hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,671 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

2579 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
eb4f1e1ba0 C++: Restore some of the lost test results by doing operand -> instruction taint steps in IR TaintTracking. 2021-03-02 15:45:40 +01:00
Mathias Vorreiter Pedersen
23d3109071 C++: Use taintedWithPath in more tests. This is the predicate that's currently hooked up to the new IR taint tracking library. 2021-03-02 13:40:39 +01:00
Mathias Vorreiter Pedersen
6ba35f4aac C++: Fix function renaming and accept test change. 2021-03-02 11:31:24 +01:00
Mathias Vorreiter Pedersen
9f02c144a8 C++: Remove files that were incorrectly added when resolving merge conflicts. 2021-03-02 11:14:49 +01:00
Mathias Vorreiter Pedersen
ffc6af73b7 C++: Accept test changes. 2021-03-02 11:00:43 +01:00
Mathias Vorreiter Pedersen
748f5344ff Merge branch 'main' into rdmarsh/cpp/use-taint-configuration-dtt 2021-03-02 10:43:37 +01:00
Rasmus Wriedt Larsen
0874712c97 C++/Java/Python: Allow Python string prefix in InlineExpectationsTest 
I've been writing tests for crypto libraries in Python, and have wanted to write
code along the lines of

```py
md5.hash(b"some message") # $ HashInput=b"some message"
```

which didn't work before this commit, forcing me to store my text in a variable
like below. This turned out to be really annoying when dealing with more complex
examples, so therefore I'm adding this new functionality to allow this behavior.

```py
msg = b"some message"
md5.hash(msg) # $ HashInput=msg
```
 2021-03-01 13:44:28 +01:00
Mathias Vorreiter Pedersen
72daf2eef9 C++: Make the tests more realistic by actually using the local variable for something. Otherwise it looks like a zero-initialization of a buffer, which the query now tries to exclude. 2021-02-26 09:19:05 +01:00
Dave Bartolomeo
2e02625f22 C++: Summary metrics queries 
This is a first attempt at implementing, for C++, the set of summary queries that we expect all languages to implement to help diagnose extraction failures and build configuration problems. See the spec in [this document](https://docs.google.com/document/d/1V3zpkj0OGh8GEUVwACRx7fiafE5zklujAftZaYUyf9s/edit?usp=sharing). The five queries are:

- Total number of source files (including .c/.cpp and header files)
- Total number of lines of text across all text files
- Total number of lines of code across all text files
- Number of lines of text in each source file
- Number of lines of code in each source file

I've added some simple unit tests that cover all five of these.
 2021-02-25 12:53:39 -05:00
Mathias Vorreiter Pedersen
d33209388d C++: Fix test annotations. Also exclude static locals from the query and add a testcase for this. 2021-02-25 13:25:11 +01:00
Mathias Vorreiter Pedersen
ef8b734863 C++: Move tests out of experimental and merge with old existing tests from the other memset PRs. 2021-02-24 18:02:16 +01:00
Mathias Vorreiter Pedersen
f908d2f1de C++: Remove hasTaintFlow from poll and select functions. 2021-02-22 08:54:43 +01:00
Mathias Vorreiter Pedersen
299f371715 C++: Accept more test changes. 2021-02-19 16:01:31 +01:00
Mathias Vorreiter Pedersen
4f23c3546f C++: Don't generate WriteSideEffect instructions for const parameter indirections. 2021-02-19 15:15:51 +01:00
Mathias Vorreiter Pedersen
fef824c37a C++: Implement models for poll, accept and select. 2021-02-19 14:03:54 +01:00
Geoffrey White
c4cca83019 Merge pull request #5196 from MathiasVP/fix-dataflow-regression-const-member-function 
C++: Fix missing dataflow "out of" const member functions
 2021-02-18 16:43:38 +00:00
Mathias Vorreiter Pedersen
88263cb89e Merge pull request #5114 from geoffw0/codeqltestdoc 
Documentation: Make our policy for copied example code clear and visible.
 2021-02-18 10:43:17 +01:00
Mathias Vorreiter Pedersen
3082d70345 Merge branch 'main' into fix-dataflow-regression-const-member-function 2021-02-18 09:34:51 +01:00
Cornelius Riemenschneider
ebcecca9f1 Merge pull request #5157 from geoffw0/modelsbsl2 
C++: Improve Iterator models
 2021-02-17 18:04:07 +01:00
Mathias Vorreiter Pedersen
908f24d23f C++: Fix missing AST flow. 2021-02-17 14:33:58 +01:00
Mathias Vorreiter Pedersen
e0dca2be20 Merge pull request #5185 from MathiasVP/block-integral-types-in-cgixss-query 
C++: Add isBarrier to cpp/cgi-xss
 2021-02-17 12:44:45 +01:00
Geoffrey White
ec79094957 Merge pull request #5191 from MathiasVP/regression-test-const-member-function 
C++: Add test for missing flow due to const specifier
 2021-02-17 10:59:20 +00:00
Mathias Vorreiter Pedersen
25beadcb05 Update cpp/ql/test/query-tests/Security/CWE/CWE-079/semmle/CgiXss/search.c 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2021-02-17 11:54:24 +01:00
Mathias Vorreiter Pedersen
1b148c4c90 C++: Add reduced testcase demonstrating the problem in codeql-c-analysis-team/issues/231. 2021-02-17 11:20:00 +01:00
Mathias Vorreiter Pedersen
f5d5460dde C++: Fix testcase. 2021-02-17 10:53:31 +01:00
Mathias Vorreiter Pedersen
fa44cedd38 C++: Add isBarrier to CgiXss.ql. 2021-02-16 18:58:28 +01:00
Mathias Vorreiter Pedersen
0f9b044814 C++: Model vector versions of BSD-style reads and writes. 2021-02-15 12:04:51 +01:00
Geoffrey White
3cfb0a21fe C++: Fix Iterator.qll taint/data flows for operator+=. 2021-02-12 14:54:47 +00:00
Geoffrey White
61b0d6a0cd C++: Fix Iterator.qll non-member operator+= charpred. 2021-02-12 14:54:46 +00:00
Geoffrey White
7705fc4f98 C++: Add more test cases for iterator taint flow. 2021-02-12 14:54:45 +00:00
Mathias Vorreiter Pedersen
91627cbd88 C++: Add models for BSD-style send and recv functions. 2021-02-11 17:21:32 +01:00
Geoffrey White
d475e55ec0 Update cpp/ql/test/README.md 
Co-authored-by: hubwriter <hubwriter@github.com>
 2021-02-09 15:20:03 +00:00
Geoffrey White
07b263bb2f Typo. 2021-02-08 20:27:28 +00:00
Geoffrey White
cb16c64540 Call out the issue of copied code for C/C++ example code in the C/C++ CodeQL Tests README.md (where we talk about it for tests). 2021-02-08 19:58:36 +00:00
Geoffrey White
69c7c83bc2 Merge pull request #5094 from MathiasVP/promote-UnsignedDifferenceExpressionComparedZero 
Promote cpp/unsigned-difference-expression-compared-zero out of experimental
 2021-02-04 16:54:45 +00:00
Geoffrey White
7c54512859 Merge pull request #5010 from ihsinme/ihsinme-patch-220 
CPP: Add query for CWE-570 detect and handle memory allocation errors.
 2021-02-04 15:17:28 +00:00
Mathias Vorreiter Pedersen
fd596ebbbb C++: Move cpp/unsigned-difference-expression-compared-zero out of experimental. 2021-02-04 16:10:34 +01:00
Mathias Vorreiter Pedersen
c1c9f963b9 C++: Fix qhelp in cpp/unsigned-difference-expression-compared-zero. 2021-02-04 16:10:30 +01:00
Mathias Vorreiter Pedersen
d3d56fb0af Merge pull request #5011 from ihsinme/ihsinme-patch-221 
CPP: add query for CWE-788 Access of memory location after the end of a buffer using strlen.
 2021-02-04 14:25:27 +01:00
Mathias Vorreiter Pedersen
9b39163411 Merge pull request #5076 from MathiasVP/improve-UnsignedDifferenceExpressionComparedZero 
C++: Improve cpp/unsigned-difference-expression-compared-zero
 2021-02-04 14:05:30 +01:00
Geoffrey White
d41ea6c799 Merge pull request #5081 from MathiasVP/indirection-in-dataflow-models 
C++: Add more indirection flow in dataflow models
 2021-02-04 11:55:34 +00:00
Mathias Vorreiter Pedersen
47ab9ba81b C++: emplace and emplace_back takes its arguments by universal references, so they should also specify flow as indirections. 2021-02-04 11:16:27 +01:00
Jonas Jensen
e3bdebf7a0 Merge pull request #5077 from jbj/revert-nested-fields 
C++: Revert #4784
 2021-02-03 14:07:28 +01:00
Mathias Vorreiter Pedersen
691a316460 C++: Add tests to cpp/unsigned-difference-expression-compared-zero and remove a couple of classes of FPs. 2021-02-03 11:10:57 +01:00
Jonas Jensen
064568c36d Revert "Merge pull request #4784 from MathiasVP/mathiasvp/reverse-read-take-3" 
This reverts commit 1b3d69d617, reversing
changes made to 527c41520e.
 2021-02-03 08:49:37 +01:00
Mathias Vorreiter Pedersen
ff58d5a7c0 C++: Address review comments. 2021-02-02 17:06:38 +01:00
Mathias Vorreiter Pedersen
9e75a4be34 C++: Implement a model for _strnextc and its variants. 2021-02-02 16:42:39 +01:00
Mathias Vorreiter Pedersen
98d73bf474 Merge pull request #5072 from MathiasVP/strcrement-model-implementation 
C++: Implement model for _strinc and related functions
 2021-02-02 16:22:13 +01:00
Jonas Jensen
aa9ab41e30 Merge pull request #5059 from geoffw0/mswprintf 
C++: Exclude custom vprintf implementations from primitiveVariadicFormatter.
 2021-02-02 15:13:25 +01:00
Geoffrey White
708d3870ee C++: Actually it's more appropriate to remove the implementation of vswprintf. 2021-02-02 13:42:27 +00:00