hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,405 Commits 1,672 Branches 157 Tags
remove-javascript
Commit Graph

1683 Commits

Author SHA1 Message Date
Robert Marsh
8a53dc882d C++: treat this as a parameter in IR 2020-05-22 15:35:34 -07:00
Mathias Vorreiter Pedersen
617ef32464 C++: Remove [FALSE POSITIVE] annotations 2020-05-21 02:22:57 +02:00
Mathias Vorreiter Pedersen
3c167125e5 C++: Accept test output 2020-05-20 18:18:34 +02:00
Robert Marsh
28c2acabe5 Merge pull request #3505 from dbartol/github/codeql-c-analysis-team/69 
C++/C#: Remove `UnmodeledDefinition` instruction
 2020-05-19 17:17:53 -07:00
Jonas Jensen
d38700a87c Merge remote-tracking branch 'upstream/master' into mergeback-2020-05-19 
Conflicts:
	cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/tainted.expected
	cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/test_diff.expected
 2020-05-19 17:44:15 +02:00
Jonas Jensen
5318d42c4f Merge remote-tracking branch 'upstream/rc/1.24' into mergeback-2020-05-19 2020-05-19 14:42:58 +02:00
Jonas Jensen
486f06ab18 C++: Simplify field conflation test 
It turned out the `memcpy` step was not even necessary.
 2020-05-19 14:12:11 +02:00
Dave Bartolomeo
3758f3c48d C++: Fix syntax-zoo test output 2020-05-18 18:07:52 -04:00
Dave Bartolomeo
42c659b8f2 C++/C#: Remove UnmodeledDefinition instruction 2020-05-18 15:08:50 -04:00
Dave Bartolomeo
35868d4e5b C++/C#: Change dump of unmodeled use to m? 
This is kind of inconsequential on its own, but will make the test diffs easier to understand once the next commit removes `UnmodeledDefinition`.
 2020-05-18 10:47:43 -04:00
Jonas Jensen
76e194c8be C++: Fix struct field conflation in IR data flow 
The virtual-dispatch code for globals was missing any relationship
between the union field access and the global variable, which meant it
propagated function-pointer flow between any two fields of a global
struct. This resulted in false positives from
`cpp/tainted-format-string` on projects using SDL, such as
WohlSoft/PGE-Project.

In addition to fixing that bug, this commit also brings the code up to
date with the new style of modeling flow through global variables:
`DataFlow::Node.asVariable()`.
 2020-05-18 16:24:22 +02:00
Jonas Jensen
f2402c5abb C++: Test virtual dispatch field conflation 
This test demonstrates that IR data flow conflates unrelated fields of a
global struct-typed variable and that this bug is not present in the old
AST-based implementation of `semmle.code.cpp.security.TaintTracking`.
 2020-05-18 15:37:22 +02:00
Jonas Jensen
cc00f0f584 C++: Move identical declarations to shared.h file 
This cleans up the test results, which were confusing because functions
like `sink` had multiple locations.

There are some additional results now involving casts to `const char *`
because previously it varied whether `sink` used `const`, and now it
always does.
 2020-05-18 10:42:52 +02:00
Mathias Vorreiter Pedersen
a42d80aa14 Merge pull request #3481 from dbartol/github/codeql-c-analysis-team/69 
C++/C#: Allow memory operands to lack a definition
 2020-05-16 11:53:00 +02:00
Jonas Jensen
b08de6c051 Merge pull request #3482 from MathiasVP/getlim-taint-source 
C++: Add GetDelim as taint step
 2020-05-15 15:54:29 +02:00
Mathias Vorreiter Pedersen
866b1361ec C++: Accept tests 2020-05-15 11:12:47 +02:00
Mathias Vorreiter Pedersen
90d473d886 C++: Demonstrate lack of taint through getdelim 2020-05-15 11:01:27 +02:00
Dave Bartolomeo
6c12b59f0f C++/C#: Allow non-Phi memory operands to have no definition 2020-05-14 17:22:23 -04:00
Mathias Vorreiter Pedersen
fe682556bf Merge pull request #3475 from jbj/field-conflation-memcpy 
C++: Test field conflation with array in struct
 2020-05-14 17:53:32 +02:00
Dave Bartolomeo
efa133f0db Merge pull request #3463 from MathiasVP/fix-field-flow-annotation 
C++: Annotate field flow tests
 2020-05-14 10:49:27 -04:00
Jonas Jensen
49ebb3197a Merge pull request #3472 from geoffw0/paramstring 
C++: Improve getParameterString().
 2020-05-14 16:48:07 +02:00
Jonas Jensen
a380dc113f C++: Test field conflation with array in struct 2020-05-14 16:29:39 +02:00
Jonas Jensen
3cd377e299 C++: Fixup forgotten test annotation 
This should have been removed in 038bea2f52.
 2020-05-14 15:57:47 +02:00
Mathias Vorreiter Pedersen
1c2b8563ae C++: Remove 'flow' value from testcases 2020-05-14 15:33:02 +02:00
Geoffrey White
da83f826b9 C++: Solve duplication in getParameterString(). 2020-05-14 14:21:06 +01:00
Geoffrey White
ca0d23fd72 C++: Add a test case. 2020-05-14 14:20:02 +01:00
Mathias Vorreiter Pedersen
5f9b96cde9 C++: Fix off-by-one in test annotation 2020-05-14 15:12:00 +02:00
Geoffrey White
78f098f37a C++: Test Function.getParameterString(). 2020-05-14 13:05:39 +01:00
Mathias Vorreiter Pedersen
f414b277ba C++: Modify complex.cpp test to account for longer access paths in the dataflow library 2020-05-14 13:58:04 +02:00
Geoffrey White
53a53fb633 C++: Modernize the Functions test. 2020-05-14 12:50:57 +01:00
Mathias Vorreiter Pedersen
f5f3405ec3 C++: Modify IR field flow tests to use InlineExpectationsTest.qll 2020-05-14 11:11:21 +02:00
Mathias Vorreiter Pedersen
34314d0cb6 C++: Annotation field flow tests with [IR] and [AST] 2020-05-13 15:16:02 +02:00
Dave Bartolomeo
b0f7e9c6a7 C++: Accept test output 2020-05-13 08:02:17 -04:00
Jonas Jensen
1018eaff09 Merge remote-tracking branch 'upstream/master' into dataflow-indirect-args 
Conflicts:
	cpp/ql/test/library-tests/dataflow/fields/ir-flow.expected
 2020-05-13 12:05:58 +02:00
Jonas Jensen
038bea2f52 C++: Add type check to prevent field conflation 2020-05-13 09:25:24 +02:00
Jonas Jensen
250e12a323 C++: Demonstrate new field conflation 2020-05-13 09:24:36 +02:00
Dave Bartolomeo
5d3f25211d C++/C#: Remove UnmodeledUse instruction 2020-05-13 01:06:40 -04:00
Jonas Jensen
451ae7b762 Merge pull request #3444 from dbartol/codeql-c-analysis-team/68 
Rename `sanity` -> `consistency`
 2020-05-12 12:33:08 +02:00
Mathias Vorreiter Pedersen
df6abdc074 Merge pull request #3389 from jbj/dataflow-defbyref-to-field 
C++: Post-update flow through &, *, +, ...
 2020-05-12 08:30:33 +02:00
Dave Bartolomeo
09d1da2f7a C++/C#: Rename sanity -> consistency 
I did both of these languages together because they share some of the changed code via `identical-files.json`.
 2020-05-11 13:29:52 -04:00
Jonas Jensen
3a89f43cd6 Merge remote-tracking branch 'upstream/master' into dataflow-indirect-args 
Conflicts:
	cpp/ql/src/semmle/code/cpp/ir/dataflow/DefaultTaintTracking.qll
	cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
	cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/defaulttainttracking.cpp
	cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/tainted.expected
	cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/test_diff.expected
	cpp/ql/test/library-tests/dataflow/dataflow-tests/test_ir.expected
 2020-05-11 14:44:17 +02:00
Jonas Jensen
71c21e6eca C++: Accept test changes forgotten in 32e04b403 
Adding a new test case leads to changes in all `.expected` files in its
directory.

The new results show that the `DefinitionsAndUses` library does not
model `std::addressof` correctly, but that library is not intended to be
used for new code.
 2020-05-11 08:17:13 +02:00
Jonas Jensen
88eeca39fb Merge commit '52d8acc1a198c5ea29c1dddceda1d6c0fb75de14' into dataflow-defbyref-to-field 
This is a partial merge from master. In particular, it takes in #3382
and #3385.
 2020-05-07 16:46:11 +02:00
Jonas Jensen
32e04b4033 C++: Support std::addressof 
I didn't add this support in `AddressConstantExpression.qll` since I
think it would require extra work and testing to get the constexprness
right. My long-term plan for `AddressConstantExpression.qll` is to move
its functionality to the extractor.
 2020-05-07 16:30:44 +02:00
Mathias Vorreiter Pedersen
594f3b1807 C++: Add testcase for #3110 2020-05-07 14:39:53 +02:00
Geoffrey White
3e2e69c06a C++: Autoformat. 2020-05-05 16:55:15 +01:00
Geoffrey White
2940f4794e C++: Fix isfromtemplateinstantiation test. 2020-05-05 13:12:44 +01:00
Geoffrey White
511d7c9199 C++: Improve solution for UsingDeclarationEntry. 2020-05-04 18:01:29 +01:00
Geoffrey White
3d431607e7 C++: Combine the usings tests and add detail about classes. 2020-05-04 17:48:42 +01:00
Geoffrey White
9fc37d174e C++: Update the 'usings' tests. 2020-05-04 17:46:26 +01:00