hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-07 03:30:24 +01:00
Code Issues Packages Projects Releases Wiki Activity
58,784 Commits 1,676 Branches 157 Tags
df29f3974bbb522e830d8e9828aed51c543b60ee
Commit Graph

78 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
20f501d1c7 C++: Change queries to use 'asExpr' instead of 'asConvertedExpr'. 2023-09-01 15:01:32 +01:00
Mathias Vorreiter Pedersen
f662cceb0b C++: Use value numbering to better detect whether a write is certain. 2023-08-15 11:07:14 +01:00
Mathias Vorreiter Pedersen
fe97572f70 C++: Fix strncpy model. 2023-06-22 10:59:12 +01:00
Mathias Vorreiter Pedersen
273e5bc21f C++: Add testcase demonstrating that the model for 'strncpy' is broken. 2023-06-22 10:59:12 +01:00
Mathias Vorreiter Pedersen
57ae1e9ff7 C++: Add a testcase that started to fail in #13326. 2023-06-08 12:49:08 +01:00
Robert Marsh
ad8e82ac65 C++: allow read steps at the sink in IR taint test 2023-02-03 11:38:49 -05:00
Mathias Vorreiter Pedersen
b12955e220 C++: Fix flow out of const member functions. 2022-11-16 22:46:21 +00:00
Jeroen Ketema
d8e96ef12a Merge remote-tracking branch 'upstream/main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2022-11-10 12:09:43 +01:00
Jeroen Ketema
bd301768ea C++: Re-introduce the ast annotations in the taint tests 2022-11-09 14:30:56 +01:00
Jeroen Ketema
74f9b322a8 Merge branch 'main' into update-from-main 2022-11-08 17:01:02 +01:00
Jeroen Ketema
c61a9c5911 C++: Also taint the return value dereference in the strcat model 2022-11-08 12:08:44 +01:00
Mathias Vorreiter Pedersen
373c849b18 C++: Accept library-test changes 2022-10-14 10:14:52 +02:00
Robert Marsh
d28c39cd73 C++: update test expectations 2022-06-20 15:56:00 -04:00
Robert Marsh
048e5d8474 C++: IR data flow through global variables 2022-06-20 15:15:45 -04:00
Mathias Vorreiter Pedersen
21167f4b67 C++: Accept test changes. 2021-11-22 13:04:23 +00:00
Mathias Vorreiter Pedersen
dbcd4d6d5d C++: Remove 'ReferenceToInstruction' from the list of instructions we interpret as a load. This makes use lose a bunch of flow, and we'll restore this flow in the next commit. 2021-11-11 10:38:52 +00:00
Mathias Vorreiter Pedersen
2cd23e5ee0 Accept test changes. 2021-10-28 12:36:36 +01:00
Mathias Vorreiter Pedersen
3efe60fdd2 C++: Accept test changes. 2021-10-28 12:35:01 +01:00
Mathias Vorreiter Pedersen
0679142607 C++: Accept test changes. 2021-10-01 18:27:55 +02:00
Anders Fugmann
0b98b39f91 C++: Test dataflow tests for strdupa and strndupa functions 2021-08-18 15:22:14 +02:00
Mathias Vorreiter Pedersen
19d08d7b40 Merge branch 'main' into rdmarsh/cpp/use-taint-configuration-dtt 2021-03-09 12:35:44 +01:00
Mathias Vorreiter Pedersen
bd842403c8 C++: Add testcase 2021-03-05 08:06:22 +01:00
Mathias Vorreiter Pedersen
eb4f1e1ba0 C++: Restore some of the lost test results by doing operand -> instruction taint steps in IR TaintTracking. 2021-03-02 15:45:40 +01:00
Mathias Vorreiter Pedersen
ffc6af73b7 C++: Accept test changes. 2021-03-02 11:00:43 +01:00
Mathias Vorreiter Pedersen
908f24d23f C++: Fix missing AST flow. 2021-02-17 14:33:58 +01:00
Mathias Vorreiter Pedersen
1b148c4c90 C++: Add reduced testcase demonstrating the problem in codeql-c-analysis-team/issues/231. 2021-02-17 11:20:00 +01:00
Mathias Vorreiter Pedersen
ff58d5a7c0 C++: Address review comments. 2021-02-02 17:06:38 +01:00
Mathias Vorreiter Pedersen
9e75a4be34 C++: Implement a model for _strnextc and its variants. 2021-02-02 16:42:39 +01:00
Mathias Vorreiter Pedersen
b54f74a68a C++: Implement model for _strinc and related functions. 2021-02-02 12:20:02 +01:00
Mathias Vorreiter Pedersen
6e71c68f33 C++: Add strsep model implementation. 2021-02-02 10:29:23 +01:00
Mathias Vorreiter Pedersen
6c3f44bba8 C++: Add more memcpy, memset, strcat and strcpy models. Also refine which strcpy functions can live in the std namespace. 2021-02-01 08:44:10 +01:00
Mathias Vorreiter Pedersen
23eb4d2009 C++: Fix isParameterDeref typo. 2021-01-28 18:29:30 +01:00
Mathias Vorreiter Pedersen
7affbfc6cb C++: Add tests. 2021-01-28 10:57:39 +01:00
Cornelius Riemenschneider
feb05542d2 C++: Refactor common implementation of data/taint flow tests. 2020-12-02 15:42:52 +01:00
Cornelius Riemenschneider
b632ca40b4 C++: Port dataflow/taint-tests to inline expectations test. 2020-11-30 17:32:54 +01:00
Dave Bartolomeo
7a2c59c194 Merge from main 2020-10-28 15:35:46 -04:00
Geoffrey White
227bf91626 C++: Correct test annotation. 2020-10-22 09:45:09 +01:00
Dave Bartolomeo
3767a52e9a Fix ODR violations in test code 2020-10-15 17:54:48 -04:00
Mathias Vorreiter Pedersen
7b456d6162 Merge branch 'main' into mathiasvp/array-field-flow 2020-09-16 10:45:31 +02:00
Jonas Jensen
bdce24735c C++: Add flow through arrays 
This works by adding data-flow edges to skip over array expressions when
reading from arrays. On the post-update side, there was already code to
skip over array expressions when storing to arrays. That happens in
`valueToUpdate` in `AddressFlow.qll`, which needed just a small tweak to
support assignments with non-field expressions at the top-level LHS,
like `*a = ...` or `a[0] = ...`.

The new code in `AddressFlow.qll` is copy-pasted from `EscapesTree.qll`,
and there is already a note in these files saying that they share a lot
of code and must be maintained in sync.
 2020-09-15 14:46:11 +02:00
Mathias Vorreiter Pedersen
0c14e2b69a C++: Fix annotations in taint.cpp 2020-09-14 23:08:50 +02:00
Mathias Vorreiter Pedersen
7cd6137b34 Merge branch 'main' into mathiasvp/array-field-flow 2020-09-14 20:45:06 +02:00
Mathias Vorreiter Pedersen
41147d245d C++: Accept test changes 2020-09-08 14:35:22 +02:00
Mathias Vorreiter Pedersen
3cca74e654 C++: Accept test changes 2020-09-01 10:54:46 +02:00
Mathias Vorreiter Pedersen
e4807c0181 C++: Accept test changes 2020-08-26 15:51:09 +02:00
Robert Marsh
1c9b6f0a48 Merge branch 'master' into ir-this-parameter-2 
Accept test changes - dataflow changes are all positive
 2020-06-16 11:28:49 -07:00
Mathias Vorreiter Pedersen
a38839b446 C++: Include copy of IntWrapper class with two data members 2020-06-10 22:27:40 +02:00
Mathias Vorreiter Pedersen
ca20f17703 C++: Implement move constructor in terms of swap. I'm haven't found anything online on whether this is good or bad, and the only reason for not doing it might be performance. 2020-06-10 22:16:58 +02:00
Mathias Vorreiter Pedersen
1a95095505 C++: Add default move constructor. Also removed debug comment I forgot to remove earlier. Luckily, that meant that no line numbers changed in .expected files. 2020-06-10 17:13:04 +02:00
Mathias Vorreiter Pedersen
5abab25c28 Update cpp/ql/test/library-tests/dataflow/taint-tests/taint.cpp 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2020-06-10 16:51:21 +02:00