hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
63,235 Commits 1,671 Branches 157 Tags
75b13da4e422c6f00519b51a3d29017cebf40aab
Commit Graph

10804 Commits

Author SHA1 Message Date
Jeroen Ketema
ba51b65d84 C++: Fix hasRemoteFlowSource for fgets 
Also add the test that exposed this. Note that the test would only have started
failing after `cpp/uncontrolled-process-operation` with the rewrite of the
query away from default taint tracking, which has not happened yet.
 2023-11-10 11:56:23 +01:00
Jeroen Ketema
e4c8406365 C++: Split strlcat off in a separate model 2023-11-10 10:11:57 +01:00
Mathias Vorreiter Pedersen
b858a284c9 Merge pull request #14726 from microsoft/28-strsafe-library-updates2 2023-11-09 21:39:10 +00:00
Mathias Vorreiter Pedersen
39b9d2ea83 C++: Accept test changes. 2023-11-09 20:28:55 +00:00
Mathias Vorreiter Pedersen
eb1024c79b C++: Improve (and simplify) 'toString's. 2023-11-09 20:27:23 +00:00
Mathias Vorreiter Pedersen
86e791980c C++: Simplify 'isGlobalUse' and 'isGlobalDefImpl'. 2023-11-09 20:27:23 +00:00
Mathias Vorreiter Pedersen
9762313500 C++: Implement jumpStep using the indirection instead of index. 2023-11-09 20:27:23 +00:00
Mathias Vorreiter Pedersen
95bb70f577 C++: Also add a 'getIndirection' on 'GlobalDef' as well. This will be useful in the next commit. 2023-11-09 20:25:29 +00:00
Benjamin Rodes
5e140021fb Removed non-ascii characters. 2023-11-09 15:24:58 -05:00
Mathias Vorreiter Pedersen
fd26ae18bf C++: Obtain the SSA variable of a 'GlobalUse' using the indirection instead of the index (like we do for non-global uses as well). 2023-11-09 20:20:27 +00:00
Mathias Vorreiter Pedersen
bb5a78d3f1 C++: Factor the IPA body of 'TGlobalUse' and 'TGlobalDef' out into predicates. 2023-11-09 20:17:47 +00:00
Anders Schack-Mulligen
657c29f409 Java/C++: Share valueFlowStep. 2023-11-09 20:24:28 +01:00
Benjamin Rodes
8674139de6 Change log file name change 2023-11-09 13:24:14 -05:00
Mathias Vorreiter Pedersen
0963af2ee7 C++: Add failing tests. 2023-11-09 18:01:22 +00:00
Jeroen Ketema
a051a57e00 Update cpp/ql/lib/semmle/code/cpp/models/implementations/Strcat.qll 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2023-11-09 17:48:45 +01:00
Jeroen Ketema
0b91310357 C++: Add models for strlcpy and strlcat 2023-11-09 17:21:37 +01:00
Anders Schack-Mulligen
b8e7e1d15e Java/C++: Share ssaUpdateStep. 2023-11-09 16:02:44 +01:00
Anders Schack-Mulligen
daffae020b Java/C++: Share eqFlowCond. 2023-11-09 16:00:46 +01:00
Mathias Vorreiter Pedersen
7048190929 Update cpp/ql/src/Security/CWE/CWE-120/UnboundedWrite.ql 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2023-11-09 12:39:10 +00:00
Anders Schack-Mulligen
abe0bb70ac C++: Fix operand ssa variables for range analysis. 2023-11-09 12:26:53 +01:00
Ben Rodes
79dcb4b48c Update cpp/ql/lib/change-notes/2023-11-8-strsafe-models.md 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2023-11-08 12:37:55 -05:00
Benjamin Rodes
bdae2af0e2 Adding missing strsafe sprintf variants. 2023-11-08 12:20:53 -05:00
Benjamin Rodes
c3ff181198 Adding change log 2023-11-08 12:20:04 -05:00
Mathias Vorreiter Pedersen
38bd893c81 Merge branch 'main' into no-dtt-in-unbounded-write 2023-11-08 15:06:59 +00:00
Mathias Vorreiter Pedersen
e90803a81c C++: Rewrite 'cpp/unbounded-write' away from DefaultTaintTracking. 2023-11-08 14:57:04 +00:00
Anders Schack-Mulligen
1f4cd74a1c Java/C++: Move SsaReadPosition to shared qlpack. 2023-11-08 12:11:17 +01:00
Mathias Vorreiter Pedersen
ab64d9a9d6 Merge pull request #14713 from MathiasVP/no-gvn-as-ssa-in-range-analysis 
C++: Don't use GVN as SSAVariable in new range analysis
 2023-11-08 09:28:15 +00:00
Anders Schack-Mulligen
45ae4ed362 Merge pull request #14711 from aschackmull/shared/rangeutil-share2 
Java/C++/RangeAnalysis: Move a couple of utility predicates to shared qlpack
 2023-11-08 08:33:12 +01:00
Mathias Vorreiter Pedersen
a8eed6bd7e Merge pull request #14704 from MathiasVP/fix-uninitialized-local 
C++: IR'ify `cpp/uninitialized-local` and fix FPs
 2023-11-07 22:45:34 +00:00
Mathias Vorreiter Pedersen
69502d0c31 C++: Add some more tests. 2023-11-07 17:31:01 +00:00
Mathias Vorreiter Pedersen
1c8f474848 C++: Add comment as suggested in the PR review for #14708. 2023-11-07 15:16:38 +00:00
Mathias Vorreiter Pedersen
2787f0a0fc Merge pull request #14708 from MathiasVP/add-testcase-for-range-analysis 
C++: Add range analysis testcase
 2023-11-07 15:15:45 +00:00
Mathias Vorreiter Pedersen
2d43eec3c3 C++: Accept test changes. 2023-11-07 14:57:30 +00:00
Mathias Vorreiter Pedersen
91b29eee53 C++: Don't use GVN as an SSAVariable in range analysis. 2023-11-07 14:52:50 +00:00
Mathias Vorreiter Pedersen
a04830b8b2 Merge pull request #14697 from MathiasVP/range-analysis-simplify-conversions 
C++: Simplify the definition of `SemExpr` for range analysis
 2023-11-07 14:52:09 +00:00
Anders Schack-Mulligen
12cba7909b Java/C++: Move range util guard-controls predicates to shared pack. 2023-11-07 15:14:34 +01:00
Anders Schack-Mulligen
f2ca52d951 Java/C++: Move range util backEdge predicate to shared pack. 2023-11-07 15:14:34 +01:00
Mathias Vorreiter Pedersen
9dca6697fb C++: Add a testcase that fails to terminate in modulus analysis when we don't have IR operands as SSA variables. 2023-11-07 11:52:35 +00:00
Mathias Vorreiter Pedersen
6669cf805f C++: Add change note. 2023-11-07 09:32:07 +00:00
Mathias Vorreiter Pedersen
0fd4d4a114 C++: Add QLDoc. 2023-11-07 09:29:34 +00:00
Mathias Vorreiter Pedersen
022c9eb3cd C++: Add a barrier feature to 'MustFlow'. 2023-11-07 09:23:42 +00:00
Mathias Vorreiter Pedersen
6bf2d47321 C++: Allow source = sink in 'MustFlow'. 2023-11-07 09:23:42 +00:00
Mathias Vorreiter Pedersen
1dc08941f8 C++: Use 'MustFlow' in 'cpp/uninitialized-local'. 2023-11-07 09:23:41 +00:00
Mathias Vorreiter Pedersen
a17cd9bc1c Merge pull request #14667 from MathiasVP/more-function-input-and-output-ipa-numbers 
C++: Allocate more `FunctionInput` and `FunctionOutput`s
 2023-11-07 08:57:31 +00:00
Mathias Vorreiter Pedersen
4455ed982d C++: Accept query test changes. 2023-11-06 17:33:46 +00:00
Mathias Vorreiter Pedersen
d38fa13299 C++: Remove more uses of 'getConverted' and 'getUnconverted'. 2023-11-06 16:11:55 +00:00
Mathias Vorreiter Pedersen
e91987b1a9 C++: Accept test changes. 2023-11-06 16:02:06 +00:00
Mathias Vorreiter Pedersen
d544f47746 C++: Simplify the definition of 'SemExpr' by instead making non-overflowing conversions copy value expressions. 2023-11-06 16:01:59 +00:00
Mathias Vorreiter Pedersen
31c2a3be98 C++: Don't redefine the meaning of the single-parameter 'isParameterDeref' and accept test changes. 2023-11-06 15:52:58 +00:00
Mathias Vorreiter Pedersen
ff30308a2b C++: Only the first indirection of the argument should be the remote flow sink. 2023-11-06 13:57:14 +00:00