Skip to content

Commit 7e0e7d5

Browse files
committed
Merge branch 'main' into use-taint-configuration-in-three-more-queries
2 parents 7593eba + d89c52f commit 7e0e7d5

File tree

192 files changed

+2733
-790
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

192 files changed

+2733
-790
lines changed

.github/workflows/check-qldoc.yml

Lines changed: 50 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,50 @@
1+
name: "Check QLdoc coverage"
2+
3+
on:
4+
pull_request:
5+
paths:
6+
- "*/ql/lib/**"
7+
- .github/workflows/check-qldoc.yml
8+
branches:
9+
- main
10+
- "rc/*"
11+
12+
jobs:
13+
qldoc:
14+
runs-on: ubuntu-latest
15+
16+
steps:
17+
- name: Install CodeQL
18+
run: |
19+
gh extension install github/gh-codeql
20+
gh codeql set-channel nightly
21+
gh codeql version
22+
env:
23+
GITHUB_TOKEN: ${{ github.token }}
24+
25+
- uses: actions/checkout@v2
26+
with:
27+
fetch-depth: 2
28+
29+
- name: Check QLdoc coverage
30+
shell: bash
31+
run: |
32+
EXIT_CODE=0
33+
changed_lib_packs="$(git diff --name-only --diff-filter=ACMRT HEAD^ HEAD | { grep -o '^[a-z]*/ql/lib' || true; } | sort -u)"
34+
for pack_dir in ${changed_lib_packs}; do
35+
lang="${pack_dir%/ql/lib}"
36+
gh codeql generate library-doc-coverage --output="${RUNNER_TEMP}/${lang}-current.txt" --dir="${pack_dir}"
37+
done
38+
git checkout HEAD^
39+
for pack_dir in ${changed_lib_packs}; do
40+
lang="${pack_dir%/ql/lib}"
41+
gh codeql generate library-doc-coverage --output="${RUNNER_TEMP}/${lang}-baseline.txt" --dir="${pack_dir}"
42+
awk -F, '{gsub(/"/,""); if ($4==0 && $6=="public") print "\""$3"\"" }' "${RUNNER_TEMP}/${lang}-current.txt" | sort -u > "${RUNNER_TEMP}/current-undocumented.txt"
43+
awk -F, '{gsub(/"/,""); if ($4==0 && $6=="public") print "\""$3"\"" }' "${RUNNER_TEMP}/${lang}-baseline.txt" | sort -u > "${RUNNER_TEMP}/baseline-undocumented.txt"
44+
UNDOCUMENTED="$(grep -f <(comm -13 "${RUNNER_TEMP}/baseline-undocumented.txt" "${RUNNER_TEMP}/current-undocumented.txt") "${RUNNER_TEMP}/${lang}-current.txt" || true)"
45+
if [ -n "$UNDOCUMENTED" ]; then
46+
echo "$UNDOCUMENTED" | awk -F, '{gsub(/"/,""); print "::warning file='"${pack_dir}"'/"$1",line="$2"::Missing QLdoc for "$5, $3 }'
47+
EXIT_CODE=1
48+
fi
49+
done
50+
exit "${EXIT_CODE}"

config/identical-files.json

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -73,6 +73,14 @@
7373
"java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/SsaReadPositionCommon.qll",
7474
"csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/SsaReadPositionCommon.qll"
7575
],
76+
"Model as Data Generation Java/C# - Utils": [
77+
"java/ql/src/utils/model-generator/ModelGeneratorUtils.qll",
78+
"csharp/ql/src/utils/model-generator/ModelGeneratorUtils.qll"
79+
],
80+
"Model as Data Generation Java/C# - SummaryModels": [
81+
"java/ql/src/utils/model-generator/CaptureSummaryModels.qll",
82+
"csharp/ql/src/utils/model-generator/CaptureSummaryModels.qll"
83+
],
7684
"Sign Java/C#": [
7785
"java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/Sign.qll",
7886
"csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/Sign.qll"
@@ -508,4 +516,4 @@
508516
"javascript/ql/lib/semmle/javascript/frameworks/data/internal/AccessPathSyntax.qll",
509517
"ruby/ql/lib/codeql/ruby/dataflow/internal/AccessPathSyntax.qll"
510518
]
511-
}
519+
}

cpp/ql/lib/CHANGELOG.md

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,9 @@
1+
## 0.0.11
2+
3+
### Minor Analysis Improvements
4+
5+
* Many queries now support structured bindings, as structured bindings are now handled in the IR translation.
6+
17
## 0.0.10
28

39
### New Features
@@ -6,6 +12,7 @@
612

713
## 0.0.9
814

15+
916
## 0.0.8
1017

1118
### Deprecated APIs
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
1-
---
2-
category: minorAnalysis
3-
---
1+
## 0.0.11
2+
3+
### Minor Analysis Improvements
4+
45
* Many queries now support structured bindings, as structured bindings are now handled in the IR translation.

cpp/ql/lib/codeql-pack.release.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,2 @@
11
---
2-
lastReleaseVersion: 0.0.10
2+
lastReleaseVersion: 0.0.11

cpp/ql/lib/qlpack.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
name: codeql/cpp-all
2-
version: 0.0.11-dev
2+
version: 0.0.12-dev
33
groups: cpp
44
dbscheme: semmlecode.cpp.dbscheme
55
extractor: cpp

cpp/ql/src/CHANGELOG.md

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,24 @@
1+
## 0.0.11
2+
3+
### Breaking Changes
4+
5+
* The deprecated queries `cpp/duplicate-block`, `cpp/duplicate-function`, `cpp/duplicate-class`, `cpp/duplicate-file`, `cpp/mostly-duplicate-function`,`cpp/similar-file`, `cpp/duplicated-lines-in-files` have been removed.
6+
7+
### Deprecated Predicates and Classes
8+
9+
* The predicates and classes in the `CodeDuplication` library have been deprecated.
10+
11+
### New Queries
12+
13+
* A new query titled "Use of expired stack-address" (`cpp/using-expired-stack-address`) has been added.
14+
This query finds accesses to expired stack-allocated memory that escaped via a global variable.
15+
* A new `cpp/insufficient-key-size` query has been added to the default query suite for C/C++. The query finds uses of certain cryptographic algorithms where the key size is too small to provide adequate encryption strength.
16+
17+
### Minor Analysis Improvements
18+
19+
* The "Failure to use HTTPS URLs" (`cpp/non-https-url`) has been improved reducing false positive results, and its precision has been increased to 'high'.
20+
* The `cpp/system-data-exposure` query has been modernized and has converted to a `path-problem` query. There are now fewer false positive results.
21+
122
## 0.0.10
223

324
### Deprecated Classes

cpp/ql/src/Likely Bugs/Memory Management/ReturnStackAllocatedMemory.ql

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -77,12 +77,13 @@ class ReturnStackAllocatedMemoryConfig extends MustFlowConfiguration {
7777

7878
from
7979
MustFlowPathNode source, MustFlowPathNode sink, VariableAddressInstruction var,
80-
ReturnStackAllocatedMemoryConfig conf
80+
ReturnStackAllocatedMemoryConfig conf, Function f
8181
where
8282
conf.hasFlowPath(source, sink) and
8383
source.getNode().asInstruction() = var and
8484
// Only raise an alert if we're returning from the _same_ callable as the on that
8585
// declared the stack variable.
86-
var.getEnclosingFunction() = sink.getNode().getEnclosingCallable()
86+
var.getEnclosingFunction() = pragma[only_bind_into](f) and
87+
sink.getNode().getEnclosingCallable() = pragma[only_bind_into](f)
8788
select sink.getNode(), source, sink, "May return stack-allocated memory from $@.", var.getAst(),
8889
var.getAst().toString()

cpp/ql/src/change-notes/2022-02-10-system-data-exposure.md

Lines changed: 0 additions & 4 deletions
This file was deleted.

cpp/ql/src/change-notes/2022-02-16-insufficient-key-size.md

Lines changed: 0 additions & 4 deletions
This file was deleted.

0 commit comments

Comments
 (0)