hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
11,841 Commits 1,671 Branches 157 Tags
merge-rc/1.24
Commit Graph

3597 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
c1091a03d0 C++: Accept output 2020-01-28 17:38:35 +01:00
Mathias Vorreiter Pedersen
46ce228bce C++: Add instruction for CheckedConvertOrNull and handle it in alias analysis and data flow 2020-01-28 17:36:17 +01:00
Mathias Vorreiter Pedersen
928b0c50d2 C++: Add test demonstrating false negative when using dynamic_cast 2020-01-28 17:31:53 +01:00
Geoffrey White
f02ffcbbd2 C++: Modify ParameterIndex to account for varargs. 2020-01-28 14:53:18 +00:00
Geoffrey White
d66f608d41 C++: Taint from FormattingFunction varargs. 2020-01-28 14:53:18 +00:00
Geoffrey White
8b215c155e C++: Correct a few test comments. 2020-01-28 14:51:46 +00:00
Geoffrey White
b1f66ae825 C++: Fix warnings. 2020-01-28 14:51:46 +00:00
Mathias Vorreiter Pedersen
287af2bdec C++: Fix annotations in testcase file 2020-01-28 13:51:36 +01:00
Geoffrey White
01dc3661b7 C++: Autoformat. 2020-01-28 12:17:56 +00:00
Mathias Vorreiter Pedersen
611d9553dd C++: Fix formatting 2020-01-28 10:22:33 +01:00
Mathias Vorreiter Pedersen
130911ad44 C++: Accept new output in already existing test 2020-01-28 10:00:52 +01:00
Mathias Vorreiter Pedersen
fd79e7991d C++: Add tests demonstrating differences between AST virtual dispatch analysis and IR virtual dispatch analysis 2020-01-28 10:00:21 +01:00
Geoffrey White
30580e97dc C++: Add a TaintFunction model to FormattingFunction. 2020-01-28 08:46:46 +00:00
Geoffrey White
1d46971bb7 C++: Add an ArrayFunction model to FormattingFunction. 2020-01-28 08:46:46 +00:00
Geoffrey White
06f5720cd5 C++: Add taint tests of formatting functions. 2020-01-28 08:46:46 +00:00
Robert Marsh
1b9e375341 C++: Move getACallArgumentOrIndirection 2020-01-27 16:44:41 -08:00
Robert Marsh
fd807d46d6 C++: IR dataflow through modeled functions 2020-01-27 16:38:07 -08:00
Robert Marsh
a9bcc1dcc6 Merge pull request #2667 from dbartol/dbartol/NoEscape 
C++/C#: Make escape analysis unsound by default
 2020-01-27 19:17:33 -05:00
Robert Marsh
c7975e83a7 Merge pull request #2657 from jbj/DefaultTaintTracking-models 
C++: wire up models library to DefaultTaintTracking
 2020-01-27 17:41:54 -05:00
Dave Bartolomeo
7df3cf4c23 C++: Accept more test output after merge 2020-01-27 13:48:43 -07:00
Dave Bartolomeo
3b3502060b Merge remote-tracking branch 'upstream/master' into dbartol/NoEscape 2020-01-27 13:29:18 -07:00
Robert Marsh
79a72a3496 Merge pull request #2680 from geoffw0/modelstrndup 
CPP: Model strndup.
 2020-01-27 15:19:52 -05:00
Dave Bartolomeo
40952f85a9 C++: Accept test diffs 2020-01-27 10:31:18 -07:00
Robert Marsh
4d743d2bce Merge pull request #2692 from jbj/pure-string-read 
C++: Model that string functions read their buffer
 2020-01-27 11:40:03 -05:00
Geoffrey White
4778914154 CPP: Repair flow. 2020-01-27 14:08:03 +00:00
Geoffrey White
d9f6895602 CPP: 'sometimes copying' is considered data flow. 2020-01-27 14:07:39 +00:00
Jonas Jensen
0e3ed2dfa6 C++: Remove test for unrelated issue 
The issue for that test is being tested and fixed on PR #2686. Adding a
test here will cause a semantic merge conflict.
 2020-01-27 14:25:28 +01:00
Geoffrey White
2c7e2c4506 CPP: Not in std namespace. 2020-01-27 10:20:56 +00:00
Dave Bartolomeo
6988241b09 Merge from master 2020-01-26 16:38:48 -07:00
Dave Bartolomeo
708e83546f C++: Remove acceidentally added tests 2020-01-26 16:20:27 -07:00
Robert Marsh
959ce3b355 C++: add diff tests for DefaultTaintTracking 2020-01-24 13:46:11 -08:00
Jonas Jensen
fb6ad5274f C++: Accept test changes 2020-01-24 22:28:20 +01:00
Robert Marsh
0180672dc0 Merge pull request #2687 from jbj/DefaultTaintTracking-asExpr 
C++: Use asExpr, not getConvertedResultExpression
 2020-01-24 15:42:58 -05:00
Mathias Vorreiter Pedersen
d26cf12c3a Merge pull request #2688 from geoffw0/move-taint-test 
C++: Add the security taint test (previously internal).
 2020-01-24 15:58:20 +01:00
Jonas Jensen
b290c7b47a C++: Model that string functions read their buffer 2020-01-24 15:53:38 +01:00
Geoffrey White
af903fc30c C++: Add the security taint test (previously internal). 2020-01-24 11:28:51 +00:00
Jonas Jensen
ee0648bb57 Merge pull request #2684 from geoffw0/rearrange-tests 
CPP: Test cleanup
 2020-01-24 11:57:58 +01:00
Jonas Jensen
6606b2e18a C++: autoformat fixup 2020-01-24 10:48:03 +01:00
Geoffrey White
912260b3aa C++: Autoformat tests. 2020-01-24 09:43:58 +00:00
Jonas Jensen
5eeb5c6e67 C++: Use asExpr, not getConvertedResultExpression 
We designed the IR's `DataFlow::Node.asExpr` very carefully so that it's
suitable for taint tracking, but then we didn't use it in
`DefaultTaintTracking.qll`. This meant that the sources in
`ArithmeticWithExtremeValues.ql` didn't get associated with any
`Instruction` and thus didn't propagate anywhere.

With this commit, the mapping of `Expr`-based sources to IR data-flow
nodes uses `asExpr`.
 2020-01-24 09:42:26 +01:00
Jonas Jensen
9a45c5570d C++: Move Load from AssignmentOperation to its LHS 
This is analogous to what was done for `CrementOperation`.
 2020-01-24 09:09:31 +01:00
Jonas Jensen
53b1068a9f C++: Unshare code between assignment types 
This commit undoes the code sharing between `TranslatedAssignExpr` (`=`)
and `TranslatedAssignOperation` (`+=`, `<<=`, ...). In the next commit,
when we change how the `Load` works on the LHS of
`TranslatedAssignOperation`, these classes will become so different that
sharing is no longer helpful.
 2020-01-24 09:04:09 +01:00
Jonas Jensen
c5950d2c9d C++: IR: Result of x in x++ is now the Load 
Previously, the `Load` would be associated with the `CrementOperation`
rather than its operand, which gave surprising results when mapping
taint sinks back to `Expr`.

The changes in `raw_ir.expected` are to add `Copy` operations on the
`x++` in code like `y = x++`. This is now needed because the result that
`x++` would otherwise have (the Load) no longer belongs to the `++`
expression. Copies are inserted to ensure that all expressions are
associated with an `Instruction` result.

The changes in `*aliased_ssa_ir.expected` appear to be just wobble.
 2020-01-24 09:02:50 +01:00
yo-h
eb6f8da080 Merge pull request #2679 from aschackmull/java/remove-depr-flow-fwd-back 
Java/C++/C#: Remove the deprecated hasFlowForward/hasFlowBackward.
 2020-01-23 14:10:28 -05:00
Geoffrey White
795afa8160 CPP: Better location for the StackVariableReachability test. 2020-01-23 17:32:07 +00:00
Geoffrey White
b693ef51e2 C++: Put a little bit of content in the StackVariableReachability test. 2020-01-23 17:25:26 +00:00
Jonas Jensen
ed3ed5f1b6 C++: Test to show lack of flow to crement operands 2020-01-23 17:42:51 +01:00
Geoffrey White
f16870f8c6 CPP: Autoformat. 2020-01-23 16:20:18 +00:00
Jonas Jensen
33070cc16d Merge pull request #2678 from MathiasVP/union-access-global-virtual-dispatch 
C++: IR virtual dispatch through union field access
 2020-01-23 15:32:31 +01:00
Geoffrey White
edf2b54813 CPP: Model strndup. 2020-01-23 13:46:57 +00:00