codeql

mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00

Author	SHA1	Message	Date
Mathias Vorreiter Pedersen	a4c075f03b	C++: The data pointed to by 'gets' is also a source of user input.	2023-02-27 16:25:32 +00:00
Jeroen Ketema	b4f6d519db	C++: Use correct DataFlow import in new TaintTracking.qll Using the IR version directly gives errors about conflicting imports if both DataFlow and TaintTracking are imported.	2023-02-27 17:22:12 +01:00
Mathias Vorreiter Pedersen	b36d4931f2	C++: Fix test annotation.	2023-02-27 15:47:52 +00:00
Mathias Vorreiter Pedersen	d2f8cb6920	Merge branch 'mathiasvp/replace-ast-with-ir-use-usedataflow' into fix-enclosing-callable	2023-02-27 15:02:39 +00:00
Mathias Vorreiter Pedersen	31f3504113	C++: Remove this bad materialization: ``` Evaluated relational algebra for predicate _CppType#d1355c92::CppType::hasUnspecifiedType#2#dispred#fff_10#join_rhs_SsaInternals#50208335::DefO__#shared@ec353boa with tuple counts: 459594 ~0% {2} r1 = JOIN _IRVariable#e9bf30b2::IRVariable::getAst#0#dispred#ff_Parameter#ed81dd8f::Parameter#f#shared WITH SsaInternalsCommon#3c4fa02d::BaseIRVariable::getIRVariable#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1 'arg1', Rhs.1 461383 ~2% {3} r2 = JOIN r1 WITH Variable#7a968d4e::Variable::getUnspecifiedType#0#dispred#ff ON FIRST 1 OUTPUT Lhs.0 'arg1', Lhs.1, Rhs.1 477945 ~6% {4} r3 = JOIN r2 WITH Variable#7a968d4e::Variable::getUnspecifiedType#0#dispred#ff ON FIRST 1 OUTPUT Lhs.2, Lhs.0 'arg1', Lhs.1, Rhs.1 346338 ~2% {4} r4 = JOIN r3 WITH SsaInternalsCommon#3c4fa02d::Indirection::getNumberOfIndirections#0#dispred#ff ON FIRST 1 OUTPUT Lhs.3, Lhs.1 'arg1', Lhs.2, Rhs.1 'arg2' 178593374 ~0% {4} r5 = JOIN r4 WITH CppType#d1355c92::CppType::hasUnspecifiedType#2#dispred#fff_10#join_rhs ON FIRST 1 OUTPUT Lhs.2, Lhs.1 'arg1', Lhs.3 'arg2', Rhs.1 'arg3' 934806228 ~0% {4} r6 = JOIN r5 WITH SsaInternals#50208335::DefOrUse::getSourceVariable#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1 'arg0', Lhs.1 'arg1', Lhs.2 'arg2', Lhs.3 'arg3' return r6 Tuple counts for _DataFlowPrivate#fbdd7bd7::InstructionNode0#class#ff_SsaInternals#50208335::Def#ff_SsaInternals#5020__#antijoin_rhs/4@305d42l5 after 25.6s: 180185672 ~0% {4} r1 = JOIN _CppType#d1355c92::CppType::hasUnspecifiedType#2#dispred#fff_10#join_rhs_SsaInternals#50208335::DefO__#shared WITH SsaInternals#50208335::Def#ff ON FIRST 1 OUTPUT Lhs.0 'arg3', Lhs.1 'arg0', Lhs.2 'arg1', Lhs.3 'arg2' 180185672 ~0% {5} r2 = JOIN r1 WITH SsaInternals#50208335::Def::getValue#0#dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'arg0', Lhs.2 'arg1', Lhs.3 'arg2', Lhs.0 'arg3' 180185672 ~0% {5} r3 = JOIN r2 WITH DataFlowPrivate#fbdd7bd7::InstructionNode0#class#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'arg0', Lhs.2 'arg1', Lhs.3 'arg2', Lhs.4 'arg3' 178459578 ~1% {4} r4 = JOIN r3 WITH project#Instruction#577b6a83::InitializeParameterInstruction#ff ON FIRST 1 OUTPUT Lhs.1 'arg0', Lhs.2 'arg1', Lhs.3 'arg2', Lhs.4 'arg3' return r4 Tuple counts for SsaInternals#7b362d2f::TFinalParameterUse#dom#ff/2@9ff4dbcg after 7.9s: 180185672 ~1% {4} r1 = JOIN _CppType#d1355c92::CppType::hasUnspecifiedType#2#dispred#fff_10#join_rhs_SsaInternals#50208335::DefO__#shared WITH SsaInternals#50208335::Def#ff ON FIRST 1 OUTPUT Lhs.1 'p', Lhs.2, Lhs.3, Lhs.0 1726094 ~0% {4} r2 = r1 AND NOT _DataFlowPrivate#fbdd7bd7::InstructionNode0#class#ff_SsaInternals#50208335::Def#ff_SsaInternals#5020__#antijoin_rhs(Lhs.0 'p', Lhs.1, Lhs.2, Lhs.3) 1726094 ~54% {4} r3 = SCAN r2 OUTPUT In.0 'p', In.1, In.2, 1 1769636 ~54% {5} r4 = JOIN r3 WITH PRIMITIVE range#bbf ON Lhs.3,Lhs.1 1769636 ~45% {4} r5 = SCAN r4 OUTPUT In.2, (In.4 'indirectionIndex' + 1), In.0 'p', In.4 'indirectionIndex' 591253 ~11541% {2} r6 = JOIN r5 WITH SsaInternalsCommon#3c4fa02d::isModifiableAtImpl#2#ff ON FIRST 2 OUTPUT Lhs.2 'p', Lhs.3 'indirectionIndex' 1769636 ~52% {4} r7 = SCAN r4 OUTPUT In.2, In.0 'p', In.4 'indirectionIndex', (In.4 'indirectionIndex' + 1) 1724893 ~41% {5} r8 = JOIN r7 WITH CppType#d1355c92::CppType::hasType#2#dispred#fff ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'p', Lhs.0, Lhs.2 'indirectionIndex', Lhs.3 1718843 ~46% {5} r9 = JOIN r8 WITH Type#2e8eb3ef::Type::stripType#0#dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'p', Lhs.2, Lhs.3 'indirectionIndex', Lhs.4 8608 ~0% {5} r10 = JOIN r9 WITH SmartPointer#917721ba::SmartPtr#f ON FIRST 1 OUTPUT Lhs.1 'p', Lhs.2, Lhs.3 'indirectionIndex', Lhs.4, Lhs.0 8608 ~0% {5} r11 = r10 AND NOT PointerWrapper#7cc81d2d::PointerWrapper::pointsToConst#0#dispred#f(Lhs.4) 8608 ~4986% {2} r12 = SCAN r11 OUTPUT In.0 'p', In.2 'indirectionIndex' 599861 ~11711% {2} r13 = r6 UNION r12 return r13 ```	2023-02-27 14:57:36 +00:00
Mathias Vorreiter Pedersen	354a12c906	C++: Fix queries. Since there's no longer indirect -> direct flow in taint-tracking we need to make sure the affected sink definitions also handle indirect flow.	2023-02-27 14:57:36 +00:00
Mathias Vorreiter Pedersen	1db24dd28d	C++: Fix missing types. We now assign the node corresponding to `**p` an `UnknownType`.	2023-02-27 14:57:36 +00:00
Mathias Vorreiter Pedersen	4e16bb65e3	C++: Accept test changes. Because we now allocate _three_ indirect nodes for a value of type `void` (i.e., `p`, `p` and `p`) we need to decide on a type for the `p` value. We will do this in the next commit.	2023-02-27 14:57:35 +00:00
Mathias Vorreiter Pedersen	16ba4652af	C++: Allocate an additional indirection for void pointers.	2023-02-27 14:57:35 +00:00
Mathias Vorreiter Pedersen	f6b9ca3da6	C++: Add failing test.	2023-02-27 14:57:35 +00:00
Mathias Vorreiter Pedersen	da4a059388	C++: Accept test changes.	2023-02-27 14:57:35 +00:00
Mathias Vorreiter Pedersen	52e6e1dece	C++: Fix flow through partial definitions.	2023-02-27 14:57:35 +00:00
Mathias Vorreiter Pedersen	575ac46bf3	C++: Add failing test.	2023-02-27 14:57:35 +00:00
Mathias Vorreiter Pedersen	b952f619db	C++: Accept test changes.	2023-02-27 14:57:35 +00:00
Mathias Vorreiter Pedersen	057e810122	C++: Fix flow through arrays.	2023-02-27 14:57:35 +00:00
Mathias Vorreiter Pedersen	9d64c0a023	C++: Add failing test.	2023-02-27 14:57:35 +00:00
Mathias Vorreiter Pedersen	1e4caca23a	C++: Accept query changes. Nothing bad to see here.	2023-02-27 14:57:35 +00:00
Mathias Vorreiter Pedersen	2cb4a554ea	C++: Fix a bug in Expr <-> Node mapping.	2023-02-27 14:57:35 +00:00
Mathias Vorreiter Pedersen	09df318e9e	C++: Also track flow out of indirect sources.	2023-02-27 14:57:35 +00:00
Mathias Vorreiter Pedersen	a806569b5f	C++: The next commit is going to track flow out of both direct and indirect sources. This means we'll get a lot of duplication since there'll be flow from indirect source -> indirect sink and direct source -> direct sink (which both map to the same expressions). This commit changes the testing so that we only report a duplication when they're at different locations.	2023-02-27 14:57:35 +00:00
Mathias Vorreiter Pedersen	5a8b900394	C++: Properly track smart pointer wrappers.	2023-02-27 14:57:35 +00:00
Mathias Vorreiter Pedersen	64abf5b163	C++: Add conflation into DefaultTaintTracking.	2023-02-27 14:57:35 +00:00
Mathias Vorreiter Pedersen	b951bf0f8f	C++: Remove conflation from taint-tracking.	2023-02-27 14:57:35 +00:00
Mathias Vorreiter Pedersen	a5bb093935	Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow	2023-02-27 14:57:06 +00:00
Mathias Vorreiter Pedersen	7437de2909	C++: Fix issue where 'getEnclosingCallable' didn't exist for some globals.	2023-02-27 14:06:13 +00:00
Anders Schack-Mulligen	7e3e10c34b	C/C++: Remove reference to Partial Flow.	2023-02-27 14:30:05 +01:00
Anders Schack-Mulligen	bf650c755c	Dataflow: Sync changes to all languages.	2023-02-27 14:30:05 +01:00
Michael B. Gale	b203533fc6	Fix C++ test missing env var	2023-02-24 14:16:20 +00:00
Michael B. Gale	0f320996cf	Make improvements based on PR feedback	2023-02-22 12:32:07 +00:00
ihsinme	213abc6642	Update DivideByZeroUsingReturnValue.expected	2023-02-19 21:42:48 +03:00
ihsinme	54acbf7676	Update test.cpp	2023-02-19 21:42:14 +03:00
ihsinme	49af5ec536	Update DivideByZeroUsingReturnValue.ql	2023-02-19 21:41:28 +03:00
Nick Rolfe	3e5534f0ba	Merge branch 'main' into post-release-prep/codeql-cli-2.12.3	2023-02-17 14:39:26 +00:00
github-actions[bot]	8eb8daa4d4	Post-release preparation for codeql-cli-2.12.3	2023-02-16 17:23:25 +00:00
Michael B. Gale	8e83fd00b7	Update C/C++ autobuilder	2023-02-16 15:52:29 +00:00
github-actions[bot]	b0315119c6	Release preparation for version 2.12.3	2023-02-16 11:49:06 +00:00
Michael B. Gale	eab3c6dd5e	Fix missing implementations for C++ tests	2023-02-16 11:07:38 +00:00
Mathias Vorreiter Pedersen	2203eb6607	C++: Fix Code Scanning error.	2023-02-15 11:51:55 +00:00
Mathias Vorreiter Pedersen	c11218fcde	Merge pull request #12184 from MathiasVP/discriminate-union-contents	2023-02-14 23:36:02 +00:00
Jeroen Ketema	899f35a59b	Merge pull request #12185 from jketema/test-annotations C++: Update test annotations for use-use dataflow	2023-02-14 15:48:35 +01:00
Jeroen Ketema	1d4e9745a3	Merge remote-tracking branch 'upstream/main' into mathiasvp/replace-ast-with-ir-use-usedataflow	2023-02-14 15:40:36 +01:00
Mathias Vorreiter Pedersen	2591460731	Merge pull request #12181 from MathiasVP/fix-node-type C++: Fix node types	2023-02-14 13:54:12 +00:00
Jeroen Ketema	9e462866a0	C++: Update test annotations for use-use dataflow	2023-02-14 14:48:08 +01:00
Mathias Vorreiter Pedersen	ba0be2fd9f	C++: Better discriminate for unions.	2023-02-14 13:26:40 +00:00
Mathias Vorreiter Pedersen	b01a45f7be	C++: Respond to PR reviews.	2023-02-14 09:51:48 +00:00
Mathias Vorreiter Pedersen	bda46b3748	Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>	2023-02-14 09:49:32 +00:00
Mathias Vorreiter Pedersen	ffef81bc47	C++: Add QLDoc.	2023-02-14 09:38:43 +00:00
Mathias Vorreiter Pedersen	0a3f958849	C++: Use content approximations.	2023-02-14 09:10:10 +00:00
Mathias Vorreiter Pedersen	7a81f06e84	C++: Accept test changes.	2023-02-14 09:01:51 +00:00
Mathias Vorreiter Pedersen	cc036c188f	C++: Fix missing and spurious types.	2023-02-14 09:01:42 +00:00

... 11 12 13 14 15 ...

9682 Commits