hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,676 Commits 1,671 Branches 157 Tags
yo-h/java15
Commit Graph

5006 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
3026eb4b85 Revert "C++: Remove the same rule in TaintTrackingUtil.qll as 78b24b76a0 removed from DefaultTaintTracking.qll" 
This reverts commit 0b97a4a182.
 2020-09-16 14:26:01 +02:00
Mathias Vorreiter Pedersen
92d81edae6 Revert "C++: Remove the problematic taint tracking rule. It seems like we get the flows from dataflow already now." 
This reverts commit 78b24b76a0.
 2020-09-16 14:25:42 +02:00
Mathias Vorreiter Pedersen
0b97a4a182 C++: Remove the same rule in TaintTrackingUtil.qll as 78b24b76a0 removed from DefaultTaintTracking.qll 2020-09-16 10:54:23 +02:00
Mathias Vorreiter Pedersen
7b456d6162 Merge branch 'main' into mathiasvp/array-field-flow 2020-09-16 10:45:31 +02:00
Mathias Vorreiter Pedersen
c8a3baf356 Merge pull request #4272 from jbj/dataflow-partial-access 
C++: Add AST flow through arrays
 2020-09-16 09:29:39 +02:00
Matthew Gretton-Dann
795bf0d93c Update tests for extractor changes with ctors 2020-09-15 17:58:37 +01:00
Ian Lynagh
a912a328a2 C++: Add an upgrade script 2020-09-15 15:36:19 +01:00
Ian Lynagh
56388b57bd C++: Update stats for new coroutines* tables 2020-09-15 15:36:19 +01:00
Ian Lynagh
99c4bc5175 C++: Add coroutine metadata tables 2020-09-15 15:36:19 +01:00
lcartey@github.com
eaea860d3e C++: Test for overriding existing simple range analysis ranges. 2020-09-15 15:34:48 +01:00
Jonas Jensen
78560833a1 C++: Add a test distilled from real code 
Author: @rvermeulen.

The consistency warnings go away because `sink` is defined with a body
in this file.
 2020-09-15 16:24:37 +02:00
Mathias Vorreiter Pedersen
50ad4cfec4 C++: Add comments to {Array,Pointer}StoreNode and arrayStoreStepChi. 2020-09-15 16:03:21 +02:00
Jonas Jensen
b3c50aed5e Merge pull request #4262 from github/igfoo/location 
C++: Deprecate Location subclasses
 2020-09-15 15:49:36 +02:00
lcartey@github.com
084992d40b C++: Support overriding existing range bounds 
The current support only allows the user to supply bounds for previously
unsupported expressions or for variable accesses. This commit allows
SimpleRangeAnalysisExprs to override built-in range definitions.
 2020-09-15 14:43:34 +01:00
Jonas Jensen
bdce24735c C++: Add flow through arrays 
This works by adding data-flow edges to skip over array expressions when
reading from arrays. On the post-update side, there was already code to
skip over array expressions when storing to arrays. That happens in
`valueToUpdate` in `AddressFlow.qll`, which needed just a small tweak to
support assignments with non-field expressions at the top-level LHS,
like `*a = ...` or `a[0] = ...`.

The new code in `AddressFlow.qll` is copy-pasted from `EscapesTree.qll`,
and there is already a note in these files saying that they share a lot
of code and must be maintained in sync.
 2020-09-15 14:46:11 +02:00
Jonas Jensen
27b8dc2b13 C++: Add tests for flow through arrays 2020-09-15 14:19:34 +02:00
Mathias Vorreiter Pedersen
3005f252ca C++: Fix annotation 2020-09-15 13:34:50 +02:00
Mathias Vorreiter Pedersen
0ba72c6685 C++: Accept changes. 2020-09-15 12:49:22 +02:00
Mathias Vorreiter Pedersen
265a641d06 C++: Use the underlying type to check whether a type is a single-field struct. 2020-09-15 12:49:16 +02:00
Mathias Vorreiter Pedersen
d18dd5ab09 C++: Add testcase demonstrating the underlying problem in 6ca9c449af. 2020-09-15 12:32:15 +02:00
Jonas Jensen
25412da845 Merge pull request #4253 from geoffw0/stringstream2 
C++: Model more stringstream features
 2020-09-15 12:19:26 +02:00
Robert Marsh
5f2cafc4f5 C++: Interprocedural iterator flow 2020-09-14 14:36:19 -07:00
Mathias Vorreiter Pedersen
0c14e2b69a C++: Fix annotations in taint.cpp 2020-09-14 23:08:50 +02:00
Mathias Vorreiter Pedersen
3e56db7f83 C++: Make fieldReadStep private 2020-09-14 20:52:55 +02:00
Mathias Vorreiter Pedersen
7cd6137b34 Merge branch 'main' into mathiasvp/array-field-flow 2020-09-14 20:45:06 +02:00
Geoffrey White
6ca9c449af C++: Add a test demonstrating the recent regression. 2020-09-14 17:55:20 +01:00
Geoffrey White
22097a9e13 C++: Add some CWE-190 tests I had lying around. 2020-09-14 14:39:02 +01:00
Ian Lynagh
826c40fcac C++: Deprecate Location subclasses 
The main Location class should always be used.
 2020-09-14 13:14:18 +01:00
Geoffrey White
6b035df660 C++: Repair taint flow from previous. 2020-09-14 10:21:43 +01:00
Jonas Jensen
021aa647c1 Merge pull request #4142 from MathiasVP/mathiasvp/read-step-without-memory-operands 
C++: Use IR alias analysis for field flow
 2020-09-14 09:37:27 +02:00
Mathias Vorreiter Pedersen
78b24b76a0 C++: Remove the problematic taint tracking rule. It seems like we get the flows from dataflow already now. 2020-09-14 09:26:41 +02:00
Mathias Vorreiter Pedersen
34a57e2bd4 Merge pull request #4252 from jbj/normalize-bounds 
C++: SimpleRangeAnalysis: Always normalize bounds after a computation
 2020-09-14 09:16:32 +02:00
lcartey@github.com
eb5782d908 C++: Support customizable ranges for RangeSsaDefinitions. 2020-09-11 17:12:10 +01:00
Geoffrey White
b404a339a4 C++: Correct isQualifierObject -> isQualifierAddress. 2020-09-11 16:15:47 +01:00
Jonas Jensen
fee7ce6c7f Merge pull request #4221 from rajivshah3/fix/cpp-av-32-include 
C++: Allow .inc files to be included
 2020-09-11 16:53:43 +02:00
Geoffrey White
d3ca140eeb C++: Account for pointer / reference parameters to operator<<. 2020-09-11 15:20:54 +01:00
Jonas Jensen
172becd67f Merge pull request #4250 from lcartey/cpp/expose-getdefbounds 
C++: Expose getDef(Upper|Lower)Bound as an internal predicate.
 2020-09-11 13:26:08 +02:00
Mathias Vorreiter Pedersen
2d57abdcbe Merge branch 'main' into mathiasvp/read-step-without-memory-operands 2020-09-11 12:47:29 +02:00
Geoffrey White
d648150322 C++: Autoformat. 2020-09-11 11:14:58 +01:00
Geoffrey White
dd53e3fe65 C++: Fix data flow to return value. 2020-09-11 11:14:58 +01:00
Geoffrey White
597757d76f C++: Model std::stringstream put and write. 2020-09-11 11:14:57 +01:00
Geoffrey White
66a5c38eef C++: Model std::stringstream constructor. 2020-09-11 11:14:57 +01:00
Jonas Jensen
ad11f76ec6 C++: Always normalize bounds after a computation 
This stops some cases of `-0.0` from propagating through the range
analysis, fixing a false positive on arvidn/libtorrent.

There seems to be no need for a corresponding change in the caller of
`getDefLowerBoundsImpl` since that predicate only contains computations
that cannot introduce negative zero.
 2020-09-11 11:59:00 +02:00
Jonas Jensen
0c8e06ba68 C++: Tests for -0.0 in range analysis 2020-09-11 11:52:39 +02:00
lcartey@github.com
65d48a32b8 C++: Expose getDef(Upper|Lower)Bound as an internal predicate. 2020-09-11 09:49:18 +01:00
Mathias Vorreiter Pedersen
ff09104089 Merge branch 'main' into mathiasvp/array-field-flow 2020-09-11 09:25:50 +02:00
Mathias Vorreiter Pedersen
399da6837a Merge pull request #4227 from jbj/SimpleRangeAnalysis-NotExpr 
C++: Support `(bool)x` and `!x` in SimpleRangeAnalysis
 2020-09-11 08:59:03 +02:00
Geoffrey White
fed973f9c4 Merge pull request #4229 from MathiasVP/mathiasvp/make_shared_make_unique-models 
C++: Add taint models for std::make_unique and std::make_shared
 2020-09-10 10:46:30 +01:00
Geoffrey White
34a03ec523 Merge pull request #4213 from rdmarsh2/rdmarsh2/cpp/explicit-conversion-perf 
C++: Improve performance of getExplicitlyConverted
 2020-09-10 10:33:16 +01:00
Robert Marsh
10633019a6 C++: autoformat 2020-09-09 12:45:17 -07:00