hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-08 07:01:36 +02:00
Code Issues Packages Projects Releases Wiki Activity
13,696 Commits 1,746 Branches 167 Tags
ea3560fe076c521b0511efda46139727b40ab296
Commit Graph

55 Commits

Author SHA1 Message Date
Geoffrey White
35487ff109 Merge branch 'master' into stringtest 2020-06-17 19:00:26 +01:00
Robert Marsh
1c9b6f0a48 Merge branch 'master' into ir-this-parameter-2 
Accept test changes - dataflow changes are all positive
 2020-06-16 11:28:49 -07:00
Geoffrey White
2f192f6a0c C++: Add a test of char* -> std::string -> char* taint. 2020-06-11 17:37:05 +01:00
Mathias Vorreiter Pedersen
a38839b446 C++: Include copy of IntWrapper class with two data members 2020-06-10 22:27:40 +02:00
Mathias Vorreiter Pedersen
ca20f17703 C++: Implement move constructor in terms of swap. I'm haven't found anything online on whether this is good or bad, and the only reason for not doing it might be performance. 2020-06-10 22:16:58 +02:00
Mathias Vorreiter Pedersen
88dabffd2b C++: Add tests that demonstrate flow through custom swap functions 2020-06-10 15:06:57 +02:00
Robert Marsh
0d2f8f3825 Merge branch 'master' into ir-this-parameter-2 2020-06-05 13:52:56 -07:00
Jonas Jensen
5f0d283212 Merge remote-tracking branch 'upstream/master' into dataflow-indirect-args 
The conflicts came from how `this` is now a parameter but not a
`Parameter` on `master`.

Conflicts:
	cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
	cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/defaulttainttracking.cpp
	cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/tainted.expected
	cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/test_diff.expected
	cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-ir-consistency.expected
	cpp/ql/test/library-tests/dataflow/fields/ir-flow.expected
	cpp/ql/test/library-tests/syntax-zoo/dataflow-ir-consistency.expected
 2020-06-02 15:35:02 +02:00
Robert Marsh
a897caec76 C++: outbound dataflow via this indirections 2020-05-28 15:30:41 -07:00
Geoffrey White
d96bf797ef C++: Test layout. 2020-05-26 18:06:06 +01:00
Jonas Jensen
3a89f43cd6 Merge remote-tracking branch 'upstream/master' into dataflow-indirect-args 
Conflicts:
	cpp/ql/src/semmle/code/cpp/ir/dataflow/DefaultTaintTracking.qll
	cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
	cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/defaulttainttracking.cpp
	cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/tainted.expected
	cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/test_diff.expected
	cpp/ql/test/library-tests/dataflow/dataflow-tests/test_ir.expected
 2020-05-11 14:44:17 +02:00
Robert Marsh
9e0d6e8aa0 C++: move taint step cases to TaintTrackingUtil 2020-04-22 01:38:00 -07:00
Mathias Vorreiter Pedersen
8c03423f3e C++: Accept test output 2020-04-17 12:03:16 +02:00
Jonas Jensen
0743c42807 Merge remote-tracking branch 'upstream/master' into dataflow-indirect-args 
Accepted test results that were in semantic merge conflict between
these branches. The changed results are due to a bug that that's part of
https://github.com/github/codeql-c-analysis-team/issues/35.
 2020-04-06 19:26:08 +02:00
Geoffrey White
d5accc70e1 C++: Add a test similar to issues/44. 2020-04-06 16:47:24 +01:00
Jonas Jensen
16c7a35b1c Merge pull request #3195 from geoffw0/taintstring 
C++: Model taint flow through std::string constructor and c_str()
 2020-04-03 12:05:07 +02:00
Geoffrey White
73171682b7 C++: Switch to taint flow as suggested in the old PR. 2020-04-02 19:49:41 +01:00
Geoffrey White
b14b52d0ac C++: Add models for std::string (as in old PR). 2020-04-02 19:49:41 +01:00
Geoffrey White
7a98919879 C++: Add a non-standard swap to taint tests. 2020-04-01 17:14:38 +01:00
Jonas Jensen
b622d62d3c C++: Wire up param/arg indirections in data flow 2020-03-25 15:23:43 +01:00
Robert Marsh
83d611de11 C++: don't conflate pointers in data flow 2020-01-30 16:18:24 -08:00
Robert Marsh
4617940eee Merge branch 'master' into connect-ir-dataflow-models 2020-01-30 08:49:42 -08:00
Geoffrey White
f02ffcbbd2 C++: Modify ParameterIndex to account for varargs. 2020-01-28 14:53:18 +00:00
Geoffrey White
d66f608d41 C++: Taint from FormattingFunction varargs. 2020-01-28 14:53:18 +00:00
Geoffrey White
30580e97dc C++: Add a TaintFunction model to FormattingFunction. 2020-01-28 08:46:46 +00:00
Robert Marsh
fd807d46d6 C++: IR dataflow through modeled functions 2020-01-27 16:38:07 -08:00
Dave Bartolomeo
3b3502060b Merge remote-tracking branch 'upstream/master' into dbartol/NoEscape 2020-01-27 13:29:18 -07:00
Dave Bartolomeo
40952f85a9 C++: Accept test diffs 2020-01-27 10:31:18 -07:00
Geoffrey White
4778914154 CPP: Repair flow. 2020-01-27 14:08:03 +00:00
Geoffrey White
d9f6895602 CPP: 'sometimes copying' is considered data flow. 2020-01-27 14:07:39 +00:00
Dave Bartolomeo
6988241b09 Merge from master 2020-01-26 16:38:48 -07:00
Geoffrey White
edf2b54813 CPP: Model strndup. 2020-01-23 13:46:57 +00:00
Geoffrey White
1867d58034 CPP: Allow flow to return value. 2020-01-22 16:25:40 +00:00
Geoffrey White
704bfe7184 CPP: Support taint flow from qualifiers. 2020-01-22 16:22:29 +00:00
Geoffrey White
e6daf3b7ee CPP: Support taint flow to qualifiers. 2020-01-22 16:16:31 +00:00
Geoffrey White
1a6f7febe7 CPP: Add tests of taint through qualifiers. 2020-01-22 16:11:13 +00:00
Jonas Jensen
66914e52c6 C++: accept test changes 2020-01-22 14:08:05 +01:00
Jonas Jensen
3632d51abc Merge pull request #2635 from geoffw0/modelstrdup 
CPP: Model strdup
 2020-01-17 19:26:26 +01:00
Geoffrey White
ef47563139 CPP: Support flow of pointed-to things through function calls. 2020-01-16 11:08:19 +00:00
Jonas Jensen
618bf2e29e C++: IR data flow through total chi operands 2019-12-27 11:44:41 +01:00
Jonas Jensen
5d7a0b8dd5 Merge remote-tracking branch 'upstream/master' into dataflow-ref-parameter 
I've accepted the new test output, which shows that this branch fixes
two false negatives in the test cases from #2088.
 2019-10-08 13:09:20 +02:00
Geoffrey White
050d99fa87 CPP: Add test cases. 2019-10-04 17:44:27 +01:00
Jonas Jensen
7c319efb8b C++: Data flow through reference parameters 2019-10-01 10:43:49 +02:00
Dave Bartolomeo
8a9528b1a8 C++: Accept test output after fixes for PointerAdd element sizes 2019-08-22 10:43:31 -07:00
Jonas Jensen
d38dbf0f63 C++: Workaround for lambda expression locations 
See CPP-427.
 2019-08-22 11:52:56 +02:00
Jonas Jensen
45eefdb218 C++: Field flow through ConstructorFieldInit 
This allows a member initializer list to be seen as a sequence of field
assignments. For example, the constructor

    C() : a(taint()) { }

now has data flow similar to

    C() { this.a = taint(); }
 2019-08-16 09:10:17 +02:00
Geoffrey White
1bd4aeebad CPP: Effects of #1715. 2019-08-15 14:05:09 +01:00
Geoffrey White
02e1edd640 CPP: Test taint through lambdas. 2019-08-15 14:00:45 +01:00
Jonas Jensen
38ec693ead C++: Improved ConstructorCall field flow 
This commit changes C++ `ConstructorCall` to behave like
`new`-expressions in Java: they are both `ExprNode`s and
`PostUpdateNodes`, and there's a "pre-update node" (here called
`PreConstructorCallNode`) to play the role of the qualifier argument
when calling a constructor.
 2019-08-13 11:05:13 +02:00
Jonas Jensen
6a3f5efc1b C++: Accept AST field flow test output 2019-08-08 14:05:03 +02:00