1469 Commits

Author	SHA1	Message	Date
Jeroen Ketema	c71bdce2d0	Merge pull request #14744 from jketema/fgets ... C++: Fix `hasRemoteFlowSource` for `fgets`	2023-11-10 14:03:40 +01:00
Jeroen Ketema	ba51b65d84	C++: Fix hasRemoteFlowSource for fgets ... Also add the test that exposed this. Note that the test would only have started failing after `cpp/uncontrolled-process-operation` with the rewrite of the query away from default taint tracking, which has not happened yet.	2023-11-10 11:56:23 +01:00
Mathias Vorreiter Pedersen	b858a284c9	Merge pull request #14726 from microsoft/28-strsafe-library-updates2	2023-11-09 21:39:10 +00:00
Benjamin Rodes	5e140021fb	Removed non-ascii characters.	2023-11-09 15:24:58 -05:00
Anders Schack-Mulligen	abe0bb70ac	C++: Fix operand ssa variables for range analysis.	2023-11-09 12:26:53 +01:00
Benjamin Rodes	bdae2af0e2	Adding missing strsafe sprintf variants.	2023-11-08 12:20:53 -05:00
Anders Schack-Mulligen	1f4cd74a1c	Java/C++: Move SsaReadPosition to shared qlpack.	2023-11-08 12:11:17 +01:00
Mathias Vorreiter Pedersen	ab64d9a9d6	Merge pull request #14713 from MathiasVP/no-gvn-as-ssa-in-range-analysis ... C++: Don't use GVN as SSAVariable in new range analysis	2023-11-08 09:28:15 +00:00
Anders Schack-Mulligen	45ae4ed362	Merge pull request #14711 from aschackmull/shared/rangeutil-share2 ... Java/C++/RangeAnalysis: Move a couple of utility predicates to shared qlpack	2023-11-08 08:33:12 +01:00
Mathias Vorreiter Pedersen	a8eed6bd7e	Merge pull request #14704 from MathiasVP/fix-uninitialized-local ... C++: IR'ify `cpp/uninitialized-local` and fix FPs	2023-11-07 22:45:34 +00:00
Mathias Vorreiter Pedersen	91b29eee53	C++: Don't use GVN as an SSAVariable in range analysis.	2023-11-07 14:52:50 +00:00
Mathias Vorreiter Pedersen	a04830b8b2	Merge pull request #14697 from MathiasVP/range-analysis-simplify-conversions ... C++: Simplify the definition of `SemExpr` for range analysis	2023-11-07 14:52:09 +00:00
Anders Schack-Mulligen	12cba7909b	Java/C++: Move range util guard-controls predicates to shared pack.	2023-11-07 15:14:34 +01:00
Anders Schack-Mulligen	f2ca52d951	Java/C++: Move range util backEdge predicate to shared pack.	2023-11-07 15:14:34 +01:00
Mathias Vorreiter Pedersen	0fd4d4a114	C++: Add QLDoc.	2023-11-07 09:29:34 +00:00
Mathias Vorreiter Pedersen	022c9eb3cd	C++: Add a barrier feature to 'MustFlow'.	2023-11-07 09:23:42 +00:00
Mathias Vorreiter Pedersen	6bf2d47321	C++: Allow source = sink in 'MustFlow'.	2023-11-07 09:23:42 +00:00
Mathias Vorreiter Pedersen	a17cd9bc1c	Merge pull request #14667 from MathiasVP/more-function-input-and-output-ipa-numbers ... C++: Allocate more `FunctionInput` and `FunctionOutput`s	2023-11-07 08:57:31 +00:00
Mathias Vorreiter Pedersen	d38fa13299	C++: Remove more uses of 'getConverted' and 'getUnconverted'.	2023-11-06 16:11:55 +00:00
Mathias Vorreiter Pedersen	d544f47746	C++: Simplify the definition of 'SemExpr' by instead making non-overflowing conversions copy value expressions.	2023-11-06 16:01:59 +00:00
Mathias Vorreiter Pedersen	31c2a3be98	C++: Don't redefine the meaning of the single-parameter 'isParameterDeref' and accept test changes.	2023-11-06 15:52:58 +00:00
Mathias Vorreiter Pedersen	ff30308a2b	C++: Only the first indirection of the argument should be the remote flow sink.	2023-11-06 13:57:14 +00:00
Mathias Vorreiter Pedersen	cd2eec0aa0	C++: Also override the single-parameter 'isParameterDeref' in 'InParameterDeref'.	2023-11-06 13:23:31 +00:00
Mathias Vorreiter Pedersen	679d64f0e8	Merge pull request #14647 from microsoft/24-odbc-model-instantiation-upstream2 ... C++: Adding a model implementation for ODBC.	2023-11-02 19:42:27 +00:00
Benjamin Rodes	30a512c96b	Formatting	2023-11-02 15:01:15 -04:00
Benjamin Rodes	f404d7a5f8	Changes to address pr comments.	2023-11-02 13:11:23 -04:00
Mathias Vorreiter Pedersen	392b2af923	C++: Only the second indirection of the argument should be the remote flow source.	2023-11-02 16:51:24 +00:00
Mathias Vorreiter Pedersen	b82dfa9a21	C++: Fix failing test by allocating 'TFunctionInput's and 'TFunctionOutput's for more indirections. Note that we now mark two output nodes coming out of 'getaddrinfo' as a remote flow source (the first indirection and the second indirection). We'll fix that in the next commit.	2023-11-02 16:45:50 +00:00
Anders Schack-Mulligen	8e9aa5b560	C++: Switch to shared modulus analysis.	2023-11-01 15:59:24 +01:00
Anders Schack-Mulligen	a7f3ef1a6c	Rangeanalysis: Parameterise shared modulus analysis.	2023-11-01 15:59:24 +01:00
Anders Schack-Mulligen	8e2b17cd86	Rangeanalysis: Copy C++ ModulusAnalysis file verbatim.	2023-11-01 15:59:24 +01:00
Anders Schack-Mulligen	6d859daf3d	Merge pull request #14656 from aschackmull/shared/range-utils ... Rangeanalysis: Share ssaRead predicate	2023-11-01 15:57:52 +01:00
Mathias Vorreiter Pedersen	b54b5ae0a9	Merge pull request #14648 from MathiasVP/simplify-invalid-ptr-deref ... C++: Remove one use of range analysis in `cpp/invalid-pointer-deref`	2023-11-01 14:42:20 +00:00
Anders Schack-Mulligen	048a7c4e42	Rangeanalysis: Rename SsaBound.getAVariable to getVariable.	2023-11-01 11:58:06 +01:00
Anders Schack-Mulligen	48291dd32d	Rangeanalysis: Remove superfluous ignoreZeroLowerBound.	2023-11-01 11:51:46 +01:00
Mathias Vorreiter Pedersen	b79a5fee14	Merge pull request #14637 from MathiasVP/dataflow-for-realloc ... C++: Add a taint model for `realloc`	2023-10-31 18:24:04 +01:00
Benjamin Rodes	18c8d90a1a	Adding a model implementation for ODBC. ... (cherry picked from commit 04147f8d91cdf018ec03cbfdb953253e23687944)	2023-10-31 08:52:05 -07:00
Anders Schack-Mulligen	34b9791e46	Rangeanalysis: Remove superfluous ignoreSsaReadCopy.	2023-10-31 15:32:25 +01:00
Anders Schack-Mulligen	322e6c91be	Rangeanalysis: Remove superfluous specificSsaRead.	2023-10-31 15:30:36 +01:00
Anders Schack-Mulligen	8b6c940e76	Rangeanalysis: Remove superfluous ignoreSsaReadAssignment.	2023-10-31 15:28:37 +01:00
Anders Schack-Mulligen	6d6f89e71e	Rangeanalysis: Remove superfluous ignoreSsaReadArithmeticExpr.	2023-10-31 15:25:28 +01:00
Anders Schack-Mulligen	a39a94ca8e	Rangeanalysis: Switch to shared ssaRead predicate.	2023-10-31 15:23:05 +01:00
Anders Schack-Mulligen	19644a8f07	Rangeanalysis: Implement shared ssaRead predicate	2023-10-31 15:07:11 +01:00
Mathias Vorreiter Pedersen	4a1bf95a87	C++: Expose a public memset model and use it in the exposure queries.	2023-10-31 11:17:51 +00:00
Mathias Vorreiter Pedersen	08b528b5c4	C++: Add a taint-model for 'realloc' and accept test changes.	2023-10-30 17:08:01 +00:00
Mathias Vorreiter Pedersen	375f0ea8b6	C++: Update documentation.	2023-10-30 15:57:30 +00:00
Mathias Vorreiter Pedersen	1e699ec0e5	C++: Simplify 'InvalidPointerToDereference.qll' now that the difference between 'derefSource' and 'pai' is always 0.	2023-10-30 15:53:48 +00:00
Mathias Vorreiter Pedersen	c8edf3151b	C++: Remove the use of range analysis in 'invalidPointerToDerefSource'.	2023-10-30 15:47:47 +00:00
Mathias Vorreiter Pedersen	535d1e2565	C++: Define indirect instructions (and operands) using a 'Node0Impl' column instead of an instruction (or operand).	2023-10-30 11:54:24 +00:00
Mathias Vorreiter Pedersen	33494fe9e1	C++: Extend the taint model and accept test changes.	2023-10-27 16:26:37 +01:00