hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-08 23:21:37 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: mass enable diff-informed data flow

Browse Source 
An auto-generated patch that enables diff-informed data flow in the obvious cases.

Builds on https://github.com/github/codeql/pull/18342 and https://github.com/github/codeql-patch/pull/88
This commit is contained in:
Nora Dimitrijević
2025-06-03 20:39:31 +02:00
parent 31770edc26
commit 4dd07f475b
12 changed files with 24 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cpp/ql/src/Security/CWE/CWE-114/UncontrolledProcessOperation.ql
View File

@@ -39,6 +39,8 @@ module Config implements DataFlow::ConfigSig {
or
node.asCertainDefinition().getUnspecifiedType() instanceof ArithmeticType
}
predicate observeDiffInformedIncrementalMode() { any() }
}
module Flow = TaintTracking::Global<Config>;

2
cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql
View File

@@ -66,6 +66,8 @@ module ImproperArrayIndexValidationConfig implements DataFlow::ConfigSig {
not offsetIsAlwaysInBounds(arrayExpr, offsetExpr)
)
}
predicate observeDiffInformedIncrementalMode() { any() }
}
module ImproperArrayIndexValidation = TaintTracking::Global<ImproperArrayIndexValidationConfig>;

2
cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql
View File

@@ -44,6 +44,8 @@ module Config implements DataFlow::ConfigSig {
or
isArithmeticNonCharType(node.asCertainDefinition().getUnspecifiedType())
}
predicate observeDiffInformedIncrementalMode() { any() }
}
module Flow = TaintTracking::Global<Config>;

2
cpp/ql/src/Security/CWE/CWE-190/IntegerOverflowTainted.ql
View File

@@ -94,6 +94,8 @@ module Config implements DataFlow::ConfigSig {
not iTo instanceof PointerArithmeticInstruction
)
}
predicate observeDiffInformedIncrementalMode() { any() }
}
module Flow = TaintTracking::Global<Config>;

2
cpp/ql/src/Security/CWE/CWE-497/ExposedSystemData.ql
View File

@@ -34,6 +34,8 @@ module ExposedSystemDataConfig implements DataFlow::ConfigSig {
predicate isBarrier(DataFlow::Node node) {
node.asIndirectArgument() = any(MemsetFunction func).getACallToThisFunction().getAnArgument()
}
predicate observeDiffInformedIncrementalMode() { any() }
}
module ExposedSystemData = TaintTracking::Global<ExposedSystemDataConfig>;

2
cpp/ql/src/Security/CWE/CWE-497/PotentiallyExposedSystemData.ql
View File

@@ -54,6 +54,8 @@ module PotentiallyExposedSystemDataConfig implements DataFlow::ConfigSig {
predicate isBarrier(DataFlow::Node node) {
node.asIndirectArgument() = any(MemsetFunction func).getACallToThisFunction().getAnArgument()
}
predicate observeDiffInformedIncrementalMode() { any() }
}
module PotentiallyExposedSystemData = TaintTracking::Global<PotentiallyExposedSystemDataConfig>;

2
cpp/ql/src/Security/CWE/CWE-611/XXE.ql
View File

@@ -45,6 +45,8 @@ module XxeConfig implements DataFlow::StateConfigSig {
}
predicate neverSkip(DataFlow::Node node) { none() }
predicate observeDiffInformedIncrementalMode() { any() }
}
module XxeFlow = DataFlow::GlobalWithState<XxeConfig>;