 from jcreedcmu/jcreed/jump-to-def 
Add queries for VS Code jump-to-definition
 2020-05-08 07:29:02 -04:00
Mathias Vorreiter Pedersen 86f283dff2 C++: Add new stats file from Jenkins job 2020-05-08 09:15:58 +02:00
Geoffrey White bff97d9fe5 C++: Effect of #3382. 2020-05-07 19:06:05 +01:00
Geoffrey White 6499197087 C++: Add a test of TOCTOUFilesystemRace.ql. 2020-05-07 19:03:32 +01:00
Mathias Vorreiter Pedersen 8df25c3025 C++: Add QLDoc 2020-05-07 18:34:26 +02:00
Mathias Vorreiter Pedersen 594f3b1807 C++: Add testcase for #3110 2020-05-07 14:39:53 +02:00
Dave Bartolomeo e435484740 C++/C#: Fix formatting 2020-05-07 08:39:01 -04:00
Mathias Vorreiter Pedersen 43ffcfe730 C++: Remove abstract keyword from BuiltInOperation 2020-05-07 13:18:12 +02:00
Mathias Vorreiter Pedersen dd0ca34038 C++: Remove abstract keyword from a couple of AST classes 2020-05-07 12:01:07 +02:00
Dave Bartolomeo f0e86a9191 C++: Add missing module comment 2020-05-06 17:30:20 -04:00
Dave Bartolomeo df4fdaf6ff C++: Fix PR feedback 
Note that the various predicates to access the singleton instances of the `EdgeKind` classes have been moved into a module named `EdgeKind`.
 2020-05-06 17:06:48 -04:00
Jonas Jensen 63f04afa8d
Merge pull request #3312 from hvitved/dataflow/impl-no-postupdate 
Data flow: Support stores into nodes that are not `PostUpdateNode`s
 2020-05-06 09:09:31 +02:00
Robert Marsh 78d2ac1ff4
Merge pull request #3368 from Cornelius-Riemenschneider/local-ala 
C++: Add experimental Array Length Tracking library
 2020-05-05 13:05:52 -07:00
Mathias Vorreiter Pedersen 114310700a
Merge pull request #3414 from geoffw0/issue3356 
C++: Fix error in QLDoc.
 2020-05-05 18:07:49 +02:00
Geoffrey White 27490a35ae C++: Fix error in QLDoc. 2020-05-05 13:37:14 +01:00
Tom Hvitved e95cc24b3f Data flow: Support stores into nodes that are not `PostUpdateNode`s 2020-05-05 14:01:04 +02:00
Anders Schack-Mulligen b7458091a9
Merge pull request #3110 from hvitved/dataflow/no-more-summaries 
Data flow: No more flow summaries
 2020-05-05 13:27:07 +02:00
Matthew Gretton-Dann 52d8acc1a1
Merge pull request #3404 from nickrolfe/field_attrs 
C++: add test for attributes on fields
 2020-05-05 12:12:28 +01:00
Cornelius Riemenschneider 264763080e Autoformat, address review. 2020-05-05 08:52:52 +02:00
Nick Rolfe ae913fbf56 C++: update expected output to include field attribute 2020-05-04 16:17:59 +01:00
Nick Rolfe 124ea86d65 C++: add test for attributes on fields 2020-05-04 15:12:49 +01:00
Jonas Jensen 50b0d426ee C++: Fix fieldFlow join order 
The `fieldFlow` predicate contained a fragile join that has become
ordered wrong recently, either as result of an unrelated change in the
data-flow library or as part of the stats change for the last dbscheme
change.

The minimal fix is to use `getEnclosingCallable` instead of
`getFunction` since the former uses `unique` to ensure good join
ordering in its callers. A longer-term fix should be applied to the AST
base libraries, but this will be invasive and require independent
testing.

Tuple counts on Wireshark before (cancelled after a few minutes):

    (747s) Starting to evaluate predicate DataFlowUtil::localFlowStep#ff/2@bdba82
    (848s) Tuple counts for DataFlowUtil::localFlowStep#ff:
    1766640980 ~1%        {2} r1 = JOIN DataFlowUtil::Node::getFunction_dispred#ff_10#join_rhs AS L WITH DataFlowUtil::Node::getFunction_dispred#ff_10#join_rhs AS R ON FIRST 1 OUTPUT L.<1>, R.<1>
    1327       ~0%        {2} r2 = JOIN r1 WITH project#DataFlowImplLocal::Configuration::hasFlow#fbb AS R ON FIRST 2 OUTPUT r1.<0>, r1.<1>
    9691232    ~0%        {2} r3 = DataFlowUtil::simpleLocalFlowStep#ff@staged_ext \/ r2
                          return r3

After:

    (0s) Starting to evaluate predicate DataFlowUtil::localFlowStep#ff/2@a852a0
    (0s) Tuple counts for DataFlowUtil::localFlowStep#ff:
    49017    ~4%     {3} r1 = JOIN project#DataFlowImplLocal::Configuration::hasFlow#fff AS L WITH DataFlowUtil::Node::getEnclosingCallable_dispred#ff AS R ON FIRST 1 OUTPUT L.<1>, R.<1>, R.<0>
    42359    ~0%     {2} r2 = JOIN r1 WITH DataFlowUtil::Node::getEnclosingCallable_dispred#ff AS R ON FIRST 2 OUTPUT r1.<2>, r1.<0>
    9732264  ~0%     {2} r3 = DataFlowUtil::simpleLocalFlowStep#ff@staged_ext \/ r2
                     return r3
 2020-05-04 12:14:07 +02:00
Dave Bartolomeo 8e9e3c8919
Merge pull request #3395 from jbj/IRBlock-unique 
C++: Use `unique` aggregate in IRBlock computation
 2020-05-03 07:54:51 -04:00
Jonas Jensen 0a59045dc3 C++: Use `unique` aggregate in IRBlock computation 
This gives a slight speedup, and I think it makes the code shorter and
clearer.

On Wireshark, the time from the beginning of the `IRBlock` stage until
just before evaluation of `getInstruction` drops from 44s to 34s.
 2020-05-03 10:07:09 +02:00
Cornelius Riemenschneider bab893d2d1 Address review. 2020-05-02 15:27:56 +02:00
Dave Bartolomeo a166a4d143 C++: A few IR QLDoc comments 2020-05-01 18:17:20 -04:00
Robert Marsh 83e222e5bd C++/C#: sync files 2020-05-01 14:17:43 -07:00
Robert Marsh 537db53a8d C++/C#: improve qldoc on IR get*ResultExpression 2020-05-01 14:12:44 -07:00
Nick Rolfe 4ce896b856
Merge pull request #3378 from matt-gretton-dann/codeql-c-extractor/49-consteval 
Add support for C++20's consteval specifier
 2020-05-01 17:56:56 +01:00
Geoffrey White c8292e4b8e
Merge pull request #3148 from jbj/minmax-to-unique 
C++: Replace "min = max" with "unique"
 2020-05-01 17:43:32 +01:00
Jonas Jensen 4ec0ae6698
Merge pull request #3388 from geoffw0/cleanupstuff 
C++: Small tidy up
 2020-05-01 17:29:12 +02:00
Mathias Vorreiter Pedersen 2e3463740d
Merge pull request #3382 from jbj/escape-qualifier 
C++: Addresses may escape through call qualifiers
 2020-05-01 16:23:46 +02:00
Geoffrey White 9b4884dfaf C++: Backticks. 2020-05-01 14:26:34 +01:00
Geoffrey White 200d7ed360 C++: Remove if-else. 2020-05-01 14:26:34 +01:00
Geoffrey White 4907677351 C++: Try to improve QLDoc on deconstructSizeExpr. 2020-05-01 14:26:33 +01:00
Jonas Jensen 9b9f5248af C++: Accept test changes 
Lambda invocations are apparently const. This was exposed by the fix in
the previous commit.
 2020-05-01 15:23:00 +02:00
Jonas Jensen 36bdcfa42d C++: Remove an unneeded local-flow case 
This case was added in dccc0f4db. The surrounding code has changed a lot
since then, and the case no longer seems to have an effect except to
create some dead ends and possibly cycles in the local flow graph.
 2020-05-01 15:08:15 +02:00
Jonas Jensen 9fc27e9130 C++: Fix "is constant" check 
The check was supposed to check for constant type, not constant value.
This fixes a false negative that appeared in
`LargeParameter/test.cpp:106`.
 2020-05-01 09:04:31 +02:00
Cornelius Riemenschneider c856552b64 Add preOffset to the bindingset for simpleArrayLengthStep. 2020-04-30 15:00:12 +02:00
Jonas Jensen 8ffa124bf9 C++: Addresses may escape through call qualifiers 
Also clarify the docs on `Call` to decrease the likelyhood of such an
omission happening again.

The updated test reflects that `f1.operator()` lets the address of `f1`
escape from the caller.
 2020-04-30 14:27:40 +02:00
Cornelius Riemenschneider b838426421 Move ArrayLengthAnalysis library to the correct location. 2020-04-29 21:07:44 +02:00