From 9daefa36135650f92d1c4b28cf84e6492df5081a Mon Sep 17 00:00:00 2001 From: Jonas Jensen Date: Fri, 30 Nov 2018 13:09:27 +0100 Subject: [PATCH 1/5] C++: Complete change notes for my own PRs --- change-notes/1.19/analysis-cpp.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/change-notes/1.19/analysis-cpp.md b/change-notes/1.19/analysis-cpp.md index edbab04f34eb..579be4029191 100644 --- a/change-notes/1.19/analysis-cpp.md +++ b/change-notes/1.19/analysis-cpp.md @@ -23,8 +23,11 @@ | Expression has no effect | Fewer false positive results | Expressions in template instantiations are now excluded from this query. | | Global could be static | Fewer false positive results | Variables with declarations in header files are now excluded from this query. | | Resource not released in destructor | Fewer false positive results | Placement new is now excluded from the query. Also fixed an issue where false positives could occur if the destructor body was not in the snapshot. | +| Memory is never freed | Fewer false positive results | This query now accounts for C++ _placement new_, which returns a pointer that does not need to be freed. | | Missing return statement (`cpp/missing-return`) | Visible by default | The precision of this query has been increased from 'medium' to 'high', which makes it visible by default in LGTM. It was 'medium' in release 1.17 and 1.18 because it had false positives due to an extractor bug that was fixed in 1.18. | | Missing return statement | Fewer false positive results | The query is now produces correct results when a function returns a template-dependent type, or makes a non-returning call to another function. | +| Multiplication result converted to larger type (`cpp/integer-multiplication-cast-to-long`) | Fewer false positive results | Char-typed numbers are no longer considered to potentially large. | +| Overloaded assignment does not return 'this' (`cpp/assignment-does-not-return-this`) | Fewer false positive results | This query now ignores any return statements that are unreachable. | | Static array access may cause overflow | More correct results | Data flow to the size argument of a buffer operation is now checked in this query. | | Call to memory access function may overflow buffer | More correct results | Array indexing with a negative index is now detected by this query. | | Self comparison | Fewer false positive results | Code inside macro invocations is now excluded from the query. | From b793807af53f96ac54be09ca5ec071da50f5329c Mon Sep 17 00:00:00 2001 From: Jonas Jensen Date: Fri, 30 Nov 2018 13:44:40 +0100 Subject: [PATCH 2/5] C++: Complete change notes for Dave's PRs --- change-notes/1.19/analysis-cpp.md | 1 + 1 file changed, 1 insertion(+) diff --git a/change-notes/1.19/analysis-cpp.md b/change-notes/1.19/analysis-cpp.md index 579be4029191..8cc6ad28faba 100644 --- a/change-notes/1.19/analysis-cpp.md +++ b/change-notes/1.19/analysis-cpp.md @@ -27,6 +27,7 @@ | Missing return statement (`cpp/missing-return`) | Visible by default | The precision of this query has been increased from 'medium' to 'high', which makes it visible by default in LGTM. It was 'medium' in release 1.17 and 1.18 because it had false positives due to an extractor bug that was fixed in 1.18. | | Missing return statement | Fewer false positive results | The query is now produces correct results when a function returns a template-dependent type, or makes a non-returning call to another function. | | Multiplication result converted to larger type (`cpp/integer-multiplication-cast-to-long`) | Fewer false positive results | Char-typed numbers are no longer considered to potentially large. | +| Non-virtual destructor in base class (`cpp/virtual-destructor`) | Fewer false positive results | This query was renamed from "No virtual destructor" and moved from file name `AV Rule 78.ql` to `NonVirtualDestructorInBaseClass.ql`. The new version ignores base classes with non-public destructors since we consider those to be adequately protected. | | Overloaded assignment does not return 'this' (`cpp/assignment-does-not-return-this`) | Fewer false positive results | This query now ignores any return statements that are unreachable. | | Static array access may cause overflow | More correct results | Data flow to the size argument of a buffer operation is now checked in this query. | | Call to memory access function may overflow buffer | More correct results | Array indexing with a negative index is now detected by this query. | From 9532ee5177cf211835e64ddaa30a3cf8632231d7 Mon Sep 17 00:00:00 2001 From: Jonas Jensen Date: Fri, 30 Nov 2018 14:29:08 +0100 Subject: [PATCH 3/5] C++: Add more detail to change notes for libraries --- change-notes/1.19/analysis-cpp.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/change-notes/1.19/analysis-cpp.md b/change-notes/1.19/analysis-cpp.md index 8cc6ad28faba..ce1f5d900b75 100644 --- a/change-notes/1.19/analysis-cpp.md +++ b/change-notes/1.19/analysis-cpp.md @@ -43,6 +43,7 @@ ## Changes to QL libraries -* Added a hash consing library for structural comparison of expressions. -* `getBufferSize` now detects variable size structs more reliably. -* Buffer.qll now treats arrays of zero size as a special case. +* Added a hash consing library (`semmle.code.cpp.valuenumbering.HashCons`) for structural comparison of expressions. Unlike the existing library for global value numbering, this library implements a pure syntactic comparison of expressions and will equate expressions even if they may not compute the same value. +* The `Buffer.qll` library has more conservative treatment of arrays embedded in structs. This reduces false positives in a number of security queries, especially `cpp/overflow-buffer`. + * Pre-C99 encodings of _flexible array members_ are recognized more reliably. + * Arrays of zero size are now treated as a special case. From 148c79a0e66c2d3bd5b0adb6894d5cbcedc8f42e Mon Sep 17 00:00:00 2001 From: Jonas Jensen Date: Fri, 30 Nov 2018 15:41:43 +0100 Subject: [PATCH 4/5] C++: Deprecate RecursionPrevention --- change-notes/1.19/analysis-cpp.md | 1 + cpp/ql/src/semmle/code/cpp/dataflow/RecursionPrevention.qll | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/change-notes/1.19/analysis-cpp.md b/change-notes/1.19/analysis-cpp.md index ce1f5d900b75..401c01a31831 100644 --- a/change-notes/1.19/analysis-cpp.md +++ b/change-notes/1.19/analysis-cpp.md @@ -47,3 +47,4 @@ * The `Buffer.qll` library has more conservative treatment of arrays embedded in structs. This reduces false positives in a number of security queries, especially `cpp/overflow-buffer`. * Pre-C99 encodings of _flexible array members_ are recognized more reliably. * Arrays of zero size are now treated as a special case. +* The library `semmle.code.cpp.dataflow.RecursionPrevention` is now deprecated. It was an aid for transitioning data-flow queries from 1.16 to 1.17, and it no longer has any function. Imports of this library should simply be deleted. diff --git a/cpp/ql/src/semmle/code/cpp/dataflow/RecursionPrevention.qll b/cpp/ql/src/semmle/code/cpp/dataflow/RecursionPrevention.qll index 75f22a077fd5..fd65f87990a3 100644 --- a/cpp/ql/src/semmle/code/cpp/dataflow/RecursionPrevention.qll +++ b/cpp/ql/src/semmle/code/cpp/dataflow/RecursionPrevention.qll @@ -1,4 +1,9 @@ /** + * DEPRECATED: Recursion through `DataFlow::Configuration` is impossible in + * Semmle Core 1.17 and above. There is no need for this module because it's + * impossible to accidentally depend on recursion through + * `DataFlow::Configuration` in current releases. + * * When this module is imported, recursive use of `DataFlow::Configuration` is * disallowed. Importing this module will guarantee the absence of such * recursion, which is unsupported and will be unconditionally disallowed in a From 8f60c0980408fad7b2d6859f711689c0713dcaf0 Mon Sep 17 00:00:00 2001 From: Jonas Jensen Date: Mon, 3 Dec 2018 13:04:24 +0100 Subject: [PATCH 5/5] C++: Clarify cpp/virtual-destructor changelog --- change-notes/1.19/analysis-cpp.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/change-notes/1.19/analysis-cpp.md b/change-notes/1.19/analysis-cpp.md index 401c01a31831..f7391c150fb4 100644 --- a/change-notes/1.19/analysis-cpp.md +++ b/change-notes/1.19/analysis-cpp.md @@ -26,8 +26,8 @@ | Memory is never freed | Fewer false positive results | This query now accounts for C++ _placement new_, which returns a pointer that does not need to be freed. | | Missing return statement (`cpp/missing-return`) | Visible by default | The precision of this query has been increased from 'medium' to 'high', which makes it visible by default in LGTM. It was 'medium' in release 1.17 and 1.18 because it had false positives due to an extractor bug that was fixed in 1.18. | | Missing return statement | Fewer false positive results | The query is now produces correct results when a function returns a template-dependent type, or makes a non-returning call to another function. | -| Multiplication result converted to larger type (`cpp/integer-multiplication-cast-to-long`) | Fewer false positive results | Char-typed numbers are no longer considered to potentially large. | -| Non-virtual destructor in base class (`cpp/virtual-destructor`) | Fewer false positive results | This query was renamed from "No virtual destructor" and moved from file name `AV Rule 78.ql` to `NonVirtualDestructorInBaseClass.ql`. The new version ignores base classes with non-public destructors since we consider those to be adequately protected. | +| Multiplication result converted to larger type (`cpp/integer-multiplication-cast-to-long`) | Fewer false positive results | Char-typed numbers are no longer considered to be potentially large. | +| Non-virtual destructor in base class (`cpp/virtual-destructor`) | Fewer false positive results | This query was copied from file `AV Rule 78.ql` to `NonVirtualDestructorInBaseClass.ql` and renamed from "No virtual destructor" to "Non-virtual destructor in base class". The new version ignores base classes with non-public destructors since we consider those to be adequately protected. The new version retains the query id `cpp/virtual-destructor` and is displayed by default on LGTM, while `AV Rule 78.ql` is not run on LGTM. | | Overloaded assignment does not return 'this' (`cpp/assignment-does-not-return-this`) | Fewer false positive results | This query now ignores any return statements that are unreachable. | | Static array access may cause overflow | More correct results | Data flow to the size argument of a buffer operation is now checked in this query. | | Call to memory access function may overflow buffer | More correct results | Array indexing with a negative index is now detected by this query. |