Robert Marsh comments

Repositories
Issues
Comments

Results 5 comments of


                                            Robert Marsh

trafficstars

User should be able to easily find the location of the BQRS file for a query

Is the BQRS the most useful thing? I'd expect most users to want a SARIF or CSV export more than a BQRS. (see https://github.com/github/securitylab/discussions/164)

C++: Recognize allocation functions heuristically

I like the idea but I'm not following the parameterized module tricks you're doing.

C++: Port SimpleRangeAnalysis tests to the new range-analysis

Needs a .expected file

C++: Output destructors of temporary objects

I'd expect to see a destructor call for the temporary string at line 1369 of ir.cpp. The AST otherwise looks good to me.

C++: Rewrite MemoryNeverFreed to use the DataFlow library

> Instead, how about we create an IR query that tracks flow from an InitializeDynamicAllocation that isn't conflated with all-aliased- memory, and find all the ones that don't flow to...