hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-21 14:47:10 +02:00
Code Issues Packages Projects Releases Wiki Activity
26,539 Commits 1,758 Branches 167 Tags
98ef06c6eca98e424c46c066db1392da2bfa3434
Commit Graph

6485 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
98ef06c6ec C++: Accept test changes. 2021-10-22 11:42:35 +01:00
Mathias Vorreiter Pedersen
c3a5a4fc36 C++: Add a special dataflow step from InitializeIndirection instructions. 2021-10-22 11:42:35 +01:00
Mathias Vorreiter Pedersen
f8265ea095 C++: Remove the taintflow edges that gives performance problems. 2021-10-22 11:42:34 +01:00
Mathias Vorreiter Pedersen
870d80ba43 C++: Since we now no longer have flow from exact memory operands to LoadInstructions, we no longer have flow from PhiInstructions to LoadInstructions. We could allow flow in this particular case, but we might as well use the shared SSA library's phi edges. 2021-10-22 11:42:34 +01:00
Mathias Vorreiter Pedersen
c5e51fd3de C++: Throw away most of the usage of IR-computed def-use information. Instead, we rely on the shared SSA library's use-use edges. 2021-10-22 11:42:34 +01:00
Mathias Vorreiter Pedersen
07db62d90b C++: Rewrite the PartialDefinitionNode classes to match the new StoreNodes. 2021-10-22 11:42:34 +01:00
Mathias Vorreiter Pedersen
090675fe04 C++: Similarly to the previous commit, we throw away the old memory-edges based way of doing read steps. Instead, we use the shared SSA library to transfer flow into a new ReadNode IPA branch, perform the necessary read steps, and then use the shared SSA library to transfer flow out of the ReadNode again. 2021-10-22 11:42:34 +01:00
Mathias Vorreiter Pedersen
34a209bc8a C++: Throw away the old way of doing store steps using memory edges. Instead, we introduce a StoreNode IPA branch that does store steps and instead use the shared SSA library to transfer flow into these nodes before a store step, and out of them following a sequence of store steps. 2021-10-22 11:42:34 +01:00
Mathias Vorreiter Pedersen
c29fd61e6f C++: Add shared SSA library and instantiate it with the IR. 2021-10-22 11:42:34 +01:00
Mathias Vorreiter Pedersen
9e14aefa65 C++/C#: Sync identical IR files· 2021-10-22 11:42:33 +01:00
Mathias Vorreiter Pedersen
b9c6785b1f C++: Add 'getReturnAddress' and 'getReturnAddressOperand' predicates to 'ReturnValueInstruction'. 2021-10-22 11:42:27 +01:00
Mathias Vorreiter Pedersen
eac0222f2c C++: Add more CWEs to 'cpp/incorrect-allocation-error-handling'. 2021-10-04 15:15:40 +01:00
Mathias Vorreiter Pedersen
cc8b581c06 C++: Accept test changes. 2021-10-01 22:23:17 +02:00
Mathias Vorreiter Pedersen
cca77ed65c Merge branch 'main' into add-return-value-deref-to-model-util 2021-10-01 22:02:06 +02:00
Mathias Vorreiter Pedersen
0679142607 C++: Accept test changes. 2021-10-01 18:27:55 +02:00
Mathias Vorreiter Pedersen
3463c28e24 C++: Add return value dereference to 'callOutput'. This will need to be modified once we get return value side effects in the IR. 2021-10-01 18:27:46 +02:00
Mathias Vorreiter Pedersen
a3cf721b9e Merge pull request #6713 from geoffw0/cwe139 
C++: New query for 'Cleartext transmission of sensitive information'
 2021-10-01 11:10:36 +02:00
Geoffrey White
679b0f9b73 C++: Autoformat. 2021-10-01 09:40:16 +01:00
Jonas Jensen
45cf6344cd Merge pull request #6184 from github/rdmarsh2/improve-exec-tainted 
C++: Refactor ExecTainted.ql to only report results after string concatenation
 2021-09-29 19:21:13 +02:00
Rasmus Wriedt Larsen
987b573709 Fix hasLocationInfo URL reference 
Follow up to https://github.com/github/codeql/pull/5830
 2021-09-29 13:47:58 +02:00
Mathias Vorreiter Pedersen
8dcf7926de Merge pull request #6760 from andersfugmann/relax_memberMayBeVarSize 
Increase precision to high for cpp/static-buffer-overflow
 2021-09-29 10:09:11 +02:00
Geoffrey White
89098f54be C++: Correct comment. 2021-09-28 20:03:42 +01:00
Geoffrey White
10323ac819 Update cpp/ql/src/Security/CWE/CWE-311/CleartextStorage.inc.qhelp 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2021-09-28 15:13:29 +01:00
Anders Fugmann
ba98c0c1cb Merge remote-tracking branch 'upstream/main' into relax_memberMayBeVarSize 2021-09-28 11:15:11 +02:00
Anders Peter Fugmann
a358ea8667 C++: Apply documentation change suggestion 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2021-09-28 10:38:02 +02:00
Anders Peter Fugmann
c7ea7ca5cd C++: Apply documentation change suggestion 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2021-09-28 09:40:25 +02:00
Anders Fugmann
79549c2285 Merge remote-tracking branch 'upstream/main' into refactor_use_of_isGuardPhi 2021-09-28 09:38:16 +02:00
Robert Marsh
dfb27d170c C++ fix test compilation errors 2021-09-27 13:58:54 -07:00
Anders Fugmann
03bd7d7f96 C++: Update test results from OverflowStatic 2021-09-27 11:23:08 +02:00
Jonas Jensen
b0836a620c Merge pull request #6757 from geoffw0/impropnulltest2 
C++: Small improvement to cpp/improper-null-termination
 2021-09-27 10:52:49 +02:00
Jonas Jensen
06b36f742e Merge pull request #6745 from andersfugmann/handle_overflow_for_upperbound 
C++: Handle overflow for upperbound
 2021-09-27 10:32:49 +02:00
Anders Fugmann
e0921ac983 C++: Increase precision of cpp/static-buffer-overflow to high 2021-09-27 09:06:36 +02:00
Geoffrey White
7e7dfe2cc4 C++: Understand format arguments. 2021-09-24 19:25:43 +01:00
Geoffrey White
91a8b9fdd9 C++: Add suggested test (and a good variant). 2021-09-24 18:34:28 +01:00
Geoffrey White
6901d9d9c2 C++: Add and use getRemoteSocket predicates. 2021-09-24 15:16:48 +01:00
Geoffrey White
9f59bc8f7b C++: Naive translation to use RemoteFlow*Function. 2021-09-24 15:12:14 +01:00
Geoffrey White
3e1bc66984 Merge pull request #6733 from MathiasVP/fix-qldoc-in-initialize-dynamic-allocation-instruction 
C++/C#: Fix QLDoc on `InitializeDynamicAllocationInstruction`.{`getAllocationAddressOperand` and `getAllocationAddress`}
 2021-09-24 14:30:03 +01:00
Anders Peter Fugmann
aebde189f8 C++: Apply peer review suggestion 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2021-09-24 15:09:23 +02:00
Mathias Vorreiter Pedersen
24214002a1 C#/C++: Sync identical files. 2021-09-24 13:13:09 +01:00
Mathias Vorreiter Pedersen
eba1b0bc15 Respond to review comments. 2021-09-24 13:12:58 +01:00
Anders Fugmann
cbdabe35de C++: Update test results to reflect changes 2021-09-24 12:29:28 +02:00
Anders Fugmann
c9c41252e3 C++: Update test results in SimpleRangeAnalysis 2021-09-24 12:23:48 +02:00
Anders Fugmann
3437cf2909 C++: only use upperbound if there are no overflows in the guard 2021-09-24 11:46:58 +02:00
Anders Fugmann
d7afd86a27 C++: Add test case exposing problem with overflows for upperBound predicate 2021-09-24 11:44:05 +02:00
Anders Fugmann
032ac50034 C++: Do not warn on static buffer overflow using loop counters, if the loop counter has been widened 2021-09-24 08:31:36 +02:00
Anders Fugmann
3e5f7d0db5 C++: using buildin offsetof for an array member indexed after end is legal 2021-09-24 08:31:35 +02:00
Anders Fugmann
b08eabec68 C++: Relax predicate memberMayBeVarSize to mark all members of size 0 or 1 as variable sized 2021-09-24 08:31:35 +02:00
Anders Fugmann
a4a9e2aa96 C++: Weaken wording on overflow static alert text 2021-09-24 08:31:35 +02:00
Robert Marsh
3189c578a4 C++: Add QLDoc to subpaths in DefaultTaintTracking 2021-09-23 22:42:38 -07:00
Robert Marsh
c2b356ab08 C++: add subpaths to DefaultTaintTracking 2021-09-23 21:00:45 -07:00