Skip to content

Mergeback master -> next #451

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
hvitved merged 29 commits into from
Nov 13, 2018
Merged

Mergeback master -> next #451

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
29 commits
Select commit Hold shift + click to select a range
3de1f3b
C#: Query and qltest for VulnerablePackage.
calumgrant Oct 15, 2018
ff3ed2d
C#: Autobuilder extracts XML for .csproj and .props files.
calumgrant Oct 17, 2018
5ad060c
C#: qhelp for VulnerablePackage.
calumgrant Oct 17, 2018
ee396af
C#: Update analysis change notes.
calumgrant Oct 17, 2018
6e96fba
C#: Address review comments: Merge XML index commands.
calumgrant Oct 19, 2018
61232cb
C#: Address review comments in QL.
calumgrant Oct 19, 2018
fde3341
C#: Addressed documentation review.
calumgrant Oct 25, 2018
73b186a
CPP: Add test case.
geoffw0 Nov 7, 2018
7bf9200
CPP: Fix (it looks like we already had a similar test, both are fixed.
geoffw0 Nov 7, 2018
5f12c18
CPP: Change note.
geoffw0 Nov 7, 2018
d6f27f0
CPP: Add a test of macros.
geoffw0 Nov 8, 2018
5b09e11
CPP: Repair macro case.
geoffw0 Nov 8, 2018
55f4839
Allow mixed whitespace in JavaScript test sources
dave-bartolomeo Nov 6, 2018
a141f4c
Allow mixed whitespace in C#, C++, and Java test sources
dave-bartolomeo Nov 7, 2018
d521502
Allow mixed whitespace in parser tests
dave-bartolomeo Nov 8, 2018
2977395
Ignore whitespace errors in everything under lib
dave-bartolomeo Nov 8, 2018
bdfe938
JavaScript: Improve `StackTraceExposure` query.
Oct 31, 2018
fa8736a
JavaScript: Introduce aliases for compatibility with other language l…
Nov 9, 2018
d5c6f4f
CPP: Correct typo in OverflowCalculated.cpp example.
geoffw0 Nov 9, 2018
e645166
CPP: Make InconsistentNullnessTest.cpp example plausible.
geoffw0 Nov 9, 2018
3f0e28a
CPP: Fix additional expr_has_no_effect test.
geoffw0 Nov 9, 2018
09782d1
CPP: Annotate expr_has_no_effect test.
geoffw0 Nov 9, 2018
0caf0f1
Merge pull request #430 from geoffw0/exprtemplate
jbj Nov 12, 2018
e9dac22
Merge pull request #446 from geoffw0/minor-corrections
jbj Nov 12, 2018
bf18175
Merge pull request #445 from xiemaisi/js/aliases
semmle-qlci Nov 12, 2018
c9d77a2
Merge pull request #443 from xiemaisi/js/improve-stack-trace-exposure
semmle-qlci Nov 12, 2018
40def8d
Merge pull request #418 from dave-bartolomeo/dave/FormatConfig
hvitved Nov 12, 2018
dd6fd40
Merge pull request #335 from calumgrant/cs/cwe-937
hvitved Nov 12, 2018
1500237
Merge remote-tracking branch 'upstream/master' into mergeback-20181112
jbj Nov 12, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions change-notes/1.19/analysis-cpp.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
| **Query** | **Expected impact** | **Change** |
|----------------------------|------------------------|------------------------------------------------------------------|
| Empty branch of conditional | Fewer false positive results | The query now recognizes commented blocks more reliably. |
| Expression has no effect | Fewer false positive results | Expressions in template instantiations are now excluded from this query. |
| Resource not released in destructor | Fewer false positive results | Placement new is now excluded from the query. Also fixed an issue where false positives could occur if the destructor body was not in the snapshot. |
| Missing return statement (`cpp/missing-return`) | Visible by default | The precision of this query has been increased from 'medium' to 'high', which makes it visible by default in LGTM. It was 'medium' in release 1.17 and 1.18 because it had false positives due to an extractor bug that was fixed in 1.18. |
| Missing return statement | Fewer false positive results | The query is now produces correct results when a function returns a template-dependent type. |
Expand Down
3 changes: 2 additions & 1 deletion change-notes/1.19/analysis-csharp.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,8 @@

| **Query** | **Tags** | **Purpose** |
|-----------------------------|-----------|--------------------------------------------------------------------|
| *@name of query (Query ID)* | *Tags* |*Aim of the new query and whether it is enabled by default or not* |
| Using a package with a known vulnerability (cs/use-of-vulnerable-package) | security, external/cwe/cwe-937 | Finds project build files that import packages with known vulnerabilities. This is included by default. |


## Changes to existing queries

Expand Down
1 change: 1 addition & 0 deletions change-notes/1.19/analysis-javascript.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@
| Unused import | Fewer false-positive results | This rule no longer flags imports used by the `transform-react-jsx` Babel plugin. |
| Self assignment | Fewer false-positive results | This rule now ignores self-assignments preceded by a JSDoc comment with a `@type` tag. |
| Client side cross-site scripting | More results | This rule now also flags HTML injection in the body of an email. |
| Information exposure through a stack trace | More results | This rule now also flags cases where the entire exception object (including the stack trace) may be exposed. |

## Changes to QL libraries

Expand Down
4 changes: 2 additions & 2 deletions cpp/ql/src/Critical/InconsistentNullnessTesting.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
void* f() {
block = malloc(BLOCK_SIZE);
block = (MyBlock *)malloc(sizeof(MyBlock));
if (block) { //correct: block is checked for nullness here
block->id = NORMAL_BLOCK_ID;
}
//...
/* make sure data-portion is null-terminated */
block[BLOCK_SIZE - 1] = '\0'; //wrong: block not checked for nullness here
block->data[BLOCK_SIZE - 1] = '\0'; //wrong: block not checked for nullness here
return block;
}
2 changes: 1 addition & 1 deletion cpp/ql/src/Critical/OverflowCalculated.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
void f(char* string) {
// wrong: allocates space for characters, put not zero terminator
// wrong: allocates space for characters, but not zero terminator
char* buf = malloc(strlen(string));
strcpy(buf, string);

Expand Down
1 change: 1 addition & 0 deletions cpp/ql/src/Likely Bugs/Likely Typos/ExprHasNoEffect.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,7 @@ where // EQExprs are covered by CompareWhereAssignMeant.ql
not accessInInitOfForStmt(peivc) and
not peivc.isCompilerGenerated() and
not exists(Macro m | peivc = m.getAnInvocation().getAnExpandedElement()) and
not peivc.isFromTemplateInstantiation(_) and
parent = peivc.getParent() and
not parent.isInMacroExpansion() and
not parent instanceof PureExprInVoidContext and
Expand Down
11 changes: 11 additions & 0 deletions cpp/ql/test/format.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
[
{
"pattern": [
"**/*.c",
"**/*.cpp",
"**/*.h",
"**/*.hpp"
],
"allowMixedTabsAndSpaces": true
}
]
8 changes: 4 additions & 4 deletions cpp/ql/test/library-tests/queries/expr_has_no_effect/calls.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,26 +5,26 @@ int external();
class Base {
public:
virtual int thingy() {
1;
1; // BAD
}

int our_thingy() {
Base::thingy();
Base::thingy(); // BAD
return 2;
}
};

class Derived : public Base {
public:
virtual int thingy() {
external();
external(); // GOOD
return 3;
}
};

void internal() {
Base* ptr = new Derived();
ptr->thingy();
ptr->thingy(); // GOOD
}

}
1 change: 0 additions & 1 deletion cpp/ql/test/library-tests/queries/expr_has_no_effect/expr_has_no_effect.expected
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
| calls.cpp:8:5:8:5 | 1 | This expression has no effect. | calls.cpp:8:5:8:5 | 1 | |
| calls.cpp:12:5:12:16 | call to thingy | This expression has no effect (because $@ has no external side effects). | calls.cpp:7:15:7:20 | thingy | thingy |
| templatey.cpp:4:3:4:8 | ... << ... | This expression has no effect. | templatey.cpp:4:3:4:8 | ... << ... | |
| templatey.cpp:39:3:39:23 | call to pointless_add_numbers | This expression has no effect (because $@ has no external side effects). | templatey.cpp:29:5:29:25 | pointless_add_numbers | pointless_add_numbers |
| volatile.c:9:5:9:5 | c | This expression has no effect. | volatile.c:9:5:9:5 | c | |
| volatile.c:12:5:12:9 | access to array | This expression has no effect. | volatile.c:12:5:12:9 | access to array | |
Expand Down
12 changes: 6 additions & 6 deletions cpp/ql/test/library-tests/queries/expr_has_no_effect/templatey.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
template <typename T>
void foo(T x, T y)
{
x << y;
x << y; // GOOD (effect depends on T)
};

struct streamable
Expand All @@ -15,9 +15,9 @@ void operator<<(streamable& lhs, streamable& rhs)
int main()
{
int x = 3;
foo(x, x);
foo(x, x); // BAD [NOT DETECTED]
streamable y;
foo(y, y);
foo(y, y); // BAD [NOT DETECTED]
return 0;
}

Expand All @@ -34,7 +34,7 @@ int pointless_add_numbers(int lhs, int rhs)
void call_add_numbers()
{
int accum = 0;
add_numbers(accum, 4);
add_numbers(accum, 10);
pointless_add_numbers(accum, 20);
add_numbers(accum, 4); // GOOD
add_numbers(accum, 10); // GOOD
pointless_add_numbers(accum, 20); // BAD
}
10 changes: 5 additions & 5 deletions cpp/ql/test/library-tests/queries/expr_has_no_effect/volatile.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,18 +6,18 @@ char *pc;
volatile char *pv;

void f(void) {
c;
v;
c; // BAD
v; // (accesses to volatile variables are considered impure)

pc[5];
pc[5]; // BAD
pv[5];
((volatile char *)pc)[5];

*pc;
*pc; // BAD
*pv;
*((volatile char *)pc);

*(pc + 5);
*(pc + 5); // BAD
*(pv + 5);
*((volatile char *)(pc + 5));
*(((volatile char *)pc) + 5);
Expand Down
6 changes: 1 addition & 5 deletions cpp/ql/test/query-tests/Likely Bugs/Likely Typos/ExprHasNoEffect/ExprHasNoEffect.expected
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
| preproc.c:89:2:89:4 | call to fn4 | This expression has no effect (because $@ has no external side effects). | preproc.c:33:5:33:7 | fn4 | fn4 |
| preproc.c:94:2:94:4 | call to fn9 | This expression has no effect (because $@ has no external side effects). | preproc.c:78:5:78:7 | fn9 | fn9 |
| template.cpp:19:3:19:3 | call to operator++ | This expression has no effect (because $@ has no external side effects). | template.cpp:9:10:9:19 | operator++ | operator++ |
| test.c:7:5:7:5 | 0 | This expression has no effect. | test.c:7:5:7:5 | 0 | |
| test.c:9:8:9:8 | 1 | This expression has no effect. | test.c:9:8:9:8 | 1 | |
| test.c:9:11:9:11 | 2 | This expression has no effect. | test.c:9:11:9:11 | 2 | |
Expand All @@ -19,11 +20,6 @@
| test.c:26:15:26:16 | 32 | This expression has no effect. | test.c:26:15:26:16 | 32 | |
| test.c:27:9:27:10 | 33 | This expression has no effect. | test.c:27:9:27:10 | 33 | |
| test.cpp:24:3:24:3 | call to operator++ | This expression has no effect (because $@ has no external side effects). | test.cpp:9:14:9:23 | operator++ | operator++ |
| test.cpp:24:3:24:3 | call to operator++ | This expression has no effect (because $@ has no external side effects). | test.cpp:9:14:9:23 | operator++ | operator++ |
| test.cpp:24:3:24:3 | call to operator++ | This expression has no effect (because $@ has no external side effects). | test.cpp:9:14:9:23 | operator++ | operator++ |
| test.cpp:25:3:25:3 | call to operator++ | This expression has no effect (because $@ has no external side effects). | test.cpp:9:14:9:23 | operator++ | operator++ |
| test.cpp:25:3:25:3 | call to operator++ | This expression has no effect (because $@ has no external side effects). | test.cpp:9:14:9:23 | operator++ | operator++ |
| test.cpp:25:3:25:3 | call to operator++ | This expression has no effect (because $@ has no external side effects). | test.cpp:9:14:9:23 | operator++ | operator++ |
| test.cpp:26:3:26:3 | call to operator++ | This expression has no effect (because $@ has no external side effects). | test.cpp:9:14:9:23 | operator++ | operator++ |
| test.cpp:62:5:62:5 | call to operator= | This expression has no effect (because $@ has no external side effects). | test.cpp:47:14:47:22 | operator= | operator= |
| test.cpp:65:5:65:5 | call to operator= | This expression has no effect (because $@ has no external side effects). | test.cpp:55:7:55:7 | operator= | operator= |
7 changes: 7 additions & 0 deletions cpp/ql/test/query-tests/Likely Bugs/Likely Typos/ExprHasNoEffect/macros.c
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@

#define UNUSED(x) (x)

void test2(int param)
{
UNUSED(param); // GOOD
}
22 changes: 22 additions & 0 deletions cpp/ql/test/query-tests/Likely Bugs/Likely Typos/ExprHasNoEffect/template.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@

template<class T>
void Increment(T &t) {
t++; // GOOD (sometimes has an effect)
}

class Nothing {
public:
Nothing operator++(int) {
return *this; // do nothing
}
};

void myTemplateTest() {
int i = 0;
Nothing n;

i++; // GOOD (always has an effect)
n++; // BAD (never has an effect)
Increment(i);
Increment(n);
}
2 changes: 1 addition & 1 deletion cpp/ql/test/query-tests/Likely Bugs/Likely Typos/ExprHasNoEffect/test.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ class MyTemplateClass

++arg1; // pure, does nothing
++arg2; // pure, does nothing
++arg3; // not pure in all cases (when _It is int this has a side-effect) [FALSE POSITIVE]
++arg3; // not pure in all cases (when _It is int this has a side-effect)

return arg2;
}
Expand Down
Loading