hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,672 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

2579 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
5abab25c28 Update cpp/ql/test/library-tests/dataflow/taint-tests/taint.cpp 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2020-06-10 16:51:21 +02:00
Geoffrey White
91b9b78c48 C++: Add a test case for CWE-114 involving pointers and references. 2020-06-10 14:09:46 +01:00
Mathias Vorreiter Pedersen
88dabffd2b C++: Add tests that demonstrate flow through custom swap functions 2020-06-10 15:06:57 +02:00
Mathias Vorreiter Pedersen
b48168fc03 C++: Accept tests 2020-06-08 12:26:25 +02:00
Mathias Vorreiter Pedersen
01f3793159 C++: Add ReadSideEffect as a possible end instruction for load chains 2020-06-08 11:05:30 +02:00
Mathias Vorreiter Pedersen
a4388e9258 C++: Add example demonstrating missing flow 2020-06-08 11:03:36 +02:00
Robert Marsh
cce99f92a1 C++: exclude conversions in IR field flow tests 2020-06-05 16:19:02 -07:00
Robert Marsh
53a87fa378 C++: accept field flow test changes after merge 2020-06-05 15:41:10 -07:00
Robert Marsh
0d2f8f3825 Merge branch 'master' into ir-this-parameter-2 2020-06-05 13:52:56 -07:00
Mathias Vorreiter Pedersen
4b16067af2 C++: Fix testcases after merge from master 2020-06-04 11:02:03 +02:00
Mathias Vorreiter Pedersen
2cf9bcef86 Merge branch 'master' into flat-structs 2020-06-04 10:52:25 +02:00
Mathias Vorreiter Pedersen
d295e2139a C++: Accept tests after merge from master 2020-06-03 15:13:44 +02:00
Mathias Vorreiter Pedersen
43a0d4c97d Merge branch 'master' into flat-structs 2020-06-03 15:11:14 +02:00
Jonas Jensen
ad292d8fb6 C++: Accept one more test change from last commit 2020-06-03 14:51:05 +02:00
Jonas Jensen
8f702d4b49 C++: Override toString on argument indirections 
Without this override, end users would see the string
`BufferReadSideEffect` in path explanations.
 2020-06-03 13:04:10 +02:00
Jonas Jensen
10dfa497a5 Merge remote-tracking branch 'upstream/master' into dataflow-indirect-args 
Fixed a semantic merge conflict by accepting test changes in
`cpp/ql/test/library-tests/dataflow/fields/ir-path-flow.expected`.
 2020-06-02 18:03:34 +02:00
Jonas Jensen
9c50acc0f9 Merge pull request #3602 from MathiasVP/path-problem-for-dataflow-tests 
C++: Make path-problem versions of ir-flow.ql and flow.ql
 2020-06-02 17:59:26 +02:00
Mathias Vorreiter Pedersen
2a1ba6d592 C++: Share configurations in testcases 2020-06-02 16:50:57 +02:00
Mathias Vorreiter Pedersen
b9af1123d9 C++: Make path-problem versions of ir-flow.ql and flow.ql 2020-06-02 16:28:01 +02:00
Jonas Jensen
5f0d283212 Merge remote-tracking branch 'upstream/master' into dataflow-indirect-args 
The conflicts came from how `this` is now a parameter but not a
`Parameter` on `master`.

Conflicts:
	cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
	cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/defaulttainttracking.cpp
	cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/tainted.expected
	cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/test_diff.expected
	cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-ir-consistency.expected
	cpp/ql/test/library-tests/dataflow/fields/ir-flow.expected
	cpp/ql/test/library-tests/syntax-zoo/dataflow-ir-consistency.expected
 2020-06-02 15:35:02 +02:00
Mathias Vorreiter Pedersen
cd574e8569 Merge pull request #3589 from rdmarsh2/ir-placement-new-consistency 
C++: fix IR control flow for cast in placement new
 2020-05-30 13:27:34 +02:00
Robert Marsh
45e555cff0 C++: accept inconsistency with unreachable exit block 2020-05-29 14:43:48 -07:00
Robert Marsh
5ee37bcd5a Merge branch 'master' into ir-this-parameter-2 
Bring in fix for duplicate virtual variables for parameter indirections
 2020-05-29 14:40:45 -07:00
Jonas Jensen
91da0d5567 Merge pull request #3592 from geoffw0/strlen 
CPP: Don't taint the return value of strlen
 2020-05-29 19:23:47 +02:00
Robert Marsh
6c9051ae6f C++: accept consistency fixes 2020-05-29 09:49:28 -07:00
Mathias Vorreiter Pedersen
3adc10fdb4 C++: Accept tests 2020-05-29 15:33:55 +02:00
Geoffrey White
19c33ab41c C++: Refine StrLenFunction, including removal of taint flow. 2020-05-29 14:04:27 +01:00
Geoffrey White
59cb5f9b1e C++: Remove a special case for strlen in DefaultTaintTracking. 2020-05-29 14:04:26 +01:00
Geoffrey White
d77092c931 C++: Add taint tests for strlen. 2020-05-29 13:39:40 +01:00
Mathias Vorreiter Pedersen
335baaef73 C++: Add testcases for partial definitions with long access paths 2020-05-29 12:15:39 +02:00
Jonas Jensen
7d4d435f25 Merge remote-tracking branch 'upstream/master' into Expr-location-workaround 
Conflicts:
	cpp/ql/test/library-tests/dataflow/fields/dataflow-ir-consistency.expected
 2020-05-29 10:04:12 +02:00
Jonas Jensen
9813258a3e Merge remote-tracking branch 'upstream/master' into Expr-location-workaround 
Conflicts and semantic conflicts in `library-tests/dataflow/fields` and
`library-tests/ir/ir`.
 2020-05-29 08:44:37 +02:00
Robert Marsh
f82c97b84a C++: fix IR control flow for cast in placement new 2020-05-28 16:53:21 -07:00
Robert Marsh
56d0762380 C++: add test for placement new with cast 2020-05-28 16:36:26 -07:00
Robert Marsh
a897caec76 C++: outbound dataflow via this indirections 2020-05-28 15:30:41 -07:00
Robert Marsh
7dc30e3fdc C++: add output indirections for this 2020-05-28 15:30:41 -07:00
Dave Bartolomeo
476f27e427 Merge from master 2020-05-28 17:27:08 -04:00
Dave Bartolomeo
01ef8795bf C++: Updated fixed test expectation 2020-05-28 17:24:38 -04:00
Robert Marsh
d8b5d3bce8 C++: accept test fixes 2020-05-28 08:45:01 -07:00
Robert Marsh
693789c2cc Merge branch 'master' into ir-this-parameter 
Bring in new tests so their output can be fixed
 2020-05-28 08:32:10 -07:00
Jonas Jensen
1b23f3ec90 C++: Accept two more changed tests 2020-05-28 11:18:14 +02:00
Jonas Jensen
9153f568be C++: Accept test results with location fixes 2020-05-28 09:42:49 +02:00
Robert Marsh
593d4c0f32 Merge pull request #3567 from MathiasVP/ir-partial-definition 
Implement `asPartialDefinition` for IR dataflow nodes
 2020-05-27 13:51:41 -07:00
Robert Marsh
be74616b2b C++: accept consistency test fixes 2020-05-27 12:39:54 -07:00
Dave Bartolomeo
533eeff7e8 C++: Fix MemoryLocation with multiple VirtualVariables 
While investigating a bug with `TInstruction` sharing, I discovered that we had a case where alias analysis could create two `VirtualVariable`s for the same `Allocation`. For an indirect parameter allocation, we were using the type of the pointer variable as the type of the indirect allocation, instead of just `Unknown`. If the `IRType` of the pointer variable was the same type as the type of at least one access to the indirect allocation, we'd create both an `EntireAllocationVirtualVariable` and a `VariableVirtualVariable` for the allocation.

I added a new consistency test to guard against this in the future. This also turned out to be the root cause of the one existing known consistency failure in the IR tests.
 2020-05-27 14:06:59 -04:00
Mathias Vorreiter Pedersen
bd97fe627c Merge branch 'master' into remove-field-conflation-from-ir-fieldflow 2020-05-27 17:08:19 +02:00
Mathias Vorreiter Pedersen
97edd97778 C++: Add getLocation to TNode IPA type in testcase 2020-05-27 08:28:18 +02:00
Robert Marsh
fb46002332 C++: Fix ThisParameterNode after IR changes 2020-05-26 13:35:08 -07:00
Robert Marsh
7ad45d50c0 C++: add test case from issue 2020-05-26 11:38:14 -07:00
Geoffrey White
95537ed26f C++: Fix mysprintf in test. 2020-05-26 18:06:14 +01:00