5370 Commits

Author	SHA1	Message	Date
Jeroen Ketema	bb256514c0	Merge remote-tracking branch 'upstream/main' into mathiasvp/replace-ast-with-ir-use-usedataflow	2022-12-14 15:52:20 +01:00
Erik Krogh Kristensen	7615668f92	Merge pull request #11662 from erik-krogh/c-useInstanceOf ... Swift/C++: Use instanceof in more places	2022-12-14 14:30:21 +01:00
Jeroen Ketema	4075f693bd	C++: Make cpp/path-injection work with use-use dataflow	2022-12-14 13:38:55 +01:00
Jeroen Ketema	19fb73ce24	C++: Update tests after frontend changes	2022-12-13 19:52:59 +01:00
Jeroen Ketema	3be0b3e6c7	C++: Recognize indirect argv accesses as flow sources for use-use dataflow ... This fixes the test regression on `cpp/command-line-injection`.	2022-12-13 16:18:17 +01:00
Tom Hvitved	cfcb3a60ba	C++: Update expected test output	2022-12-13 09:53:01 +01:00
Jeroen Ketema	18dea55071	C++: Fix cpp/alloca-in-loop regressions with use-use dataflow	2022-12-12 19:15:50 +01:00
erik-krogh	698e05f85a	Swift/C++: Use instanceof in more places	2022-12-12 16:58:13 +01:00
Mathias Vorreiter Pedersen	a161dddbbf	C++: Accept test changes. These happen because these remote flow sources specify that the remote source is both 'isReturnValue' and 'isReturnValueDeref'.	2022-12-12 13:39:09 +00:00
Mathias Vorreiter Pedersen	8722fb2cf5	C++: Accept test changes.	2022-12-12 10:54:40 +00:00
Mathias Vorreiter Pedersen	2999243e34	C++: Add failing IR dataflow testcase.	2022-12-12 10:42:59 +00:00
Jeroen Ketema	b2091e8632	Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow	2022-12-12 11:40:36 +01:00
Jeroen Ketema	beb66d027e	C++: Use FlowSource in cpp/path-injection	2022-12-10 20:27:56 +01:00
Jeroen Ketema	ce92ba640a	C++: Accept test changes	2022-12-09 23:38:03 +01:00
Mathias Vorreiter Pedersen	1169c1b898	C++: Accept test changes caused by the new consitency check.	2022-12-09 09:20:29 +00:00
Jeroen Ketema	ec0ce56269	C++: Model getaddrinfo as flow source	2022-12-08 19:20:11 +01:00
Robert Marsh	f235b991db	Merge pull request #11374 from MathiasVP/indirect-outnodes-are-post-update-nodes ... C++: Field flow through reference-returning functions	2022-12-08 10:46:19 -05:00
Jeroen Ketema	b216c79992	C++: Accept test changes	2022-12-08 15:22:41 +01:00
Jeroen Ketema	f35b7f8fe8	C++: Model scanf and fscanf as flow sources	2022-12-08 15:22:41 +01:00
Mathias Vorreiter Pedersen	0a1097d735	C++: Accept test changes to 'sources-and-sinks.cpp'.	2022-12-08 13:17:35 +00:00
Mathias Vorreiter Pedersen	4fd6ac5657	Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow	2022-12-08 13:10:18 +00:00
Jeroen Ketema	a6bc9fd10f	Merge pull request #11591 from jketema/getenv ... C++: Model `secure_getenv` and `_wgetenv` as local flow sources	2022-12-08 10:44:28 +01:00
Jeroen Ketema	a2dac3a41e	C++: Move remote flow sink test and also handle local and remote sinks	2022-12-08 09:36:19 +01:00
Jeroen Ketema	b5147bbfb0	C++: Deprecate DefaultTaintTracking and TaintTrackingImpl	2022-12-06 17:45:16 +01:00
Mathias Vorreiter Pedersen	2c500142c7	Merge pull request #11435 from jketema/rewrite-tainted-path ... C++: Rewrite `cpp/path-injection` to not use `DefaultTaintTracking`	2022-12-06 14:54:57 +00:00
Jeroen Ketema	5637d573c1	C++: Add test case that is no longer detected after latest changes	2022-12-06 08:31:22 +01:00
Jeroen Ketema	6dbc59d5b5	C++: Simplify isSink based on reviewer comments	2022-12-05 23:23:08 +01:00
Tom Hvitved	7972db68bc	C++: Update expected test output	2022-12-05 17:07:32 +01:00
Jeroen Ketema	d3cccca7f1	C++: Filter duplicate (source, sink)-pairs	2022-11-29 11:17:39 +01:00
Jeroen Ketema	378206ae7d	C++: Stop taint from flowing to arithmetic types ... These are not likely to give the user much control over what can be accessed.	2022-11-29 11:15:28 +01:00
Jeroen Ketema	718663415b	C++: Stop flow from going through another source ... Without this we get confusing results: ``` char *userAndFile = argv[2]; char *fileName = argv[1]; fopen(fileName, "wb+"); // Both argv[1] and argv[2] marked as source without // this change. ``` While here add some more test cases.	2022-11-29 10:52:57 +01:00
Jeroen Ketema	63334764d7	C++: Rewrite cpp/path-injection to not use DefaultTaintTracking	2022-11-29 10:52:57 +01:00
Jeroen Ketema	2ef13d1df7	Merge remote-tracking branch 'upstream/main' into mathiasvp/replace-ast-with-ir-use-usedataflow	2022-11-29 10:43:01 +01:00
Jeroen Ketema	4607f5990e	C++: Add more tests that exercise the default taint barrier implementation	2022-11-25 10:19:45 +01:00
Jeroen Ketema	223eeb6921	C++: Fix upper bound detection in default taint flow	2022-11-24 14:38:36 +01:00
Jeroen Ketema	6fa5fdfeb2	C++: Fix CWE-611 XXE query to work with use-use dataflow - take 2 ... This commit ensures stack allocated parsers are also handled.	2022-11-23 23:59:04 +01:00
Jeroen Ketema	30bdd25228	C++: Fix CWE-611 XXE query to work with use-use dataflow	2022-11-23 16:14:28 +01:00
Mathias Vorreiter Pedersen	349c5cd800	Merge pull request #11254 from MathiasVP/fix-ssa-flow ... C++: Fix spurious reference flow	2022-11-23 09:52:28 +00:00
Mathias Vorreiter Pedersen	623372238d	C++: Better support for flow-through.	2022-11-22 13:54:44 +00:00
Mathias Vorreiter Pedersen	98285393fe	Merge pull request #11357 from MathiasVP/ignore-more-instructions ... C++: Ignore more instructions in dataflow	2022-11-22 10:47:51 +00:00
Jeroen Ketema	4731f9222c	Merge remote-tracking branch 'upstream/main' into mathiasvp/replace-ast-with-ir-use-usedataflow	2022-11-22 10:53:24 +01:00
Mathias Vorreiter Pedersen	a2ce51fdf7	C++: Accept test changes.	2022-11-22 09:50:45 +00:00
Mathias Vorreiter Pedersen	fc3d6a1847	Merge branch 'replace-ast-with-ir-use-usedataflow' into fix-ssa-flow	2022-11-21 20:57:24 +00:00
Mathias Vorreiter Pedersen	23d6eb67c3	C++: Fix comment.	2022-11-21 19:26:04 +00:00
Mathias Vorreiter Pedersen	c2ac60fc34	Merge pull request #11311 from MathiasVP/repair-mustflow ... C++: Repair `MustFlow` library for use-use flow	2022-11-21 19:13:10 +00:00
Mathias Vorreiter Pedersen	d1274e2769	C++: Accept more test changes.	2022-11-21 18:33:14 +00:00
Mathias Vorreiter Pedersen	231e2a8df3	C++: Reduce fan-in for 'readStep'.	2022-11-21 17:07:29 +00:00
Mathias Vorreiter Pedersen	24542ec84a	Merge branch 'main' into replace-ast-with-ir-use-usedataflow	2022-11-21 15:02:28 +00:00
Jeroen Ketema	78ad9ba60f	Merge pull request #11262 from rdmarsh2/rdmarsh2/cpp/deprecate-ast-gvn ... C++: deprecate AST-based GVN	2022-11-21 13:38:54 +01:00
Jeroen Ketema	752bc2e980	C++: Accept test changes after AST-based GVN deprecation	2022-11-21 11:45:09 +01:00