hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,275 Commits 1,671 Branches 157 Tags
tausbn/python-refine-location-of-flask-request-sources
Commit Graph

3781 Commits

Author SHA1 Message Date
Tom Hvitved
6cb00992e8 Data flow: Introduce ConsistencyConfiguration class 2021-11-25 10:01:47 +01:00
Anders Schack-Mulligen
7ca3407c86 Dataflow: Sync. 2021-11-24 14:43:00 +01:00
Mathias Vorreiter Pedersen
6c7a01d3d5 C++: Add some comments to the two 'flowThrough' predicates. 2021-11-24 10:50:44 +00:00
Mathias Vorreiter Pedersen
4cbfc306ac C++: Hide dataflow nodes if they're just used for flow-through for read steps or store steps. 2021-11-24 08:01:44 +00:00
Paolo Tranquilli
055017de49 fix how non existing locations are accounted for 2021-11-23 15:28:16 +00:00
Paolo Tranquilli
9538ac73e4 account for non-existing locations 2021-11-23 15:28:16 +00:00
Paolo Tranquilli
d626745ab1 fix ThisArgumentOperand location 
The correct check to do to choose between using `getAnyDef` and `getUse`
is to check whether the location is an instance of UknonwnLocation.
 2021-11-23 15:28:16 +00:00
Paolo Tranquilli
e99a040884 implement review suggestions 2021-11-23 15:28:16 +00:00
Paolo Tranquilli
8b44d5c39e sync files 2021-11-23 15:28:15 +00:00
Paolo Tranquilli
30805d964c add ThisArgumentOperand special case 2021-11-23 15:28:15 +00:00
Paolo Tranquilli
9b818a04f2 sync 2021-11-23 15:28:15 +00:00
Paolo Tranquilli
4498657384 Apply suggestions from code review 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-11-23 15:28:15 +00:00
Paolo Tranquilli
0ff9520575 ...and syncing files again 2021-11-23 15:28:15 +00:00
Paolo Tranquilli
b5165e3692 C++: more fine-grained Operand location change 
Only RegisterOperands need the change, with the notable exception of
ThisArgumentOperand.
 2021-11-23 15:28:15 +00:00
Paolo Tranquilli
5202f963dd C++: sync Operand source 2021-11-23 15:28:15 +00:00
Paolo Tranquilli
74c0197544 C++: take IR Operand locations from definitions 
Previously Operand's getLocation would take it from the Operand use.
This lead to slightly confusing query results, where for example an
issue related to a call argument would highlight the function part of
the call instead of the parameter.
 2021-11-23 15:28:15 +00:00
Tom Hvitved
83d204d7a8 Merge pull request #7218 from hvitved/ssa/fix-consistency-tests 
Ruby: Fix SSA consistency tests + CFG bug
 2021-11-23 16:24:41 +01:00
Tom Hvitved
0bd587b395 Shared SSA: Sync files 2021-11-23 13:30:37 +01:00
Mathias Vorreiter Pedersen
672485ae38 Merge branch 'main' into remove-reference-to-as-load 2021-11-23 10:24:17 +00:00
Mathias Vorreiter Pedersen
f308be7382 C++: Restore the missing flow. This has a couple of side-effects: First, it gives us some new good flow (yay). Second, it causes some duplication of results that uses 'argv' as a taint source. The duplication isn't very bad, though. And since it is only for paths that start at 'argv', I think we can live with it for now. 2021-11-22 13:04:07 +00:00
Tom Hvitved
4068cc9c3a Shared SSA: Sync files 2021-11-19 11:31:28 +01:00
Mathias Vorreiter Pedersen
6dc6a78293 C++: Add a 'IteratorByPointer' class so pointers are always iterators. 2021-11-17 14:41:19 +00:00
Anders Schack-Mulligen
c70d384d28 Merge pull request #7045 from aschackmull/dataflow/hidden-ret-subpaths 
Data flow: Support hidden return nodes in subpaths predicate
 2021-11-16 15:04:51 +01:00
Mathias Vorreiter Pedersen
3f0bfe1d75 C++: Remove the implicit assumption about the existence of a lower bound implying the existence of an upper bound (and vice veraa). 2021-11-15 13:39:15 +00:00
Mathias Vorreiter Pedersen
63f50a9eb7 C++: Cleanup the case for possibly-negative unsigned values. 2021-11-15 13:31:51 +00:00
Mathias Vorreiter Pedersen
9a9f7943aa C++: Fix bug for exact powers of 10 and accept test changes. 2021-11-15 13:20:45 +00:00
Mathias Vorreiter Pedersen
982de28b89 Update cpp/ql/lib/semmle/code/cpp/commons/Printf.qll 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2021-11-11 13:19:13 +00:00
Mathias Vorreiter Pedersen
dbcd4d6d5d C++: Remove 'ReferenceToInstruction' from the list of instructions we interpret as a load. This makes use lose a bunch of flow, and we'll restore this flow in the next commit. 2021-11-11 10:38:52 +00:00
Anders Schack-Mulligen
7ffd9b4f9e Dataflow: Include read/store steps when finding non-hidden return. 2021-11-11 11:26:21 +01:00
Anders Schack-Mulligen
6d9fb3ca43 Dataflow: Sync. 2021-11-10 15:11:13 +01:00
Mathias Vorreiter Pedersen
e2ab1c8c5e Merge branch 'main' into use-range-analysis-in-buffer-write 2021-11-10 08:28:43 +00:00
Mathias Vorreiter Pedersen
10bca3544c C++: Change 'annotate_path_to_sink' so that you now annotate a ir-path with the previous node (instead of its source). This gives a better overview of the path. 2021-11-09 13:49:12 +00:00
Mathias Vorreiter Pedersen
8e496f7121 C++: Pull in the latest changes to 'SsaImplCommon'. 2021-11-08 10:46:54 +00:00
Mathias Vorreiter Pedersen
fff5d293ff Merge branch 'main' into use-shared-ssa-in-ir-dataflow 2021-11-08 10:44:36 +00:00
Mathias Vorreiter Pedersen
021d9415b8 Merge branch 'main' into use-range-analysis-in-buffer-write 2021-11-08 08:22:49 +00:00
Mathias Vorreiter Pedersen
34aa4981be Merge pull request #7018 from geoffw0/nullterm3 
C++: Further performance improvement for the null termination queries
 2021-11-04 21:37:58 +00:00
Mathias Vorreiter Pedersen
ac90259906 C++: Teach 'getMaxConvertedLength' to use 'SimpleRangeAnalysis'. 2021-11-04 21:25:28 +00:00
Mathias Vorreiter Pedersen
ae4b6c54bc C++: Change the structure of the 'annotate_path_to_sink' tests to better test path-explanations. 2021-11-03 20:32:05 +00:00
Mathias Vorreiter Pedersen
4095c2012e C++: Add comments on why 'ReferenceToInstruction' is interpreted like a 'LoadInstruction' at certain places. 2021-11-03 13:27:26 +00:00
Mathias Vorreiter Pedersen
43a4795272 C++: Remove redundant conjunct. 2021-11-03 13:19:43 +00:00
Mathias Vorreiter Pedersen
1f89b4987b C++: Rename 'valueFlow' to 'conversionFlow' and add a QLDoc that explains its purpose. 2021-11-03 12:22:27 +00:00
Mathias Vorreiter Pedersen
dfbfbe4953 Merge branch 'main' into use-shared-ssa-in-ir-dataflow 2021-11-03 10:39:22 +00:00
Mathias Vorreiter Pedersen
ad5619ff07 Revert "C++: Don't count write operations as uses." 
This reverts commit 092beb8b73.
 2021-11-03 10:37:32 +00:00
Mathias Vorreiter Pedersen
4a2894a707 Merge pull request #7025 from MathiasVP/nomagic-parameterCand 
Dataflow: Replace a 'noinline' pragma with a 'nomagic' pragma
 2021-11-02 20:40:44 +00:00
Mathias Vorreiter Pedersen
3e6ac74d73 C++: Add 'InheritanceConversionInstruction' to the list of instructions that set 'certain = false' in 'explicitWrite'. 2021-11-02 13:02:46 +00:00
Mathias Vorreiter Pedersen
56cabb8f46 C++: Add comments to some of the disjuncts in 'addressFlow'. 2021-11-02 12:52:11 +00:00
Anders Schack-Mulligen
7d0152f3c0 Merge pull request #6932 from aschackmull/dataflow/flow-features 
Dataflow: Add support for call context restrictions on sources/sinks.
 2021-11-02 13:24:17 +01:00
Mathias Vorreiter Pedersen
6f4107ff23 Dataflow: Replace a 'noinline' pragma with a 'nomagic' pragma. 2021-11-02 11:37:40 +00:00
Mathias Vorreiter Pedersen
092beb8b73 C++: Don't count write operations as uses. 2021-11-02 10:59:34 +00:00
Geoffrey White
c1de4165a9 Update cpp/ql/lib/semmle/code/cpp/commons/NullTermination.qll 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2021-11-02 10:51:35 +00:00