Skip to content

CPP: Use newer taint tracking in Overflowdest.ql #348

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

CPP: Use newer taint tracking in Overflowdest.ql #348

wants to merge 2 commits into from

Conversation

geoffw0
Copy link
Contributor

@geoffw0 geoffw0 commented Oct 23, 2018
edited
Loading

Switch Overflowdest.ql from security.TaintTracking to newer dataflow.TaintTracking as has been requested. See discussion in #329. This will cause some test failures and should not be merged until the latter taint library has been extended to handle cases such as:

char array[128];

taintSource(array);

// ...

taintSink(array);

(@rdmarsh2 estimates early November)

In addition we should probably run query differences of some sort on this query once the tests pass. And probably give it a change note.

@geoffw0 geoffw0 added the C++ label Oct 23, 2018
@jbj jbj added the WIP This is a work-in-progress, do not merge yet! label Oct 23, 2018
@jbj
Copy link
Contributor

jbj commented Oct 23, 2018

I've added the WIP label to make sure this isn't accidentally merged.

@geoffw0
Copy link
Contributor Author

geoffw0 commented Mar 25, 2019

@rdmarsh2 do we still have plans to implement the above described improvement to dataflow.TaintTracking? Or should we skip this and wait for IR-based taint tracking? Either way, without this feature I think we'll struggle to move away from the old security.TaintTracking.

@geoffw0 geoffw0 force-pushed the overflowdest-taint branch from 5db3a06 to aa080da Compare April 15, 2019 10:12
@geoffw0 geoffw0 requested a review from a team as a code owner April 15, 2019 10:12
@jbj
Copy link
Contributor

jbj commented Oct 3, 2019

Plans have changed: we'll switch all the security.TaintTracking users over to IR taint tracking at the same time via DefaultTaintTracking.qll.

@jbj jbj closed this Oct 3, 2019
@geoffw0
Copy link
Contributor Author

geoffw0 commented Oct 4, 2019

OK.

aibaars added a commit that referenced this pull request Oct 14, 2021
@aibaars
Merge pull request #348 from github/rc/3.3
6a18aa4 
Merge rc/3.3 into main
smowton pushed a commit to smowton/codeql that referenced this pull request Apr 16, 2022
@igfoo
Merge pull request github#348 from github/igfoo/cast
2894d50 
Kotlin: Add `.cast()` functions
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
C++ WIP This is a work-in-progress, do not merge yet!
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@geoffw0 @jbj