Skip to content

C++: mass-enable diff-informed queries phase 2 - getASelected{Source,Sink}Location() { none() }#19759

Merged
d10c merged 1 commit intogithub:mainfrom
d10c:d10c/cpp/diff-informed-2
Jun 19, 2025
Merged

C++: mass-enable diff-informed queries phase 2 - getASelected{Source,Sink}Location() { none() }#19759
d10c merged 1 commit intogithub:mainfrom
d10c:d10c/cpp/diff-informed-2

Conversation

@d10c
Copy link
Contributor

@d10c d10c commented Jun 13, 2025
edited
Loading

Stacks on top of earlier PR: #19659
Uses patch from: https://github.com/github/codeql-patch/pull/88/commits/ec5681e740c18c792443099fb3e413446616a0ee

Adds getASelected{Source,Sink}Location() { none() } override to a query that selects a dataflow source or sink as a location, but not both.

@github-actions github-actions bot added the C++ label Jun 13, 2025
@d10c d10c force-pushed the d10c/cpp/diff-informed-2 branch from fa3a2b0 to 41cf298 Compare June 13, 2025 13:34
@d10c d10c mentioned this pull request Jun 13, 2025
Merged
@d10c d10c marked this pull request as ready for review June 17, 2025 08:39
Copilot AI review requested due to automatic review settings June 17, 2025 08:39
@d10c d10c requested a review from a team as a code owner June 17, 2025 08:39
@d10c d10c added the no-change-note-required This PR does not need a change note label Jun 17, 2025
Copilot AI reviewed Jun 17, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Enables diff-informed incremental mode by adding a required stub predicate across data-flow and taint-tracking configurations, and overrides the source-location selection for one query.

  • Mass-add predicate observeDiffInformedIncrementalMode() { any() } to various modules
  • Add getASelectedSourceLocation(DataFlow::Node) { none() } override in WordexpTainted

Reviewed Changes

Copilot reviewed 12 out of 12 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
cpp/ql/src/experimental/Security/CWE/CWE-190/AllocMultiplicationOverflow.ql Added stub observeDiffInformedIncrementalMode
cpp/ql/src/experimental/Security/CWE/CWE-078/WordexpTainted.ql Added observeDiffInformedIncrementalMode stub and source-location override
cpp/ql/src/Security/CWE/CWE-611/XXE.ql Added stub observeDiffInformedIncrementalMode
cpp/ql/src/Security/CWE/CWE-497/PotentiallyExposedSystemData.ql Added stub observeDiffInformedIncrementalMode
cpp/ql/src/Security/CWE/CWE-497/ExposedSystemData.ql Added stub observeDiffInformedIncrementalMode
cpp/ql/src/Security/CWE/CWE-190/IntegerOverflowTainted.ql Added stub observeDiffInformedIncrementalMode
cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql Added stub observeDiffInformedIncrementalMode
cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql Added stub observeDiffInformedIncrementalMode
cpp/ql/src/Security/CWE/CWE-114/UncontrolledProcessOperation.ql Added stub observeDiffInformedIncrementalMode
cpp/ql/src/Likely Bugs/Memory Management/NtohlArrayNoBound.qll Added stub observeDiffInformedIncrementalMode
cpp/ql/src/Likely Bugs/Conversion/CastArrayPointerArithmetic.ql Added stub observeDiffInformedIncrementalMode
cpp/ql/lib/experimental/semmle/code/cpp/security/PrivateCleartextWrite.qll Added stub observeDiffInformedIncrementalMode
Comments suppressed due to low confidence (1)

cpp/ql/src/experimental/Security/CWE/CWE-190/AllocMultiplicationOverflow.ql:34

  • No tests have been added to validate diff-informed incremental mode. Consider adding unit tests or query tests to ensure observeDiffInformedIncrementalMode() stubs behave as expected.
predicate observeDiffInformedIncrementalMode() { any() }

cpp/ql/src/experimental/Security/CWE/CWE-190/AllocMultiplicationOverflow.ql
node.asExpr() = any(HeuristicAllocationExpr ae).getSizeExpr().getAChild*()
}

predicate observeDiffInformedIncrementalMode() { any() }
Copy link

Copilot AI Jun 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The identical stub predicate observeDiffInformedIncrementalMode() is added across many modules. Consider defining a default implementation or mixin to reduce duplication and ease future updates.

Suggested change
predicate observeDiffInformedIncrementalMode() { any() }
import CommonConfig

Copilot uses AI. Check for mistakes.
@d10c d10c requested a review from michaelnebel June 17, 2025 12:53
@d10c d10c force-pushed the d10c/cpp/diff-informed-2 branch from 41cf298 to 2316b8c Compare June 17, 2025 15:10
michaelnebel
michaelnebel approved these changes Jun 19, 2025
View reviewed changes
Copy link
Contributor

@michaelnebel michaelnebel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@d10c d10c merged commit 9974f9e into github:main Jun 19, 2025
13 checks passed
This was referenced Jul 16, 2025
Closed
Merged
Merged
Merged
Merged
Merged
Closed
Merged
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@michaelnebel michaelnebel michaelnebel approved these changes

Assignees

No one assigned

Labels

C++ no-change-note-required This PR does not need a change note

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@d10c @michaelnebel