hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 19:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,347 Commits 1,672 Branches 157 Tags
hmac/command-injection-from-library-inputs
Commit Graph

5325 Commits

Author SHA1 Message Date
Robert Marsh
b49aa677d0 Merge pull request #4459 from geoffw0/setex 
C++: Additional taint flows through std::set
 2020-10-13 15:17:54 -04:00
Dave Bartolomeo
fba4313457 Merge remote-tracking branch 'upstream/main' into work 2020-10-13 13:07:28 -04:00
Robert Marsh
3b7cf7fd27 Merge pull request #4439 from geoffw0/mapex 
C++: Additional taint flows through std::map
 2020-10-12 14:17:17 -04:00
Geoffrey White
6440db786d Merge pull request #4420 from jbj/SimpleRangeAnalysis-widen-Expr 
C++: SimpleRangeAnalysis: widen recursive *, +, -
 2020-10-12 11:20:09 +01:00
Geoffrey White
4363f08b45 C++: Model std::set::emplace and emplace_hint. 2020-10-12 11:01:09 +01:00
Geoffrey White
5d87117dc7 C++: Model std::set::lower_bound, upper_bound, equal_range. 2020-10-12 10:10:40 +01:00
Jonas Jensen
9b12ceae8d C++: SimpleRangeAnalysis: widen recursive *, +, - 
The number of candidate bounds during the main `SimpleRangeAnalysis`
recursion was in principle always exponential in the size of the
program, but in practice it did not get out of hand when only `+` and
`-` operations were supported. Now that `*` is also supported, the range
analysis started timing out on the SinaMostafanejad/OpenRDM project. The
problematic expressions in that project are of the form

    a*x*x*x + b*x*x + c*x + d

where most of the variables involved are recursive definitions and are
therefore likely to have a large number of candidate bounds.

The fix here is to identify those few binary operations that are most
likely to cause an explosion in the number of bounds and apply widening
to them. Previously, widening was only applied at definitions.
 2020-10-12 11:09:01 +02:00
Geoffrey White
fc19bba0bd C++: Model std::set::merge and correct test annotations. 2020-10-12 10:01:57 +01:00
Anders Schack-Mulligen
725194a3b8 Merge pull request #4447 from aschackmull/dataflow/postupdate-flow-consistency 
Dataflow: Introduce consistency check for flow targeting PostUpdateNodes
 2020-10-12 08:56:19 +02:00
Geoffrey White
c63f7cb409 C++: Taint through emplace from qualifier to return value. 2020-10-09 17:41:24 +01:00
Geoffrey White
270517d379 C++: Revise model of emplace and emplace_hint. Note that 2 of the 3 taint regressions we shouldn't be getting because we don't yet do taint through keys. 2020-10-09 17:27:18 +01:00
Geoffrey White
61a78e28ac C++: Fix map::merge. 2020-10-09 14:46:23 +01:00
Anders Schack-Mulligen
1c043447e8 Dataflow: Introduce consistency check for flow targeting PostUpdateNodes. 2020-10-09 14:29:52 +02:00
Jonas Jensen
4c9ffcec27 Merge pull request #4396 from geoffw0/stringsets 
C++: Use [, ...] syntax more widely.
 2020-10-09 13:30:05 +02:00
Geoffrey White
1f1be3bf9a C++: Block try_emplace arg 0. 2020-10-09 10:04:22 +01:00
Geoffrey White
493b80c44d C++: Fix incorrect translations to hasQualifiedName. 2020-10-08 17:56:57 +01:00
Dave Bartolomeo
e4bfb75f90 C++: Fix pointer flow through temporary objects 2020-10-08 12:24:59 -04:00
Geoffrey White
c555cfa22a C++: Replace isParameterDeref(_). 2020-10-08 16:55:45 +01:00
Geoffrey White
e01e4b5bde C++: Fix QLDoc comments. 2020-10-08 14:29:08 +01:00
Geoffrey White
5c1a510e4a C++: Model map::lower_bound, upper_bound and equal_range. 2020-10-08 14:22:43 +01:00
Geoffrey White
ef9a7c8cdb C++: Model map::merge. 2020-10-08 14:22:43 +01:00
Geoffrey White
b7ab89c892 C++: Model map::emplace, emplace_hint and map::try_emplace. 2020-10-08 14:22:43 +01:00
Jonas Jensen
b409cf6cea Merge pull request #4389 from gsingh93/bitwise-and 
Improve range analysis for bitwise and
 2020-10-08 15:18:15 +02:00
Gulshan Singh
662736eb2d Fix compiler error after removing getLOp/getROp 2020-10-07 12:45:08 -07:00
Gulshan Singh
7233ffa50f Address review comments 2020-10-07 00:21:06 -07:00
Dave Bartolomeo
22638fdfc7 Merge remote-tracking branch 'upstream/main' into work 2020-10-06 18:33:14 -04:00
Jonas Jensen
984194d308 Merge pull request #4406 from geoffw0/set 
C++: Models for std::set and std::unordered_set
 2020-10-06 15:43:12 +02:00
Dave Bartolomeo
badb11750a AST and IR support for TemporaryObjectExpr 2020-10-05 17:53:35 -04:00
Jonas Jensen
6b2ae5d1ad Merge pull request #4393 from MathiasVP/no-more-flow-into-read-side-effect 
C++: No more flow into ReadSideEffect instructions
 2020-10-05 19:46:32 +02:00
Robert Marsh
b7dcd5c557 Merge pull request #4395 from geoffw0/modelbeginend 
C++: Merge StdSequenceContainerBeginEnd into the general BeginOrEndFunction
 2020-10-05 12:22:27 -04:00
Geoffrey White
4db964fca9 Merge branch 'main' into set 2020-10-05 15:16:42 +01:00
Geoffrey White
d93b37d5c5 C++: Autoformat some more files. 2020-10-05 15:11:23 +01:00
Mathias Vorreiter Pedersen
a6d7b1f9d9 Update cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2020-10-05 15:21:15 +02:00
Mathias Vorreiter Pedersen
e95aefe0b2 C++: Now that PrimaryArgumentNode is an OperandNode we want a specialized toString on it 2020-10-05 15:13:33 +02:00
Geoffrey White
c757813d65 Merge branch 'main' into map 2020-10-05 12:32:49 +01:00
Geoffrey White
591c17d7cf C++: Rearrange comments. 2020-10-05 12:22:08 +01:00
Mathias Vorreiter Pedersen
6c87b08c69 C++: Respond to review comments: 
- ArgumentNode is now abstract
- PrimaryArgumentNode is now an OperandNode.
- ArgumentIndirectionNode is now merged into SideEffectArgumentNode.
 2020-10-05 12:54:11 +02:00
Geoffrey White
488a55b9dd C++: Autoformat. 2020-10-05 10:39:32 +01:00
Mathias Vorreiter Pedersen
4c14f5dbb7 Merge branch 'main' into no-more-flow-into-read-side-effect 2020-10-05 11:03:42 +02:00
Alexander Eyers-Taylor
30ed6a0dac Merge pull request #4385 from aibaars/drop-queries 
Drop 'tech-inventory' and 'code duplication' queries from the standard query suites
 2020-10-02 18:31:25 +01:00
Geoffrey White
3536d84bdf C++: Use [, ...] syntax more widely. 2020-10-02 18:04:03 +01:00
Geoffrey White
1efe461a98 C++: Move the rest of of StdSequenceContainerBeginEnd into BeginOrEndFunction. 2020-10-02 18:03:46 +01:00
Geoffrey White
8d5bd2289b C++: Remove parts of StdSequenceContainerBeginEnd in favour of BeginOrEndFunction. 2020-10-02 18:03:46 +01:00
Geoffrey White
2dc8fba7fe C++: Remove StdMapBeginEnd as we now have a general model BeginOrEndFunction in main. 2020-10-02 16:39:23 +01:00
Geoffrey White
0d6bd6facb Merge branch 'main' into map 2020-10-02 16:24:03 +01:00
Geoffrey White
d4a1acedde C++: Remove StdSetBeginEnd as we now have a general model BeginOrEndFunction in main. 2020-10-02 16:23:48 +01:00
Arthur Baars
daa1bcc06e Also mark 'tech inventory' queries as deprecated 2020-10-02 17:23:11 +02:00
Arthur Baars
fc45b6cd3c Drop 'tech-inventory' and 'code duplication' queries from the standard query suites 2020-10-02 17:22:04 +02:00
Geoffrey White
88a93964a7 Merge branch 'main' into set 2020-10-02 16:17:48 +01:00
Mathias Vorreiter Pedersen
8f4982d3f5 C++: Remove flow into ReadSideEffect instructions in simpleInstructionLocalFlowStep 2020-10-02 14:10:28 +02:00