hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-18 17:04:50 +01:00
Code Issues Packages Projects Releases Wiki Activity
64,808 Commits 1,679 Branches 158 Tags
50851210ea1ff445a657e7b7741d7fbb79d7b2f2
Commit Graph

203 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
ebd1595fbe C++: Fix FP by concluding that a less-than-zero check also implies a not-equal-to-EOF check. 2024-01-29 16:24:36 +00:00
Mathias Vorreiter Pedersen
41f44f598a C++: Explicitly check that a check for EOF isn't present. 2024-01-29 11:33:14 +00:00
Benjamin Rodes
da10e6ca5b Moving FlowAfterFree and UseAfterFree.qll as a general purpose lib. 2024-01-22 11:18:03 -05:00
Benjamin Rodes
833ef9d6d6 Further reorg of libraries and predicates to allow for more reusable and consistent libraries. 2024-01-18 11:17:24 -05:00
Benjamin Rodes
967526b285 Separating out use after free logic into a library and a ql so the query can be expanded easily. 2024-01-18 10:59:17 -05:00
Mathias Vorreiter Pedersen
39dafd6f6a C++: Suggestions to #15343 (#39) 
* C++: Change the interface of 'FlowAfterFree' so that the module it takes
a single module as a parameter.

* C++: Add another predicate to the module signature.

* C++: Convert the use-after-free and double-free libraries to use new interface.

* C++: Accept test changes.
 2024-01-17 11:02:46 -05:00
Benjamin Rodes
a0ef7955b1 Updating FlowAfterFree to not enforce dominance of source/sink. DoubleFree and UseAfterFree queries now enforce dominance. 2024-01-16 13:15:36 -05:00
Mathias Vorreiter Pedersen
aafde4d18d C++: Fix joins in 'cpp/use-after-free'. 2023-12-18 14:49:09 +01:00
Mathias Vorreiter Pedersen
0543ed115e C++: Add barrier for array lookups in 'cpp/double-free' and 'cpp/use-after-free'. 2023-12-15 14:57:17 +00:00
Mathias Vorreiter Pedersen
3dea467dcc Merge pull request #15047 from MathiasVP/add-puns-for-addresses-of-arguments 
C++: Add `PostUpdateNode`s for addresses of outgoing arguments
 2023-12-12 13:55:13 +00:00
Mathias Vorreiter Pedersen
97f2be9b82 C++: Fix QLDoc. 2023-12-12 13:45:18 +00:00
Mathias Vorreiter Pedersen
cec785c8cc C++: Respond to review comments. 2023-12-12 11:16:41 +00:00
Mathias Vorreiter Pedersen
f284fde93c C++: Update QLDoc. 2023-12-12 11:09:36 +00:00
Alexander Eyers-Taylor
c883ce8a5e Apply suggestions from code review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2023-12-11 13:50:35 +00:00
Mathias Vorreiter Pedersen
90b06c2046 C++: Switch the source of use-after-free and double-free to be post-update nodes. 2023-12-08 14:41:29 +00:00
Alex Eyers-Taylor
da5c2d9bad CPP: Use guard libraries to find equalities with zero. 2023-12-08 13:30:30 +00:00
Alexander Eyers-Taylor
2e92689810 CPP: Apply suggestions from code review of incorrect scanf check 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2023-12-04 18:32:03 +00:00
Alex Eyers-Taylor
f3f53570a4 CPP: Fix metadata and add a change-note. 2023-12-04 12:19:31 +00:00
Alex Eyers-Taylor
3e9aeac004 CPP: Fix sscanf false positives in older linux repos 2023-11-28 12:07:05 +00:00
Alex Eyers-Taylor
9eb5b23f54 CPP: Fix query formatting 2023-11-27 15:55:44 +00:00
Alex Eyers-Taylor
12e24a2b44 CPP: Exclude incorrect scanf checks from missing scanf checks 2023-11-24 16:57:59 +00:00
Alex Eyers-Taylor
f48e8b6062 CPP: Add query for detecteing incorrect error checking for scanf 2023-11-24 14:53:10 +00:00
Mathias Vorreiter Pedersen
7084dc1a88 C++: Promote 'cpp/use-after-free' and 'cpp/double-free' to Code Scanning. 2023-10-03 09:22:47 +02:00
Alex Eyers-Taylor
6b0ae0f312 CPP: Remove unned argument from use-after-free 2023-09-28 17:53:32 +01:00
Alex Eyers-Taylor
d0849311a6 CPP: Fix use after free FPs by elimnatiing freeing nodes rather than freeing expressions. 2023-09-20 18:47:57 +01:00
Mathias Vorreiter Pedersen
71fe6f5d4b C++: Use fully converted expressions in 'cpp/use-after-free' and 'cpp/double-free'. 2023-09-12 19:28:57 +01:00
Jeroen Ketema
0c0720a962 C++: Improve use-after-free example code 
* Remove the mismatch between `new` and `free` and use `delete` instead
* Make the function `void`, so people copying the code will not forget
  to add a `return`.
* Balance out the `...` for omitted code.
 2023-08-03 11:06:15 +02:00
Jeroen Ketema
52ab215560 C++/Swift: Remove none() dataflow configuration predicates 
These now have default implementations that are also `none()`
 2023-07-12 23:49:29 +02:00
Mathias Vorreiter Pedersen
93f1a3bdb9 C++: Fix join in 'isUse'. 2023-07-05 15:24:40 +01:00
Kasper Svendsen
c46898cb75 C++: Make implicit this receivers explicit 2023-05-09 15:35:54 +02:00
Mathias Vorreiter Pedersen
61aba4683f C++: Fix bad self-join in 'cpp/use-after-free'. 
Before:
```ql
[2023-04-18 09:17:24] Evaluated non-recursive predicate _ValueNumberingInternal#c9f42560::tvalueNumber#1#ff_10#join_rhs_project#Instruction#577b6a83::Initia__#loop_invariant_prefix@ae046923 in 3903ms (size: 130544).
Evaluated relational algebra for predicate _ValueNumberingInternal#c9f42560::tvalueNumber#1#ff_10#join_rhs_project#Instruction#577b6a83::Initia__#loop_invariant_prefix@ae046923 with tuple counts:
        533787724  ~0%    {2} r1 = JOIN ValueNumberingInternal#c9f42560::tvalueNumber#1#ff_10#join_rhs WITH ValueNumberingInternal#c9f42560::tvalueNumber#1#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1
           130544  ~0%    {2} r2 = JOIN r1 WITH project#Instruction#577b6a83::InitializeParameterInstruction#ff ON FIRST 1 OUTPUT Lhs.1, Lhs.0
                          return r2
```

After:
```ql
[2023-04-18 10:09:34] Evaluated non-recursive predicate _ValueNumberingInternal#c9f42560::tvalueNumber#1#ff_project#Instruction#577b6a83::InitializeParamete__#loop_invariant_prefix@eb90a6fk in 2ms (size: 18380).
Evaluated relational algebra for predicate _ValueNumberingInternal#c9f42560::tvalueNumber#1#ff_project#Instruction#577b6a83::InitializeParamete__#loop_invariant_prefix@eb90a6fk with tuple counts:
        18380  ~0%    {2} r1 = JOIN ValueNumberingInternal#c9f42560::tvalueNumber#1#ff WITH project#Instruction#577b6a83::InitializeParameterInstruction#ff ON FIRST 1 OUTPUT Lhs.1, Lhs.0
                      return r1
```
 2023-04-18 10:14:45 +01:00
Mathias Vorreiter Pedersen
d975ceb648 Merge pull request #12818 from MathiasVP/dataflow-for-missing-scanf-qery 
C++: Use the new dataflow library in `cpp/missing-check-scanf`
 2023-04-17 14:34:11 +01:00
Mathias Vorreiter Pedersen
fa5ed04286 Update cpp/ql/src/Critical/DoubleFree.qhelp 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2023-04-17 07:40:01 +01:00
Mathias Vorreiter Pedersen
dba46bd324 Update cpp/ql/src/Critical/DoubleFree.ql 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2023-04-17 07:38:30 +01:00
Mathias Vorreiter Pedersen
0db05fe4fa C++: Use the new dataflow library in the 'missing scanf' query. 2023-04-13 14:51:08 +01:00
Mathias Vorreiter Pedersen
40dde93beb C++: Fix FP and accept test changes. 2023-04-13 11:00:08 +01:00
Mathias Vorreiter Pedersen
23a7cd943f C++: Fix missing result and accept test changes. 2023-04-13 10:50:46 +01:00
Mathias Vorreiter Pedersen
d304022685 C++: Add QLDoc to 'isExcludeFreePair'. 2023-04-13 10:15:23 +01:00
Mathias Vorreiter Pedersen
e0aeea058e C++: Fix qhelp for double-free. 2023-04-13 10:10:42 +01:00
Mathias Vorreiter Pedersen
ba4e3ae949 Update cpp/ql/src/Critical/FlowAfterFree.qll 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2023-04-12 16:50:57 +01:00
Mathias Vorreiter Pedersen
49cceb2901 C++: Fix joins. 2023-04-12 09:58:24 +01:00
Mathias Vorreiter Pedersen
725004a6fe C++: Modernize use-after-free query using dataflow. 2023-04-11 15:21:21 +01:00
Mathias Vorreiter Pedersen
fb2ec15dad C++: Add double-free query documentation. 2023-04-11 15:21:21 +01:00
Mathias Vorreiter Pedersen
cc12e74c23 C++: Add double-free query. 2023-04-11 14:44:15 +01:00
Mathias Vorreiter Pedersen
dfe00ffe4b C++: Add a flow-after-free library. 2023-04-11 14:40:17 +01:00
Anders Schack-Mulligen
72415c7c2c C++: Rename references. 2023-03-23 13:06:19 +01:00
Mathias Vorreiter Pedersen
40cc2e7891 C++: Also exclude unevaluated buffers in 'OverflowStatic'. 2023-03-21 09:53:39 +00:00
Jeroen Ketema
fb57914751 C++: Convert a number of data flow based queries to use ConfigSig 2023-03-07 18:21:52 +01:00
Mathias Vorreiter Pedersen
354a12c906 C++: Fix queries. Since there's no longer indirect -> direct flow in 
taint-tracking we need to make sure the affected sink definitions also
handle indirect flow.
 2023-02-27 14:57:36 +00:00
Jeroen Ketema
ecdeb9a970 C++: Revert semmle.code.cpp.dataflow to its old state 
While here make sure all queries and tests use IR dataflow when appropriate.
 2023-02-10 14:21:44 +01:00