hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,189 Commits 1,672 Branches 157 Tags
ebd38eaf3bd0d5f4cb15bf4724fb2bb90ad1f8a6
Commit Graph

61 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
0f9b044814 C++: Model vector versions of BSD-style reads and writes. 2021-02-15 12:04:51 +01:00
Mathias Vorreiter Pedersen
91627cbd88 C++: Add models for BSD-style send and recv functions. 2021-02-11 17:21:32 +01:00
Cornelius Riemenschneider
239588b5e0 C++: Remove MISSING annotations for tests that are already correct. 2020-12-01 19:41:24 +01:00
Cornelius Riemenschneider
5b1ab86ac6 C++: Port DefaultTaintTracking tests to inline expectations test. 2020-12-01 19:00:45 +01:00
Dave Bartolomeo
42373417e2 Merge from main 2020-10-30 12:02:56 -04:00
Geoffrey White
0b35b34288 C++: Add pointer tests. 2020-10-27 09:47:10 +00:00
Dave Bartolomeo
3fce971f2d Fix taint propagation to qualifier objects and update test expectations 2020-10-23 17:48:37 -04:00
Dave Bartolomeo
86668058dc Avoid ODR violation in test code 2020-10-23 17:45:01 -04:00
Dave Bartolomeo
1e96404ee0 Revert bad changes to basic_string 2020-10-23 13:46:27 -04:00
Dave Bartolomeo
d0b93df4ec Merge from main 2020-10-19 15:17:19 -04:00
Ian Lynagh
9e518d2555 C++: Accept test change for p#n -> (unnamed parameter n) 2020-10-14 12:59:47 +01:00
Dave Bartolomeo
93f5ae4763 Clean up test formatting and accept new lines in results 2020-10-13 12:57:52 -04:00
Dave Bartolomeo
dfe69d8ada Update taint test to propagate through string constructor 2020-10-13 12:06:34 -04:00
Mathias Vorreiter Pedersen
62d42f20d9 C++: use(x) is no longer an array read. 2020-09-21 12:46:03 +02:00
Mathias Vorreiter Pedersen
ff09104089 Merge branch 'main' into mathiasvp/array-field-flow 2020-09-11 09:25:50 +02:00
Mathias Vorreiter Pedersen
e91d321d28 Merge pull request #4234 from geoffw0/stringstream 
C++: Tests and initial models for taint through std::stringstream / std::ostream.
 2020-09-09 15:31:46 +02:00
Geoffrey White
d8bb49b9a0 C++: We get a few additional results for DefaultTaintTracking as well. 2020-09-09 13:18:07 +01:00
Mathias Vorreiter Pedersen
41147d245d C++: Accept test changes 2020-09-08 14:35:22 +02:00
Mathias Vorreiter Pedersen
a4890ef99c C++: Add annotations describing whether the flow is an instance of field-to-object flow 2020-09-04 18:32:28 +02:00
Mathias Vorreiter Pedersen
3cbc4cf0b9 C++: Add field to object taint tests 2020-09-02 17:32:46 +02:00
Geoffrey White
40c20f2731 C++: Add the test for DefaultTaintTracking as well. 2020-06-11 17:37:05 +01:00
Jonas Jensen
5f0d283212 Merge remote-tracking branch 'upstream/master' into dataflow-indirect-args 
The conflicts came from how `this` is now a parameter but not a
`Parameter` on `master`.

Conflicts:
	cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
	cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/defaulttainttracking.cpp
	cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/tainted.expected
	cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/test_diff.expected
	cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-ir-consistency.expected
	cpp/ql/test/library-tests/dataflow/fields/ir-flow.expected
	cpp/ql/test/library-tests/syntax-zoo/dataflow-ir-consistency.expected
 2020-06-02 15:35:02 +02:00
Mathias Vorreiter Pedersen
617ef32464 C++: Remove [FALSE POSITIVE] annotations 2020-05-21 02:22:57 +02:00
Mathias Vorreiter Pedersen
3c167125e5 C++: Accept test output 2020-05-20 18:18:34 +02:00
Jonas Jensen
d38700a87c Merge remote-tracking branch 'upstream/master' into mergeback-2020-05-19 
Conflicts:
	cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/tainted.expected
	cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/test_diff.expected
 2020-05-19 17:44:15 +02:00
Jonas Jensen
5318d42c4f Merge remote-tracking branch 'upstream/rc/1.24' into mergeback-2020-05-19 2020-05-19 14:42:58 +02:00
Jonas Jensen
486f06ab18 C++: Simplify field conflation test 
It turned out the `memcpy` step was not even necessary.
 2020-05-19 14:12:11 +02:00
Jonas Jensen
76e194c8be C++: Fix struct field conflation in IR data flow 
The virtual-dispatch code for globals was missing any relationship
between the union field access and the global variable, which meant it
propagated function-pointer flow between any two fields of a global
struct. This resulted in false positives from
`cpp/tainted-format-string` on projects using SDL, such as
WohlSoft/PGE-Project.

In addition to fixing that bug, this commit also brings the code up to
date with the new style of modeling flow through global variables:
`DataFlow::Node.asVariable()`.
 2020-05-18 16:24:22 +02:00
Jonas Jensen
f2402c5abb C++: Test virtual dispatch field conflation 
This test demonstrates that IR data flow conflates unrelated fields of a
global struct-typed variable and that this bug is not present in the old
AST-based implementation of `semmle.code.cpp.security.TaintTracking`.
 2020-05-18 15:37:22 +02:00
Jonas Jensen
cc00f0f584 C++: Move identical declarations to shared.h file 
This cleans up the test results, which were confusing because functions
like `sink` had multiple locations.

There are some additional results now involving casts to `const char *`
because previously it varied whether `sink` used `const`, and now it
always does.
 2020-05-18 10:42:52 +02:00
Jonas Jensen
a380dc113f C++: Test field conflation with array in struct 2020-05-14 16:29:39 +02:00
Jonas Jensen
3cd377e299 C++: Fixup forgotten test annotation 
This should have been removed in 038bea2f52.
 2020-05-14 15:57:47 +02:00
Jonas Jensen
038bea2f52 C++: Add type check to prevent field conflation 2020-05-13 09:25:24 +02:00
Jonas Jensen
250e12a323 C++: Demonstrate new field conflation 2020-05-13 09:24:36 +02:00
Jonas Jensen
3a89f43cd6 Merge remote-tracking branch 'upstream/master' into dataflow-indirect-args 
Conflicts:
	cpp/ql/src/semmle/code/cpp/ir/dataflow/DefaultTaintTracking.qll
	cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
	cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/defaulttainttracking.cpp
	cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/tainted.expected
	cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/test_diff.expected
	cpp/ql/test/library-tests/dataflow/dataflow-tests/test_ir.expected
 2020-05-11 14:44:17 +02:00
Robert Marsh
c38ccaaab6 Merge branch 'master' into rdmarsh/cpp/ir-flow-through-outparams 2020-04-08 12:32:35 -07:00
Jonas Jensen
e37aab5002 C++: Suppress FieldAddressInstruction taint 
See code comment. This fixes false positives on openjdk/jdk.
 2020-04-06 16:14:26 +02:00
Jonas Jensen
3b76509159 C++: Test DefaultTaintTracking field conflation 2020-04-06 16:13:41 +02:00
Robert Marsh
d1d19a7446 Merge branch 'master' into rdmarsh/cpp/ir-flow-through-outparams 
Update test expectations
 2020-02-07 12:24:05 -08:00
Robert Marsh
692207472a Merge branch 'master' into rdmarsh/cpp/ir-flow-through-outparams 2020-02-06 11:42:30 -08:00
Jonas Jensen
a0e2d59c01 C++: Add tests for global-var support 2020-02-05 16:31:13 +01:00
Robert Marsh
677f0f090a Merge branch 'master' into rdmarsh/cpp/ir-flow-through-outparams 2020-02-03 13:06:35 -08:00
Robert Marsh
3bfcf0bf46 Merge branch 'master' into connect-ir-dataflow-models 2020-02-03 11:06:45 -08:00
Jonas Jensen
e2da98ae24 C++: Accept autoformat and test changes 2020-01-31 20:58:53 +01:00
Robert Marsh
83d611de11 C++: don't conflate pointers in data flow 2020-01-30 16:18:24 -08:00
Robert Marsh
71d87be773 C++: add flow through partial loads in DTT 2020-01-29 17:51:42 -08:00
Robert Marsh
37570c7750 Merge pull request #2676 from jbj/dataflow-partial-chi 
C++: data flow through partial chi operands where type is known
 2020-01-29 13:44:06 -05:00
Jonas Jensen
0436caecdc C++: Always use the old library for the diff test 
This change ensures that the diff test will show the difference between
the old and the new library even after we switch the default
implementation of `security.TaintTracking` to be the new one.
 2020-01-29 16:03:35 +01:00
Jonas Jensen
02cb8e9cc7 Merge remote-tracking branch 'upstream/master' into dataflow-partial-chi 
Conflicts:
	cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
	cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/tainted.expected
 2020-01-29 13:03:40 +01:00
Mathias Vorreiter Pedersen
c1091a03d0 C++: Accept output 2020-01-28 17:38:35 +01:00