hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
81,514 Commits 1,672 Branches 157 Tags
codeql-cli-2.22.3
Commit Graph

5646 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
2c500142c7 Merge pull request #11435 from jketema/rewrite-tainted-path 
C++: Rewrite `cpp/path-injection` to not use `DefaultTaintTracking`
 2022-12-06 14:54:57 +00:00
Jeroen Ketema
5637d573c1 C++: Add test case that is no longer detected after latest changes 2022-12-06 08:31:22 +01:00
Jeroen Ketema
6dbc59d5b5 C++: Simplify isSink based on reviewer comments 2022-12-05 23:23:08 +01:00
Tom Hvitved
7972db68bc C++: Update expected test output 2022-12-05 17:07:32 +01:00
Jeroen Ketema
d3cccca7f1 C++: Filter duplicate (source, sink)-pairs 2022-11-29 11:17:39 +01:00
Jeroen Ketema
378206ae7d C++: Stop taint from flowing to arithmetic types 
These are not likely to give the user much control over what can be accessed.
 2022-11-29 11:15:28 +01:00
Jeroen Ketema
718663415b C++: Stop flow from going through another source 
Without this we get confusing results:
```
    char *userAndFile = argv[2];
    char *fileName = argv[1];
    fopen(fileName, "wb+"); // Both argv[1] and argv[2] marked as source without
                            // this change.
```

While here add some more test cases.
 2022-11-29 10:52:57 +01:00
Jeroen Ketema
63334764d7 C++: Rewrite cpp/path-injection to not use DefaultTaintTracking 2022-11-29 10:52:57 +01:00
Jeroen Ketema
2ef13d1df7 Merge remote-tracking branch 'upstream/main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2022-11-29 10:43:01 +01:00
Jeroen Ketema
4607f5990e C++: Add more tests that exercise the default taint barrier implementation 2022-11-25 10:19:45 +01:00
Jeroen Ketema
223eeb6921 C++: Fix upper bound detection in default taint flow 2022-11-24 14:38:36 +01:00
Jeroen Ketema
6fa5fdfeb2 C++: Fix CWE-611 XXE query to work with use-use dataflow - take 2 
This commit ensures stack allocated parsers are also handled.
 2022-11-23 23:59:04 +01:00
Jeroen Ketema
30bdd25228 C++: Fix CWE-611 XXE query to work with use-use dataflow 2022-11-23 16:14:28 +01:00
Mathias Vorreiter Pedersen
349c5cd800 Merge pull request #11254 from MathiasVP/fix-ssa-flow 
C++: Fix spurious reference flow
 2022-11-23 09:52:28 +00:00
Mathias Vorreiter Pedersen
623372238d C++: Better support for flow-through. 2022-11-22 13:54:44 +00:00
Mathias Vorreiter Pedersen
98285393fe Merge pull request #11357 from MathiasVP/ignore-more-instructions 
C++: Ignore more instructions in dataflow
 2022-11-22 10:47:51 +00:00
Jeroen Ketema
4731f9222c Merge remote-tracking branch 'upstream/main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2022-11-22 10:53:24 +01:00
Mathias Vorreiter Pedersen
a2ce51fdf7 C++: Accept test changes. 2022-11-22 09:50:45 +00:00
Mathias Vorreiter Pedersen
fc3d6a1847 Merge branch 'replace-ast-with-ir-use-usedataflow' into fix-ssa-flow 2022-11-21 20:57:24 +00:00
Mathias Vorreiter Pedersen
23d6eb67c3 C++: Fix comment. 2022-11-21 19:26:04 +00:00
Mathias Vorreiter Pedersen
c2ac60fc34 Merge pull request #11311 from MathiasVP/repair-mustflow 
C++: Repair `MustFlow` library for use-use flow
 2022-11-21 19:13:10 +00:00
Mathias Vorreiter Pedersen
d1274e2769 C++: Accept more test changes. 2022-11-21 18:33:14 +00:00
Mathias Vorreiter Pedersen
231e2a8df3 C++: Reduce fan-in for 'readStep'. 2022-11-21 17:07:29 +00:00
Mathias Vorreiter Pedersen
24542ec84a Merge branch 'main' into replace-ast-with-ir-use-usedataflow 2022-11-21 15:02:28 +00:00
Jeroen Ketema
78ad9ba60f Merge pull request #11262 from rdmarsh2/rdmarsh2/cpp/deprecate-ast-gvn 
C++: deprecate AST-based GVN
 2022-11-21 13:38:54 +01:00
Jeroen Ketema
752bc2e980 C++: Accept test changes after AST-based GVN deprecation 2022-11-21 11:45:09 +01:00
Mathias Vorreiter Pedersen
d361053e10 Update cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2022-11-21 10:37:03 +00:00
Mathias Vorreiter Pedersen
1e00e15c7b Update cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2022-11-21 10:36:57 +00:00
Mathias Vorreiter Pedersen
ef6b85fa77 C++: Accept test changes. 2022-11-18 16:43:30 +00:00
Mathias Vorreiter Pedersen
b9bcff40c5 Merge branch 'replace-ast-with-ir-use-usedataflow' into fix-flow-out-of-const-member-functions 2022-11-17 10:41:12 +00:00
Mathias Vorreiter Pedersen
aa385a293d C++: Accept test changes. 2022-11-16 23:00:00 +00:00
Mathias Vorreiter Pedersen
b12955e220 C++: Fix flow out of const member functions. 2022-11-16 22:46:21 +00:00
Mathias Vorreiter Pedersen
29f4b26280 Merge branch 'replace-ast-with-ir-use-usedataflow' into fix-ssa-flow 2022-11-16 16:09:35 +00:00
Mathias Vorreiter Pedersen
a9173727cf Merge branch 'replace-ast-with-ir-use-usedataflow' into fix-ssa-flow 2022-11-16 14:22:54 +00:00
Mathias Vorreiter Pedersen
4f2c2e6d5e C++: Accept test changes. 2022-11-16 14:05:54 +00:00
Mathias Vorreiter Pedersen
3e5c66e932 C++: Accept test changes. 2022-11-16 14:05:48 +00:00
Mathias Vorreiter Pedersen
2cebd5c51d C++: Accept test changes. 2022-11-16 13:56:24 +00:00
Jeroen Ketema
98176007d8 C++: Fix type in dataflow test comment 2022-11-15 17:18:08 +01:00
Mathias Vorreiter Pedersen
1f43a1a924 Merge branch 'replace-ast-with-ir-use-usedataflow' into merge-some-indirect-and-instruction-nodes 2022-11-15 16:00:52 +00:00
Jeroen Ketema
2acda03518 C++: Reintroduce the AST testing configuration for the smart pointer test too 2022-11-15 13:49:03 +01:00
Mathias Vorreiter Pedersen
16565401c7 C++: Reduce path duplication. 2022-11-14 15:29:57 +00:00
Mathias Vorreiter Pedersen
7408931565 C++: Disable 'reference -> dereference' dataflow. 2022-11-14 14:05:31 +00:00
Jeroen Ketema
2b37ebd7ed Merge remote-tracking branch 'upstream/main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2022-11-11 17:24:34 +01:00
Rasmus Wriedt Larsen
ddbcdcb4ba Merge pull request #11160 from RasmusWL/dataflow-consistency-read-store 
DataFlow: Add read/store stepIsLocal consistency checks
 2022-11-11 14:51:45 +01:00
Mathias Vorreiter Pedersen
0c7f57e0c4 C++: Accept test changes. 2022-11-11 11:09:38 +00:00
Rasmus Wriedt Larsen
88f703af1f DataFlow: Accept changes to .expected 2022-11-10 22:13:34 +01:00
Jeroen Ketema
62f5d10d03 C++: Fix localTaint expected results 2022-11-10 16:08:07 +01:00
Jeroen Ketema
62a0bcddd9 C++: Fix the accept prototype in the dataflow taint tests 2022-11-10 14:23:26 +01:00
Jeroen Ketema
d8e96ef12a Merge remote-tracking branch 'upstream/main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2022-11-10 12:09:43 +01:00
Jeroen Ketema
e7576fdd1a Merge pull request #11197 from jketema/simplify-taint-test 
C++: Simplify dataflow taint test query
 2022-11-10 11:58:50 +01:00