hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-11 09:49:26 +02:00
Code Issues Packages Projects Releases Wiki Activity
11,733 Commits 1,756 Branches 167 Tags
7e299e74948959d80b55fe808271ca04bea702ac
Commit Graph

1886 Commits

Author SHA1 Message Date
Robert Marsh
7e299e7494 C++/C#: Document ReturnIndirectionInstruction::getParameter 2020-04-08 16:41:07 -07:00
Robert Marsh
b37c13de91 C++: restore flow for non-class partial reads 
This would otherwise have lost a good qltest result at
CWE-134/semmle/funcs/funcsLocal.c:58:9:58:10
 2020-04-08 16:30:45 -07:00
Jonas Jensen
9f40886af9 C++: Don't allow taint out of a field read 
except if it's from a union. This prevents field conflation through
buffers of `UnknownType`.
 2020-04-08 14:02:33 -07:00
Robert Marsh
a0b26d66a4 C++: remove partial flow to IR loads 2020-04-08 13:56:56 -07:00
Robert Marsh
c38ccaaab6 Merge branch 'master' into rdmarsh/cpp/ir-flow-through-outparams 2020-04-08 12:32:35 -07:00
Mathias Vorreiter Pedersen
b2759877cc Merge pull request #3219 from jbj/DefaultTaintTracking-partial-no-structs 
C++: Avoid partial chi flow to struct/class
 2020-04-08 12:31:53 +02:00
Jonas Jensen
42e9d1416b Merge pull request #3206 from geoffw0/newfreefix 
C++: Fix `cpp/new-free-mismatch` false positives
 2020-04-08 08:39:43 +02:00
Geoffrey White
7fedac3266 C++: Fix apparently noncritical typo. 2020-04-07 20:56:07 +01:00
Geoffrey White
50194f372b C++: Autoformat. 2020-04-07 20:54:54 +01:00
Geoffrey White
2686d9888c C++: Add QLDoc. 2020-04-07 18:12:24 +01:00
Geoffrey White
66a0b7884e Merge branch 'master' into alloc-size 2020-04-07 17:12:35 +01:00
Geoffrey White
ff39f714e8 C++: Autoformat. 2020-04-07 17:07:31 +01:00
Robert Marsh
0ccf39777c Merge pull request #3189 from jbj/DefaultTaintTracking-Configuration 
C++: Path explanations in DefaultTaintTracking
 2020-04-07 08:38:10 -07:00
Jonas Jensen
39911af56b C++: Avoid partial chi flow to struct/class 
Flow through partial chi-instruction operands was introduced to make
definition-by-reference work, but its implementation also allowed all
other partial writes to propagate. In particular, tainting a field would
taint the whole struct, which in turn led to taint propagating across
unrelated fields of a struct.

The security test `CWE-134/semmle/argv/argvLocal.c` shows that we also
want to propagate taint from an array element to the whole array, and it
also seems right to propagate taint from a union member to the whole
union.
 2020-04-07 16:24:24 +02:00
Mathias Vorreiter Pedersen
8928091dfb Merge pull request #3181 from jbj/DefaultTaintTracking-qldoc 
C++: QLDoc in DefaultTaintTracking
 2020-04-07 14:58:21 +02:00
Geoffrey White
cbe133d0e6 C++: Deprecate freeCall in the legacy wrapper Alloc.qll. 2020-04-06 14:32:49 +01:00
Jonas Jensen
530d4294b0 Merge remote-tracking branch 'upstream/master' into DefaultTaintTracking-Configuration 2020-04-05 07:27:07 +02:00
Jonas Jensen
d7332644f0 C++: Fix DefinitionByReferenceNode.toString 
This predicate now has a value also for calls to function pointers.
 2020-04-04 15:31:01 +02:00
Jonas Jensen
108d5177b8 C++: Fix two bugs found by @rdmarsh2 
Co-Authored-By: Robert Marsh <rdmarsh2@gmail.com>
 2020-04-04 15:24:44 +02:00
Robert Marsh
316d932829 Merge pull request #3198 from MathiasVP/valuenumbering-provider-new-file 
C++/C#: Prevent accidental import of ValueNumberPropertyProvider
 2020-04-03 13:31:11 -07:00
Jonas Jensen
bb3616e4c4 C++: Add example for globalVarFromId 2020-04-03 17:51:35 +02:00
Jonas Jensen
3ec1f691c2 C++: First query with flow-paths through globals 2020-04-03 16:45:00 +02:00
Jonas Jensen
aaebe3687e C++: Fix copy-paste error in convertedExprNode 2020-04-03 16:37:23 +02:00
Jonas Jensen
469bdae9b2 C++: More helpful toString for def. by ref. node 2020-04-03 16:37:23 +02:00
Jonas Jensen
36da2d1dae C++: Manipulate the source end of paths too 
Without this, we get duplicate alerts in some cases and
unnatural-looking source nodes in other cases. The source nodes were
often `Conversion`s.
 2020-04-03 16:37:23 +02:00
Jonas Jensen
427815d3d1 C++: taintedWithPath QLDoc + simplification 2020-04-03 15:52:13 +02:00
Jonas Jensen
3653627650 C++: Let configuration class extend singleton 2020-04-03 15:52:13 +02:00
Jonas Jensen
16c7a35b1c Merge pull request #3195 from geoffw0/taintstring 
C++: Model taint flow through std::string constructor and c_str()
 2020-04-03 12:05:07 +02:00
Geoffrey White
73bfd819d9 C++: Rename classes. 2020-04-03 09:23:31 +01:00
Geoffrey White
1bcf187c3e C++: Rename Strings.qll -> StdString.qll. 2020-04-03 09:17:33 +01:00
Mathias Vorreiter Pedersen
0b12c1519b C++/C#: Sync identical files 2020-04-03 10:06:37 +02:00
Mathias Vorreiter Pedersen
0f70944a5b C++: Move ValueNumberPropertyProvider into its own file to prevent accidental imports 2020-04-03 09:55:41 +02:00
Robert Marsh
a8e191248e Merge branch 'master' into rdmarsh/cpp/ir-flow-through-outparams 
Merge IR SSA test additions
 2020-04-02 15:30:20 -07:00
Robert Marsh
fd915bb5b1 C++: fix join order in IR virtual dispatch 2020-04-02 14:56:11 -07:00
Geoffrey White
c9ec30fa2a C++: Update use of deprecated methods. 2020-04-02 19:49:42 +01:00
Geoffrey White
e9132d833c C++: Autoformat. 2020-04-02 19:49:42 +01:00
Geoffrey White
73171682b7 C++: Switch to taint flow as suggested in the old PR. 2020-04-02 19:49:41 +01:00
Geoffrey White
b14b52d0ac C++: Add models for std::string (as in old PR). 2020-04-02 19:49:41 +01:00
Mathias Vorreiter Pedersen
e2908eaf63 C++: Add comment explaining why we can split call and allocation side effects 2020-04-02 15:11:13 +02:00
Mathias Vorreiter Pedersen
a273917e51 Merge branch 'master' into init-dynamic-alloc-newexpr 2020-04-02 14:11:03 +02:00
Geoffrey White
ead5feb921 C++: Autoformat. 2020-04-02 09:50:14 +01:00
Mathias Vorreiter Pedersen
8fdc4b037a C++: Ensure that no call side effect is an allocation side effect 2020-04-02 07:30:56 +02:00
Robert Marsh
a061811939 Merge branch 'master' into rdmarsh/cpp/ir-flow-through-outparams 
Pick up new test for user-defined swap functions
 2020-04-01 17:32:55 -07:00
Jonas Jensen
207c76b855 C++: Path explanations in DefaultTaintTracking 
The first three queries are migrated to use path explanations.
 2020-04-01 20:51:05 +02:00
Jonas Jensen
b07380d2eb C++: Update ppReprType for C++ IR dataflow 
I forgot to do this in b1be123e31. Without this change, we suffix
` : void` on very step of an IR path explanation.
 2020-04-01 20:19:00 +02:00
Geoffrey White
d71098d178 Merge branch 'master' into opnew 2020-04-01 15:00:26 +01:00
Jonas Jensen
9a55d42639 C++: QLDoc in DefaultTaintTracking 
These docs are mostly copied and adapted from
`DefaultTaintTrackingImpl.qll`.
 2020-04-01 15:30:31 +02:00
Geoffrey White
119d4a40a0 C++: Fix unintended consequence in IR. 2020-04-01 14:29:28 +01:00
Mathias Vorreiter Pedersen
fa7dc32dee C++: Remove dependency on implementation of models in TranslatedCall 2020-04-01 14:46:52 +02:00
Tom Hvitved
42e180d6c4 Merge pull request #3060 from aschackmull/dataflow/no-param-to-same-param-flow 
Dataflow: Exclude param-param flow through with identical params.
 2020-04-01 09:42:12 +02:00