C++: mass enable diff-informed data flow#19663
Conversation
There was a problem hiding this comment.
Pull Request Overview
Enables diff-informed data flow analysis by injecting an observeDiffInformedIncrementalMode stub into multiple DataFlow and TaintTracking configurations.
- Adds a stub predicate
observeDiffInformedIncrementalMode() { any() }to enable diff-informed incremental analysis. - Applies across various security checks (CWE rules) and likely-bugs modules.
- Prepares QL libraries for improved incremental performance on code changes.
Reviewed Changes
Copilot reviewed 12 out of 12 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| cpp/ql/src/experimental/Security/CWE/CWE-190/AllocMultiplicationOverflow.ql | Added stub observeDiffInformedIncrementalMode |
| cpp/ql/src/experimental/Security/CWE/CWE-078/WordexpTainted.ql | Added stub observeDiffInformedIncrementalMode |
| cpp/ql/src/Security/CWE/CWE-611/XXE.ql | Added stub observeDiffInformedIncrementalMode |
| cpp/ql/src/Security/CWE/CWE-497/PotentiallyExposedSystemData.ql | Added stub observeDiffInformedIncrementalMode |
| cpp/ql/src/Security/CWE/CWE-497/ExposedSystemData.ql | Added stub observeDiffInformedIncrementalMode |
| cpp/ql/src/Security/CWE/CWE-190/IntegerOverflowTainted.ql | Added stub observeDiffInformedIncrementalMode |
| cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql | Added stub observeDiffInformedIncrementalMode |
| cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql | Added stub observeDiffInformedIncrementalMode |
| cpp/ql/src/Security/CWE/CWE-114/UncontrolledProcessOperation.ql | Added stub observeDiffInformedIncrementalMode |
| cpp/ql/src/Likely Bugs/Memory Management/NtohlArrayNoBound.qll | Added stub observeDiffInformedIncrementalMode |
| cpp/ql/src/Likely Bugs/Conversion/CastArrayPointerArithmetic.ql | Added stub observeDiffInformedIncrementalMode |
| cpp/ql/lib/experimental/semmle/code/cpp/security/PrivateCleartextWrite.qll | Added stub observeDiffInformedIncrementalMode |
Comments suppressed due to low confidence (2)
cpp/ql/src/experimental/Security/CWE/CWE-190/AllocMultiplicationOverflow.ql:34
- [nitpick] Add a brief comment above this predicate explaining its role in enabling diff-informed incremental analysis to help future maintainers understand its purpose.
predicate observeDiffInformedIncrementalMode() { any() }
cpp/ql/src/experimental/Security/CWE/CWE-190/AllocMultiplicationOverflow.ql:34
- No tests were added to verify that diff-informed data flow actually takes effect. Consider adding regression tests for one or two representative modules to validate this new mode behaves as expected.
predicate observeDiffInformedIncrementalMode() { any() }
cpp/ql/src/experimental/Security/CWE/CWE-190/AllocMultiplicationOverflow.ql
Show resolved
Hide resolved
|
It turns out that some of the generated changes in the PRs were not correct, e.g. because they should have also generated a |
|
Update: no changes since last time I opened the PR. It turns out that it's sound (but not optimally performant) to leave |
An auto-generated patch that enables diff-informed data flow in the obvious cases. Builds on github#18342 and github/codeql-patch#88
a623657 to
4dd07f4
Compare
|
Note, according to the follow-up PR, one of these queries (WordexpTainted.ql) has a missing source/sink in its select clause; the others should have both. |
|
Thanks! 🚀 |
An auto-generated patch that enables diff-informed data flow in the obvious cases.
Builds on #18342 and https://github.com/github/codeql-patch/pull/88