Geoffrey White
d5accc70e1
C++: Add a test similar to issues/44.
2020-04-06 16:47:24 +01:00
Jonas Jensen
16c7a35b1c
Merge pull request #3195 from geoffw0/taintstring
...
C++: Model taint flow through std::string constructor and c_str()
2020-04-03 12:05:07 +02:00
Geoffrey White
73171682b7
C++: Switch to taint flow as suggested in the old PR.
2020-04-02 19:49:41 +01:00
Geoffrey White
b14b52d0ac
C++: Add models for std::string (as in old PR).
2020-04-02 19:49:41 +01:00
Geoffrey White
69f6790c83
C++: Add a test of taint through std::strings, based on the one in the old PR.
2020-04-02 19:49:31 +01:00
Geoffrey White
7a98919879
C++: Add a non-standard swap to taint tests.
2020-04-01 17:14:38 +01:00
Geoffrey White
f02ffcbbd2
C++: Modify ParameterIndex to account for varargs.
2020-01-28 14:53:18 +00:00
Geoffrey White
d66f608d41
C++: Taint from FormattingFunction varargs.
2020-01-28 14:53:18 +00:00
Geoffrey White
30580e97dc
C++: Add a TaintFunction model to FormattingFunction.
2020-01-28 08:46:46 +00:00
Geoffrey White
4778914154
CPP: Repair flow.
2020-01-27 14:08:03 +00:00
Geoffrey White
d9f6895602
CPP: 'sometimes copying' is considered data flow.
2020-01-27 14:07:39 +00:00
Geoffrey White
edf2b54813
CPP: Model strndup.
2020-01-23 13:46:57 +00:00
Geoffrey White
1867d58034
CPP: Allow flow to return value.
2020-01-22 16:25:40 +00:00
Geoffrey White
704bfe7184
CPP: Support taint flow from qualifiers.
2020-01-22 16:22:29 +00:00
Geoffrey White
e6daf3b7ee
CPP: Support taint flow to qualifiers.
2020-01-22 16:16:31 +00:00
Geoffrey White
1a6f7febe7
CPP: Add tests of taint through qualifiers.
2020-01-22 16:11:13 +00:00
Geoffrey White
ef47563139
CPP: Support flow of pointed-to things through function calls.
2020-01-16 11:08:19 +00:00
Jonas Jensen
5d7a0b8dd5
Merge remote-tracking branch 'upstream/master' into dataflow-ref-parameter
...
I've accepted the new test output, which shows that this branch fixes
two false negatives in the test cases from #2088 .
2019-10-08 13:09:20 +02:00
Geoffrey White
050d99fa87
CPP: Add test cases.
2019-10-04 17:44:27 +01:00
Jonas Jensen
7c319efb8b
C++: Data flow through reference parameters
2019-10-01 10:43:49 +02:00
Jonas Jensen
d38dbf0f63
C++: Workaround for lambda expression locations
...
See CPP-427.
2019-08-22 11:52:56 +02:00
Jonas Jensen
2f4ed45dac
C++: No taint between field and struct
...
To compensate for the lack of field flow, the taint tracking library has
previously considered taint to flow from fields to their containing
structs and back again from the structs to any of their fields. This
leads to false flow between unrelated fields and is not needed now that
we have proper flow through fields.
2019-08-21 11:57:12 +02:00
Jonas Jensen
45eefdb218
C++: Field flow through ConstructorFieldInit
...
This allows a member initializer list to be seen as a sequence of field
assignments. For example, the constructor
C() : a(taint()) { }
now has data flow similar to
C() { this.a = taint(); }
2019-08-16 09:10:17 +02:00
Geoffrey White
1bd4aeebad
CPP: Effects of #1715 .
2019-08-15 14:05:09 +01:00
Geoffrey White
02e1edd640
CPP: Test taint through lambdas.
2019-08-15 14:00:45 +01:00
Jonas Jensen
38ec693ead
C++: Improved ConstructorCall field flow
...
This commit changes C++ `ConstructorCall` to behave like
`new`-expressions in Java: they are both `ExprNode`s and
`PostUpdateNodes`, and there's a "pre-update node" (here called
`PreConstructorCallNode`) to play the role of the qualifier argument
when calling a constructor.
2019-08-13 11:05:13 +02:00
Jonas Jensen
6a3f5efc1b
C++: Accept AST field flow test output
2019-08-08 14:05:03 +02:00
Geoffrey White
c2fd2e273e
CPP: Model taint flow through std::swap.
2019-07-12 18:00:39 +01:00
Geoffrey White
f132bca06e
CPP: Add a taint flow test of 'std::swap'.
2019-07-12 16:37:01 +01:00
Robert Marsh
919f5c616f
C++: comment and test for taint flow via memcpy
2019-04-23 11:17:18 -07:00
Robert Marsh
262f724235
C++: add taint edges to DefinitionByReferenceNode
2019-04-22 10:39:02 -07:00
Pavel Avgustinov
b55526aa58
QL code and tests for C#/C++/JavaScript.
2018-08-02 17:53:23 +01:00
