hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-23 12:16:33 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,347 Commits 1,672 Branches 157 Tags
hmac/command-injection-from-library-inputs
Commit Graph

5325 Commits

Author SHA1 Message Date
Geoffrey White
d31987d496 C++: Additional QLDoc. 2020-08-25 12:21:06 +01:00
Geoffrey White
ae807f7f33 C++: Autoformat. 2020-08-24 17:36:07 +01:00
Geoffrey White
1c38a4d5d6 Update cpp/ql/src/semmle/code/cpp/dataflow/internal/TaintTrackingUtil.qll 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2020-08-24 14:33:51 +01:00
Geoffrey White
d3c8ffb995 C++: Clean up, comment, and restrict the new flow to the post-update node of the returned reference. 2020-08-24 14:07:06 +01:00
Geoffrey White
f2caa8a2b0 C++: Reverse taint through function models returning a reference. 2020-08-24 14:05:04 +01:00
Geoffrey White
f25ef26c37 C++: Permit taint flow to the left side of an assignment. 2020-08-24 14:01:49 +01:00
Geoffrey White
1da78ada14 C++: Model 'operator[]' and 'at' for std::string, std::vector and other containers. 2020-08-24 13:58:43 +01:00
Philippe Antoine
07610e0899 Format document 2020-08-24 13:12:54 +02:00
Mathias Vorreiter Pedersen
6f750dac88 Merge remote-tracking branch 'origin/main' into alternative-instruction-operand-flow 2020-08-23 18:46:07 +02:00
Robert Marsh
bc0d21879d Merge branch 'main' into rdmarsh2/cpp/input-iterators-1 
Resolve test conflict
 2020-08-21 14:36:27 -07:00
Robert Marsh
141d240813 C++: autoformat 2020-08-21 14:22:44 -07:00
Robert Marsh
94d4e05c25 C++: Fix iterator taint flow 2020-08-21 14:04:45 -07:00
Geoffrey White
3d171f358a Merge remote-tracking branch 'upstream/main' into vecmethods 2020-08-20 13:29:28 +01:00
Geoffrey White
258b61c5f8 Update cpp/ql/src/semmle/code/cpp/models/implementations/StdContainer.qll 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2020-08-20 12:53:23 +01:00
Geoffrey White
689c637d48 C++: Rename things. 2020-08-20 12:52:40 +01:00
Geoffrey White
61158e759b C++: Improve StdContainerConstructor model. 2020-08-20 11:04:59 +01:00
Geoffrey White
f2ac4fa94a C++: Autoformat. 2020-08-20 10:44:54 +01:00
Geoffrey White
cda9fd250b C++: Model vector methods. 2020-08-20 10:30:01 +01:00
Geoffrey White
43c8efdf63 C++: Repair the range based for test. 2020-08-20 10:19:54 +01:00
Jonas Jensen
b1c0e6f626 Merge remote-tracking branch 'upstream/main' into SimpleRangeAnalysis-mul-constant 2020-08-20 08:20:31 +02:00
Robert Marsh
6b1243e8b4 C++: respond to PR comments on Iterator.qll 2020-08-19 16:23:00 -07:00
Robert Marsh
20188b7bc2 C++: input iterator models 2020-08-19 12:11:36 -07:00
Robert Marsh
d32d6c9d8d WIP: more iterator cases 2020-08-19 11:51:41 -07:00
Robert Marsh
d50dd090be C++: rename to Iterator*Operator 2020-08-19 11:51:41 -07:00
Robert Marsh
85af74eb06 C++: Models for bidirectional input iterators 2020-08-19 11:51:41 -07:00
Robert Marsh
a457d54ad1 Merge pull request #4078 from jbj/SimpleRangeAnalysis-AssignMulExpr 
C++: Range analysis for unsigned AssignMulExpr
 2020-08-19 14:42:04 -04:00
Jonas Jensen
b14bc42756 Merge pull request #4090 from geoffw0/strmethods 
C++: Model taint through many more methods in std::string
 2020-08-19 16:40:46 +02:00
Jonas Jensen
21d16d13fc Merge remote-tracking branch 'upstream/main' into SimpleRangeAnalysis-AssignMulExpr 2020-08-19 14:50:40 +02:00
Mathias Vorreiter Pedersen
eed6fe96ae Merge branch 'main' into alternative-instruction-operand-flow 2020-08-19 11:18:51 +02:00
Jonas Jensen
01a226bdcf C++: Rename multipliesBy->effectivelyMultipliesBy 
From code review of #4098.
 2020-08-18 16:53:29 +02:00
Jonas Jensen
b65f82210f Merge remote-tracking branch 'upstream/main' into SimpleRangeAnalysis-mul-constant 2020-08-18 16:51:56 +02:00
Jonas Jensen
f79c140dc1 C++: Cosmetic: use [0, 1] instead of [0 .. 1] 2020-08-18 16:48:23 +02:00
Jonas Jensen
dd5b561f08 C++: Use getValue(e) instead of e.getValue() 2020-08-18 16:45:24 +02:00
Jonas Jensen
b316644ac2 C++: SimpleRangeAnalysis for *= by constant 2020-08-18 15:07:20 +02:00
Jonas Jensen
ca1f5317b3 Merge pull request #4068 from geoffw0/uncontrolled-alloc-size 
C++: Downgrade `cpp/uncontrolled-allocation-size` query precision.
 2020-08-18 13:59:53 +02:00
Anders Schack-Mulligen
f75f5ab125 Merge pull request #3838 from hvitved/dataflow/flow-fwd-ctx 
Data flow: Use precise call contexts in `flowFwd()`
 2020-08-18 13:06:11 +02:00
Jonas Jensen
b6b72729f6 C++: SimpleRangeAnalysis for MulExpr by constant 2020-08-18 11:37:59 +02:00
Jonas Jensen
a7d9715fd9 C++: BinaryOperation.hasOperands 
QLDoc borrowed from JavaScript. Implementation borrowed from Java.
Parameter names changed.
 2020-08-18 10:28:59 +02:00
Geoffrey White
5d485859af Merge remote-tracking branch 'upstream/main' into 
uncontrolled-alloc-size
 2020-08-17 20:49:35 +01:00
Geoffrey White
390af0d7d2 C++: Autoformat. 2020-08-17 17:55:52 +01:00
Geoffrey White
0234bca6ca C++: Fix a hole in StdStringAppend and clarify comments. 2020-08-17 17:55:44 +01:00
Robert Marsh
9decb47bf0 Merge pull request #4076 from jbj/SimpleRangeAnalysis-AssignOperation 
C++: Fix SimpleRangeAnalysis for AssignOperation
 2020-08-17 12:55:26 -04:00
Geoffrey White
a11ca06189 C++: Implement more std::string models. 2020-08-17 17:33:09 +01:00
Mathias Vorreiter Pedersen
bb3254d4ab Merge branch 'main' into alternative-instruction-operand-flow 2020-08-17 16:21:10 +02:00
Geoffrey White
4b4b8a9faa Merge pull request #4074 from jbj/SimpleRangeAnalysis-extensible 
C++: extensible range analysis
 2020-08-17 14:46:57 +01:00
Tom Hvitved
a2fc92b9db Data flow: Address review comments 2020-08-17 15:46:43 +02:00
Jonas Jensen
edc5e5fbcf C++: Simplify defDependsOnDef for AssignOperation 
These cases were unnecessarily transitive. There is no need for
`defDependsOnDef` to be transitive since that's handled in
`defDependsOnDefTransitively`.

The dependency information from the LHS of an `AssignmentOperation` is
now deduced the say way as the information from the RHS: by calling
`exprDependsOnDef`. This should effectively give us the same information
and recursion structure as if the operation (`x += e`) were desugared
(`x = x + e`).
 2020-08-17 11:06:39 +02:00
Jonas Jensen
fe72b559d3 C++: Range analysis for unsigned AssignMulExpr 
This is essentially a copy-paste job of `AssignAddExpr`, together with
the math from the `UnsignedMulExpr` support.
 2020-08-14 14:19:54 +02:00
Jonas Jensen
f90d779122 C++: Fix SimpleRangeAnalysis for AssignOperation 
The range analysis wasn't producing useful bounds for `AssignOperation`s
(`+=`, `-=`) unless their RHS involved a variable. This is because a
shortcut was made in the `analyzableDef` predicate, which used to
specify that an analyzable definition was one for which we'd specified
the dependencies. But we can't distinguish between having _no
dependencies_ and having _no specification of the dependencies_.

The fix is to be more explicit about which definitions are analyzable.
To avoid too much repetition I'm still calling out to `analyzableExpr`
in the new code.
 2020-08-14 14:15:58 +02:00
Jonas Jensen
e01e702f46 Merge pull request #4060 from bgianfo/patch-1 
C++: Detect GoogleTest tests cases in FNumberOfTests.ql
 2020-08-14 12:42:12 +02:00