hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-05 15:16:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
75,322 Commits 1,700 Branches 161 Tags
173cfd5c7bf173ada56ba9e698f736bb342f877e
Commit Graph

3224 Commits

Author SHA1 Message Date
Robert Marsh
3189c578a4 C++: Add QLDoc to subpaths in DefaultTaintTracking 2021-09-23 22:42:38 -07:00
Robert Marsh
c2b356ab08 C++: add subpaths to DefaultTaintTracking 2021-09-23 21:00:45 -07:00
Robert Marsh
49f8fd2164 C++: whitespace fix 2021-09-22 16:54:03 -07:00
Robert Marsh
0c5d642489 C++: Rename SystemFunction and restore QLDoc 2021-09-22 14:22:57 -07:00
Robert Marsh
8faeab18b9 C++: move ResolveCall.qll out of internal directory 2021-09-22 11:54:47 -07:00
Robert Marsh
21ed5c430d Merge branch 'main' into rdmarsh2/improve-exec-tainted 
Manual fix for conflict in Models.qll
 2021-09-22 11:51:18 -07:00
Mathias Vorreiter Pedersen
35baff8bac C#/C++: Sync identical files. 2021-09-22 13:32:29 +01:00
Mathias Vorreiter Pedersen
5969c227ab C++: Fix QLDoc on 'getAllocationAddressOperand' and 'getAllocationAddress'. 2021-09-22 13:32:20 +01:00
Robert Marsh
3108817717 C++: Add additional functions to the SQL models 2021-09-21 17:34:01 -07:00
Robert Marsh
d6fd83dd6c C++: move resolveCall to its own file for perf 
This avoids a performance issue in DataFlowImpl::localFlowStep when the
DataFlow::Configuration subclasses in DefaultTaintTracking are active
in the same query as other Configuration
subclasses.
ResolveCall.qll is kept internal for the moment.
 2021-09-21 16:32:09 -07:00
Robert Marsh
d62f76afa6 Merge pull request #6133 from MathiasVP/promote-sql-pqxx 
C++: Promote `cpp/sql-injection-via-pqxx` out of experimental
 2021-09-21 10:13:57 -07:00
Mathias Vorreiter Pedersen
478093aa89 Update cpp/ql/lib/semmle/code/cpp/models/interfaces/Sql.qll 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2021-09-21 17:51:24 +01:00
Mathias Vorreiter Pedersen
bd5edc7ae5 Respond to review comments. 2021-09-21 14:29:26 +01:00
Mathias Vorreiter Pedersen
dfe932d053 Add missing conjunct in PostgreSqlEscapeFunction's 'escapesSqlArgument' predicate. 2021-09-21 12:14:45 +01:00
Anders Schack-Mulligen
044623a360 Dataflow: Sync. 2021-09-20 14:58:28 +02:00
Mathias Vorreiter Pedersen
797966fd3d C++: Change the names of the new classes and predicates to match the upcoming 'CommandExecutionFunction' class. 2021-09-20 11:49:09 +01:00
Robert Marsh
a9add04ee3 C++: remove unneed import 2021-09-17 12:17:06 -07:00
Robert Marsh
d3d708bc68 C++: QLDoc for CommandExecution model 2021-09-17 12:16:20 -07:00
Anders Schack-Mulligen
236ffc8972 Merge pull request #6700 from aschackmull/dataflow/subpaths-joinorder 
Dataflow: Fix bad joinorder in subpaths
 2021-09-16 08:22:59 +02:00
Robert Marsh
a3e1f54e33 C++: Refactor models to prevent IR reevaluation 2021-09-15 10:55:56 -07:00
Robert Marsh
3cd08bc724 C++: autoformat Printf.qll 2021-09-15 10:55:55 -07:00
Robert Marsh
181eb803e1 C++: Add QLDoc for getOutputArgument 2021-09-15 10:55:52 -07:00
Robert Marsh
6f408f949c C++: Refactor ExecTainted.ql to need concatenation 
This makes ExecTainted report results only when the tainted value does
not become the start of the string which is eventually run as a shell
command. The theory is that those cases are likely to be deliberate, and
part of the expected threat model of the program (e.g. $CC in make).
This lines up better with the results I considered fixable true
positives in LGTM testing
 2021-09-15 10:55:49 -07:00
Nick Rolfe
f76ce8b33b Merge pull request #6686 from hvitved/cpp/files-folders-drop-columns 
C++: Drop redundant columns from `files` and `folders` relations
 2021-09-15 18:33:20 +01:00
Mathias Vorreiter Pedersen
33ef634ea8 Merge pull request #6679 from andersfugmann/relax_memberMayBeVarSize 
Improve precision on OverflowStatic query.
 2021-09-15 17:24:10 +01:00
Anders Schack-Mulligen
c0fd44c909 Dataflow: Sync. 2021-09-15 16:10:54 +02:00
Mathias Vorreiter Pedersen
947ab8a14d Make the QLDoc on 'getAnSqlParameter' more clear. 2021-09-15 13:15:05 +01:00
Mathias Vorreiter Pedersen
44dca68463 Merge branch 'main' into promote-sql-pqxx 2021-09-14 15:29:37 +01:00
Anders Fugmann
bc22e0d9aa C++: Update comments on memberMayBeVarSize 2021-09-14 16:04:39 +02:00
Tom Hvitved
b69033f4ff C++: Upgrade script 2021-09-14 13:14:04 +02:00
Tom Hvitved
6c32b92929 C++: Drop redundant columns from files and folders relations 2021-09-14 13:14:04 +02:00
Anders Fugmann
3f5ab60fb4 C++: Add DEPRECATED to documentation block 2021-09-14 09:55:19 +02:00
Anders Fugmann
8e9ac18026 C++: Deprecate RangeSSA::isGuardPhi/3 2021-09-13 15:35:05 +02:00
Anders Fugmann
342b2df93f C++: zero or one byte sized arrays in unions are considered as having the length of the union its a member of 2021-09-13 11:25:04 +02:00
Anders Fugmann
3172d5727a C++: Relax constraints on Buffer::memberMayBeVarSize 2021-09-13 11:15:33 +02:00
Tom Hvitved
649c2ce188 Merge pull request #6586 from hvitved/dataflow/stage2-precise-call-ctx-take2 
Data flow: Add precise call contexts to stage 2
 2021-09-10 11:34:35 +02:00
Anders Fugmann
2c93bce9ad C++: Refactor code to use predicate isGuardPhi/4 2021-09-10 10:53:48 +02:00
Anders Peter Fugmann
1bbadb57a2 Merge pull request #6568 from andersfugmann/andersfugmann/improve_upper_bound 
C++: Improve predicate upperBound in SimpleRangeAnalysis
 2021-09-10 09:49:48 +02:00
Tom Hvitved
296d10fe2a Data flow: Adjust callMayFlowThroughFwd pragmas 2021-09-10 09:21:24 +02:00
Anders Fugmann
270dbd2bf7 C++: Revert peer review suggestion. 
The suggested change has a severe impact on row counts, as cpp does not cache
the results for `bbDominates`. Since the `getGuardedUpperBound` predicate the
cost of runtime complexity is considered higher than the benefit of this change.
 2021-09-09 13:26:42 +02:00
Anders Schack-Mulligen
1af39f0776 Dataflow: Sync. 2021-09-08 13:02:07 +02:00
Anders Fugmann
f91bd91d02 C++: Apply suggested change from code review 2021-09-08 12:38:53 +02:00
Anders Fugmann
e93dc0b4c4 C++: Fix comment in getGuardedUpperBound 2021-09-08 11:06:58 +02:00
Dave Bartolomeo
6837233128 Treat CallSideEffect and InitializeDynamicAllocation the same as other side effects during IR generation 
This commit moves the IR generation for the `CallSideEffect` and `InitializeDynamicAllocation` side effect instruction into their own subclasses of `TranslatedSideEffect`. Previously, they were embeddded in `TranslatedCall` and `TranslatedAllocationSideEffects`. There are no diffs in the generated IR. This just makes the implementation of all side effect generation be consistent.
 2021-09-07 14:22:23 -04:00
Anders Schack-Mulligen
7ec1fa2ebe Dataflow: Sync. 2021-09-07 12:51:42 +02:00
Anders Schack-Mulligen
3c3d71d4a0 Dataflow: Sync 2021-09-07 12:51:42 +02:00
Mathias Vorreiter Pedersen
b7206c1218 Merge pull request #6581 from geoffw0/uncontrolledarith2 
CPP: Improvements for cpp/uncontrolled-arithmetic
 2021-09-07 09:48:59 +01:00
Anders Fugmann
9af4d560dd Merge branch 'main' into andersfugmann/improve_upper_bound 2021-09-06 14:26:58 +02:00
Anders Fugmann
ddbaf585ec Merge branch 'main' into andersfugmann/improve_upper_bound 2021-09-06 10:32:44 +02:00
Dave Bartolomeo
d1e6813812 Make side effects for constructor calls use same mechanism as other arguments 
This commit is yet another step to fixing the order of IR side effect instructions. Instead of having a special `StructorCallSideEffects` class for the call itself, I've introduced a `TranslatedStructorCallQualifierSideEffect` class that shares a bunch of common code with `TranslatedArgumentExprSideEffect`, but handles the case where there's no `Expr` for the qualifier of the constructor call. Because this class uses the same ordering as regular argument side effects, these side effects now appear in the correct order, reads before writes.

The test expectations have changed to reflect the new, correct order.
 2021-09-03 16:58:32 -04:00