Tony Torralba
3fcc99e5cb
C++: Remove omittable exists variables
2023-01-10 13:36:01 +01:00
Geoffrey White
bb451f3911
C++: Fix result duplication.
2023-01-06 11:05:47 +00:00
Geoffrey White
2023abdc60
C++: Update the queries.
2023-01-05 11:33:58 +00:00
Jeroen Ketema
ed33b905a6
C++: Simplify cpp/path-injection now argv sources are parameters
2022-12-19 12:54:16 +01:00
Jeroen Ketema
beb66d027e
C++: Use FlowSource in cpp/path-injection
2022-12-10 20:27:56 +01:00
Jeroen Ketema
9dc2614012
C++: Make all flow source descriptions start with a lower case letter
...
In every context where we use the description a lower case letter makes more
sense.
2022-12-09 23:18:58 +01:00
Geoffrey White
f373b7fe7c
Merge pull request #11596 from geoffw0/cleartextbufferwrite
...
C++: Performance fix for cpp/cleartext-storage-buffer
2022-12-08 17:18:10 +00:00
Geoffrey White
a8b8b54f8d
Update cpp/ql/src/Security/CWE/CWE-311/CleartextBufferWrite.ql
...
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com >
2022-12-07 16:44:33 +00:00
Geoffrey White
4b8575bfc3
C++: Simplify the query slightly.
2022-12-07 15:35:45 +00:00
Geoffrey White
b3d838d678
C++: Define the sources more clearly and consistently (fixes performance issue).
2022-12-07 14:45:39 +00:00
Jeroen Ketema
b5147bbfb0
C++: Deprecate DefaultTaintTracking and TaintTrackingImpl
2022-12-06 17:45:16 +01:00
Jeroen Ketema
995efef5da
C++: Add explanatory comment to hasFilteredFlowPath
2022-12-06 09:03:21 +01:00
Jeroen Ketema
6dbc59d5b5
C++: Simplify isSink based on reviewer comments
2022-12-05 23:23:08 +01:00
Jeroen Ketema
3dfe18b565
C++: Introduce the coarse upper bound check from default taint tracking
2022-12-01 09:13:48 +01:00
Jeroen Ketema
d3cccca7f1
C++: Filter duplicate (source, sink)-pairs
2022-11-29 11:17:39 +01:00
Jeroen Ketema
378206ae7d
C++: Stop taint from flowing to arithmetic types
...
These are not likely to give the user much control over what can be accessed.
2022-11-29 11:15:28 +01:00
Jeroen Ketema
718663415b
C++: Stop flow from going through another source
...
Without this we get confusing results:
```
char *userAndFile = argv[2];
char *fileName = argv[1];
fopen(fileName, "wb+"); // Both argv[1] and argv[2] marked as source without
// this change.
```
While here add some more test cases.
2022-11-29 10:52:57 +01:00
Jeroen Ketema
63334764d7
C++: Rewrite cpp/path-injection to not use DefaultTaintTracking
2022-11-29 10:52:57 +01:00
Josh Soref
f7a1647129
spelling: overrunning
...
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com >
2022-10-14 15:08:44 -04:00
Josh Soref
aa70b97bd3
spelling: optimistically
...
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com >
2022-10-14 15:08:44 -04:00
Josh Soref
061d1ee9fe
spelling: presence
...
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com >
2022-10-12 04:40:26 -04:00
Geoffrey White
fd571538fb
Merge pull request #10706 from geoffw0/vaheuristic
...
C++: Tune cpp/unterminated-variadic-call
2022-10-10 13:39:40 +01:00
Geoffrey White
059864587e
C++: Add 'mremap' to whitelist.
2022-10-10 11:00:18 +01:00
erik-krogh
66c9705502
fix some more style-guide violations in the alert-messages
2022-10-07 11:19:46 +02:00
Geoffrey White
c6b7bb436d
C++: Make the ql-for-ql checks happy.
2022-10-06 11:25:22 +01:00
Geoffrey White
9a365d83cf
C++: Tighten up the heuristic in cpp/unterminated-variadic-call.
2022-10-06 09:14:16 +01:00
erik-krogh
0f1a8a6f5b
deleted unused internal code
2022-09-26 20:20:52 +02:00
erik-krogh
96b46de7c8
update alert-messages based on review feedback
2022-09-23 14:53:54 +02:00
erik-krogh
edd03020c2
fix the casing in the alert-message of cpp/unclear-array-index-validation
2022-09-23 14:48:01 +02:00
erik-krogh
2351884352
update some alert-messages based on review feedback
2022-09-23 14:45:59 +02:00
erik-krogh
33165f4f55
CPP: update expected output
2022-09-23 14:45:59 +02:00
erik-krogh
a30c38f38c
CPP: make more alert messages follow the style-guide
2022-09-23 14:45:59 +02:00
Geoffrey White
edefda9213
C++: Make QL-for-QL happy.
2022-09-09 11:26:42 +01:00
Geoffrey White
813d166ad7
C++: Restore results in cpp/cleartext-storage-database using .
2022-09-09 11:03:29 +01:00
Geoffrey White
b6d5b6731a
C++: Make QLDoc meet style guide.
2022-09-05 17:17:57 +01:00
Geoffrey White
008d583da8
C++: Modernize cpp/cleartext-storage-database.
2022-09-05 16:47:14 +01:00
Geoffrey White
946456acc2
C++: Apply the sanitizer improvement from cpp/cleartext-storage-buffer in cpp/cleartext-storage-file and cpp/cleartext-transmission.
2022-09-05 14:44:33 +01:00
erik-krogh
cc7a9ef97a
rename more acronyms
2022-08-25 20:52:27 +02:00
erik-krogh
a593a52b5e
add missing qldoc (that was already missing?)
2022-08-22 21:22:39 +02:00
erik-krogh
e89e0eb7fb
make some acronyms camelCase
2022-08-22 21:22:35 +02:00
Mathias Vorreiter Pedersen
65abb54a73
C++: Add a sanitizer to 'cpp/cleartext-storage-buffer' to improve the performance of the query.
2022-08-22 11:01:31 +01:00
Mathias Vorreiter Pedersen
d209231ff9
C++: Remove cartesian product in 'ExecTainted'.
2022-08-21 16:45:36 +01:00
Mathias Vorreiter Pedersen
e3cb7cf9fe
C++: Remove internal 'microsoft' tags from queries.
2022-08-01 17:30:23 +01:00
Jeroen Ketema
694d6395d5
C++: Fix join-order problem in cpp/command-line-injection
...
Before on Abseil Linux:
```
Evaluated relational algebra for predicate ExecTainted::ExecState#class#91000ffb#fff@41084cm7 with tuple counts:
40879811 ~0% {2} r1 = SCAN DataFlowUtil::Node::getLocation#dispred#f0820431#ff OUTPUT In.1, In.0
40879811 ~0% {2} r2 = JOIN r1 WITH Location::Location::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1
7527 ~3% {3} r3 = JOIN r2 WITH ExecTainted::interestingConcatenation#91000ffb#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0
7527 ~0% {4} r4 = JOIN r3 WITH DataFlowUtil::Node::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Lhs.0, Rhs.1
7527 ~0% {5} r5 = JOIN r4 WITH DataFlowUtil::Node::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Lhs.0, Lhs.3, Rhs.1
7527 ~0% {6} r6 = JOIN r5 WITH DataFlowUtil::Node::getLocation#dispred#f0820431#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.0, Lhs.3, Lhs.4
7527 ~0% {3} r7 = JOIN r6 WITH Location::Location::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT ((((((("ExecState (" ++ Rhs.1) ++ " | ") ++ Lhs.4) ++ ", ") ++ Lhs.1) ++ " | ") ++ Lhs.5 ++ ")"), Lhs.3, Lhs.2
return r7
```
After:
```
Evaluated relational algebra for predicate ExecTainted::ExecState#class#91000ffb#fff@1ffe61ps with tuple counts:
7527 ~0% {3} r1 = JOIN ExecTainted::interestingConcatenation#91000ffb#ff WITH DataFlowUtil::Node::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Rhs.1
7527 ~0% {4} r2 = JOIN r1 WITH DataFlowUtil::Node::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2, Rhs.1
7527 ~1% {5} r3 = JOIN r2 WITH DataFlowUtil::Node::getLocation#dispred#f0820431#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0, Lhs.2, Lhs.3
7527 ~0% {5} r4 = JOIN r3 WITH Location::Location::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Lhs.3, Lhs.4, Rhs.1
7527 ~4% {6} r5 = JOIN r4 WITH DataFlowUtil::Node::getLocation#dispred#f0820431#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.0, Lhs.1, Lhs.2, Lhs.3, Lhs.4
7527 ~0% {3} r6 = JOIN r5 WITH Location::Location::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT ((((((("ExecState (" ++ Rhs.1) ++ " | ") ++ Lhs.3) ++ ", ") ++ Lhs.5) ++ " | ") ++ Lhs.4 ++ ")"), Lhs.1, Lhs.2
return r6
```
2022-07-20 16:27:47 +02:00
Geoffrey White
246093d375
C++: Move the two implementation imports.
2022-05-17 11:03:21 +01:00
Geoffrey White
cf932eb21c
C++: Repair typo fix from main.
2022-05-16 16:46:14 +01:00
Geoffrey White
9f3fa1c45d
C++: Consistent QLDoc.
2022-05-16 13:48:57 +01:00
Geoffrey White
b4a840e3ef
C++: Make the checks happy.
2022-05-16 13:36:41 +01:00
Geoffrey White
9976825234
C++: Slightly more logical layout.
2022-05-16 12:51:04 +01:00
Geoffrey White
19d1578733
C++: Clean up.
2022-05-16 12:49:01 +01:00
