hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
60,712 Commits 1,672 Branches 157 Tags
c85d99d94942e6105b51a3675c9140277b0ac547
Commit Graph

10452 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
18c0bcec0b Merge pull request #14669 from MathiasVP/no-dtt-in-unbounded-write 
C++: Rewrite `cpp/unbounded-write` away from `DefaultTaintTracking`
 2023-11-10 15:08:42 +00:00
Mathias Vorreiter Pedersen
2ceb4cffbc Merge pull request #14736 from MathiasVP/fix-global-indirect-flow 
C++: Fix indirect global-variable flow
 2023-11-10 14:25:23 +00:00
Jeroen Ketema
c71bdce2d0 Merge pull request #14744 from jketema/fgets 
C++: Fix `hasRemoteFlowSource` for `fgets`
 2023-11-10 14:03:40 +01:00
Mathias Vorreiter Pedersen
4f6b6b4a6f Merge branch 'main' into no-dtt-in-unbounded-write 2023-11-10 12:57:42 +00:00
Jeroen Ketema
ba51b65d84 C++: Fix hasRemoteFlowSource for fgets 
Also add the test that exposed this. Note that the test would only have started
failing after `cpp/uncontrolled-process-operation` with the rewrite of the
query away from default taint tracking, which has not happened yet.
 2023-11-10 11:56:23 +01:00
Mathias Vorreiter Pedersen
b858a284c9 Merge pull request #14726 from microsoft/28-strsafe-library-updates2 2023-11-09 21:39:10 +00:00
Mathias Vorreiter Pedersen
39b9d2ea83 C++: Accept test changes. 2023-11-09 20:28:55 +00:00
Mathias Vorreiter Pedersen
eb1024c79b C++: Improve (and simplify) 'toString's. 2023-11-09 20:27:23 +00:00
Mathias Vorreiter Pedersen
86e791980c C++: Simplify 'isGlobalUse' and 'isGlobalDefImpl'. 2023-11-09 20:27:23 +00:00
Mathias Vorreiter Pedersen
9762313500 C++: Implement jumpStep using the indirection instead of index. 2023-11-09 20:27:23 +00:00
Mathias Vorreiter Pedersen
95bb70f577 C++: Also add a 'getIndirection' on 'GlobalDef' as well. This will be useful in the next commit. 2023-11-09 20:25:29 +00:00
Benjamin Rodes
5e140021fb Removed non-ascii characters. 2023-11-09 15:24:58 -05:00
Mathias Vorreiter Pedersen
fd26ae18bf C++: Obtain the SSA variable of a 'GlobalUse' using the indirection instead of the index (like we do for non-global uses as well). 2023-11-09 20:20:27 +00:00
Mathias Vorreiter Pedersen
bb5a78d3f1 C++: Factor the IPA body of 'TGlobalUse' and 'TGlobalDef' out into predicates. 2023-11-09 20:17:47 +00:00
Benjamin Rodes
8674139de6 Change log file name change 2023-11-09 13:24:14 -05:00
Mathias Vorreiter Pedersen
0963af2ee7 C++: Add failing tests. 2023-11-09 18:01:22 +00:00
Mathias Vorreiter Pedersen
7048190929 Update cpp/ql/src/Security/CWE/CWE-120/UnboundedWrite.ql 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2023-11-09 12:39:10 +00:00
Anders Schack-Mulligen
abe0bb70ac C++: Fix operand ssa variables for range analysis. 2023-11-09 12:26:53 +01:00
Ben Rodes
79dcb4b48c Update cpp/ql/lib/change-notes/2023-11-8-strsafe-models.md 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2023-11-08 12:37:55 -05:00
Benjamin Rodes
bdae2af0e2 Adding missing strsafe sprintf variants. 2023-11-08 12:20:53 -05:00
Benjamin Rodes
c3ff181198 Adding change log 2023-11-08 12:20:04 -05:00
Mathias Vorreiter Pedersen
38bd893c81 Merge branch 'main' into no-dtt-in-unbounded-write 2023-11-08 15:06:59 +00:00
Mathias Vorreiter Pedersen
e90803a81c C++: Rewrite 'cpp/unbounded-write' away from DefaultTaintTracking. 2023-11-08 14:57:04 +00:00
Anders Schack-Mulligen
1f4cd74a1c Java/C++: Move SsaReadPosition to shared qlpack. 2023-11-08 12:11:17 +01:00
Mathias Vorreiter Pedersen
ab64d9a9d6 Merge pull request #14713 from MathiasVP/no-gvn-as-ssa-in-range-analysis 
C++: Don't use GVN as SSAVariable in new range analysis
 2023-11-08 09:28:15 +00:00
Anders Schack-Mulligen
45ae4ed362 Merge pull request #14711 from aschackmull/shared/rangeutil-share2 
Java/C++/RangeAnalysis: Move a couple of utility predicates to shared qlpack
 2023-11-08 08:33:12 +01:00
Mathias Vorreiter Pedersen
a8eed6bd7e Merge pull request #14704 from MathiasVP/fix-uninitialized-local 
C++: IR'ify `cpp/uninitialized-local` and fix FPs
 2023-11-07 22:45:34 +00:00
Mathias Vorreiter Pedersen
69502d0c31 C++: Add some more tests. 2023-11-07 17:31:01 +00:00
Mathias Vorreiter Pedersen
1c8f474848 C++: Add comment as suggested in the PR review for #14708. 2023-11-07 15:16:38 +00:00
Mathias Vorreiter Pedersen
2787f0a0fc Merge pull request #14708 from MathiasVP/add-testcase-for-range-analysis 
C++: Add range analysis testcase
 2023-11-07 15:15:45 +00:00
Mathias Vorreiter Pedersen
2d43eec3c3 C++: Accept test changes. 2023-11-07 14:57:30 +00:00
Mathias Vorreiter Pedersen
91b29eee53 C++: Don't use GVN as an SSAVariable in range analysis. 2023-11-07 14:52:50 +00:00
Mathias Vorreiter Pedersen
a04830b8b2 Merge pull request #14697 from MathiasVP/range-analysis-simplify-conversions 
C++: Simplify the definition of `SemExpr` for range analysis
 2023-11-07 14:52:09 +00:00
Anders Schack-Mulligen
12cba7909b Java/C++: Move range util guard-controls predicates to shared pack. 2023-11-07 15:14:34 +01:00
Anders Schack-Mulligen
f2ca52d951 Java/C++: Move range util backEdge predicate to shared pack. 2023-11-07 15:14:34 +01:00
Mathias Vorreiter Pedersen
9dca6697fb C++: Add a testcase that fails to terminate in modulus analysis when we don't have IR operands as SSA variables. 2023-11-07 11:52:35 +00:00
Mathias Vorreiter Pedersen
6669cf805f C++: Add change note. 2023-11-07 09:32:07 +00:00
Mathias Vorreiter Pedersen
0fd4d4a114 C++: Add QLDoc. 2023-11-07 09:29:34 +00:00
Mathias Vorreiter Pedersen
022c9eb3cd C++: Add a barrier feature to 'MustFlow'. 2023-11-07 09:23:42 +00:00
Mathias Vorreiter Pedersen
6bf2d47321 C++: Allow source = sink in 'MustFlow'. 2023-11-07 09:23:42 +00:00
Mathias Vorreiter Pedersen
1dc08941f8 C++: Use 'MustFlow' in 'cpp/uninitialized-local'. 2023-11-07 09:23:41 +00:00
Mathias Vorreiter Pedersen
a17cd9bc1c Merge pull request #14667 from MathiasVP/more-function-input-and-output-ipa-numbers 
C++: Allocate more `FunctionInput` and `FunctionOutput`s
 2023-11-07 08:57:31 +00:00
Mathias Vorreiter Pedersen
4455ed982d C++: Accept query test changes. 2023-11-06 17:33:46 +00:00
Mathias Vorreiter Pedersen
d38fa13299 C++: Remove more uses of 'getConverted' and 'getUnconverted'. 2023-11-06 16:11:55 +00:00
Mathias Vorreiter Pedersen
e91987b1a9 C++: Accept test changes. 2023-11-06 16:02:06 +00:00
Mathias Vorreiter Pedersen
d544f47746 C++: Simplify the definition of 'SemExpr' by instead making non-overflowing conversions copy value expressions. 2023-11-06 16:01:59 +00:00
Mathias Vorreiter Pedersen
31c2a3be98 C++: Don't redefine the meaning of the single-parameter 'isParameterDeref' and accept test changes. 2023-11-06 15:52:58 +00:00
Mathias Vorreiter Pedersen
ff30308a2b C++: Only the first indirection of the argument should be the remote flow sink. 2023-11-06 13:57:14 +00:00
Mathias Vorreiter Pedersen
cd2eec0aa0 C++: Also override the single-parameter 'isParameterDeref' in 'InParameterDeref'. 2023-11-06 13:23:31 +00:00
Anders Schack-Mulligen
132cc03e3b Merge pull request #14664 from aschackmull/shared/modulus-step 
RangeAnalysis: Improve bounds that rely on relative modulus.
 2023-11-03 08:16:48 +01:00