hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,908 Commits 1,672 Branches 157 Tags
z80coder/ATM-feature-optimisation
Commit Graph

756 Commits

Author SHA1 Message Date
Geoffrey White
30580e97dc C++: Add a TaintFunction model to FormattingFunction. 2020-01-28 08:46:46 +00:00
Geoffrey White
06f5720cd5 C++: Add taint tests of formatting functions. 2020-01-28 08:46:46 +00:00
Robert Marsh
fd807d46d6 C++: IR dataflow through modeled functions 2020-01-27 16:38:07 -08:00
Robert Marsh
a9bcc1dcc6 Merge pull request #2667 from dbartol/dbartol/NoEscape 
C++/C#: Make escape analysis unsound by default
 2020-01-27 19:17:33 -05:00
Robert Marsh
c7975e83a7 Merge pull request #2657 from jbj/DefaultTaintTracking-models 
C++: wire up models library to DefaultTaintTracking
 2020-01-27 17:41:54 -05:00
Dave Bartolomeo
3b3502060b Merge remote-tracking branch 'upstream/master' into dbartol/NoEscape 2020-01-27 13:29:18 -07:00
Robert Marsh
79a72a3496 Merge pull request #2680 from geoffw0/modelstrndup 
CPP: Model strndup.
 2020-01-27 15:19:52 -05:00
Dave Bartolomeo
40952f85a9 C++: Accept test diffs 2020-01-27 10:31:18 -07:00
Geoffrey White
4778914154 CPP: Repair flow. 2020-01-27 14:08:03 +00:00
Geoffrey White
d9f6895602 CPP: 'sometimes copying' is considered data flow. 2020-01-27 14:07:39 +00:00
Jonas Jensen
0e3ed2dfa6 C++: Remove test for unrelated issue 
The issue for that test is being tested and fixed on PR #2686. Adding a
test here will cause a semantic merge conflict.
 2020-01-27 14:25:28 +01:00
Dave Bartolomeo
6988241b09 Merge from master 2020-01-26 16:38:48 -07:00
Robert Marsh
959ce3b355 C++: add diff tests for DefaultTaintTracking 2020-01-24 13:46:11 -08:00
Mathias Vorreiter Pedersen
d26cf12c3a Merge pull request #2688 from geoffw0/move-taint-test 
C++: Add the security taint test (previously internal).
 2020-01-24 15:58:20 +01:00
Geoffrey White
af903fc30c C++: Add the security taint test (previously internal). 2020-01-24 11:28:51 +00:00
Jonas Jensen
9a45c5570d C++: Move Load from AssignmentOperation to its LHS 
This is analogous to what was done for `CrementOperation`.
 2020-01-24 09:09:31 +01:00
Jonas Jensen
c5950d2c9d C++: IR: Result of x in x++ is now the Load 
Previously, the `Load` would be associated with the `CrementOperation`
rather than its operand, which gave surprising results when mapping
taint sinks back to `Expr`.

The changes in `raw_ir.expected` are to add `Copy` operations on the
`x++` in code like `y = x++`. This is now needed because the result that
`x++` would otherwise have (the Load) no longer belongs to the `++`
expression. Copies are inserted to ensure that all expressions are
associated with an `Instruction` result.

The changes in `*aliased_ssa_ir.expected` appear to be just wobble.
 2020-01-24 09:02:50 +01:00
Jonas Jensen
ed3ed5f1b6 C++: Test to show lack of flow to crement operands 2020-01-23 17:42:51 +01:00
Jonas Jensen
33070cc16d Merge pull request #2678 from MathiasVP/union-access-global-virtual-dispatch 
C++: IR virtual dispatch through union field access
 2020-01-23 15:32:31 +01:00
Geoffrey White
edf2b54813 CPP: Model strndup. 2020-01-23 13:46:57 +00:00
Mathias Vorreiter Pedersen
77531294bf C++: Accepted output on tests 2020-01-23 10:20:10 +01:00
Mathias Vorreiter Pedersen
256ae2fda6 C++: Add test demonstrating a flow not detected 2020-01-23 10:16:24 +01:00
Geoffrey White
1867d58034 CPP: Allow flow to return value. 2020-01-22 16:25:40 +00:00
Geoffrey White
704bfe7184 CPP: Support taint flow from qualifiers. 2020-01-22 16:22:29 +00:00
Geoffrey White
e6daf3b7ee CPP: Support taint flow to qualifiers. 2020-01-22 16:16:31 +00:00
Jonas Jensen
7376daf16e C++: Some data flow through partial chi operands 2020-01-22 17:14:32 +01:00
Geoffrey White
1a6f7febe7 CPP: Add tests of taint through qualifiers. 2020-01-22 16:11:13 +00:00
Jonas Jensen
3827411095 Merge branch 'dbartol/NoEscape' into HEAD 2020-01-22 16:21:24 +01:00
Jonas Jensen
66914e52c6 C++: accept test changes 2020-01-22 14:08:05 +01:00
Jonas Jensen
6cdca29aa6 C++: Flow through read side effects 
Until we have better tracking of indirections, these flow rules conflate
pointers and their contents.
 2020-01-22 13:27:10 +01:00
Jonas Jensen
2aaf41a0d8 C++: Test lack of flow through read side effect 2020-01-22 13:27:10 +01:00
Jonas Jensen
6d46e4d946 C++: Wire up models to DefaultTaintTracking 
This adds support for arg-to-arg and arg-to-return taint.
 2020-01-21 12:04:45 +01:00
Jonas Jensen
fa00e96ba8 C++: Test IR taint through library functions 2020-01-21 12:03:43 +01:00
Geoffrey White
5a20e85598 Merge pull request #2638 from jbj/ir-dispatch 
C++ IR: Support for global virtual dispatch
 2020-01-20 12:04:09 +00:00
Jonas Jensen
391b80eac4 C++: Show virtual inheritance problem in vdispatch 2020-01-20 11:17:44 +01:00
Jonas Jensen
3632d51abc Merge pull request #2635 from geoffw0/modelstrdup 
CPP: Model strdup
 2020-01-17 19:26:26 +01:00
Geoffrey White
3c41ed56a1 CPP: Support taint to return value derefs instead. 2020-01-16 18:15:21 +00:00
Jonas Jensen
f4d0c5e905 C++ IR: Support for global virtual dispatch 
The IR data flow library now supports virtual dispatch with a library
that's similar to `security.TaintTracking`. In particular, it should
have the same performance characteristics. The main difference is that
non-recursive callers of `flowsFrom` now pass `_` instead of `true` for
`boolean allowFromArg`. This change allows flow through `return` to
actually work.
 2020-01-16 14:51:28 +01:00
Geoffrey White
ef47563139 CPP: Support flow of pointed-to things through function calls. 2020-01-16 11:08:19 +00:00
Geoffrey White
ce389ca791 CPP: Add tests for strdup. 2020-01-15 18:26:24 +00:00
Jonas Jensen
618bf2e29e C++: IR data flow through total chi operands 2019-12-27 11:44:41 +01:00
Jonas Jensen
64c79bf9e1 C++: Deprecate UninitializedNode in IR data flow 
It's not used outside of tests, and it's not useful. It will break the
tests when we start allowing flow through chi nodes.
 2019-12-27 11:21:33 +01:00
Dave Bartolomeo
5b5d2f2b67 Merge pull request #2154 from rdmarsh2/rdmarsh/cpp/ir-callee-side-effects 
C++: add InitializeIndirection for pointer params
 2019-12-20 13:13:54 -07:00
Robert Marsh
e209ed961a Merge branch 'master' into rdmarsh/cpp/ir-callee-side-effects 2019-12-17 15:11:02 -08:00
Mathias Vorreiter Pedersen
1d3ee71f73 C++: Added test for 333d0a69 2019-12-17 13:54:41 +01:00
Jonas Jensen
763b18cd11 Merge remote-tracking branch 'upstream/master' into StackVariable 
Conflicts:
      change-notes/1.24/analysis-cpp.md
      cpp/ql/src/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql
 2019-11-28 17:51:20 +01:00
Robert Marsh
05aebeff79 Merge branch 'master' into rdmarsh/cpp/ir-callee-side-effects 2019-11-21 13:45:31 -08:00
Robert Marsh
34593701b2 Merge branch 'master' into rdmarsh/cpp/ir-callee-side-effects 2019-11-20 10:03:32 -08:00
Jonas Jensen
c41114334f Merge remote-tracking branch 'upstream/master' into ir-dataflow-toString 
Solved conflicts in `*.expected` by re-running the tests.
 2019-11-19 14:27:27 +01:00
Jonas Jensen
1498499994 C++: Relax type in two tests 2019-11-19 11:31:34 +01:00