hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,405 Commits 1,672 Branches 157 Tags
remove-javascript
Commit Graph

28 Commits

Author SHA1 Message Date
Robert Marsh
c2b356ab08 C++: add subpaths to DefaultTaintTracking 2021-09-23 21:00:45 -07:00
Anders Schack-Mulligen
f30dad7705 Dataflow: Update test expected outputs. 2021-09-07 13:02:20 +02:00
Mathias Vorreiter Pedersen
a2d75c4fed Merge branch 'main' into rdmarsh/cpp/use-taint-configuration-dtt 2021-03-11 18:06:37 +01:00
Mathias Vorreiter Pedersen
01cc2f2c77 Merge pull request #5366 from MathiasVP/better-path-explanation-for-this-indirection 
C++: Replace 'Argument -1 indirection' with 'This indirection'
 2021-03-11 10:48:44 +01:00
Jonas Jensen
e1adf5e8b0 Merge pull request #5218 from MathiasVP/no-write-side-effects-for-const-pointer-params 
C++: Don't generate write side effects for const parameter indirections
 2021-03-11 09:48:05 +01:00
Mathias Vorreiter Pedersen
55da16c4a9 C++: Accept test changes. 2021-03-11 09:27:45 +01:00
Mathias Vorreiter Pedersen
19d08d7b40 Merge branch 'main' into rdmarsh/cpp/use-taint-configuration-dtt 2021-03-09 12:35:44 +01:00
Mathias Vorreiter Pedersen
7207a17f6f C++: Accept more tests. 2021-03-08 16:50:12 +01:00
Mathias Vorreiter Pedersen
299f371715 C++: Accept more test changes. 2021-02-19 16:01:31 +01:00
Robert Marsh
275d75295c Merge branch 'main' into rdmarsh/cpp/use-taint-configuration-dtt 
Fix test conflict
 2020-11-12 13:28:10 -08:00
Robert Marsh
04ad94d1cc C++: model taint from pointers to aliased buffers 2020-11-09 13:52:08 -08:00
Robert Marsh
95ed5465de C++: improve handling of function arguments in DTT 2020-11-09 13:02:06 -08:00
Robert Marsh
7d79be71d1 C++: taint tracking conf in DefaultTaintTracking 
Switch from using additional flow steps with a DataFlow::Configuration
in DefaultTaintTracking to using a TaintTracking::Configuration. This
makes future improvements to TaintTracking::Configuration reflected in
DefaultTaintTracking without further effort. It also removes the
predictability constraint in DefaultTaintTracking, which increases the
number of results, with both new true positives and new false positives.
Those may need to be addressed on a per-query basis.

There are some additional regressions from losing pointer/object
conflation for arguments. Those can be worked around by adding that
conflation to TaintTracking::Configuration until precise indirect
parameter flow is ready.
 2020-11-09 13:00:55 -08:00
Mathias Vorreiter Pedersen
f3f9a044e0 C++: Accept more tests. 2020-10-29 13:55:45 +01:00
Mathias Vorreiter Pedersen
e95aefe0b2 C++: Now that PrimaryArgumentNode is an OperandNode we want a specialized toString on it 2020-10-05 15:13:33 +02:00
Mathias Vorreiter Pedersen
d162c3d8c6 C++: Accept more test changes 2020-10-05 14:29:57 +02:00
Mathias Vorreiter Pedersen
072e1967c1 C++: Accept more tests 2020-10-02 15:51:29 +02:00
Mathias Vorreiter Pedersen
73cd5ceb80 C++: Accept tests. Due to the removal of overlap between the reads steps there are fewer repeated edges in path explanations. 2020-09-21 14:17:49 +02:00
Mathias Vorreiter Pedersen
3520b86771 C++: Accept test changes. 2020-09-16 14:51:11 +02:00
Jonas Jensen
ad292d8fb6 C++: Accept one more test change from last commit 2020-06-03 14:51:05 +02:00
Jonas Jensen
3a89f43cd6 Merge remote-tracking branch 'upstream/master' into dataflow-indirect-args 
Conflicts:
	cpp/ql/src/semmle/code/cpp/ir/dataflow/DefaultTaintTracking.qll
	cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
	cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/defaulttainttracking.cpp
	cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/tainted.expected
	cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/test_diff.expected
	cpp/ql/test/library-tests/dataflow/dataflow-tests/test_ir.expected
 2020-05-11 14:44:17 +02:00
Robert Marsh
c38ccaaab6 Merge branch 'master' into rdmarsh/cpp/ir-flow-through-outparams 2020-04-08 12:32:35 -07:00
Jonas Jensen
36da2d1dae C++: Manipulate the source end of paths too 
Without this, we get duplicate alerts in some cases and
unnatural-looking source nodes in other cases. The source nodes were
often `Conversion`s.
 2020-04-03 16:37:23 +02:00
Jonas Jensen
207c76b855 C++: Path explanations in DefaultTaintTracking 
The first three queries are migrated to use path explanations.
 2020-04-01 20:51:05 +02:00
Geoffrey White
4af0193c98 C++: Modify the argvlocal tests. 2020-02-24 16:51:47 +00:00
Geoffrey White
9f271949d5 C++: Adjust layout of the argvlocal test. 2020-02-24 15:52:31 +00:00
Jonas Jensen
a59c0facee C++: Accept test changes for IR libs 
This is for the tests in the ql repo. There are also changed tests in
the internal repo.
 2020-02-15 21:12:20 +01:00
Geoffrey White
f034abc275 CPP: Add the Semmle security tests. 2018-11-26 17:52:34 +00:00