hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 06:42:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

Insecure-TLS: remove is-test-file filter

Browse Source
This commit is contained in:
Chris Smowton
2020-07-28 10:04:14 +01:00
parent 5c8534f56e
commit 2a0642b67b
1 changed files with 1 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
ql/src/experimental/CWE-327/InsecureTLS.ql
View File

@@ -14,16 +14,6 @@ import go
import DataFlow::PathGraph
import semmle.go.security.InsecureFeatureFlag::InsecureFeatureFlag
/**
* Check whether the file where the node is located is a test file.
*/
predicate isTestFile(DataFlow::Node node) {
// Exclude results in test files:
exists(File file | file = node.getRoot().getFile() |
file instanceof TestFile or file.getPackageName() = "tests"
)
}
/**
* Holds if it is insecure to assign TLS version `val` named `named` to `tls.Config` field `fieldName`
*/
@@ -252,7 +242,5 @@ where
not exists(FuncDef fn | fn = sink.getNode().asInstruction().getRoot() |
isFeatureFlagName(fn.getEnclosingFunction*().getName()) or
isLegacyFlagName(fn.getEnclosingFunction*().getName())
) and
// Exclude results in test code:
not isTestFile(sink.getNode())
)
select sink.getNode(), source, sink, message