I have setup a project to test the capability of CodeQL,to test taint tracking ablitity #11752
Comments
hatface
changed the title
|
Hi @hatface. Thanks for your question. As we have been discussing on #11734, CodeQL might not give you back all the paths. When I modify your the relevant path shows up for me. You really want to disentangle your test cases. So instead of having a single |
|
@jketema thx a lot, but I followed your advice, the test case 5 still fail, my project, my QL, my test result updated |
|
Are you sure the path is actually missing? With the latest version of your project I'm seeing the following, which I your 5th test case. |
|
emm, it seems that we encounter a problem,would you pls use the lastest version of my program,and query with the lastest ql。all resource in here https://github.com/hatface/codeql_cap_evalution。 ps:codeql-repo and codeql-binary-cli is the lastest |
|
My result above is with the latest versions. |
|
Which operating system are you on and which compiler do you use? |
|
compile on ubuntu run result on windows |
I haven't checked on Windows, but I see your issue on Linux. This issue is a combination of the dataflow library you're using and the way shared pointers are implemented by gcc. The solution is to switch to our IR-based dataflow library. To do so, replace import semmle.code.cpp.dataflow.TaintTrackingby import semmle.code.cpp.ir.dataflow.TaintTracking |
|
can you share the testcases,which is used by codeQL team? |
I'm not sure what you mean. I just tested with the project you shared. |
|
I mean share CodeQL team's testcases,which your team use to test the ability of CodeQL,or benchmark code,may be |
|
All the test cases are located in https://github.com/github/codeql |
by replace this import statement,testcase 5 is passed,but testcase 1, testcase 2, testcase 3, testcase 4 is failed |
foreign programer used to work on ubuntu,or mac,save a lot of time。 |
Try: from DataFlow::PathNode sink, DataFlow::PathNode source, MyTaintTrackingConfiguration config
where config.hasFlowPath(source, sink)
select sink.getNode().asExpr() ,source, sink,"the taint flow into sink from $@.", source.getNode().asExpr(), "source"instead of from DataFlow::PathNode sink, DataFlow::PathNode source, MyTaintTrackingConfiguration config
where config.hasFlowPath(source, sink)
select sink.getNode() ,source, sink,"the taint flow into sink from $@.", source.getNode(), "source" |
by this,testcase 5,testcase 3,testcase 2,testcase 1 is passed,testcase4 failed |
|
Hi @hatface, I've checked internally and failure of your 4th test case seems to be due to a bug on our side. The bug cannot be worked around with |
This might be useful: It lets you run Ubuntu software on Windows, provided that you have Windows 10 version 1607 or later, and your Windows installation is 64-bit. |
|
@jketema hello jketema,I have new tests,and testcase 14,testcase 17,testcase 18,testcase 21,testcase 22,testcase 23,testcase 24,testcase 30,testcase 33 is failed,the same question how to fix this ,by and my project is updated |
|
Hi @hatface, It's impossible for us to look in detail at your test cases without explanation from your side of (a) what a test case is aimed to test, (b) how you have tried to extend |
|
sorry,I will explain my testcases, the following tables shows the the test case aimed to test.
|
Thanks. So in each case how did you try to extend |
|
I did'nt extend |
|
I'm happy to help, but do expect some kind of effort from your side. In this case you should first really try to modify |
here is my project
here is the test result
here is the CodeQL Query
https://github.com/hatface/codeql_cap_evalution/blob/main/taint_cap_test.qland the case5 is failed
QUESTION:
how to fix the situation using
isAdditionalTaintStepThe text was updated successfully, but these errors were encountered: