hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-04 10:10:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
58,073 Commits 1,673 Branches 157 Tags
73ed5696f3fc203f6ed89caf8a3e325fddd48fa6
Commit Graph

592 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
cb1076c335 Revert "Merge pull request #13783 from MathiasVP/type-bounds-for-new-range-analysis" 
This reverts commit e9750af89f, reversing
changes made to 37a546253e.
 2023-08-09 13:02:54 +01:00
Mathias Vorreiter Pedersen
9807c0b0a6 C++: Filter type-based reasons out of MCTV queries. 2023-08-04 16:11:35 +02:00
Mathias Vorreiter Pedersen
b1c6ee4396 Update cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2023-07-25 11:20:49 +02:00
Mathias Vorreiter Pedersen
7f7930b3bb Update cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2023-07-25 10:36:12 +02:00
Mathias Vorreiter Pedersen
97809e7646 Update cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2023-07-25 10:33:38 +02:00
Mathias Vorreiter Pedersen
e1f519fab7 Update cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2023-07-25 10:33:17 +02:00
Mathias Vorreiter Pedersen
9f9cf9f765 Update cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2023-07-25 10:31:06 +02:00
Mathias Vorreiter Pedersen
2cfa14b91f Update cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2023-07-25 10:30:44 +02:00
Mathias Vorreiter Pedersen
5cad8ec0a2 Update cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2023-07-25 10:30:38 +02:00
Mathias Vorreiter Pedersen
922f4d5496 C++: Add more documentation to the 'cpp/invalid-pointer-deref' query. 2023-07-19 14:42:20 +01:00
Mathias Vorreiter Pedersen
5099de5b3d C++: Split the query into 4 files. 2023-07-18 18:15:18 +01:00
Mathias Vorreiter Pedersen
a038b389c3 C++: More cleanup. 2023-07-18 14:03:04 +01:00
Mathias Vorreiter Pedersen
d41d2bc29e Merge pull request #13699 from MathiasVP/final-config-to-invalid-pointer-deref 
C++: Handle call-contexts mismatches in `cpp/invalid-pointer-deref`
 2023-07-18 13:08:21 +01:00
Mathias Vorreiter Pedersen
d63ead55dc C++: Remove barrier that's no longer needed. 2023-07-17 15:59:35 +01:00
Mathias Vorreiter Pedersen
c13f015b95 C++: No need to select the 'instruction' as the sink when the dataflow node has a better 'toString'. 2023-07-13 14:17:43 +01:00
Mathias Vorreiter Pedersen
5e06043120 C++: Completely get rid of merged path nodes. 2023-07-13 14:15:14 +01:00
Jeroen Ketema
52ab215560 C++/Swift: Remove none() dataflow configuration predicates 
These now have default implementations that are also `none()`
 2023-07-12 23:49:29 +02:00
Mathias Vorreiter Pedersen
2c2f9b9e17 C++: Fix comment. 2023-07-12 11:59:29 +01:00
Mathias Vorreiter Pedersen
19872d5adf Update cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2023-07-12 11:58:07 +01:00
Mathias Vorreiter Pedersen
3d5414b84c Update cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2023-07-12 11:57:51 +01:00
Mathias Vorreiter Pedersen
63c5684fbb C++: Join with 'invalidPointerToDerefSource' in 'hasFlowPath' to prevent conflation of paths. 2023-07-11 10:24:01 +01:00
Mathias Vorreiter Pedersen
ae8ecc9076 C++: Add a final configuration to preserve call contexts between configuration transitions. 2023-07-10 13:52:32 +01:00
Jeroen Ketema
fa2ee26379 C++: Add more default predicates to product flow 2023-07-06 16:06:36 +02:00
Jeroen Ketema
43a8119091 Merge pull request #13591 from jketema/pointer-deref-barrier 
C++: Add barrier to `InvalidPointerToDerefConfig` in `cpp/invalid-pointer-deref`
 2023-06-28 17:46:41 +02:00
Jeroen Ketema
14609a9795 C++: Add barrier to InvalidPointerToDerefConfig in cpp/invalid-pointer-deref 2023-06-28 14:04:45 +02:00
Mathias Vorreiter Pedersen
2c99009c1a Merge pull request #13117 from rdmarsh2/rdmarsh2/cpp/cobo-handle-array-casts 
C++: handle cast arrays properly in off-by-one query
 2023-06-28 09:25:12 +01:00
Mathias Vorreiter Pedersen
f2cbbab419 Merge branch 'main' into rdmarsh2/cpp/cobo-handle-array-casts 2023-06-27 12:03:42 +01:00
Mathias Vorreiter Pedersen
985650cb04 Merge pull request #13559 from MathiasVP/add-barrier-to-invalid-deref-query 
C++: Add barriers to `cpp/invalid-pointer-deref`
 2023-06-27 11:56:58 +01:00
Mathias Vorreiter Pedersen
ef383a135d C++: Prune the set of interesting pointer-arithmetic instructions by another flow. 2023-06-26 19:09:43 +01:00
Mathias Vorreiter Pedersen
d68b0605cd C++: Use 'arrayTypeCand' in 'isSourceImpl' instead of checking for array size explicitly. 2023-06-26 11:37:35 +01:00
Mathias Vorreiter Pedersen
3b4f2b22d6 C++: Fix Code Scanning errors. 2023-06-26 11:36:56 +01:00
Mathias Vorreiter Pedersen
b87bf46c30 C++: Fix joins. 2023-06-26 11:28:32 +01:00
Mathias Vorreiter Pedersen
e32f7d84a5 C++: Speed up analysis on 'Samate' by avoiding the 'Variable' column in the dataflow stages of the query. 2023-06-25 00:35:43 +01:00
Mathias Vorreiter Pedersen
e0f5c584b9 C++: Fix Code Scanning error. 2023-06-24 19:38:22 +01:00
Mathias Vorreiter Pedersen
9d5b8cff2e C++: Add a barrier to the 'cpp/invalid-pointer-deref' query. 2023-06-24 19:12:03 +01:00
Mathias Vorreiter Pedersen
600c60af8b Merge branch 'main' into rdmarsh2/cpp/cobo-array-vars 2023-06-23 10:54:46 +01:00
Jeroen Ketema
272ced6ea5 Merge pull request #13374 from jketema/ptr-deref-min 
C++: Remove `cpp/invalid-pointer-deref` results duplicating ones with smaller `k`
 2023-06-05 19:31:24 +02:00
Jeroen Ketema
93215ba7e1 Merge pull request #13355 from jketema/ptr-deref-forward 
C++: Ensure that the sink instruction occurs last in `cpp/invalid-pointer-deref`
 2023-06-05 15:56:50 +02:00
Jeroen Ketema
86df424fca C++: Fix query formatting 2023-06-05 15:10:54 +02:00
Jeroen Ketema
4a27028768 C++: Remove cpp/invalid-pointer-deref results duplicating ones with smaller k 2023-06-05 15:03:58 +02:00
Mathias Vorreiter Pedersen
52fb00cac3 Merge pull request #12036 from nmouha/patch-1 
CPP: Add query for CVE-2022-37454: Integer addition may overflow inside if statement
 2023-06-05 12:13:27 +01:00
Jeroen Ketema
11182e4ee4 C++: Move location where getASuccessor is used to avoid join order problems 2023-06-05 12:36:25 +02:00
Jeroen Ketema
8ac1d56a7f C++: Fix join order in cpp/invalid-pointer-deref 2023-06-02 16:37:35 +02:00
Jeroen Ketema
ac4933a9cc C++: Ensure that the sink instruction occurs last in cpp/invalid-pointer-deref 
This avoids some counter-intuitive paths where we would seemingly jump back
to an earlier instruction, which might actually have been in bounds.
 2023-06-02 12:36:34 +02:00
Robert Marsh
df4d156a36 C++: remove unneeded exists variables 2023-06-01 11:28:12 -04:00
Mathias Vorreiter Pedersen
3d9c282f48 Merge pull request #13320 from jketema/ptr-deref-dedup 2023-05-31 10:12:05 -07:00
Jeroen Ketema
dd30acf1e3 C++: Add nodes query predicate to cpp/invalid-pointer-deref 2023-05-30 18:43:01 +02:00
Jeroen Ketema
f5ed02a433 C++: Take into account the delta at the final sink in cpp/invalid-pointer-deref 2023-05-30 18:33:20 +02:00
Jeroen Ketema
a8c76388c0 C++: Fix configuration names in comments in cpp/invalid-pointer-deref 2023-05-30 18:15:37 +02:00
Mathias Vorreiter Pedersen
f00b29d3d2 C++: The small-string optimization commonly used inside 'std::string' is causing a lot of FPs. Let's exclude this for now to reduce the number of results for this query. 2023-05-30 07:33:07 -07:00