hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-11 20:51:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
52,123 Commits 1,689 Branches 160 Tags
a4e9d38abb71f4e37720d1d1da82147e10effae1
Commit Graph

438 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
b36d4931f2 C++: Fix test annotation. 2023-02-27 15:47:52 +00:00
Mathias Vorreiter Pedersen
2cb4a554ea C++: Fix a bug in Expr <-> Node mapping. 2023-02-27 14:57:35 +00:00
Mathias Vorreiter Pedersen
09df318e9e C++: Also track flow out of indirect sources. 2023-02-27 14:57:35 +00:00
Mathias Vorreiter Pedersen
5a8b900394 C++: Properly track smart pointer wrappers. 2023-02-27 14:57:35 +00:00
Mathias Vorreiter Pedersen
b951bf0f8f C++: Remove conflation from taint-tracking. 2023-02-27 14:57:35 +00:00
Jeroen Ketema
996eb6c63c C++: Fix Ql-for-QL warnings 2023-02-13 09:22:31 +01:00
Jeroen Ketema
ecdeb9a970 C++: Revert semmle.code.cpp.dataflow to its old state 
While here make sure all queries and tests use IR dataflow when appropriate.
 2023-02-10 14:21:44 +01:00
Mathias Vorreiter Pedersen
946e301ed6 Merge pull request #12079 from rdmarsh2/rdmarsh2/use-use-taint-test-reads 
C++: allow read steps at the sink in IR taint test
 2023-02-08 15:08:00 +00:00
Mathias Vorreiter Pedersen
825628675e C++: Only allow implicit reads of fields that exist on the sink node's type. 2023-02-08 13:08:22 +00:00
Mathias Vorreiter Pedersen
559c799309 C++: Also recognize iterators obtained via a function that doesn't receive the container as a qualiifer. 2023-02-03 21:43:21 +00:00
Mathias Vorreiter Pedersen
09a7573163 C++: Add comments to the new FP. 2023-02-03 17:09:19 +00:00
Robert Marsh
ad8e82ac65 C++: allow read steps at the sink in IR taint test 2023-02-03 11:38:49 -05:00
Mathias Vorreiter Pedersen
eb31160ae0 C++: Accept test changes. 2023-02-01 13:42:03 +00:00
Mathias Vorreiter Pedersen
bfe9ae22ad Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2023-01-26 13:03:49 +00:00
Mathias Vorreiter Pedersen
13baa5b60b C++: Add iterator typedefs to properly instantiate 'int_iterator_by_trait' and 'insert_iterator_by_trait'. 2023-01-26 11:43:33 +00:00
Mathias Vorreiter Pedersen
a36afc6bff C++: Accept more test changes. 2022-12-15 13:29:05 +00:00
Mathias Vorreiter Pedersen
cb47bdd9fd C++: Accept test changes. 2022-12-15 11:55:25 +00:00
Mathias Vorreiter Pedersen
623372238d C++: Better support for flow-through. 2022-11-22 13:54:44 +00:00
Mathias Vorreiter Pedersen
b12955e220 C++: Fix flow out of const member functions. 2022-11-16 22:46:21 +00:00
Jeroen Ketema
2b37ebd7ed Merge remote-tracking branch 'upstream/main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2022-11-11 17:24:34 +01:00
Jeroen Ketema
62f5d10d03 C++: Fix localTaint expected results 2022-11-10 16:08:07 +01:00
Jeroen Ketema
62a0bcddd9 C++: Fix the accept prototype in the dataflow taint tests 2022-11-10 14:23:26 +01:00
Jeroen Ketema
d8e96ef12a Merge remote-tracking branch 'upstream/main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2022-11-10 12:09:43 +01:00
Jeroen Ketema
4d7aeced3f C++: Simplify dataflow taint test query 
The complexity seems a left-over from before these tests were turned into
inline expectation tests, where the aim seems to have been to have exactly
one sink node for each `sink` call. Multiple sink nodes for the same `sink`
call are not made visible in the inline expecation tests, and I am not
conviced this was very useful before, so remove the complexity.
 2022-11-10 10:38:22 +01:00
Jeroen Ketema
0e33f4da6b C++: Re-introduce most of the ast annotation test infrastructure 2022-11-09 14:37:01 +01:00
Jeroen Ketema
bd301768ea C++: Re-introduce the ast annotations in the taint tests 2022-11-09 14:30:56 +01:00
Jeroen Ketema
4ab5066ed2 C++: Fix imports and module names in old dataflow/taint tracking library 2022-11-09 11:52:39 +01:00
Jeroen Ketema
74f9b322a8 Merge branch 'main' into update-from-main 2022-11-08 17:01:02 +01:00
Jeroen Ketema
c61a9c5911 C++: Also taint the return value dereference in the strcat model 2022-11-08 12:08:44 +01:00
Mathias Vorreiter Pedersen
3261612a8c C++: Exclude void-typed instructions from 'DataFlow::Node'. These nodes can never contain any data so we don't need dataflow nodes for them. 2022-10-28 13:00:23 +02:00
Mathias Vorreiter Pedersen
172261495f Merge branch 'replace-ast-with-ir-use-usedataflow' into fix-as-expr 2022-10-28 10:32:31 +02:00
Mathias Vorreiter Pedersen
2fc7e6159e C++: Accept test changes. 2022-10-27 12:12:34 +02:00
Mathias Vorreiter Pedersen
562f052eb0 C++: Accept test changes. 2022-10-26 17:06:38 +02:00
Mathias Vorreiter Pedersen
373c849b18 C++: Accept library-test changes 2022-10-14 10:14:52 +02:00
Robert Marsh
d28c39cd73 C++: update test expectations 2022-06-20 15:56:00 -04:00
Robert Marsh
048e5d8474 C++: IR data flow through global variables 2022-06-20 15:15:45 -04:00
Jeroen Ketema
94f014d948 C++: Update tests for handling of bitwise copies in copy constructors 2022-03-25 11:43:01 +01:00
Erik Krogh Kristensen
69353bb014 patch upper-case acronyms to be PascalCase 2022-03-11 11:10:33 +01:00
Mathias Vorreiter Pedersen
672485ae38 Merge branch 'main' into remove-reference-to-as-load 2021-11-23 10:24:17 +00:00
Mathias Vorreiter Pedersen
21167f4b67 C++: Accept test changes. 2021-11-22 13:04:23 +00:00
Mathias Vorreiter Pedersen
36585a7469 C++: Accept test changes. 2021-11-17 14:41:30 +00:00
Mathias Vorreiter Pedersen
dbcd4d6d5d C++: Remove 'ReferenceToInstruction' from the list of instructions we interpret as a load. This makes use lose a bunch of flow, and we'll restore this flow in the next commit. 2021-11-11 10:38:52 +00:00
Mathias Vorreiter Pedersen
ccdaf49464 C++: Fix the same bug in the test for ordered maps. 2021-11-10 13:24:27 +00:00
Mathias Vorreiter Pedersen
86d78b34aa C++: Use the correct variable in the 'test'. 2021-11-10 13:04:48 +00:00
Mathias Vorreiter Pedersen
2cd23e5ee0 Accept test changes. 2021-10-28 12:36:36 +01:00
Mathias Vorreiter Pedersen
3efe60fdd2 C++: Accept test changes. 2021-10-28 12:35:01 +01:00
Mathias Vorreiter Pedersen
0679142607 C++: Accept test changes. 2021-10-01 18:27:55 +02:00
Anders Fugmann
0b98b39f91 C++: Test dataflow tests for strdupa and strndupa functions 2021-08-18 15:22:14 +02:00
Mathias Vorreiter Pedersen
bbb38fd2aa C++: Accept more test changes. 2021-07-29 15:49:50 +02:00
Dave Bartolomeo
383210096c C++: Isolate models from AST dataflow's reference/object conflation 
`DataFlowFunction` models treat references a pointers - an explicit level of indirection. The AST dataflow library generally treats references as if they were the referred-to object. This commit removes a workaround in the dataflow model for unary `operator*` on smart pointers, and makes the AST dataflow library adjust the results of querying the model so that a returned reference only gets flow that was modeled as going to the dereference of the return value.

This fixes some missing flow in IR dataflow, and recovers some (presumably) missing reverse taint flow in AST taint tracking as well.
 2021-04-21 18:09:44 -04:00