hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 11:46:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
9,783 Commits 1,672 Branches 157 Tags
d66f608d41530f8ef4884d9f44cbe151628ebdc0
Commit Graph

2987 Commits

Author SHA1 Message Date
Geoffrey White
d66f608d41 C++: Taint from FormattingFunction varargs. 2020-01-28 14:53:18 +00:00
Geoffrey White
8b215c155e C++: Correct a few test comments. 2020-01-28 14:51:46 +00:00
Geoffrey White
b1f66ae825 C++: Fix warnings. 2020-01-28 14:51:46 +00:00
Geoffrey White
01dc3661b7 C++: Autoformat. 2020-01-28 12:17:56 +00:00
Geoffrey White
30580e97dc C++: Add a TaintFunction model to FormattingFunction. 2020-01-28 08:46:46 +00:00
Geoffrey White
1d46971bb7 C++: Add an ArrayFunction model to FormattingFunction. 2020-01-28 08:46:46 +00:00
Geoffrey White
06f5720cd5 C++: Add taint tests of formatting functions. 2020-01-28 08:46:46 +00:00
Robert Marsh
a9bcc1dcc6 Merge pull request #2667 from dbartol/dbartol/NoEscape 
C++/C#: Make escape analysis unsound by default
 2020-01-27 19:17:33 -05:00
Robert Marsh
c7975e83a7 Merge pull request #2657 from jbj/DefaultTaintTracking-models 
C++: wire up models library to DefaultTaintTracking
 2020-01-27 17:41:54 -05:00
Dave Bartolomeo
7df3cf4c23 C++: Accept more test output after merge 2020-01-27 13:48:43 -07:00
Dave Bartolomeo
3b3502060b Merge remote-tracking branch 'upstream/master' into dbartol/NoEscape 2020-01-27 13:29:18 -07:00
Robert Marsh
79a72a3496 Merge pull request #2680 from geoffw0/modelstrndup 
CPP: Model strndup.
 2020-01-27 15:19:52 -05:00
Dave Bartolomeo
40952f85a9 C++: Accept test diffs 2020-01-27 10:31:18 -07:00
Robert Marsh
4d743d2bce Merge pull request #2692 from jbj/pure-string-read 
C++: Model that string functions read their buffer
 2020-01-27 11:40:03 -05:00
Geoffrey White
4778914154 CPP: Repair flow. 2020-01-27 14:08:03 +00:00
Geoffrey White
d9f6895602 CPP: 'sometimes copying' is considered data flow. 2020-01-27 14:07:39 +00:00
Jonas Jensen
0e3ed2dfa6 C++: Remove test for unrelated issue 
The issue for that test is being tested and fixed on PR #2686. Adding a
test here will cause a semantic merge conflict.
 2020-01-27 14:25:28 +01:00
Geoffrey White
2c7e2c4506 CPP: Not in std namespace. 2020-01-27 10:20:56 +00:00
Dave Bartolomeo
6988241b09 Merge from master 2020-01-26 16:38:48 -07:00
Dave Bartolomeo
708e83546f C++: Remove acceidentally added tests 2020-01-26 16:20:27 -07:00
Jonas Jensen
fb6ad5274f C++: Accept test changes 2020-01-24 22:28:20 +01:00
Robert Marsh
0180672dc0 Merge pull request #2687 from jbj/DefaultTaintTracking-asExpr 
C++: Use asExpr, not getConvertedResultExpression
 2020-01-24 15:42:58 -05:00
Mathias Vorreiter Pedersen
d26cf12c3a Merge pull request #2688 from geoffw0/move-taint-test 
C++: Add the security taint test (previously internal).
 2020-01-24 15:58:20 +01:00
Jonas Jensen
b290c7b47a C++: Model that string functions read their buffer 2020-01-24 15:53:38 +01:00
Geoffrey White
af903fc30c C++: Add the security taint test (previously internal). 2020-01-24 11:28:51 +00:00
Jonas Jensen
ee0648bb57 Merge pull request #2684 from geoffw0/rearrange-tests 
CPP: Test cleanup
 2020-01-24 11:57:58 +01:00
Jonas Jensen
6606b2e18a C++: autoformat fixup 2020-01-24 10:48:03 +01:00
Geoffrey White
912260b3aa C++: Autoformat tests. 2020-01-24 09:43:58 +00:00
Jonas Jensen
5eeb5c6e67 C++: Use asExpr, not getConvertedResultExpression 
We designed the IR's `DataFlow::Node.asExpr` very carefully so that it's
suitable for taint tracking, but then we didn't use it in
`DefaultTaintTracking.qll`. This meant that the sources in
`ArithmeticWithExtremeValues.ql` didn't get associated with any
`Instruction` and thus didn't propagate anywhere.

With this commit, the mapping of `Expr`-based sources to IR data-flow
nodes uses `asExpr`.
 2020-01-24 09:42:26 +01:00
yo-h
eb6f8da080 Merge pull request #2679 from aschackmull/java/remove-depr-flow-fwd-back 
Java/C++/C#: Remove the deprecated hasFlowForward/hasFlowBackward.
 2020-01-23 14:10:28 -05:00
Geoffrey White
795afa8160 CPP: Better location for the StackVariableReachability test. 2020-01-23 17:32:07 +00:00
Geoffrey White
b693ef51e2 C++: Put a little bit of content in the StackVariableReachability test. 2020-01-23 17:25:26 +00:00
Geoffrey White
f16870f8c6 CPP: Autoformat. 2020-01-23 16:20:18 +00:00
Jonas Jensen
33070cc16d Merge pull request #2678 from MathiasVP/union-access-global-virtual-dispatch 
C++: IR virtual dispatch through union field access
 2020-01-23 15:32:31 +01:00
Geoffrey White
edf2b54813 CPP: Model strndup. 2020-01-23 13:46:57 +00:00
Anders Schack-Mulligen
e7f7c7370a Java/C++/C#: Remove the deprecated hasFlowForward/hasFlowBackward. 2020-01-23 14:05:18 +01:00
Mathias Vorreiter Pedersen
5fd1c6fedb C++: Remove parameter from predicate for some tiny performance benefits 2020-01-23 13:29:48 +01:00
Jonas Jensen
8a0089a875 Merge pull request #2672 from geoffw0/qualifierflow 
CPP: Support taint flow in and out of qualifiers
 2020-01-23 13:17:17 +01:00
Geoffrey White
166be063a9 C++: Rename test of the now un-deprecated StackVariableReachability. 2020-01-23 11:06:24 +00:00
Geoffrey White
0c4eabca98 C++: Merge two tests of UnusedStaticFunctions from the library-tests into the existing test in query-test. 2020-01-23 11:05:47 +00:00
Geoffrey White
f40a37cae2 C++: Move a test from library-tests to query-tests. 2020-01-23 11:05:47 +00:00
Geoffrey White
fcdb20d1fc C++: Move the SuspiciousCallToStrncat test to the expected location. 2020-01-23 11:05:46 +00:00
Geoffrey White
f4f0f6d93e C++: Merge the StrncpyFlippedArgs tests. 2020-01-23 11:05:46 +00:00
Geoffrey White
3aa66f5aca C++: Merge the OverflowStatic tests. 2020-01-23 11:05:46 +00:00
Geoffrey White
ccf268d048 CPP: Autoformat. 2020-01-23 10:07:21 +00:00
Mathias Vorreiter Pedersen
77531294bf C++: Accepted output on tests 2020-01-23 10:20:10 +01:00
Mathias Vorreiter Pedersen
9412ec7f4f C++: Added union field flow for globals 2020-01-23 10:17:36 +01:00
Mathias Vorreiter Pedersen
256ae2fda6 C++: Add test demonstrating a flow not detected 2020-01-23 10:16:24 +01:00
Jonas Jensen
ceeb9ab718 Merge pull request #2622 from MathiasVP/implicit-function-declaration 
C++: Add 'implicit function declaration' query
 2020-01-23 09:23:44 +01:00
Geoffrey White
1867d58034 CPP: Allow flow to return value. 2020-01-22 16:25:40 +00:00