hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,029 Commits 1,671 Branches 157 Tags
z80coder/query-pack-release-candidate-2
Commit Graph

1716 Commits

Author SHA1 Message Date
Geoffrey White
7cc60a30a6 C++: Flow through get, peek, read, readsome. 2020-09-16 13:36:41 +01:00
Geoffrey White
56390c1aef C++: Flow through operator>>. 2020-09-16 13:32:13 +01:00
Mathias Vorreiter Pedersen
7b456d6162 Merge branch 'main' into mathiasvp/array-field-flow 2020-09-16 10:45:31 +02:00
Mathias Vorreiter Pedersen
c8a3baf356 Merge pull request #4272 from jbj/dataflow-partial-access 
C++: Add AST flow through arrays
 2020-09-16 09:29:39 +02:00
Matthew Gretton-Dann
795bf0d93c Update tests for extractor changes with ctors 2020-09-15 17:58:37 +01:00
Jonas Jensen
78560833a1 C++: Add a test distilled from real code 
Author: @rvermeulen.

The consistency warnings go away because `sink` is defined with a body
in this file.
 2020-09-15 16:24:37 +02:00
Jonas Jensen
bdce24735c C++: Add flow through arrays 
This works by adding data-flow edges to skip over array expressions when
reading from arrays. On the post-update side, there was already code to
skip over array expressions when storing to arrays. That happens in
`valueToUpdate` in `AddressFlow.qll`, which needed just a small tweak to
support assignments with non-field expressions at the top-level LHS,
like `*a = ...` or `a[0] = ...`.

The new code in `AddressFlow.qll` is copy-pasted from `EscapesTree.qll`,
and there is already a note in these files saying that they share a lot
of code and must be maintained in sync.
 2020-09-15 14:46:11 +02:00
Jonas Jensen
27b8dc2b13 C++: Add tests for flow through arrays 2020-09-15 14:19:34 +02:00
Mathias Vorreiter Pedersen
0ba72c6685 C++: Accept changes. 2020-09-15 12:49:22 +02:00
Mathias Vorreiter Pedersen
d18dd5ab09 C++: Add testcase demonstrating the underlying problem in 6ca9c449af. 2020-09-15 12:32:15 +02:00
Jonas Jensen
25412da845 Merge pull request #4253 from geoffw0/stringstream2 
C++: Model more stringstream features
 2020-09-15 12:19:26 +02:00
Robert Marsh
5f2cafc4f5 C++: Interprocedural iterator flow 2020-09-14 14:36:19 -07:00
Mathias Vorreiter Pedersen
0c14e2b69a C++: Fix annotations in taint.cpp 2020-09-14 23:08:50 +02:00
Mathias Vorreiter Pedersen
7cd6137b34 Merge branch 'main' into mathiasvp/array-field-flow 2020-09-14 20:45:06 +02:00
Geoffrey White
6b035df660 C++: Repair taint flow from previous. 2020-09-14 10:21:43 +01:00
Jonas Jensen
021aa647c1 Merge pull request #4142 from MathiasVP/mathiasvp/read-step-without-memory-operands 
C++: Use IR alias analysis for field flow
 2020-09-14 09:37:27 +02:00
Geoffrey White
b404a339a4 C++: Correct isQualifierObject -> isQualifierAddress. 2020-09-11 16:15:47 +01:00
Mathias Vorreiter Pedersen
2d57abdcbe Merge branch 'main' into mathiasvp/read-step-without-memory-operands 2020-09-11 12:47:29 +02:00
Geoffrey White
dd53e3fe65 C++: Fix data flow to return value. 2020-09-11 11:14:58 +01:00
Geoffrey White
597757d76f C++: Model std::stringstream put and write. 2020-09-11 11:14:57 +01:00
Geoffrey White
66a5c38eef C++: Model std::stringstream constructor. 2020-09-11 11:14:57 +01:00
Jonas Jensen
ad11f76ec6 C++: Always normalize bounds after a computation 
This stops some cases of `-0.0` from propagating through the range
analysis, fixing a false positive on arvidn/libtorrent.

There seems to be no need for a corresponding change in the caller of
`getDefLowerBoundsImpl` since that predicate only contains computations
that cannot introduce negative zero.
 2020-09-11 11:59:00 +02:00
Mathias Vorreiter Pedersen
ff09104089 Merge branch 'main' into mathiasvp/array-field-flow 2020-09-11 09:25:50 +02:00
Mathias Vorreiter Pedersen
399da6837a Merge pull request #4227 from jbj/SimpleRangeAnalysis-NotExpr 
C++: Support `(bool)x` and `!x` in SimpleRangeAnalysis
 2020-09-11 08:59:03 +02:00
Robert Marsh
2e187a51ae C++: test for interprocedurl iterator flow 2020-09-09 12:45:06 -07:00
Mathias Vorreiter Pedersen
bb9cf72a31 Merge branch 'main' into mathiasvp/make_shared_make_unique-models 2020-09-09 20:51:56 +02:00
Geoffrey White
46a07fa9b2 C++: Model std::stringstream::str. 2020-09-09 18:22:06 +01:00
Mathias Vorreiter Pedersen
ad602b892b Merge branch 'main' into mathiasvp/read-step-without-memory-operands 2020-09-09 16:17:23 +02:00
Mathias Vorreiter Pedersen
e91d321d28 Merge pull request #4234 from geoffw0/stringstream 
C++: Tests and initial models for taint through std::stringstream / std::ostream.
 2020-09-09 15:31:46 +02:00
Mathias Vorreiter Pedersen
17867f25a7 C++: Accept more test changes 2020-09-09 15:27:56 +02:00
Jonas Jensen
ceb198f65d Merge remote-tracking branch 'upstream/main' into SimpleRangeAnalysis-NotExpr 2020-09-09 14:50:00 +02:00
Geoffrey White
d8bb49b9a0 C++: We get a few additional results for DefaultTaintTracking as well. 2020-09-09 13:18:07 +01:00
Mathias Vorreiter Pedersen
8226515138 C++: Add a taint model for std::{shared, unique}_ptr<T>::get 2020-09-09 12:22:29 +02:00
Robert Marsh
eab1557e27 C++: output iterator flow via FlowVar 2020-09-08 14:09:57 -07:00
Robert Marsh
703db0b9a6 C++: noisy output iterators in AST taint tracking 2020-09-08 13:45:23 -07:00
Robert Marsh
983f54f11a C++: simple tests for vector output iterators 2020-09-08 13:27:41 -07:00
Mathias Vorreiter Pedersen
f025d09bf0 C++: Accept test changes 2020-09-08 19:12:00 +02:00
Mathias Vorreiter Pedersen
7ac5e84925 C++: Add make_shared and make_unique test cases 2020-09-08 19:03:54 +02:00
Geoffrey White
90c7a79272 C++: Fix the object/refs up. 2020-09-08 16:49:11 +01:00
Geoffrey White
5a3d41879a C++: Change some of the taint flows to data flows. 2020-09-08 16:49:11 +01:00
Geoffrey White
8a143bec3a C++: Reverse taint through operator<<. 2020-09-08 16:49:10 +01:00
Geoffrey White
b73ff8da63 C++: Flow through operator<<. 2020-09-08 16:49:10 +01:00
Jonas Jensen
911dec6f86 C++: SimpleRangeAnalysis (bool)x and !x support 2020-09-08 16:59:35 +02:00
Jonas Jensen
1b6da062cf C++: RangeAnalysis tests for bool conversions 2020-09-08 16:58:35 +02:00
Mathias Vorreiter Pedersen
41147d245d C++: Accept test changes 2020-09-08 14:35:22 +02:00
Jonas Jensen
ab90f06ddf C++: Rename Block -> BlockStmt 2020-09-08 08:40:20 +02:00
Geoffrey White
fafd2f0a7c C++: Add test cases for stringstream / ostream. 2020-09-07 18:27:42 +01:00
Jonas Jensen
0fe5d75375 Merge pull request #4196 from MathiasVP/mathiasvp/field-to-object-taint-tests 
C++: Add field to object taint tests
 2020-09-07 13:02:22 +02:00
Mathias Vorreiter Pedersen
a4890ef99c C++: Add annotations describing whether the flow is an instance of field-to-object flow 2020-09-04 18:32:28 +02:00
Mathias Vorreiter Pedersen
208b85c7fc Merge branch 'main' into mathiasvp/read-step-without-memory-operands 2020-09-04 18:04:15 +02:00