hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-11 01:39:28 +02:00
Code Issues Packages Projects Releases Wiki Activity
11,730 Commits 1,754 Branches 167 Tags
1bde11706efd98d0b89a1d7e2d357f3d0d6e9be6
Commit Graph

1867 Commits

Author SHA1 Message Date
Dave Bartolomeo
1bde11706e C++: Connect InitializeIndirection to UnmodeledDefinition 
The IR generation for `InitializeIndirection` currently connects its load operand to the result of the corresponding `InitializeParameter` instruction. This isn't exactly wrong, but it doesn't fit the IR invariant of "All unmodeled uses consume `UnmodeledDefinition`". Our current code doesn't care, because we just throw away all of the existing def-use information, modeled or otherwise, when we build unaliased SSA. However, some upcoming SSA changes don't work correctly if this invariant is broken.

I've added the trivial IR generation change, along with a new sanity query.
 2020-04-13 18:37:47 -04:00
Dave Bartolomeo
9f18a15a93 Merge pull request #3231 from MathiasVP/qualified-static-calls-are-static 
C++: Do not generate this parameters and read/write side effects from static member functions
 2020-04-09 10:48:59 -04:00
Mathias Vorreiter Pedersen
6c7e1cdd46 C++: Make sure non-member functions are not reported to have a qualifier 2020-04-09 08:22:47 +02:00
Mathias Vorreiter Pedersen
7298b68674 C++: Exclude 'this' params and read/write side effects from static member function calls through qualifiers, and accept tests 2020-04-08 13:35:26 +02:00
Mathias Vorreiter Pedersen
b2759877cc Merge pull request #3219 from jbj/DefaultTaintTracking-partial-no-structs 
C++: Avoid partial chi flow to struct/class
 2020-04-08 12:31:53 +02:00
Jonas Jensen
42e9d1416b Merge pull request #3206 from geoffw0/newfreefix 
C++: Fix `cpp/new-free-mismatch` false positives
 2020-04-08 08:39:43 +02:00
Geoffrey White
7fedac3266 C++: Fix apparently noncritical typo. 2020-04-07 20:56:07 +01:00
Geoffrey White
50194f372b C++: Autoformat. 2020-04-07 20:54:54 +01:00
Geoffrey White
2686d9888c C++: Add QLDoc. 2020-04-07 18:12:24 +01:00
Geoffrey White
66a0b7884e Merge branch 'master' into alloc-size 2020-04-07 17:12:35 +01:00
Geoffrey White
ff39f714e8 C++: Autoformat. 2020-04-07 17:07:31 +01:00
Robert Marsh
0ccf39777c Merge pull request #3189 from jbj/DefaultTaintTracking-Configuration 
C++: Path explanations in DefaultTaintTracking
 2020-04-07 08:38:10 -07:00
Jonas Jensen
39911af56b C++: Avoid partial chi flow to struct/class 
Flow through partial chi-instruction operands was introduced to make
definition-by-reference work, but its implementation also allowed all
other partial writes to propagate. In particular, tainting a field would
taint the whole struct, which in turn led to taint propagating across
unrelated fields of a struct.

The security test `CWE-134/semmle/argv/argvLocal.c` shows that we also
want to propagate taint from an array element to the whole array, and it
also seems right to propagate taint from a union member to the whole
union.
 2020-04-07 16:24:24 +02:00
Mathias Vorreiter Pedersen
8928091dfb Merge pull request #3181 from jbj/DefaultTaintTracking-qldoc 
C++: QLDoc in DefaultTaintTracking
 2020-04-07 14:58:21 +02:00
Geoffrey White
cbe133d0e6 C++: Deprecate freeCall in the legacy wrapper Alloc.qll. 2020-04-06 14:32:49 +01:00
Jonas Jensen
530d4294b0 Merge remote-tracking branch 'upstream/master' into DefaultTaintTracking-Configuration 2020-04-05 07:27:07 +02:00
Jonas Jensen
d7332644f0 C++: Fix DefinitionByReferenceNode.toString 
This predicate now has a value also for calls to function pointers.
 2020-04-04 15:31:01 +02:00
Jonas Jensen
108d5177b8 C++: Fix two bugs found by @rdmarsh2 
Co-Authored-By: Robert Marsh <rdmarsh2@gmail.com>
 2020-04-04 15:24:44 +02:00
Robert Marsh
316d932829 Merge pull request #3198 from MathiasVP/valuenumbering-provider-new-file 
C++/C#: Prevent accidental import of ValueNumberPropertyProvider
 2020-04-03 13:31:11 -07:00
Jonas Jensen
bb3616e4c4 C++: Add example for globalVarFromId 2020-04-03 17:51:35 +02:00
Jonas Jensen
3ec1f691c2 C++: First query with flow-paths through globals 2020-04-03 16:45:00 +02:00
Jonas Jensen
aaebe3687e C++: Fix copy-paste error in convertedExprNode 2020-04-03 16:37:23 +02:00
Jonas Jensen
469bdae9b2 C++: More helpful toString for def. by ref. node 2020-04-03 16:37:23 +02:00
Jonas Jensen
36da2d1dae C++: Manipulate the source end of paths too 
Without this, we get duplicate alerts in some cases and
unnatural-looking source nodes in other cases. The source nodes were
often `Conversion`s.
 2020-04-03 16:37:23 +02:00
Jonas Jensen
427815d3d1 C++: taintedWithPath QLDoc + simplification 2020-04-03 15:52:13 +02:00
Jonas Jensen
3653627650 C++: Let configuration class extend singleton 2020-04-03 15:52:13 +02:00
Jonas Jensen
16c7a35b1c Merge pull request #3195 from geoffw0/taintstring 
C++: Model taint flow through std::string constructor and c_str()
 2020-04-03 12:05:07 +02:00
Geoffrey White
73bfd819d9 C++: Rename classes. 2020-04-03 09:23:31 +01:00
Geoffrey White
1bcf187c3e C++: Rename Strings.qll -> StdString.qll. 2020-04-03 09:17:33 +01:00
Mathias Vorreiter Pedersen
0b12c1519b C++/C#: Sync identical files 2020-04-03 10:06:37 +02:00
Mathias Vorreiter Pedersen
0f70944a5b C++: Move ValueNumberPropertyProvider into its own file to prevent accidental imports 2020-04-03 09:55:41 +02:00
Geoffrey White
c9ec30fa2a C++: Update use of deprecated methods. 2020-04-02 19:49:42 +01:00
Geoffrey White
e9132d833c C++: Autoformat. 2020-04-02 19:49:42 +01:00
Geoffrey White
73171682b7 C++: Switch to taint flow as suggested in the old PR. 2020-04-02 19:49:41 +01:00
Geoffrey White
b14b52d0ac C++: Add models for std::string (as in old PR). 2020-04-02 19:49:41 +01:00
Mathias Vorreiter Pedersen
e2908eaf63 C++: Add comment explaining why we can split call and allocation side effects 2020-04-02 15:11:13 +02:00
Mathias Vorreiter Pedersen
a273917e51 Merge branch 'master' into init-dynamic-alloc-newexpr 2020-04-02 14:11:03 +02:00
Geoffrey White
ead5feb921 C++: Autoformat. 2020-04-02 09:50:14 +01:00
Mathias Vorreiter Pedersen
8fdc4b037a C++: Ensure that no call side effect is an allocation side effect 2020-04-02 07:30:56 +02:00
Jonas Jensen
207c76b855 C++: Path explanations in DefaultTaintTracking 
The first three queries are migrated to use path explanations.
 2020-04-01 20:51:05 +02:00
Jonas Jensen
b07380d2eb C++: Update ppReprType for C++ IR dataflow 
I forgot to do this in b1be123e31. Without this change, we suffix
` : void` on very step of an IR path explanation.
 2020-04-01 20:19:00 +02:00
Geoffrey White
d71098d178 Merge branch 'master' into opnew 2020-04-01 15:00:26 +01:00
Jonas Jensen
9a55d42639 C++: QLDoc in DefaultTaintTracking 
These docs are mostly copied and adapted from
`DefaultTaintTrackingImpl.qll`.
 2020-04-01 15:30:31 +02:00
Geoffrey White
119d4a40a0 C++: Fix unintended consequence in IR. 2020-04-01 14:29:28 +01:00
Mathias Vorreiter Pedersen
fa7dc32dee C++: Remove dependency on implementation of models in TranslatedCall 2020-04-01 14:46:52 +02:00
Tom Hvitved
42e180d6c4 Merge pull request #3060 from aschackmull/dataflow/no-param-to-same-param-flow 
Dataflow: Exclude param-param flow through with identical params.
 2020-04-01 09:42:12 +02:00
Geoffrey White
f430cf9d18 C++: Use hasGlobalName. 2020-03-31 18:11:09 +01:00
Mathias Vorreiter Pedersen
291df97cd9 C++: Also add InitializeDynamicAllocation instruction for NewArrayExpr 2020-03-31 17:06:19 +02:00
Geoffrey White
aa13257c1b C++: Correct QLDoc. 2020-03-31 14:37:54 +01:00
Mathias Vorreiter Pedersen
bd89ee13d1 C++: Add InitializeDynamicAllocation instruction to NewExpr and NewArrayExpr 2020-03-31 13:56:32 +02:00