mirror of
https://github.com/github/codeql.git
synced 2025-12-16 08:43:11 +01:00
Merge branch 'main' of https://github.com/github/codeql into oscarsj/merge-back-rc-3.20
This commit is contained in:
Óscar San José
@@ -1 +1 @@
|
|||||||
8.1.1
|
8.4.2
|
||||||
|
|||||||
5
.github/dependabot.yml
vendored
5
.github/dependabot.yml
vendored
@@ -40,3 +40,8 @@ updates:
|
|||||||
- dependency-name: "*"
|
- dependency-name: "*"
|
||||||
reviewers:
|
reviewers:
|
||||||
- "github/codeql-go"
|
- "github/codeql-go"
|
||||||
|
|
||||||
|
- package-ecosystem: bazel
|
||||||
|
directory: "/"
|
||||||
|
schedule:
|
||||||
|
interval: weekly
|
||||||
|
|||||||
10
MODULE.bazel
10
MODULE.bazel
@@ -274,11 +274,11 @@ ripunzip_archive = use_repo_rule("//misc/ripunzip:ripunzip.bzl", "ripunzip_archi
|
|||||||
# go to https://github.com/GoogleChrome/ripunzip/releases to find latest version and corresponding sha256s
|
# go to https://github.com/GoogleChrome/ripunzip/releases to find latest version and corresponding sha256s
|
||||||
ripunzip_archive(
|
ripunzip_archive(
|
||||||
name = "ripunzip",
|
name = "ripunzip",
|
||||||
sha256_linux = "ee0e8a957687a5dc3a66b2a4b25883bf762df4c9c07f0651af527a32a405054b",
|
sha256_linux = "71482d7a7e4ea9176d5596161c49250c34b136b157c45f632b1111323fbfc0de",
|
||||||
sha256_macos_arm = "8a88eea54eac232d162a72a42065e0429b82dbf4f05e9642915dff9d7a81f846",
|
sha256_macos_arm = "604194ab13f0aba3972995d995f11002b8fc285c8170401fcd46655065df20c9",
|
||||||
sha256_macos_intel = "4457a18bfcc5feabe09f5ea3d1157128e07b4873392cb404a870e611924abf64",
|
sha256_macos_intel = "65367b94fd579d93d46f2d2595cc4c9a60cfcf497e3c824f9d1a7b80fa8bd38a",
|
||||||
sha256_windows = "66d0c1375301bf5ab815348048f43b110631d3fa7200acd50d50a8ed8655ca62",
|
sha256_windows = "ac3874075def2b9e5074a3b5945005ab082cc6e689e1de658da8965bc23e643e",
|
||||||
version = "2.0.3",
|
version = "2.0.4",
|
||||||
)
|
)
|
||||||
|
|
||||||
register_toolchains(
|
register_toolchains(
|
||||||
|
|||||||
@@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
category: majorAnalysis
|
||||||
|
---
|
||||||
|
* The query `actions/code-injection/medium` has been updated to include results which were incorrectly excluded while filtering out results that are reported by `actions/code-injection/critical`.
|
||||||
@@ -19,12 +19,7 @@ class CodeInjectionSink extends DataFlow::Node {
|
|||||||
Event getRelevantCriticalEventForSink(DataFlow::Node sink) {
|
Event getRelevantCriticalEventForSink(DataFlow::Node sink) {
|
||||||
inPrivilegedContext(sink.asExpr(), result) and
|
inPrivilegedContext(sink.asExpr(), result) and
|
||||||
not exists(ControlCheck check | check.protects(sink.asExpr(), result, "code-injection")) and
|
not exists(ControlCheck check | check.protects(sink.asExpr(), result, "code-injection")) and
|
||||||
// exclude cases where the sink is a JS script and the expression uses toJson
|
not isGithubScriptUsingToJson(sink.asExpr())
|
||||||
not exists(UsesStep script |
|
|
||||||
script.getCallee() = "actions/github-script" and
|
|
||||||
script.getArgumentExpr("script") = sink.asExpr() and
|
|
||||||
exists(getAToJsonReferenceExpression(sink.asExpr().(Expression).getExpression(), _))
|
|
||||||
)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -91,3 +86,38 @@ private module CodeInjectionConfig implements DataFlow::ConfigSig {
|
|||||||
|
|
||||||
/** Tracks flow of unsafe user input that is used to construct and evaluate a code script. */
|
/** Tracks flow of unsafe user input that is used to construct and evaluate a code script. */
|
||||||
module CodeInjectionFlow = TaintTracking::Global<CodeInjectionConfig>;
|
module CodeInjectionFlow = TaintTracking::Global<CodeInjectionConfig>;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Holds if there is a code injection flow from `source` to `sink` with
|
||||||
|
* critical severity, linked by `event`.
|
||||||
|
*/
|
||||||
|
predicate criticalSeverityCodeInjection(
|
||||||
|
CodeInjectionFlow::PathNode source, CodeInjectionFlow::PathNode sink, Event event
|
||||||
|
) {
|
||||||
|
CodeInjectionFlow::flowPath(source, sink) and
|
||||||
|
event = getRelevantCriticalEventForSink(sink.getNode()) and
|
||||||
|
source.getNode().(RemoteFlowSource).getEventName() = event.getName()
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Holds if there is a code injection flow from `source` to `sink` with medium severity.
|
||||||
|
*/
|
||||||
|
predicate mediumSeverityCodeInjection(
|
||||||
|
CodeInjectionFlow::PathNode source, CodeInjectionFlow::PathNode sink
|
||||||
|
) {
|
||||||
|
CodeInjectionFlow::flowPath(source, sink) and
|
||||||
|
not criticalSeverityCodeInjection(source, sink, _) and
|
||||||
|
not isGithubScriptUsingToJson(sink.getNode().asExpr())
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Holds if `expr` is the `script` input to `actions/github-script` and it uses
|
||||||
|
* `toJson`.
|
||||||
|
*/
|
||||||
|
predicate isGithubScriptUsingToJson(Expression expr) {
|
||||||
|
exists(UsesStep script |
|
||||||
|
script.getCallee() = "actions/github-script" and
|
||||||
|
script.getArgumentExpr("script") = expr and
|
||||||
|
exists(getAToJsonReferenceExpression(expr.getExpression(), _))
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|||||||
@@ -20,10 +20,7 @@ import CodeInjectionFlow::PathGraph
|
|||||||
import codeql.actions.security.ControlChecks
|
import codeql.actions.security.ControlChecks
|
||||||
|
|
||||||
from CodeInjectionFlow::PathNode source, CodeInjectionFlow::PathNode sink, Event event
|
from CodeInjectionFlow::PathNode source, CodeInjectionFlow::PathNode sink, Event event
|
||||||
where
|
where criticalSeverityCodeInjection(source, sink, event)
|
||||||
CodeInjectionFlow::flowPath(source, sink) and
|
|
||||||
event = getRelevantCriticalEventForSink(sink.getNode()) and
|
|
||||||
source.getNode().(RemoteFlowSource).getEventName() = event.getName()
|
|
||||||
select sink.getNode(), source, sink,
|
select sink.getNode(), source, sink,
|
||||||
"Potential code injection in $@, which may be controlled by an external user ($@).", sink,
|
"Potential code injection in $@, which may be controlled by an external user ($@).", sink,
|
||||||
sink.getNode().asExpr().(Expression).getRawExpression(), event, event.getName()
|
sink.getNode().asExpr().(Expression).getRawExpression(), event, event.getName()
|
||||||
|
|||||||
@@ -19,15 +19,7 @@ import codeql.actions.security.CodeInjectionQuery
|
|||||||
import CodeInjectionFlow::PathGraph
|
import CodeInjectionFlow::PathGraph
|
||||||
|
|
||||||
from CodeInjectionFlow::PathNode source, CodeInjectionFlow::PathNode sink
|
from CodeInjectionFlow::PathNode source, CodeInjectionFlow::PathNode sink
|
||||||
where
|
where mediumSeverityCodeInjection(source, sink)
|
||||||
CodeInjectionFlow::flowPath(source, sink) and
|
|
||||||
inNonPrivilegedContext(sink.getNode().asExpr()) and
|
|
||||||
// exclude cases where the sink is a JS script and the expression uses toJson
|
|
||||||
not exists(UsesStep script |
|
|
||||||
script.getCallee() = "actions/github-script" and
|
|
||||||
script.getArgumentExpr("script") = sink.getNode().asExpr() and
|
|
||||||
exists(getAToJsonReferenceExpression(sink.getNode().asExpr().(Expression).getExpression(), _))
|
|
||||||
)
|
|
||||||
select sink.getNode(), source, sink,
|
select sink.getNode(), source, sink,
|
||||||
"Potential code injection in $@, which may be controlled by an external user.", sink,
|
"Potential code injection in $@, which may be controlled by an external user.", sink,
|
||||||
sink.getNode().asExpr().(Expression).getRawExpression()
|
sink.getNode().asExpr().(Expression).getRawExpression()
|
||||||
|
|||||||
@@ -2,6 +2,8 @@
|
|||||||
|
|
||||||
If a GitHub Actions job or workflow has no explicit permissions set, then the repository permissions are used. Repositories created under organizations inherit the organization permissions. The organizations or repositories created before February 2023 have the default permissions set to read-write. Often these permissions do not adhere to the principle of least privilege and can be reduced to read-only, leaving the `write` permission only to a specific types as `issues: write` or `pull-requests: write`.
|
If a GitHub Actions job or workflow has no explicit permissions set, then the repository permissions are used. Repositories created under organizations inherit the organization permissions. The organizations or repositories created before February 2023 have the default permissions set to read-write. Often these permissions do not adhere to the principle of least privilege and can be reduced to read-only, leaving the `write` permission only to a specific types as `issues: write` or `pull-requests: write`.
|
||||||
|
|
||||||
|
Note that this query cannot check whether the organization or repository token settings are set to read-only. However, even if they are, it is recommended to define explicit permissions (`contents: read` and `packages: read` are equivalent to the read-only default) so that (a) the actual needs of the workflow are documented, and (b) the permissions will remain restricted if the default is subsequently changed, or the workflow is copied to a different repository or organization.
|
||||||
|
|
||||||
## Recommendation
|
## Recommendation
|
||||||
|
|
||||||
Add the `permissions` key to the job or the root of workflow (in this case it is applied to all jobs in the workflow that do not have their own `permissions` key) and assign the least privileges required to complete the task.
|
Add the `permissions` key to the job or the root of workflow (in this case it is applied to all jobs in the workflow that do not have their own `permissions` key) and assign the least privileges required to complete the task.
|
||||||
|
|||||||
18
actions/ql/test/query-tests/Security/CWE-094/.github/workflows/push_and_workflow_dispatch.yml
vendored
Normal file
18
actions/ql/test/query-tests/Security/CWE-094/.github/workflows/push_and_workflow_dispatch.yml
vendored
Normal file
@@ -0,0 +1,18 @@
|
|||||||
|
on:
|
||||||
|
push:
|
||||||
|
workflow_dispatch:
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
echo-chamber:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- run: echo '${{ github.event.commits[11].message }}'
|
||||||
|
- run: echo '${{ github.event.commits[11].author.email }}'
|
||||||
|
- run: echo '${{ github.event.commits[11].author.name }}'
|
||||||
|
- run: echo '${{ github.event.head_commit.message }}'
|
||||||
|
- run: echo '${{ github.event.head_commit.author.email }}'
|
||||||
|
- run: echo '${{ github.event.head_commit.author.name }}'
|
||||||
|
- run: echo '${{ github.event.head_commit.committer.email }}'
|
||||||
|
- run: echo '${{ github.event.head_commit.committer.name }}'
|
||||||
|
- run: echo '${{ github.event.commits[11].committer.email }}'
|
||||||
|
- run: echo '${{ github.event.commits[11].committer.name }}'
|
||||||
@@ -435,6 +435,16 @@ nodes
|
|||||||
| .github/workflows/push.yml:14:19:14:64 | github.event.head_commit.committer.name | semmle.label | github.event.head_commit.committer.name |
|
| .github/workflows/push.yml:14:19:14:64 | github.event.head_commit.committer.name | semmle.label | github.event.head_commit.committer.name |
|
||||||
| .github/workflows/push.yml:15:19:15:65 | github.event.commits[11].committer.email | semmle.label | github.event.commits[11].committer.email |
|
| .github/workflows/push.yml:15:19:15:65 | github.event.commits[11].committer.email | semmle.label | github.event.commits[11].committer.email |
|
||||||
| .github/workflows/push.yml:16:19:16:64 | github.event.commits[11].committer.name | semmle.label | github.event.commits[11].committer.name |
|
| .github/workflows/push.yml:16:19:16:64 | github.event.commits[11].committer.name | semmle.label | github.event.commits[11].committer.name |
|
||||||
|
| .github/workflows/push_and_workflow_dispatch.yml:9:19:9:57 | github.event.commits[11].message | semmle.label | github.event.commits[11].message |
|
||||||
|
| .github/workflows/push_and_workflow_dispatch.yml:10:19:10:62 | github.event.commits[11].author.email | semmle.label | github.event.commits[11].author.email |
|
||||||
|
| .github/workflows/push_and_workflow_dispatch.yml:11:19:11:61 | github.event.commits[11].author.name | semmle.label | github.event.commits[11].author.name |
|
||||||
|
| .github/workflows/push_and_workflow_dispatch.yml:12:19:12:57 | github.event.head_commit.message | semmle.label | github.event.head_commit.message |
|
||||||
|
| .github/workflows/push_and_workflow_dispatch.yml:13:19:13:62 | github.event.head_commit.author.email | semmle.label | github.event.head_commit.author.email |
|
||||||
|
| .github/workflows/push_and_workflow_dispatch.yml:14:19:14:61 | github.event.head_commit.author.name | semmle.label | github.event.head_commit.author.name |
|
||||||
|
| .github/workflows/push_and_workflow_dispatch.yml:15:19:15:65 | github.event.head_commit.committer.email | semmle.label | github.event.head_commit.committer.email |
|
||||||
|
| .github/workflows/push_and_workflow_dispatch.yml:16:19:16:64 | github.event.head_commit.committer.name | semmle.label | github.event.head_commit.committer.name |
|
||||||
|
| .github/workflows/push_and_workflow_dispatch.yml:17:19:17:65 | github.event.commits[11].committer.email | semmle.label | github.event.commits[11].committer.email |
|
||||||
|
| .github/workflows/push_and_workflow_dispatch.yml:18:19:18:64 | github.event.commits[11].committer.name | semmle.label | github.event.commits[11].committer.name |
|
||||||
| .github/workflows/reusable-workflow-1.yml:6:7:6:11 | input taint | semmle.label | input taint |
|
| .github/workflows/reusable-workflow-1.yml:6:7:6:11 | input taint | semmle.label | input taint |
|
||||||
| .github/workflows/reusable-workflow-1.yml:36:21:36:39 | inputs.taint | semmle.label | inputs.taint |
|
| .github/workflows/reusable-workflow-1.yml:36:21:36:39 | inputs.taint | semmle.label | inputs.taint |
|
||||||
| .github/workflows/reusable-workflow-1.yml:44:19:44:56 | github.event.pull_request.title | semmle.label | github.event.pull_request.title |
|
| .github/workflows/reusable-workflow-1.yml:44:19:44:56 | github.event.pull_request.title | semmle.label | github.event.pull_request.title |
|
||||||
|
|||||||
@@ -435,6 +435,16 @@ nodes
|
|||||||
| .github/workflows/push.yml:14:19:14:64 | github.event.head_commit.committer.name | semmle.label | github.event.head_commit.committer.name |
|
| .github/workflows/push.yml:14:19:14:64 | github.event.head_commit.committer.name | semmle.label | github.event.head_commit.committer.name |
|
||||||
| .github/workflows/push.yml:15:19:15:65 | github.event.commits[11].committer.email | semmle.label | github.event.commits[11].committer.email |
|
| .github/workflows/push.yml:15:19:15:65 | github.event.commits[11].committer.email | semmle.label | github.event.commits[11].committer.email |
|
||||||
| .github/workflows/push.yml:16:19:16:64 | github.event.commits[11].committer.name | semmle.label | github.event.commits[11].committer.name |
|
| .github/workflows/push.yml:16:19:16:64 | github.event.commits[11].committer.name | semmle.label | github.event.commits[11].committer.name |
|
||||||
|
| .github/workflows/push_and_workflow_dispatch.yml:9:19:9:57 | github.event.commits[11].message | semmle.label | github.event.commits[11].message |
|
||||||
|
| .github/workflows/push_and_workflow_dispatch.yml:10:19:10:62 | github.event.commits[11].author.email | semmle.label | github.event.commits[11].author.email |
|
||||||
|
| .github/workflows/push_and_workflow_dispatch.yml:11:19:11:61 | github.event.commits[11].author.name | semmle.label | github.event.commits[11].author.name |
|
||||||
|
| .github/workflows/push_and_workflow_dispatch.yml:12:19:12:57 | github.event.head_commit.message | semmle.label | github.event.head_commit.message |
|
||||||
|
| .github/workflows/push_and_workflow_dispatch.yml:13:19:13:62 | github.event.head_commit.author.email | semmle.label | github.event.head_commit.author.email |
|
||||||
|
| .github/workflows/push_and_workflow_dispatch.yml:14:19:14:61 | github.event.head_commit.author.name | semmle.label | github.event.head_commit.author.name |
|
||||||
|
| .github/workflows/push_and_workflow_dispatch.yml:15:19:15:65 | github.event.head_commit.committer.email | semmle.label | github.event.head_commit.committer.email |
|
||||||
|
| .github/workflows/push_and_workflow_dispatch.yml:16:19:16:64 | github.event.head_commit.committer.name | semmle.label | github.event.head_commit.committer.name |
|
||||||
|
| .github/workflows/push_and_workflow_dispatch.yml:17:19:17:65 | github.event.commits[11].committer.email | semmle.label | github.event.commits[11].committer.email |
|
||||||
|
| .github/workflows/push_and_workflow_dispatch.yml:18:19:18:64 | github.event.commits[11].committer.name | semmle.label | github.event.commits[11].committer.name |
|
||||||
| .github/workflows/reusable-workflow-1.yml:6:7:6:11 | input taint | semmle.label | input taint |
|
| .github/workflows/reusable-workflow-1.yml:6:7:6:11 | input taint | semmle.label | input taint |
|
||||||
| .github/workflows/reusable-workflow-1.yml:36:21:36:39 | inputs.taint | semmle.label | inputs.taint |
|
| .github/workflows/reusable-workflow-1.yml:36:21:36:39 | inputs.taint | semmle.label | inputs.taint |
|
||||||
| .github/workflows/reusable-workflow-1.yml:44:19:44:56 | github.event.pull_request.title | semmle.label | github.event.pull_request.title |
|
| .github/workflows/reusable-workflow-1.yml:44:19:44:56 | github.event.pull_request.title | semmle.label | github.event.pull_request.title |
|
||||||
@@ -719,6 +729,16 @@ subpaths
|
|||||||
| .github/workflows/push.yml:14:19:14:64 | github.event.head_commit.committer.name | .github/workflows/push.yml:14:19:14:64 | github.event.head_commit.committer.name | .github/workflows/push.yml:14:19:14:64 | github.event.head_commit.committer.name | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push.yml:14:19:14:64 | github.event.head_commit.committer.name | ${{ github.event.head_commit.committer.name }} |
|
| .github/workflows/push.yml:14:19:14:64 | github.event.head_commit.committer.name | .github/workflows/push.yml:14:19:14:64 | github.event.head_commit.committer.name | .github/workflows/push.yml:14:19:14:64 | github.event.head_commit.committer.name | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push.yml:14:19:14:64 | github.event.head_commit.committer.name | ${{ github.event.head_commit.committer.name }} |
|
||||||
| .github/workflows/push.yml:15:19:15:65 | github.event.commits[11].committer.email | .github/workflows/push.yml:15:19:15:65 | github.event.commits[11].committer.email | .github/workflows/push.yml:15:19:15:65 | github.event.commits[11].committer.email | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push.yml:15:19:15:65 | github.event.commits[11].committer.email | ${{ github.event.commits[11].committer.email }} |
|
| .github/workflows/push.yml:15:19:15:65 | github.event.commits[11].committer.email | .github/workflows/push.yml:15:19:15:65 | github.event.commits[11].committer.email | .github/workflows/push.yml:15:19:15:65 | github.event.commits[11].committer.email | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push.yml:15:19:15:65 | github.event.commits[11].committer.email | ${{ github.event.commits[11].committer.email }} |
|
||||||
| .github/workflows/push.yml:16:19:16:64 | github.event.commits[11].committer.name | .github/workflows/push.yml:16:19:16:64 | github.event.commits[11].committer.name | .github/workflows/push.yml:16:19:16:64 | github.event.commits[11].committer.name | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push.yml:16:19:16:64 | github.event.commits[11].committer.name | ${{ github.event.commits[11].committer.name }} |
|
| .github/workflows/push.yml:16:19:16:64 | github.event.commits[11].committer.name | .github/workflows/push.yml:16:19:16:64 | github.event.commits[11].committer.name | .github/workflows/push.yml:16:19:16:64 | github.event.commits[11].committer.name | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push.yml:16:19:16:64 | github.event.commits[11].committer.name | ${{ github.event.commits[11].committer.name }} |
|
||||||
|
| .github/workflows/push_and_workflow_dispatch.yml:9:19:9:57 | github.event.commits[11].message | .github/workflows/push_and_workflow_dispatch.yml:9:19:9:57 | github.event.commits[11].message | .github/workflows/push_and_workflow_dispatch.yml:9:19:9:57 | github.event.commits[11].message | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push_and_workflow_dispatch.yml:9:19:9:57 | github.event.commits[11].message | ${{ github.event.commits[11].message }} |
|
||||||
|
| .github/workflows/push_and_workflow_dispatch.yml:10:19:10:62 | github.event.commits[11].author.email | .github/workflows/push_and_workflow_dispatch.yml:10:19:10:62 | github.event.commits[11].author.email | .github/workflows/push_and_workflow_dispatch.yml:10:19:10:62 | github.event.commits[11].author.email | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push_and_workflow_dispatch.yml:10:19:10:62 | github.event.commits[11].author.email | ${{ github.event.commits[11].author.email }} |
|
||||||
|
| .github/workflows/push_and_workflow_dispatch.yml:11:19:11:61 | github.event.commits[11].author.name | .github/workflows/push_and_workflow_dispatch.yml:11:19:11:61 | github.event.commits[11].author.name | .github/workflows/push_and_workflow_dispatch.yml:11:19:11:61 | github.event.commits[11].author.name | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push_and_workflow_dispatch.yml:11:19:11:61 | github.event.commits[11].author.name | ${{ github.event.commits[11].author.name }} |
|
||||||
|
| .github/workflows/push_and_workflow_dispatch.yml:12:19:12:57 | github.event.head_commit.message | .github/workflows/push_and_workflow_dispatch.yml:12:19:12:57 | github.event.head_commit.message | .github/workflows/push_and_workflow_dispatch.yml:12:19:12:57 | github.event.head_commit.message | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push_and_workflow_dispatch.yml:12:19:12:57 | github.event.head_commit.message | ${{ github.event.head_commit.message }} |
|
||||||
|
| .github/workflows/push_and_workflow_dispatch.yml:13:19:13:62 | github.event.head_commit.author.email | .github/workflows/push_and_workflow_dispatch.yml:13:19:13:62 | github.event.head_commit.author.email | .github/workflows/push_and_workflow_dispatch.yml:13:19:13:62 | github.event.head_commit.author.email | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push_and_workflow_dispatch.yml:13:19:13:62 | github.event.head_commit.author.email | ${{ github.event.head_commit.author.email }} |
|
||||||
|
| .github/workflows/push_and_workflow_dispatch.yml:14:19:14:61 | github.event.head_commit.author.name | .github/workflows/push_and_workflow_dispatch.yml:14:19:14:61 | github.event.head_commit.author.name | .github/workflows/push_and_workflow_dispatch.yml:14:19:14:61 | github.event.head_commit.author.name | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push_and_workflow_dispatch.yml:14:19:14:61 | github.event.head_commit.author.name | ${{ github.event.head_commit.author.name }} |
|
||||||
|
| .github/workflows/push_and_workflow_dispatch.yml:15:19:15:65 | github.event.head_commit.committer.email | .github/workflows/push_and_workflow_dispatch.yml:15:19:15:65 | github.event.head_commit.committer.email | .github/workflows/push_and_workflow_dispatch.yml:15:19:15:65 | github.event.head_commit.committer.email | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push_and_workflow_dispatch.yml:15:19:15:65 | github.event.head_commit.committer.email | ${{ github.event.head_commit.committer.email }} |
|
||||||
|
| .github/workflows/push_and_workflow_dispatch.yml:16:19:16:64 | github.event.head_commit.committer.name | .github/workflows/push_and_workflow_dispatch.yml:16:19:16:64 | github.event.head_commit.committer.name | .github/workflows/push_and_workflow_dispatch.yml:16:19:16:64 | github.event.head_commit.committer.name | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push_and_workflow_dispatch.yml:16:19:16:64 | github.event.head_commit.committer.name | ${{ github.event.head_commit.committer.name }} |
|
||||||
|
| .github/workflows/push_and_workflow_dispatch.yml:17:19:17:65 | github.event.commits[11].committer.email | .github/workflows/push_and_workflow_dispatch.yml:17:19:17:65 | github.event.commits[11].committer.email | .github/workflows/push_and_workflow_dispatch.yml:17:19:17:65 | github.event.commits[11].committer.email | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push_and_workflow_dispatch.yml:17:19:17:65 | github.event.commits[11].committer.email | ${{ github.event.commits[11].committer.email }} |
|
||||||
|
| .github/workflows/push_and_workflow_dispatch.yml:18:19:18:64 | github.event.commits[11].committer.name | .github/workflows/push_and_workflow_dispatch.yml:18:19:18:64 | github.event.commits[11].committer.name | .github/workflows/push_and_workflow_dispatch.yml:18:19:18:64 | github.event.commits[11].committer.name | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push_and_workflow_dispatch.yml:18:19:18:64 | github.event.commits[11].committer.name | ${{ github.event.commits[11].committer.name }} |
|
||||||
| .github/workflows/reusable-workflow-1.yml:36:21:36:39 | inputs.taint | .github/workflows/reusable-workflow-caller-1.yml:11:15:11:52 | github.event.pull_request.title | .github/workflows/reusable-workflow-1.yml:36:21:36:39 | inputs.taint | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/reusable-workflow-1.yml:36:21:36:39 | inputs.taint | ${{ inputs.taint }} |
|
| .github/workflows/reusable-workflow-1.yml:36:21:36:39 | inputs.taint | .github/workflows/reusable-workflow-caller-1.yml:11:15:11:52 | github.event.pull_request.title | .github/workflows/reusable-workflow-1.yml:36:21:36:39 | inputs.taint | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/reusable-workflow-1.yml:36:21:36:39 | inputs.taint | ${{ inputs.taint }} |
|
||||||
| .github/workflows/reusable-workflow-1.yml:53:26:53:39 | env.log | .github/workflows/reusable-workflow-1.yml:44:19:44:56 | github.event.pull_request.title | .github/workflows/reusable-workflow-1.yml:53:26:53:39 | env.log | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/reusable-workflow-1.yml:53:26:53:39 | env.log | ${{ env.log }} |
|
| .github/workflows/reusable-workflow-1.yml:53:26:53:39 | env.log | .github/workflows/reusable-workflow-1.yml:44:19:44:56 | github.event.pull_request.title | .github/workflows/reusable-workflow-1.yml:53:26:53:39 | env.log | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/reusable-workflow-1.yml:53:26:53:39 | env.log | ${{ env.log }} |
|
||||||
| .github/workflows/reusable-workflow-1.yml:66:34:66:52 | env.prev_log | .github/workflows/reusable-workflow-1.yml:45:24:45:61 | github.event.changes.title.from | .github/workflows/reusable-workflow-1.yml:66:34:66:52 | env.prev_log | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/reusable-workflow-1.yml:66:34:66:52 | env.prev_log | ${{ env.prev_log }} |
|
| .github/workflows/reusable-workflow-1.yml:66:34:66:52 | env.prev_log | .github/workflows/reusable-workflow-1.yml:45:24:45:61 | github.event.changes.title.from | .github/workflows/reusable-workflow-1.yml:66:34:66:52 | env.prev_log | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/reusable-workflow-1.yml:66:34:66:52 | env.prev_log | ${{ env.prev_log }} |
|
||||||
@@ -729,6 +749,10 @@ subpaths
|
|||||||
| .github/workflows/test10.yml:333:34:333:77 | github.event.workflow_run.head_branch | .github/workflows/test10.yml:333:34:333:77 | github.event.workflow_run.head_branch | .github/workflows/test10.yml:333:34:333:77 | github.event.workflow_run.head_branch | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/test10.yml:333:34:333:77 | github.event.workflow_run.head_branch | ${{ github.event.workflow_run.head_branch }} |
|
| .github/workflows/test10.yml:333:34:333:77 | github.event.workflow_run.head_branch | .github/workflows/test10.yml:333:34:333:77 | github.event.workflow_run.head_branch | .github/workflows/test10.yml:333:34:333:77 | github.event.workflow_run.head_branch | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/test10.yml:333:34:333:77 | github.event.workflow_run.head_branch | ${{ github.event.workflow_run.head_branch }} |
|
||||||
| .github/workflows/test10.yml:423:34:423:77 | github.event.workflow_run.head_branch | .github/workflows/test10.yml:423:34:423:77 | github.event.workflow_run.head_branch | .github/workflows/test10.yml:423:34:423:77 | github.event.workflow_run.head_branch | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/test10.yml:423:34:423:77 | github.event.workflow_run.head_branch | ${{ github.event.workflow_run.head_branch }} |
|
| .github/workflows/test10.yml:423:34:423:77 | github.event.workflow_run.head_branch | .github/workflows/test10.yml:423:34:423:77 | github.event.workflow_run.head_branch | .github/workflows/test10.yml:423:34:423:77 | github.event.workflow_run.head_branch | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/test10.yml:423:34:423:77 | github.event.workflow_run.head_branch | ${{ github.event.workflow_run.head_branch }} |
|
||||||
| .github/workflows/test10.yml:518:34:518:77 | github.event.workflow_run.head_branch | .github/workflows/test10.yml:518:34:518:77 | github.event.workflow_run.head_branch | .github/workflows/test10.yml:518:34:518:77 | github.event.workflow_run.head_branch | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/test10.yml:518:34:518:77 | github.event.workflow_run.head_branch | ${{ github.event.workflow_run.head_branch }} |
|
| .github/workflows/test10.yml:518:34:518:77 | github.event.workflow_run.head_branch | .github/workflows/test10.yml:518:34:518:77 | github.event.workflow_run.head_branch | .github/workflows/test10.yml:518:34:518:77 | github.event.workflow_run.head_branch | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/test10.yml:518:34:518:77 | github.event.workflow_run.head_branch | ${{ github.event.workflow_run.head_branch }} |
|
||||||
|
| .github/workflows/test20.yml:15:54:15:94 | github.event.pull_request.head.ref | .github/workflows/test20.yml:15:54:15:94 | github.event.pull_request.head.ref | .github/workflows/test20.yml:15:54:15:94 | github.event.pull_request.head.ref | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/test20.yml:15:54:15:94 | github.event.pull_request.head.ref | ${{ github.event.pull_request.head.ref }} |
|
||||||
|
| .github/workflows/test21.yml:22:35:22:73 | github.event.head_commit.message | .github/workflows/test21.yml:22:35:22:73 | github.event.head_commit.message | .github/workflows/test21.yml:22:35:22:73 | github.event.head_commit.message | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/test21.yml:22:35:22:73 | github.event.head_commit.message | ${{ github.event.head_commit.message }} |
|
||||||
|
| .github/workflows/test21.yml:23:36:23:74 | github.event.head_commit.message | .github/workflows/test21.yml:23:36:23:74 | github.event.head_commit.message | .github/workflows/test21.yml:23:36:23:74 | github.event.head_commit.message | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/test21.yml:23:36:23:74 | github.event.head_commit.message | ${{ github.event.head_commit.message }} |
|
||||||
|
| .github/workflows/test21.yml:24:50:24:88 | github.event.head_commit.message | .github/workflows/test21.yml:24:50:24:88 | github.event.head_commit.message | .github/workflows/test21.yml:24:50:24:88 | github.event.head_commit.message | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/test21.yml:24:50:24:88 | github.event.head_commit.message | ${{ github.event.head_commit.message }} |
|
||||||
| .github/workflows/workflow_run_branches1.yml:13:20:13:63 | github.event.workflow_run.head_branch | .github/workflows/workflow_run_branches1.yml:13:20:13:63 | github.event.workflow_run.head_branch | .github/workflows/workflow_run_branches1.yml:13:20:13:63 | github.event.workflow_run.head_branch | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/workflow_run_branches1.yml:13:20:13:63 | github.event.workflow_run.head_branch | ${{ github.event.workflow_run.head_branch }} |
|
| .github/workflows/workflow_run_branches1.yml:13:20:13:63 | github.event.workflow_run.head_branch | .github/workflows/workflow_run_branches1.yml:13:20:13:63 | github.event.workflow_run.head_branch | .github/workflows/workflow_run_branches1.yml:13:20:13:63 | github.event.workflow_run.head_branch | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/workflow_run_branches1.yml:13:20:13:63 | github.event.workflow_run.head_branch | ${{ github.event.workflow_run.head_branch }} |
|
||||||
| .github/workflows/workflow_run_branches2.yml:13:20:13:63 | github.event.workflow_run.head_branch | .github/workflows/workflow_run_branches2.yml:13:20:13:63 | github.event.workflow_run.head_branch | .github/workflows/workflow_run_branches2.yml:13:20:13:63 | github.event.workflow_run.head_branch | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/workflow_run_branches2.yml:13:20:13:63 | github.event.workflow_run.head_branch | ${{ github.event.workflow_run.head_branch }} |
|
| .github/workflows/workflow_run_branches2.yml:13:20:13:63 | github.event.workflow_run.head_branch | .github/workflows/workflow_run_branches2.yml:13:20:13:63 | github.event.workflow_run.head_branch | .github/workflows/workflow_run_branches2.yml:13:20:13:63 | github.event.workflow_run.head_branch | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/workflow_run_branches2.yml:13:20:13:63 | github.event.workflow_run.head_branch | ${{ github.event.workflow_run.head_branch }} |
|
||||||
| .github/workflows/workflow_run_branches4.yml:13:20:13:63 | github.event.workflow_run.head_branch | .github/workflows/workflow_run_branches4.yml:13:20:13:63 | github.event.workflow_run.head_branch | .github/workflows/workflow_run_branches4.yml:13:20:13:63 | github.event.workflow_run.head_branch | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/workflow_run_branches4.yml:13:20:13:63 | github.event.workflow_run.head_branch | ${{ github.event.workflow_run.head_branch }} |
|
| .github/workflows/workflow_run_branches4.yml:13:20:13:63 | github.event.workflow_run.head_branch | .github/workflows/workflow_run_branches4.yml:13:20:13:63 | github.event.workflow_run.head_branch | .github/workflows/workflow_run_branches4.yml:13:20:13:63 | github.event.workflow_run.head_branch | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/workflow_run_branches4.yml:13:20:13:63 | github.event.workflow_run.head_branch | ${{ github.event.workflow_run.head_branch }} |
|
||||||
|
|||||||
@@ -10,7 +10,7 @@ import ExternalAPIsSpecific
|
|||||||
|
|
||||||
/** A node representing untrusted data being passed to an external API. */
|
/** A node representing untrusted data being passed to an external API. */
|
||||||
class UntrustedExternalApiDataNode extends ExternalApiDataNode {
|
class UntrustedExternalApiDataNode extends ExternalApiDataNode {
|
||||||
UntrustedExternalApiDataNode() { UntrustedDataToExternalApiFlow::flow(_, this) }
|
UntrustedExternalApiDataNode() { UntrustedDataToExternalApiFlow::flowTo(this) }
|
||||||
|
|
||||||
/** Gets a source of untrusted data which is passed to this external API data node. */
|
/** Gets a source of untrusted data which is passed to this external API data node. */
|
||||||
DataFlow::Node getAnUntrustedSource() { UntrustedDataToExternalApiFlow::flow(result, this) }
|
DataFlow::Node getAnUntrustedSource() { UntrustedDataToExternalApiFlow::flow(result, this) }
|
||||||
|
|||||||
@@ -10,7 +10,7 @@ import ExternalAPIsSpecific
|
|||||||
|
|
||||||
/** A node representing untrusted data being passed to an external API. */
|
/** A node representing untrusted data being passed to an external API. */
|
||||||
class UntrustedExternalApiDataNode extends ExternalApiDataNode {
|
class UntrustedExternalApiDataNode extends ExternalApiDataNode {
|
||||||
UntrustedExternalApiDataNode() { UntrustedDataToExternalApiFlow::flow(_, this) }
|
UntrustedExternalApiDataNode() { UntrustedDataToExternalApiFlow::flowTo(this) }
|
||||||
|
|
||||||
/** Gets a source of untrusted data which is passed to this external API data node. */
|
/** Gets a source of untrusted data which is passed to this external API data node. */
|
||||||
DataFlow::Node getAnUntrustedSource() { UntrustedDataToExternalApiFlow::flow(result, this) }
|
DataFlow::Node getAnUntrustedSource() { UntrustedDataToExternalApiFlow::flow(result, this) }
|
||||||
|
|||||||
@@ -263,7 +263,7 @@ module FromSensitiveFlow = TaintTracking::Global<FromSensitiveConfig>;
|
|||||||
* A taint flow configuration for flow from a sensitive expression to an encryption operation.
|
* A taint flow configuration for flow from a sensitive expression to an encryption operation.
|
||||||
*/
|
*/
|
||||||
module ToEncryptionConfig implements DataFlow::ConfigSig {
|
module ToEncryptionConfig implements DataFlow::ConfigSig {
|
||||||
predicate isSource(DataFlow::Node source) { FromSensitiveFlow::flow(source, _) }
|
predicate isSource(DataFlow::Node source) { FromSensitiveFlow::flowFrom(source) }
|
||||||
|
|
||||||
predicate isSink(DataFlow::Node sink) { isSinkEncrypt(sink, _) }
|
predicate isSink(DataFlow::Node sink) { isSinkEncrypt(sink, _) }
|
||||||
|
|
||||||
@@ -311,7 +311,7 @@ where
|
|||||||
FromSensitiveFlow::flowPath(source, sink) and
|
FromSensitiveFlow::flowPath(source, sink) and
|
||||||
isSinkSendRecv(sink.getNode(), networkSendRecv) and
|
isSinkSendRecv(sink.getNode(), networkSendRecv) and
|
||||||
// no flow from sensitive -> evidence of encryption
|
// no flow from sensitive -> evidence of encryption
|
||||||
not ToEncryptionFlow::flow(source.getNode(), _) and
|
not ToEncryptionFlow::flowFrom(source.getNode()) and
|
||||||
not FromEncryptionFlow::flowTo(sink.getNode()) and
|
not FromEncryptionFlow::flowTo(sink.getNode()) and
|
||||||
// construct result
|
// construct result
|
||||||
if networkSendRecv instanceof NetworkSend
|
if networkSendRecv instanceof NetworkSend
|
||||||
|
|||||||
@@ -129,7 +129,7 @@ module PointerArithmeticToDerefFlow = DataFlow::Global<PointerArithmeticToDerefC
|
|||||||
|
|
||||||
predicate pointerArithOverflow(PointerArithmeticInstruction pai, int delta) {
|
predicate pointerArithOverflow(PointerArithmeticInstruction pai, int delta) {
|
||||||
pointerArithOverflow0(pai, delta) and
|
pointerArithOverflow0(pai, delta) and
|
||||||
PointerArithmeticToDerefFlow::flow(DataFlow::instructionNode(pai), _)
|
PointerArithmeticToDerefFlow::flowFrom(DataFlow::instructionNode(pai))
|
||||||
}
|
}
|
||||||
|
|
||||||
bindingset[v]
|
bindingset[v]
|
||||||
|
|||||||
@@ -48,7 +48,7 @@ namespace Semmle.Autobuild.CSharp
|
|||||||
{
|
{
|
||||||
// When a custom .NET CLI has been installed, `dotnet --info` has already been executed
|
// When a custom .NET CLI has been installed, `dotnet --info` has already been executed
|
||||||
// to verify the installation.
|
// to verify the installation.
|
||||||
var ret = dotNetPath is null ? GetInfoCommand(builder.Actions, dotNetPath, environment) : BuildScript.Success;
|
var ret = dotNetPath is null ? DotNet.InfoScript(builder.Actions, DotNetCommand(builder.Actions, dotNetPath), environment, builder.Logger) : BuildScript.Success;
|
||||||
foreach (var projectOrSolution in builder.ProjectsOrSolutionsToBuild)
|
foreach (var projectOrSolution in builder.ProjectsOrSolutionsToBuild)
|
||||||
{
|
{
|
||||||
var cleanCommand = GetCleanCommand(builder.Actions, dotNetPath, environment);
|
var cleanCommand = GetCleanCommand(builder.Actions, dotNetPath, environment);
|
||||||
@@ -111,14 +111,6 @@ namespace Semmle.Autobuild.CSharp
|
|||||||
private static string DotNetCommand(IBuildActions actions, string? dotNetPath) =>
|
private static string DotNetCommand(IBuildActions actions, string? dotNetPath) =>
|
||||||
dotNetPath is not null ? actions.PathCombine(dotNetPath, "dotnet") : "dotnet";
|
dotNetPath is not null ? actions.PathCombine(dotNetPath, "dotnet") : "dotnet";
|
||||||
|
|
||||||
private static BuildScript GetInfoCommand(IBuildActions actions, string? dotNetPath, IDictionary<string, string>? environment)
|
|
||||||
{
|
|
||||||
var info = new CommandBuilder(actions, null, environment).
|
|
||||||
RunCommand(DotNetCommand(actions, dotNetPath)).
|
|
||||||
Argument("--info");
|
|
||||||
return info.Script;
|
|
||||||
}
|
|
||||||
|
|
||||||
private static CommandBuilder GetCleanCommand(IBuildActions actions, string? dotNetPath, IDictionary<string, string>? environment)
|
private static CommandBuilder GetCleanCommand(IBuildActions actions, string? dotNetPath, IDictionary<string, string>? environment)
|
||||||
{
|
{
|
||||||
var clean = new CommandBuilder(actions, null, environment).
|
var clean = new CommandBuilder(actions, null, environment).
|
||||||
|
|||||||
@@ -3,6 +3,7 @@ using System.Collections.Generic;
|
|||||||
using System.Collections.ObjectModel;
|
using System.Collections.ObjectModel;
|
||||||
using System.IO;
|
using System.IO;
|
||||||
using System.Linq;
|
using System.Linq;
|
||||||
|
using System.Threading;
|
||||||
using Newtonsoft.Json.Linq;
|
using Newtonsoft.Json.Linq;
|
||||||
|
|
||||||
using Semmle.Util;
|
using Semmle.Util;
|
||||||
@@ -36,12 +37,29 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
|
|||||||
|
|
||||||
public static IDotNet Make(ILogger logger, string? dotNetPath, TemporaryDirectory tempWorkingDirectory, DependabotProxy? dependabotProxy) => new DotNet(logger, dotNetPath, tempWorkingDirectory, dependabotProxy);
|
public static IDotNet Make(ILogger logger, string? dotNetPath, TemporaryDirectory tempWorkingDirectory, DependabotProxy? dependabotProxy) => new DotNet(logger, dotNetPath, tempWorkingDirectory, dependabotProxy);
|
||||||
|
|
||||||
|
private static void HandleRetryExitCode143(string dotnet, int attempt, ILogger logger)
|
||||||
|
{
|
||||||
|
logger.LogWarning($"Running '{dotnet} --info' failed with exit code 143. Retrying...");
|
||||||
|
var sleep = Math.Pow(2, attempt) * 1000;
|
||||||
|
Thread.Sleep((int)sleep);
|
||||||
|
}
|
||||||
|
|
||||||
private void Info()
|
private void Info()
|
||||||
{
|
{
|
||||||
var res = dotnetCliInvoker.RunCommand("--info", silent: false);
|
// Allow up to four attempts (with up to three retries) to run `dotnet --info`, to mitigate transient issues
|
||||||
if (!res)
|
for (int attempt = 0; attempt < 4; attempt++)
|
||||||
{
|
{
|
||||||
throw new Exception($"{dotnetCliInvoker.Exec} --info failed.");
|
var exitCode = dotnetCliInvoker.RunCommandExitCode("--info", silent: false);
|
||||||
|
switch (exitCode)
|
||||||
|
{
|
||||||
|
case 0:
|
||||||
|
return;
|
||||||
|
case 143 when attempt < 3:
|
||||||
|
HandleRetryExitCode143(dotnetCliInvoker.Exec, attempt, logger);
|
||||||
|
continue;
|
||||||
|
default:
|
||||||
|
throw new Exception($"{dotnetCliInvoker.Exec} --info failed with exit code {exitCode}.");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -193,6 +211,35 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
|
|||||||
return BuildScript.Failure;
|
return BuildScript.Failure;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// <summary>
|
||||||
|
/// Returns a script for running `dotnet --info`, with retries on exit code 143.
|
||||||
|
/// </summary>
|
||||||
|
public static BuildScript InfoScript(IBuildActions actions, string dotnet, IDictionary<string, string>? environment, ILogger logger)
|
||||||
|
{
|
||||||
|
var info = new CommandBuilder(actions, null, environment).
|
||||||
|
RunCommand(dotnet).
|
||||||
|
Argument("--info");
|
||||||
|
var script = info.Script;
|
||||||
|
for (var attempt = 0; attempt < 4; attempt++)
|
||||||
|
{
|
||||||
|
var attemptCopy = attempt; // Capture in local variable
|
||||||
|
script = BuildScript.Bind(script, ret =>
|
||||||
|
{
|
||||||
|
switch (ret)
|
||||||
|
{
|
||||||
|
case 0:
|
||||||
|
return BuildScript.Success;
|
||||||
|
case 143 when attemptCopy < 3:
|
||||||
|
HandleRetryExitCode143(dotnet, attemptCopy, logger);
|
||||||
|
return info.Script;
|
||||||
|
default:
|
||||||
|
return BuildScript.Failure;
|
||||||
|
}
|
||||||
|
});
|
||||||
|
}
|
||||||
|
return script;
|
||||||
|
}
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// Returns a script for downloading specific .NET SDK versions, if the
|
/// Returns a script for downloading specific .NET SDK versions, if the
|
||||||
/// versions are not already installed.
|
/// versions are not already installed.
|
||||||
@@ -292,9 +339,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
|
|||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
var dotnetInfo = new CommandBuilder(actions, environment: MinimalEnvironment).
|
var dotnetInfo = InfoScript(actions, actions.PathCombine(path, "dotnet"), MinimalEnvironment.ToDictionary(), logger);
|
||||||
RunCommand(actions.PathCombine(path, "dotnet")).
|
|
||||||
Argument("--info").Script;
|
|
||||||
|
|
||||||
Func<string, BuildScript> getInstallAndVerify = version =>
|
Func<string, BuildScript> getInstallAndVerify = version =>
|
||||||
// run `dotnet --info` after install, to check that it executes successfully
|
// run `dotnet --info` after install, to check that it executes successfully
|
||||||
|
|||||||
@@ -57,15 +57,21 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
|
|||||||
return startInfo;
|
return startInfo;
|
||||||
}
|
}
|
||||||
|
|
||||||
private bool RunCommandAux(string args, string? workingDirectory, out IList<string> output, bool silent)
|
private int RunCommandExitCodeAux(string args, string? workingDirectory, out IList<string> output, out string dirLog, bool silent)
|
||||||
{
|
{
|
||||||
var dirLog = string.IsNullOrWhiteSpace(workingDirectory) ? "" : $" in {workingDirectory}";
|
dirLog = string.IsNullOrWhiteSpace(workingDirectory) ? "" : $" in {workingDirectory}";
|
||||||
var pi = MakeDotnetStartInfo(args, workingDirectory);
|
var pi = MakeDotnetStartInfo(args, workingDirectory);
|
||||||
var threadId = Environment.CurrentManagedThreadId;
|
var threadId = Environment.CurrentManagedThreadId;
|
||||||
void onOut(string s) => logger.Log(silent ? Severity.Debug : Severity.Info, s, threadId);
|
void onOut(string s) => logger.Log(silent ? Severity.Debug : Severity.Info, s, threadId);
|
||||||
void onError(string s) => logger.LogError(s, threadId);
|
void onError(string s) => logger.LogError(s, threadId);
|
||||||
logger.LogInfo($"Running '{Exec} {args}'{dirLog}");
|
logger.LogInfo($"Running '{Exec} {args}'{dirLog}");
|
||||||
var exitCode = pi.ReadOutput(out output, onOut, onError);
|
var exitCode = pi.ReadOutput(out output, onOut, onError);
|
||||||
|
return exitCode;
|
||||||
|
}
|
||||||
|
|
||||||
|
private bool RunCommandAux(string args, string? workingDirectory, out IList<string> output, bool silent)
|
||||||
|
{
|
||||||
|
var exitCode = RunCommandExitCodeAux(args, workingDirectory, out output, out var dirLog, silent);
|
||||||
if (exitCode != 0)
|
if (exitCode != 0)
|
||||||
{
|
{
|
||||||
logger.LogError($"Command '{Exec} {args}'{dirLog} failed with exit code {exitCode}");
|
logger.LogError($"Command '{Exec} {args}'{dirLog} failed with exit code {exitCode}");
|
||||||
@@ -77,6 +83,9 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
|
|||||||
public bool RunCommand(string args, bool silent = true) =>
|
public bool RunCommand(string args, bool silent = true) =>
|
||||||
RunCommandAux(args, null, out _, silent);
|
RunCommandAux(args, null, out _, silent);
|
||||||
|
|
||||||
|
public int RunCommandExitCode(string args, bool silent = true) =>
|
||||||
|
RunCommandExitCodeAux(args, null, out _, out _, silent);
|
||||||
|
|
||||||
public bool RunCommand(string args, out IList<string> output, bool silent = true) =>
|
public bool RunCommand(string args, out IList<string> output, bool silent = true) =>
|
||||||
RunCommandAux(args, null, out output, silent);
|
RunCommandAux(args, null, out output, silent);
|
||||||
|
|
||||||
|
|||||||
@@ -30,6 +30,12 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
|
|||||||
/// </summary>
|
/// </summary>
|
||||||
bool RunCommand(string args, bool silent = true);
|
bool RunCommand(string args, bool silent = true);
|
||||||
|
|
||||||
|
/// <summary>
|
||||||
|
/// Execute `dotnet <paramref name="args"/>` and return the exit code.
|
||||||
|
/// If `silent` is true the output of the command is logged as `debug` otherwise as `info`.
|
||||||
|
/// </summary>
|
||||||
|
int RunCommandExitCode(string args, bool silent = true);
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// Execute `dotnet <paramref name="args"/>` and return true if the command succeeded, otherwise false.
|
/// Execute `dotnet <paramref name="args"/>` and return true if the command succeeded, otherwise false.
|
||||||
/// The output of the command is returned in `output`.
|
/// The output of the command is returned in `output`.
|
||||||
|
|||||||
@@ -12,6 +12,7 @@ namespace Semmle.Extraction.Tests
|
|||||||
private string lastArgs = "";
|
private string lastArgs = "";
|
||||||
public string WorkingDirectory { get; private set; } = "";
|
public string WorkingDirectory { get; private set; } = "";
|
||||||
public bool Success { get; set; } = true;
|
public bool Success { get; set; } = true;
|
||||||
|
public int ExitCode { get; set; } = 0;
|
||||||
|
|
||||||
public DotNetCliInvokerStub(IList<string> output)
|
public DotNetCliInvokerStub(IList<string> output)
|
||||||
{
|
{
|
||||||
@@ -26,6 +27,12 @@ namespace Semmle.Extraction.Tests
|
|||||||
return Success;
|
return Success;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public int RunCommandExitCode(string args, bool silent)
|
||||||
|
{
|
||||||
|
lastArgs = args;
|
||||||
|
return ExitCode;
|
||||||
|
}
|
||||||
|
|
||||||
public bool RunCommand(string args, out IList<string> output, bool silent)
|
public bool RunCommand(string args, out IList<string> output, bool silent)
|
||||||
{
|
{
|
||||||
lastArgs = args;
|
lastArgs = args;
|
||||||
@@ -83,7 +90,7 @@ namespace Semmle.Extraction.Tests
|
|||||||
public void TestDotnetInfoFailure()
|
public void TestDotnetInfoFailure()
|
||||||
{
|
{
|
||||||
// Setup
|
// Setup
|
||||||
var dotnetCliInvoker = new DotNetCliInvokerStub(new List<string>()) { Success = false };
|
var dotnetCliInvoker = new DotNetCliInvokerStub(new List<string>()) { ExitCode = 1 };
|
||||||
|
|
||||||
// Execute
|
// Execute
|
||||||
try
|
try
|
||||||
@@ -94,7 +101,7 @@ namespace Semmle.Extraction.Tests
|
|||||||
// Verify
|
// Verify
|
||||||
catch (Exception e)
|
catch (Exception e)
|
||||||
{
|
{
|
||||||
Assert.Equal("dotnet --info failed.", e.Message);
|
Assert.Equal("dotnet --info failed with exit code 1.", e.Message);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
Assert.Fail("Expected exception");
|
Assert.Fail("Expected exception");
|
||||||
|
|||||||
@@ -1,9 +1,7 @@
|
|||||||
import pytest
|
import pytest
|
||||||
|
|
||||||
@pytest.mark.skip(reason=".NET 10 info command crashes")
|
|
||||||
def test1(codeql, csharp):
|
def test1(codeql, csharp):
|
||||||
codeql.database.create()
|
codeql.database.create()
|
||||||
|
|
||||||
@pytest.mark.skip(reason=".NET 10 info command crashes")
|
|
||||||
def test2(codeql, csharp):
|
def test2(codeql, csharp):
|
||||||
codeql.database.create(build_mode="none")
|
codeql.database.create(build_mode="none")
|
||||||
|
|||||||
@@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
category: fix
|
||||||
|
---
|
||||||
|
* Fixed an issue where compiler-generated files were not being extracted. The extractor now runs after compilation completes to ensure all generated files are properly analyzed.
|
||||||
@@ -52,7 +52,7 @@ class IDbCommandConstructionSqlExpr extends SqlExpr, ObjectCreation {
|
|||||||
class DapperCommandDefinitionMethodCallSqlExpr extends SqlExpr, ObjectCreation {
|
class DapperCommandDefinitionMethodCallSqlExpr extends SqlExpr, ObjectCreation {
|
||||||
DapperCommandDefinitionMethodCallSqlExpr() {
|
DapperCommandDefinitionMethodCallSqlExpr() {
|
||||||
this.getObjectType() instanceof Dapper::CommandDefinitionStruct and
|
this.getObjectType() instanceof Dapper::CommandDefinitionStruct and
|
||||||
DapperCommandDefinitionMethodCallSql::flow(DataFlow::exprNode(this), _)
|
DapperCommandDefinitionMethodCallSql::flowFromExpr(this)
|
||||||
}
|
}
|
||||||
|
|
||||||
override Expr getSql() { result = this.getArgumentForName("commandText") }
|
override Expr getSql() { result = this.getArgumentForName("commandText") }
|
||||||
|
|||||||
@@ -85,7 +85,7 @@ module RemoteSourceToExternalApi = TaintTracking::Global<RemoteSourceToExternalA
|
|||||||
|
|
||||||
/** A node representing untrusted data being passed to an external API. */
|
/** A node representing untrusted data being passed to an external API. */
|
||||||
class UntrustedExternalApiDataNode extends ExternalApiDataNode {
|
class UntrustedExternalApiDataNode extends ExternalApiDataNode {
|
||||||
UntrustedExternalApiDataNode() { RemoteSourceToExternalApi::flow(_, this) }
|
UntrustedExternalApiDataNode() { RemoteSourceToExternalApi::flowTo(this) }
|
||||||
|
|
||||||
/** Gets a source of untrusted data which is passed to this external API data node. */
|
/** Gets a source of untrusted data which is passed to this external API data node. */
|
||||||
DataFlow::Node getAnUntrustedSource() { RemoteSourceToExternalApi::flow(result, this) }
|
DataFlow::Node getAnUntrustedSource() { RemoteSourceToExternalApi::flow(result, this) }
|
||||||
|
|||||||
@@ -91,7 +91,7 @@ class ExponentialRegexSink extends DataFlow::ExprNode, Sink {
|
|||||||
ExponentialRegexSink() {
|
ExponentialRegexSink() {
|
||||||
exists(RegexOperation regexOperation |
|
exists(RegexOperation regexOperation |
|
||||||
// Exponential regex flows to the pattern argument
|
// Exponential regex flows to the pattern argument
|
||||||
ExponentialRegexDataFlow::flow(_, DataFlow::exprNode(regexOperation.getPattern()))
|
ExponentialRegexDataFlow::flowToExpr(regexOperation.getPattern())
|
||||||
|
|
|
|
||||||
// This is used as an input for this pattern
|
// This is used as an input for this pattern
|
||||||
this.getExpr() = regexOperation.getInput() and
|
this.getExpr() = regexOperation.getInput() and
|
||||||
|
|||||||
@@ -53,7 +53,7 @@ where
|
|||||||
// JsonConvert static method call, but with additional unsafe typename tracking
|
// JsonConvert static method call, but with additional unsafe typename tracking
|
||||||
exists(DataFlow::Node settingsCallArg |
|
exists(DataFlow::Node settingsCallArg |
|
||||||
JsonConvertTracking::flowPath(userInput.asPathNode3(), deserializeCallArg.asPathNode3()) and
|
JsonConvertTracking::flowPath(userInput.asPathNode3(), deserializeCallArg.asPathNode3()) and
|
||||||
TypeNameTracking::flow(_, settingsCallArg) and
|
TypeNameTracking::flowTo(settingsCallArg) and
|
||||||
sameParent(deserializeCallArg.getNode(), settingsCallArg)
|
sameParent(deserializeCallArg.getNode(), settingsCallArg)
|
||||||
)
|
)
|
||||||
select deserializeCallArg, userInput, deserializeCallArg, "$@ flows to unsafe deserializer.",
|
select deserializeCallArg, userInput, deserializeCallArg, "$@ flows to unsafe deserializer.",
|
||||||
|
|||||||
@@ -46,10 +46,7 @@ predicate insecureCookieOptionsCreation(ObjectCreation oc) {
|
|||||||
// `Secure` property in `CookieOptions` passed to IResponseCookies.Append(...) wasn't set
|
// `Secure` property in `CookieOptions` passed to IResponseCookies.Append(...) wasn't set
|
||||||
oc.getType() instanceof MicrosoftAspNetCoreHttpCookieOptions and
|
oc.getType() instanceof MicrosoftAspNetCoreHttpCookieOptions and
|
||||||
secureFalseOrNotSet(oc) and
|
secureFalseOrNotSet(oc) and
|
||||||
exists(DataFlow::Node creation |
|
CookieOptionsTracking::flowFromExpr(oc)
|
||||||
CookieOptionsTracking::flow(creation, _) and
|
|
||||||
creation.asExpr() = oc
|
|
||||||
)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
predicate insecureCookieAppend(Expr sink) {
|
predicate insecureCookieAppend(Expr sink) {
|
||||||
|
|||||||
@@ -260,6 +260,8 @@ module SummaryModelGeneratorInput implements SummaryModelGeneratorInputSig {
|
|||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int contentAccessPathLimitInternal() { result = 2 }
|
||||||
|
|
||||||
bindingset[d]
|
bindingset[d]
|
||||||
private string getFullyQualifiedName(Declaration d) {
|
private string getFullyQualifiedName(Declaration d) {
|
||||||
exists(string qualifier, string name |
|
exists(string qualifier, string name |
|
||||||
|
|||||||
@@ -183,7 +183,7 @@ function RegisterExtractorPack(id)
|
|||||||
MsBuildMatcher,
|
MsBuildMatcher,
|
||||||
CreatePatternMatcher({ '^csc.*%.exe$' }, MatchCompilerName, extractor, {
|
CreatePatternMatcher({ '^csc.*%.exe$' }, MatchCompilerName, extractor, {
|
||||||
prepend = { '--compiler', '"${compiler}"' },
|
prepend = { '--compiler', '"${compiler}"' },
|
||||||
order = ORDER_BEFORE
|
order = ORDER_AFTER
|
||||||
}),
|
}),
|
||||||
CreatePatternMatcher({ '^fakes.*%.exe$', 'moles.*%.exe' },
|
CreatePatternMatcher({ '^fakes.*%.exe$', 'moles.*%.exe' },
|
||||||
MatchCompilerName, nil, { trace = false }),
|
MatchCompilerName, nil, { trace = false }),
|
||||||
@@ -224,7 +224,7 @@ function RegisterExtractorPack(id)
|
|||||||
CreatePatternMatcher({ '^mcs%.exe$', '^csc%.exe$', '^csc$' }, MatchCompilerName,
|
CreatePatternMatcher({ '^mcs%.exe$', '^csc%.exe$', '^csc$' }, MatchCompilerName,
|
||||||
extractor, {
|
extractor, {
|
||||||
prepend = { '--compiler', '${compiler}' },
|
prepend = { '--compiler', '${compiler}' },
|
||||||
order = ORDER_BEFORE
|
order = ORDER_AFTER
|
||||||
}),
|
}),
|
||||||
MsBuildMatcher,
|
MsBuildMatcher,
|
||||||
function(compilerName, compilerPath, compilerArguments, _languageId)
|
function(compilerName, compilerPath, compilerArguments, _languageId)
|
||||||
|
|||||||
@@ -54,9 +54,9 @@ ql/lib/go.dbscheme.stats: ql/lib/go.dbscheme build/stats/src.stamp extractor
|
|||||||
codeql dataset measure -o $@ build/stats/database/db-go
|
codeql dataset measure -o $@ build/stats/database/db-go
|
||||||
|
|
||||||
test: all build/testdb/check-upgrade-path
|
test: all build/testdb/check-upgrade-path
|
||||||
codeql test run -j0 ql/test --search-path .. --check-diff-informed --consistency-queries ql/test/consistency --compilation-cache=$(cache) --dynamic-join-order-mode=$(rtjo) --check-databases --fail-on-trap-errors --check-undefined-labels --check-unused-labels --check-repeated-labels --check-redefined-labels --check-use-before-definition
|
codeql test run -j0 ql/test --search-path .. --check-diff-informed --consistency-queries ql/consistency-queries --compilation-cache=$(cache) --dynamic-join-order-mode=$(rtjo) --check-databases --fail-on-trap-errors --check-undefined-labels --check-unused-labels --check-repeated-labels --check-redefined-labels --check-use-before-definition
|
||||||
# use GOOS=linux because GOOS=darwin GOARCH=386 is no longer supported
|
# use GOOS=linux because GOOS=darwin GOARCH=386 is no longer supported
|
||||||
env GOOS=linux GOARCH=386 codeql$(EXE) test run -j0 ql/test/query-tests/Security/CWE-681 --search-path .. --check-diff-informed --consistency-queries ql/test/consistency --compilation-cache=$(cache) --dynamic-join-order-mode=$(rtjo)
|
env GOOS=linux GOARCH=386 codeql$(EXE) test run -j0 ql/test/query-tests/Security/CWE-681 --search-path .. --check-diff-informed --consistency-queries ql/consistency-queries --compilation-cache=$(cache) --dynamic-join-order-mode=$(rtjo)
|
||||||
cd extractor; $(BAZEL) test ...
|
cd extractor; $(BAZEL) test ...
|
||||||
bash extractor-smoke-test/test.sh || (echo "Extractor smoke test FAILED"; exit 1)
|
bash extractor-smoke-test/test.sh || (echo "Extractor smoke test FAILED"; exit 1)
|
||||||
|
|
||||||
|
|||||||
@@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
category: breaking
|
||||||
|
---
|
||||||
|
* The query `go/unexpected-frontend-error` has been moved from the `codeql/go-queries` query to the `codeql-go-consistency-queries` query pack.
|
||||||
@@ -5,10 +5,25 @@
|
|||||||
|
|
||||||
private import go
|
private import go
|
||||||
private import DataFlowImplSpecific as Impl
|
private import DataFlowImplSpecific as Impl
|
||||||
|
private import DataFlowUtil
|
||||||
private import TaintTrackingImplSpecific
|
private import TaintTrackingImplSpecific
|
||||||
private import codeql.dataflow.internal.DataFlowImplConsistency
|
private import codeql.dataflow.internal.DataFlowImplConsistency
|
||||||
private import semmle.go.dataflow.internal.DataFlowNodes
|
private import semmle.go.dataflow.internal.DataFlowNodes
|
||||||
|
|
||||||
private module Input implements InputSig<Location, Impl::GoDataFlow> { }
|
private module Input implements InputSig<Location, Impl::GoDataFlow> {
|
||||||
|
predicate missingLocationExclude(DataFlow::Node n) {
|
||||||
|
n instanceof DataFlow::GlobalFunctionNode or n instanceof Private::FlowSummaryNode
|
||||||
|
}
|
||||||
|
|
||||||
|
predicate uniqueNodeLocationExclude(DataFlow::Node n) { missingLocationExclude(n) }
|
||||||
|
|
||||||
|
predicate localFlowIsLocalExclude(DataFlow::Node n1, DataFlow::Node n2) {
|
||||||
|
n1 instanceof DataFlow::FunctionNode and simpleLocalFlowStep(n1, n2, _)
|
||||||
|
}
|
||||||
|
|
||||||
|
predicate argHasPostUpdateExclude(DataFlow::ArgumentNode n) {
|
||||||
|
not DataFlow::insnHasPostUpdateNode(n.asInstruction())
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
module Consistency = MakeConsistency<Location, Impl::GoDataFlow, GoTaintTracking, Input>;
|
module Consistency = MakeConsistency<Location, Impl::GoDataFlow, GoTaintTracking, Input>;
|
||||||
|
|||||||
@@ -27,7 +27,7 @@ module AllocationSizeOverflow {
|
|||||||
private module FindLargeLensFlow = TaintTracking::Global<FindLargeLensConfig>;
|
private module FindLargeLensFlow = TaintTracking::Global<FindLargeLensConfig>;
|
||||||
|
|
||||||
private DataFlow::CallNode getALargeLenCall() {
|
private DataFlow::CallNode getALargeLenCall() {
|
||||||
exists(DataFlow::Node lenArg | FindLargeLensFlow::flow(_, lenArg) |
|
exists(DataFlow::Node lenArg | FindLargeLensFlow::flowTo(lenArg) |
|
||||||
result.getArgument(0) = lenArg
|
result.getArgument(0) = lenArg
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -211,7 +211,7 @@ module UntrustedDataToUnknownExternalApiFlow =
|
|||||||
|
|
||||||
/** A node representing untrusted data being passed to an external API. */
|
/** A node representing untrusted data being passed to an external API. */
|
||||||
class UntrustedExternalApiDataNode extends ExternalApiDataNode {
|
class UntrustedExternalApiDataNode extends ExternalApiDataNode {
|
||||||
UntrustedExternalApiDataNode() { UntrustedDataToExternalApiFlow::flow(_, this) }
|
UntrustedExternalApiDataNode() { UntrustedDataToExternalApiFlow::flowTo(this) }
|
||||||
|
|
||||||
/** Gets a source of untrusted data which is passed to this external API data node. */
|
/** Gets a source of untrusted data which is passed to this external API data node. */
|
||||||
DataFlow::Node getAnUntrustedSource() { UntrustedDataToExternalApiFlow::flow(result, this) }
|
DataFlow::Node getAnUntrustedSource() { UntrustedDataToExternalApiFlow::flow(result, this) }
|
||||||
|
|||||||
@@ -15,7 +15,7 @@ module MissingJwtSignatureCheck {
|
|||||||
module Config implements DataFlow::ConfigSig {
|
module Config implements DataFlow::ConfigSig {
|
||||||
predicate isSource(DataFlow::Node source) {
|
predicate isSource(DataFlow::Node source) {
|
||||||
source instanceof Source and
|
source instanceof Source and
|
||||||
not SafeParse::flow(source, _)
|
not SafeParse::flowFrom(source)
|
||||||
}
|
}
|
||||||
|
|
||||||
predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
|
predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
|
||||||
|
|||||||
@@ -32,7 +32,7 @@ module UnsafeUnzipSymlink {
|
|||||||
* Holds if `node` is an archive header field read that flows to a `path/filepath.EvalSymlinks` call.
|
* Holds if `node` is an archive header field read that flows to a `path/filepath.EvalSymlinks` call.
|
||||||
*/
|
*/
|
||||||
private predicate symlinksEvald(DataFlow::Node node) {
|
private predicate symlinksEvald(DataFlow::Node node) {
|
||||||
EvalSymlinksFlow::flow(getASimilarReadNode(node), _)
|
EvalSymlinksFlow::flowFrom(getASimilarReadNode(node))
|
||||||
}
|
}
|
||||||
|
|
||||||
private module Config implements DataFlow::ConfigSig {
|
private module Config implements DataFlow::ConfigSig {
|
||||||
|
|||||||
@@ -81,5 +81,5 @@ module Config implements DataFlow::ConfigSig {
|
|||||||
module Flow = DataFlow::Global<Config>;
|
module Flow = DataFlow::Global<Config>;
|
||||||
|
|
||||||
from DataFlow::Node source, string msg
|
from DataFlow::Node source, string msg
|
||||||
where Flow::flow(source, _) and Config::isSourceString(source, msg)
|
where Flow::flowFrom(source) and Config::isSourceString(source, msg)
|
||||||
select source, msg
|
select source, msg
|
||||||
|
|||||||
@@ -154,7 +154,7 @@ module FlowToPrintFlow = DataFlow::Global<FlowToPrintConfig>;
|
|||||||
|
|
||||||
/** Holds if the provided `CallNode`'s result flows to an argument of a printer call. */
|
/** Holds if the provided `CallNode`'s result flows to an argument of a printer call. */
|
||||||
predicate resultFlowsToPrinter(DataFlow::CallNode authCodeUrlCall) {
|
predicate resultFlowsToPrinter(DataFlow::CallNode authCodeUrlCall) {
|
||||||
FlowToPrintFlow::flow(authCodeUrlCall.getResult(), _)
|
FlowToPrintFlow::flowFrom(authCodeUrlCall.getResult())
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Get a data-flow node that reads the value of `os.Stdin`. */
|
/** Get a data-flow node that reads the value of `os.Stdin`. */
|
||||||
|
|||||||
@@ -21,6 +21,6 @@ where
|
|||||||
OpenUrlRedirect::Flow::flowPath(source, sink) and
|
OpenUrlRedirect::Flow::flowPath(source, sink) and
|
||||||
// this excludes flow from safe parts of request URLs, for example the full URL when the
|
// this excludes flow from safe parts of request URLs, for example the full URL when the
|
||||||
// doing a redirect from `http://<path>` to `https://<path>`
|
// doing a redirect from `http://<path>` to `https://<path>`
|
||||||
not SafeUrlFlow::Flow::flow(_, sink.getNode())
|
not SafeUrlFlow::Flow::flowTo(sink.getNode())
|
||||||
select sink.getNode(), source, sink, "This path to an untrusted URL redirection depends on a $@.",
|
select sink.getNode(), source, sink, "This path to an untrusted URL redirection depends on a $@.",
|
||||||
source.getNode(), "user-provided value"
|
source.getNode(), "user-provided value"
|
||||||
|
|||||||
@@ -21,6 +21,6 @@ where
|
|||||||
RequestForgery::Flow::flowPath(source, sink) and
|
RequestForgery::Flow::flowPath(source, sink) and
|
||||||
request = sink.getNode().(RequestForgery::Sink).getARequest() and
|
request = sink.getNode().(RequestForgery::Sink).getARequest() and
|
||||||
// this excludes flow from safe parts of request URLs, for example the full URL
|
// this excludes flow from safe parts of request URLs, for example the full URL
|
||||||
not SafeUrlFlow::Flow::flow(_, sink.getNode())
|
not SafeUrlFlow::Flow::flowTo(sink.getNode())
|
||||||
select request, source, sink, "The $@ of this request depends on a $@.", sink.getNode(),
|
select request, source, sink, "The $@ of this request depends on a $@.", sink.getNode(),
|
||||||
sink.getNode().(RequestForgery::Sink).getKind(), source, "user-provided value"
|
sink.getNode().(RequestForgery::Sink).getKind(), source, "user-provided value"
|
||||||
|
|||||||
@@ -70,5 +70,6 @@ module PamStartToAuthenticateFlow = TaintTracking::Global<PamStartToAuthenticate
|
|||||||
from DataFlow::Node source, DataFlow::Node sink
|
from DataFlow::Node source, DataFlow::Node sink
|
||||||
where
|
where
|
||||||
not isInTestFile(source.asExpr()) and
|
not isInTestFile(source.asExpr()) and
|
||||||
(PamStartToAuthenticateFlow::flow(source, sink) and not PamStartToAcctMgmtFlow::flow(source, _))
|
PamStartToAuthenticateFlow::flow(source, sink) and
|
||||||
|
not PamStartToAcctMgmtFlow::flowFrom(source)
|
||||||
select source, "This Pam transaction may not be secure."
|
select source, "This Pam transaction may not be secure."
|
||||||
|
|||||||
@@ -24,7 +24,7 @@ module JwtParseWithConstantKeyConfig implements DataFlow::ConfigSig {
|
|||||||
or
|
or
|
||||||
n = fd.(FuncDecl).getFunction().getARead()
|
n = fd.(FuncDecl).getFunction().getARead()
|
||||||
|
|
|
|
||||||
GolangJwtKeyFunc::flow(n, _) and
|
GolangJwtKeyFunc::flowFrom(n) and
|
||||||
sink = rn and
|
sink = rn and
|
||||||
rn.getRoot() = fd and
|
rn.getRoot() = fd and
|
||||||
rn.getIndex() = 0
|
rn.getIndex() = 0
|
||||||
|
|||||||
@@ -1 +0,0 @@
|
|||||||
| test.go:7:1:7:1 | expected declaration, found This |
|
|
||||||
1
go/ql/test/consistency/dummy.expected
Normal file
1
go/ql/test/consistency/dummy.expected
Normal file
@@ -0,0 +1 @@
|
|||||||
|
| This is a dummy query which is only needed so that the consistency tests will run |
|
||||||
1
go/ql/test/consistency/dummy.ql
Normal file
1
go/ql/test/consistency/dummy.ql
Normal file
@@ -0,0 +1 @@
|
|||||||
|
select "This is a dummy query which is only needed so that the consistency tests will run"
|
||||||
@@ -0,0 +1,3 @@
|
|||||||
|
identityLocalStep
|
||||||
|
| main.go:46:18:46:18 | n | Node steps to itself |
|
||||||
|
| main.go:47:3:47:3 | c | Node steps to itself |
|
||||||
@@ -0,0 +1,5 @@
|
|||||||
|
reverseRead
|
||||||
|
| timing.go:15:18:15:20 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| timing.go:28:18:28:20 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| timing.go:41:18:41:20 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| timing.go:53:18:53:20 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
@@ -0,0 +1,4 @@
|
|||||||
|
reverseRead
|
||||||
|
| ImproperLdapAuth.go:18:18:18:20 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| ImproperLdapAuth.go:39:18:39:20 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| ImproperLdapAuth.go:64:18:64:20 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
@@ -0,0 +1,3 @@
|
|||||||
|
reverseRead
|
||||||
|
| go-jose.v3.go:16:17:16:17 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| golang-jwt-v5.go:22:17:22:17 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
@@ -0,0 +1,10 @@
|
|||||||
|
reverseRead
|
||||||
|
| DivideByZero.go:10:12:10:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| DivideByZero.go:17:12:17:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| DivideByZero.go:24:12:24:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| DivideByZero.go:31:12:31:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| DivideByZero.go:38:12:38:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| DivideByZero.go:45:12:45:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| DivideByZero.go:54:12:54:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| DivideByZero.go:63:12:63:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| DivideByZero.go:72:12:72:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
@@ -0,0 +1,4 @@
|
|||||||
|
identityLocalStep
|
||||||
|
| DatabaseCallInLoop.go:9:3:9:4 | db | Node steps to itself |
|
||||||
|
| test.go:21:12:21:13 | db | Node steps to itself |
|
||||||
|
| test.go:25:15:25:16 | db | Node steps to itself |
|
||||||
@@ -0,0 +1,58 @@
|
|||||||
|
reverseRead
|
||||||
|
| test.go:60:15:60:21 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:61:24:61:30 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:62:13:62:19 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:63:17:63:23 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:64:8:64:14 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:65:12:65:18 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:66:8:66:14 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:67:12:67:18 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:68:17:68:23 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:69:21:69:27 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:70:13:70:19 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:71:17:71:23 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:72:16:72:22 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:73:20:73:26 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:74:7:74:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:75:11:75:17 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:76:9:76:15 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:77:13:77:19 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:78:18:78:24 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:79:22:79:28 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:80:5:80:11 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:81:9:81:15 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:82:7:82:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:83:11:83:17 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:84:15:84:21 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:85:16:85:22 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:86:20:86:26 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:87:16:87:22 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:88:20:88:26 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:89:17:89:23 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:90:21:90:27 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:91:15:91:21 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:92:19:92:25 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:93:5:93:11 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:94:9:94:15 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
identityLocalStep
|
||||||
|
| test.go:114:37:114:38 | rc | Node steps to itself |
|
||||||
|
| test.go:198:27:198:29 | out | Node steps to itself |
|
||||||
|
| test.go:224:27:224:29 | out | Node steps to itself |
|
||||||
|
| test.go:249:27:249:29 | out | Node steps to itself |
|
||||||
|
| test.go:274:27:274:29 | out | Node steps to itself |
|
||||||
|
| test.go:299:27:299:29 | out | Node steps to itself |
|
||||||
|
| test.go:324:26:324:28 | out | Node steps to itself |
|
||||||
|
| test.go:349:26:349:28 | out | Node steps to itself |
|
||||||
|
| test.go:375:28:375:30 | out | Node steps to itself |
|
||||||
|
| test.go:403:28:403:30 | out | Node steps to itself |
|
||||||
|
| test.go:431:24:431:26 | out | Node steps to itself |
|
||||||
|
| test.go:463:26:463:28 | out | Node steps to itself |
|
||||||
|
| test.go:490:26:490:28 | out | Node steps to itself |
|
||||||
|
| test.go:517:27:517:29 | out | Node steps to itself |
|
||||||
|
| test.go:546:26:546:28 | out | Node steps to itself |
|
||||||
|
| test.go:571:26:571:28 | out | Node steps to itself |
|
||||||
|
| test.go:601:24:601:26 | out | Node steps to itself |
|
||||||
|
| test.go:614:15:614:21 | tarRead | Node steps to itself |
|
||||||
|
| test.go:622:3:622:7 | files | Node steps to itself |
|
||||||
|
| test.go:637:10:637:16 | tarRead | Node steps to itself |
|
||||||
|
| test.go:647:10:647:16 | tarRead | Node steps to itself |
|
||||||
@@ -0,0 +1,13 @@
|
|||||||
|
reverseRead
|
||||||
|
| SensitiveConditionBypassBad.go:7:5:7:5 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| condition.go:16:5:16:5 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| condition.go:25:5:25:5 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| condition.go:34:5:34:5 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| condition.go:41:5:41:5 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| condition.go:41:35:41:35 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| condition.go:49:5:49:5 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| condition.go:56:5:56:5 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| condition.go:63:5:63:5 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| condition.go:70:5:70:5 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| condition.go:77:5:77:5 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| condition.go:84:5:84:5 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
@@ -0,0 +1,7 @@
|
|||||||
|
reverseRead
|
||||||
|
| ConditionalBypassBad.go:9:5:9:5 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| ConditionalBypassGood.go:9:5:9:5 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| condition.go:9:5:9:5 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| condition.go:16:5:16:5 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| condition.go:16:41:16:41 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| condition.go:23:5:23:5 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
@@ -0,0 +1,8 @@
|
|||||||
|
reverseRead
|
||||||
|
| builtin.go:115:31:115:31 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| builtin.go:124:32:124:32 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| builtin.go:133:54:133:54 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| builtin.go:142:55:142:55 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| new-tests.go:62:31:62:33 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| new-tests.go:78:18:78:20 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| new-tests.go:81:37:81:39 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
@@ -0,0 +1,18 @@
|
|||||||
|
reverseRead
|
||||||
|
| CorsMisconfiguration.go:52:14:52:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| CorsMisconfiguration.go:59:14:59:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| CorsMisconfiguration.go:66:17:66:19 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| CorsMisconfiguration.go:74:14:74:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| CorsMisconfiguration.go:81:14:81:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| CorsMisconfiguration.go:88:14:88:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| CorsMisconfiguration.go:101:14:101:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| CorsMisconfiguration.go:112:14:112:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| CorsMisconfiguration.go:126:15:126:17 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| CorsMisconfiguration.go:141:14:141:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| CorsMisconfiguration.go:156:14:156:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| CorsMisconfiguration.go:170:14:170:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| CorsMisconfiguration.go:194:17:194:19 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| CorsMisconfiguration.go:206:14:206:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
identityLocalStep
|
||||||
|
| CorsMisconfiguration.go:208:13:208:18 | origin | Node steps to itself |
|
||||||
|
| CorsMisconfiguration.go:235:6:235:8 | try | Node steps to itself |
|
||||||
@@ -0,0 +1,6 @@
|
|||||||
|
reverseRead
|
||||||
|
| WrongUsageOfUnsafe.go:34:40:34:47 | harmless | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| WrongUsageOfUnsafe.go:55:40:55:47 | harmless | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| WrongUsageOfUnsafe.go:77:43:77:50 | harmless | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| WrongUsageOfUnsafe.go:111:47:111:54 | harmless | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| WrongUsageOfUnsafe.go:211:47:211:54 | harmless | Origin of readStep is missing a PostUpdateNode. |
|
||||||
@@ -0,0 +1,2 @@
|
|||||||
|
reverseRead
|
||||||
|
| RemoteSources.go:98:9:98:24 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
@@ -0,0 +1,11 @@
|
|||||||
|
reverseRead
|
||||||
|
| pkg1/embedding.go:56:29:56:39 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| pkg1/embedding.go:57:33:57:46 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| pkg1/embedding.go:58:14:58:22 | implicit read of field embedder | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| pkg1/embedding.go:58:31:58:42 | implicit read of field embedder | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| pkg1/tst.go:43:6:43:6 | t | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| pkg1/tst.go:46:6:46:6 | t | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| pkg1/tst.go:50:2:50:2 | t | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| pkg1/tst.go:53:6:53:7 | t2 | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| pkg1/tst.go:55:6:55:7 | t2 | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| promoted.go:18:6:18:6 | t | Origin of readStep is missing a PostUpdateNode. |
|
||||||
@@ -0,0 +1,9 @@
|
|||||||
|
reverseRead
|
||||||
|
| main.go:49:2:49:4 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| main.go:50:2:50:4 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| main.go:58:2:58:5 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| main.go:63:49:63:49 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| server.go:8:6:8:6 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| server.go:9:6:9:6 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| server.go:10:6:10:6 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| server.go:13:6:13:6 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
@@ -0,0 +1,6 @@
|
|||||||
|
reverseRead
|
||||||
|
| Builtin.go:7:2:7:10 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Builtin.go:13:2:13:10 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Builtin.go:22:2:22:10 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Builtin.go:32:2:32:10 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Builtin.go:39:2:39:10 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
@@ -0,0 +1,37 @@
|
|||||||
|
reverseRead
|
||||||
|
| test_methods.go:44:7:44:7 | t | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test_methods.go:45:7:45:7 | t | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test_methods.go:46:2:46:2 | t | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test_methods.go:50:7:50:7 | t | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test_methods.go:51:7:51:7 | t | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test_methods.go:52:2:52:2 | t | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test_methods.go:92:7:92:7 | t | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test_methods.go:93:7:93:7 | t | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test_methods.go:94:2:94:2 | t | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test_methods.go:98:7:98:7 | t | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test_methods.go:99:7:99:7 | t | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test_methods.go:100:2:100:2 | t | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test_methods.go:104:7:104:7 | t | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test_methods.go:105:7:105:7 | t | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test_methods.go:106:2:106:2 | t | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test_methods.go:110:7:110:7 | t | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test_methods.go:111:7:111:7 | t | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test_methods.go:112:2:112:2 | t | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test_methods.go:140:7:140:7 | implicit read of field SEmbedI1 | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test_methods.go:141:7:141:7 | implicit read of field SEmbedI1 | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test_methods.go:142:2:142:2 | implicit read of field SEmbedI1 | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test_methods.go:146:7:146:7 | implicit read of field SEmbedS1 | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test_methods.go:147:7:147:7 | implicit read of field SEmbedS1 | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test_methods.go:148:2:148:2 | implicit read of field SEmbedS1 | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test_methods.go:152:7:152:7 | implicit read of field SEmbedPtrS1 | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test_methods.go:153:7:153:7 | implicit read of field SEmbedPtrS1 | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test_methods.go:154:2:154:2 | implicit read of field SEmbedPtrS1 | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test_methods.go:158:7:158:7 | implicit read of field SEmbedS1 | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test_methods.go:159:7:159:7 | implicit read of field SEmbedS1 | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test_methods.go:160:2:160:2 | implicit read of field SEmbedS1 | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test_methods.go:164:7:164:7 | implicit read of field SEmbedPtrS1 | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test_methods.go:165:7:165:7 | implicit read of field SEmbedPtrS1 | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test_methods.go:166:2:166:2 | implicit read of field SEmbedPtrS1 | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test_methods.go:170:7:170:7 | t | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test_methods.go:171:7:171:7 | t | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test_methods.go:172:2:172:2 | t | Origin of readStep is missing a PostUpdateNode. |
|
||||||
@@ -0,0 +1,15 @@
|
|||||||
|
reverseRead
|
||||||
|
| test.go:90:10:90:15 | taint8 | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:104:12:104:18 | taint10 | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:150:10:150:14 | slice | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
identityLocalStep
|
||||||
|
| test.go:92:3:92:3 | b | Node steps to itself |
|
||||||
|
| test.go:95:3:95:3 | b | Node steps to itself |
|
||||||
|
| test.go:106:3:106:3 | b | Node steps to itself |
|
||||||
|
| test.go:109:3:109:3 | b | Node steps to itself |
|
||||||
|
| test.go:119:3:119:3 | b | Node steps to itself |
|
||||||
|
| test.go:122:3:122:3 | b | Node steps to itself |
|
||||||
|
| test.go:125:3:125:3 | b | Node steps to itself |
|
||||||
|
| test.go:128:3:128:3 | b | Node steps to itself |
|
||||||
|
| test.go:138:3:138:3 | b | Node steps to itself |
|
||||||
|
| test.go:141:3:141:3 | b | Node steps to itself |
|
||||||
@@ -0,0 +1,15 @@
|
|||||||
|
reverseRead
|
||||||
|
| test.go:90:10:90:15 | taint8 | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:104:12:104:18 | taint10 | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:150:10:150:14 | slice | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
identityLocalStep
|
||||||
|
| test.go:92:3:92:3 | b | Node steps to itself |
|
||||||
|
| test.go:95:3:95:3 | b | Node steps to itself |
|
||||||
|
| test.go:106:3:106:3 | b | Node steps to itself |
|
||||||
|
| test.go:109:3:109:3 | b | Node steps to itself |
|
||||||
|
| test.go:119:3:119:3 | b | Node steps to itself |
|
||||||
|
| test.go:122:3:122:3 | b | Node steps to itself |
|
||||||
|
| test.go:125:3:125:3 | b | Node steps to itself |
|
||||||
|
| test.go:128:3:128:3 | b | Node steps to itself |
|
||||||
|
| test.go:138:3:138:3 | b | Node steps to itself |
|
||||||
|
| test.go:141:3:141:3 | b | Node steps to itself |
|
||||||
@@ -0,0 +1,3 @@
|
|||||||
|
reverseRead
|
||||||
|
| regressions.go:21:3:21:3 | x | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| regressions.go:22:3:22:3 | y | Origin of readStep is missing a PostUpdateNode. |
|
||||||
@@ -0,0 +1,3 @@
|
|||||||
|
reverseRead
|
||||||
|
| globalVariable.go:17:7:17:17 | globalArray | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| globalVariable.go:18:7:18:17 | globalSlice | Origin of readStep is missing a PostUpdateNode. |
|
||||||
@@ -0,0 +1,2 @@
|
|||||||
|
reverseRead
|
||||||
|
| test.go:23:12:23:12 | a | Origin of readStep is missing a PostUpdateNode. |
|
||||||
@@ -0,0 +1,7 @@
|
|||||||
|
reverseRead
|
||||||
|
| methods.go:48:2:48:6 | base1 | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| methods.go:58:2:58:7 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| methods.go:67:2:67:6 | base2 | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| methods.go:68:2:68:6 | base2 | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| methods.go:77:2:77:7 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| methods.go:78:2:78:7 | base2p | Origin of readStep is missing a PostUpdateNode. |
|
||||||
@@ -0,0 +1,3 @@
|
|||||||
|
reverseRead
|
||||||
|
| main.go:97:2:97:8 | wrapper | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| main.go:117:2:117:2 | p | Origin of readStep is missing a PostUpdateNode. |
|
||||||
@@ -0,0 +1,2 @@
|
|||||||
|
reverseRead
|
||||||
|
| test.go:32:11:32:11 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
@@ -0,0 +1,28 @@
|
|||||||
|
reverseRead
|
||||||
|
| test_couchbase_gocb_v2.go:151:2:151:10 | call to Next | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test_couchbase_gocb_v2.go:161:2:161:3 | r7 | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test_jmoiron_sqlx.go:66:6:66:9 | rows | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test_jmoiron_sqlx.go:69:9:69:12 | rows | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test_jmoiron_sqlx.go:80:18:80:19 | db | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test_jmoiron_sqlx.go:89:8:89:11 | rows | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test_jmoiron_sqlx.go:91:6:91:9 | rows | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test_jmoiron_sqlx.go:94:9:94:12 | rows | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test_jmoiron_sqlx.go:151:8:151:11 | rows | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test_jmoiron_sqlx.go:153:6:153:9 | rows | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test_jmoiron_sqlx.go:156:9:156:12 | rows | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test_jmoiron_sqlx.go:198:18:198:21 | stmt | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test_jmoiron_sqlx.go:207:8:207:11 | rows | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test_jmoiron_sqlx.go:209:6:209:9 | rows | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test_jmoiron_sqlx.go:212:9:212:12 | rows | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test_jmoiron_sqlx.go:254:18:254:19 | tx | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test_jmoiron_sqlx.go:263:8:263:11 | rows | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test_jmoiron_sqlx.go:265:6:265:9 | rows | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test_jmoiron_sqlx.go:268:9:268:12 | rows | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
identityLocalStep
|
||||||
|
| test_couchbase_gocb_v1.go:20:6:20:7 | r1 | Node steps to itself |
|
||||||
|
| test_couchbase_gocb_v1.go:40:6:40:7 | r2 | Node steps to itself |
|
||||||
|
| test_mongo_driver_mongo.go:80:24:80:26 | ctx | Node steps to itself |
|
||||||
|
| test_mongo_driver_mongo.go:103:24:103:26 | ctx | Node steps to itself |
|
||||||
|
| test_mongo_driver_mongo.go:116:24:116:26 | ctx | Node steps to itself |
|
||||||
|
| test_uptrace_bun.go:27:3:27:4 | db | Node steps to itself |
|
||||||
|
| test_uptrace_bun.go:27:14:27:16 | ctx | Node steps to itself |
|
||||||
@@ -0,0 +1,2 @@
|
|||||||
|
reverseRead
|
||||||
|
| test.go:19:14:19:20 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
@@ -0,0 +1,19 @@
|
|||||||
|
reverseRead
|
||||||
|
| test.go:142:3:142:9 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:143:3:143:9 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:143:23:143:29 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:208:18:208:20 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:208:18:208:28 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:229:21:229:25 | files | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:259:2:259:2 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:270:37:270:37 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:283:44:283:48 | files | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:297:51:297:62 | genericFiles | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:298:54:298:62 | untainted | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:317:13:317:15 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:318:20:318:22 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:324:17:324:19 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:324:17:324:25 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
identityLocalStep
|
||||||
|
| test.go:278:3:278:14 | genericFiles | Node steps to itself |
|
||||||
|
| test.go:278:21:278:25 | files | Node steps to itself |
|
||||||
@@ -0,0 +1,2 @@
|
|||||||
|
reverseRead
|
||||||
|
| test.go:110:20:110:23 | objs | Origin of readStep is missing a PostUpdateNode. |
|
||||||
@@ -0,0 +1,2 @@
|
|||||||
|
reverseRead
|
||||||
|
| test.go:13:12:13:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
@@ -0,0 +1,4 @@
|
|||||||
|
reverseRead
|
||||||
|
| test.go:89:16:89:22 | cookies | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:193:10:193:22 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:216:20:216:26 | cookies | Origin of readStep is missing a PostUpdateNode. |
|
||||||
@@ -0,0 +1,22 @@
|
|||||||
|
reverseRead
|
||||||
|
| fasthttp.go:75:28:75:35 | lbclient | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| fasthttp.go:102:7:102:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| fasthttp.go:162:3:162:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| fasthttp.go:163:3:163:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| fasthttp.go:164:3:164:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| fasthttp.go:165:15:165:24 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| fasthttp.go:166:15:166:24 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| fasthttp.go:167:15:167:24 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| fasthttp.go:168:15:168:24 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| fasthttp.go:170:3:170:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| fasthttp.go:172:3:172:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| fasthttp.go:173:3:173:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| fasthttp.go:174:3:174:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| fasthttp.go:175:3:175:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| fasthttp.go:183:3:183:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| fasthttp.go:184:3:184:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| fasthttp.go:185:16:185:25 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| fasthttp.go:194:3:194:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| fasthttp.go:195:3:195:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| fasthttp.go:196:3:196:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| fasthttp.go:197:3:197:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
@@ -0,0 +1,5 @@
|
|||||||
|
reverseRead
|
||||||
|
| Gin.go:26:18:26:18 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Gin.go:26:28:26:28 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Gin.go:158:10:158:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Gin.go:162:13:162:15 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
@@ -0,0 +1,14 @@
|
|||||||
|
reverseRead
|
||||||
|
| proto/Hello.pb.go:34:10:34:40 | file_proto_Hello_proto_msgTypes | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| proto/Hello.pb.go:47:9:47:39 | file_proto_Hello_proto_msgTypes | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| proto/Hello.pb.go:81:10:81:40 | file_proto_Hello_proto_msgTypes | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| proto/Hello.pb.go:94:9:94:39 | file_proto_Hello_proto_msgTypes | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| proto/Hello.pb.go:169:13:169:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| proto/Hello.pb.go:171:13:171:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| proto/Hello.pb.go:173:13:173:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| proto/Hello.pb.go:181:13:181:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| proto/Hello.pb.go:183:13:183:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| proto/Hello.pb.go:185:13:185:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| proto/Hello.pb.micro.go:55:9:55:9 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| proto/Hello.pb.micro.go:57:9:57:9 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| proto/Hello.pb.micro.go:86:9:86:9 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
@@ -0,0 +1,2 @@
|
|||||||
|
reverseRead
|
||||||
|
| main.go:19:2:19:4 | ctx | Origin of readStep is missing a PostUpdateNode. |
|
||||||
@@ -0,0 +1,32 @@
|
|||||||
|
reverseRead
|
||||||
|
| protos/query/query.pb.go:58:9:58:34 | file_query_proto_enumTypes | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| protos/query/query.pb.go:62:10:62:35 | file_query_proto_enumTypes | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| protos/query/query.pb.go:88:10:88:34 | file_query_proto_msgTypes | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| protos/query/query.pb.go:101:9:101:33 | file_query_proto_msgTypes | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| protos/query/query.pb.go:156:10:156:34 | file_query_proto_msgTypes | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| protos/query/query.pb.go:169:9:169:33 | file_query_proto_msgTypes | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| protos/query/query.pb.go:204:10:204:34 | file_query_proto_msgTypes | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| protos/query/query.pb.go:217:9:217:33 | file_query_proto_msgTypes | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| protos/query/query.pb.go:318:13:318:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| protos/query/query.pb.go:320:13:320:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| protos/query/query.pb.go:322:13:322:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| protos/query/query.pb.go:330:13:330:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| protos/query/query.pb.go:332:13:332:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| protos/query/query.pb.go:334:13:334:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| protos/query/query.pb.go:342:13:342:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| protos/query/query.pb.go:344:13:344:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| protos/query/query.pb.go:346:13:346:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| testDeprecatedApi.go:74:24:74:28 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| testDeprecatedApi.go:85:24:85:28 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| testDeprecatedApi.go:98:13:98:24 | selection of Alerts | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| testDeprecatedApi.go:124:12:124:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| testDeprecatedApi.go:167:12:167:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| testDeprecatedApi.go:176:24:176:28 | query | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| testModernApi.go:94:12:94:21 | serialized | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| testModernApi.go:102:24:102:28 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| testModernApi.go:113:24:113:28 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| testModernApi.go:126:13:126:24 | selection of Alerts | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| testModernApi.go:162:12:162:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| testModernApi.go:186:12:186:21 | serialized | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| testModernApi.go:224:12:224:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| testModernApi.go:233:24:233:28 | query | Origin of readStep is missing a PostUpdateNode. |
|
||||||
@@ -0,0 +1,173 @@
|
|||||||
|
reverseRead
|
||||||
|
| EndToEnd.go:30:9:30:9 | c | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| EndToEnd.go:30:35:30:35 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| EndToEnd.go:30:35:30:42 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| EndToEnd.go:36:18:36:18 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| EndToEnd.go:36:18:36:25 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| EndToEnd.go:37:9:37:9 | c | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| EndToEnd.go:44:18:44:18 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| EndToEnd.go:44:18:44:25 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| EndToEnd.go:45:9:45:9 | c | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| EndToEnd.go:51:20:51:20 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| EndToEnd.go:51:20:51:27 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| EndToEnd.go:52:9:52:9 | c | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| EndToEnd.go:58:18:58:18 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| EndToEnd.go:58:18:58:25 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| EndToEnd.go:59:9:59:9 | c | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| EndToEnd.go:64:9:64:9 | c | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| EndToEnd.go:64:26:64:26 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| EndToEnd.go:64:26:64:33 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| EndToEnd.go:69:9:69:9 | c | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| EndToEnd.go:69:22:69:22 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| EndToEnd.go:69:22:69:29 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| EndToEnd.go:74:9:74:9 | c | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| EndToEnd.go:74:22:74:22 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| EndToEnd.go:74:22:74:29 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| EndToEnd.go:79:9:79:9 | c | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| EndToEnd.go:79:35:79:35 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| EndToEnd.go:79:35:79:42 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| EndToEnd.go:84:9:84:9 | c | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| EndToEnd.go:84:22:84:22 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| EndToEnd.go:84:22:84:29 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| EndToEnd.go:89:9:89:9 | c | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| EndToEnd.go:89:21:89:21 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| EndToEnd.go:89:21:89:28 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| EndToEnd.go:94:9:94:9 | c | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| EndToEnd.go:94:20:94:20 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| EndToEnd.go:94:20:94:27 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Revel.go:26:7:26:7 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Revel.go:26:7:26:14 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Revel.go:27:7:27:7 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Revel.go:27:7:27:14 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Revel.go:30:2:30:2 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Revel.go:33:7:33:7 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Revel.go:37:7:37:7 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Revel.go:37:7:37:14 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Revel.go:38:24:38:24 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Revel.go:42:7:42:7 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Revel.go:43:24:43:24 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Revel.go:47:7:47:7 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Revel.go:51:7:51:7 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Revel.go:52:7:52:7 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Revel.go:56:7:56:7 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Revel.go:56:7:56:27 | index expression | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Revel.go:60:7:60:7 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Revel.go:60:7:60:14 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Revel.go:63:2:63:2 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Revel.go:70:22:70:22 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Revel.go:71:2:71:2 | c | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Revel.go:75:7:75:7 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Revel.go:76:7:76:7 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Revel.go:77:7:77:7 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Revel.go:77:7:77:15 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Revel.go:78:7:78:7 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Revel.go:79:7:79:7 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Revel.go:80:7:80:7 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Revel.go:82:13:82:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Revel.go:85:13:85:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Revel.go:88:13:88:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Revel.go:89:7:89:28 | index expression | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Revel.go:91:7:91:7 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Revel.go:91:7:91:15 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Revel.go:91:7:91:41 | index expression | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Revel.go:93:28:93:28 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Revel.go:96:15:96:15 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Revel.go:99:7:99:7 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Revel.go:101:7:101:7 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Revel.go:103:15:103:15 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Revel.go:109:7:109:7 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Revel.go:111:7:111:7 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Revel.go:116:2:116:2 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Revel.go:116:2:116:10 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Revel.go:120:2:120:2 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Revel.go:120:2:120:10 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Revel.go:125:13:125:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Revel.go:125:13:125:21 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Revel.go:128:14:128:14 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Revel.go:128:14:128:22 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| Revel.go:133:13:133:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/app.go:34:2:34:2 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/app.go:45:10:45:10 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/app.go:47:2:47:2 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/app.go:48:9:48:9 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/app.go:52:9:52:9 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/app.go:56:2:56:2 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/app.go:57:2:57:2 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/app.go:59:16:59:16 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/app.go:61:5:61:5 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/app.go:62:3:62:3 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/app.go:63:3:63:3 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/app.go:64:10:64:10 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/app.go:68:2:68:2 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/app.go:69:9:69:9 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/app.go:79:5:79:5 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/app.go:81:5:81:5 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/app.go:83:4:83:4 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/app.go:84:11:84:11 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/app.go:89:2:89:2 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/app.go:90:9:90:9 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/app.go:95:10:95:10 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/app.go:97:9:97:9 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/hotels.go:43:13:43:13 | c | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/hotels.go:44:3:44:3 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/hotels.go:45:10:45:10 | c | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/hotels.go:51:2:51:2 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/hotels.go:54:9:54:9 | c | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/hotels.go:107:9:107:9 | c | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/hotels.go:118:9:118:9 | c | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/hotels.go:132:10:132:10 | c | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/hotels.go:135:9:135:9 | c | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/hotels.go:139:9:139:9 | c | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/hotels.go:143:26:143:26 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/hotels.go:144:2:144:2 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/hotels.go:146:2:146:2 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/hotels.go:148:5:148:5 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/hotels.go:149:3:149:3 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/hotels.go:150:10:150:10 | c | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/hotels.go:153:2:153:2 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/hotels.go:154:9:154:9 | c | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/hotels.go:160:10:160:10 | c | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/hotels.go:165:17:165:17 | c | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/hotels.go:166:19:166:19 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/hotels.go:168:5:168:5 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/hotels.go:168:33:168:33 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/hotels.go:168:33:168:40 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/hotels.go:169:3:169:3 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/hotels.go:170:3:170:3 | c | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/hotels.go:171:10:171:10 | c | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/hotels.go:174:5:174:5 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/hotels.go:174:5:174:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/hotels.go:175:3:175:3 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/hotels.go:176:4:176:10 | booking | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/hotels.go:177:10:177:10 | c | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/hotels.go:180:9:180:9 | c | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/hotels.go:184:2:184:2 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/hotels.go:185:9:185:9 | c | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/hotels.go:191:10:191:10 | c | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/controllers/hotels.go:195:9:195:9 | c | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/init.go:36:44:36:44 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/init.go:40:49:40:49 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/init.go:52:2:52:2 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/init.go:52:2:52:11 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/init.go:53:2:53:2 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/init.go:53:2:53:11 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/init.go:54:2:54:2 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/init.go:54:2:54:11 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/models/booking.go:33:13:33:19 | booking | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/models/booking.go:34:13:34:19 | booking | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/models/booking.go:35:13:35:19 | booking | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/models/booking.go:36:13:36:19 | booking | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/models/booking.go:49:9:49:9 | b | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/models/booking.go:53:14:53:14 | b | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/models/booking.go:53:38:53:38 | b | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/models/booking.go:67:3:67:3 | b | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/models/booking.go:68:3:68:3 | b | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/models/booking.go:69:3:69:3 | b | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/models/booking.go:73:39:73:39 | b | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/models/booking.go:73:47:73:47 | b | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/models/booking.go:81:13:81:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/models/booking.go:82:14:82:14 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/models/booking.go:83:17:83:17 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| examples/booking/app/models/booking.go:84:18:84:18 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
identityLocalStep
|
||||||
|
| examples/booking/app/controllers/app.go:95:10:95:10 | c | Node steps to itself |
|
||||||
@@ -0,0 +1,2 @@
|
|||||||
|
reverseRead
|
||||||
|
| SystemCommandExecutors.go:25:12:25:14 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
@@ -0,0 +1,3 @@
|
|||||||
|
reverseRead
|
||||||
|
| main.go:28:2:28:4 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| main.go:34:2:34:4 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
@@ -0,0 +1,103 @@
|
|||||||
|
reverseRead
|
||||||
|
| rpc/notes/service.pb.go:36:10:36:46 | file_rpc_notes_service_proto_msgTypes | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.pb.go:49:9:49:45 | file_rpc_notes_service_proto_msgTypes | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.pb.go:97:10:97:46 | file_rpc_notes_service_proto_msgTypes | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.pb.go:110:9:110:45 | file_rpc_notes_service_proto_msgTypes | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.pb.go:142:10:142:46 | file_rpc_notes_service_proto_msgTypes | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.pb.go:155:9:155:45 | file_rpc_notes_service_proto_msgTypes | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.pb.go:182:10:182:46 | file_rpc_notes_service_proto_msgTypes | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.pb.go:195:9:195:45 | file_rpc_notes_service_proto_msgTypes | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.pb.go:297:13:297:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.pb.go:299:13:299:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.pb.go:301:13:301:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.pb.go:309:13:309:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.pb.go:311:13:311:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.pb.go:313:13:313:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.pb.go:321:13:321:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.pb.go:323:13:323:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.pb.go:325:13:325:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.pb.go:333:13:333:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.pb.go:335:13:335:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.pb.go:337:13:337:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:82:40:82:49 | clientOpts | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:118:37:118:37 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:118:47:118:52 | selection of opts | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:124:24:124:29 | selection of opts | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:128:34:128:39 | selection of opts | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:164:37:164:37 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:164:47:164:52 | selection of opts | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:170:24:170:29 | selection of opts | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:174:34:174:39 | selection of opts | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:221:40:221:49 | clientOpts | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:257:33:257:33 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:257:43:257:48 | selection of opts | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:263:24:263:29 | selection of opts | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:267:34:267:39 | selection of opts | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:303:33:303:33 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:303:43:303:48 | selection of opts | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:309:24:309:29 | selection of opts | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:313:34:313:39 | selection of opts | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:350:45:350:54 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:360:29:360:29 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:389:38:389:38 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:397:58:397:60 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:402:47:402:49 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:404:48:404:50 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:405:58:405:60 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:409:95:409:97 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:410:58:410:60 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:422:48:422:50 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:423:58:423:60 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:429:12:429:14 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:440:53:440:55 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:441:43:441:45 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:449:36:449:36 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:455:23:455:25 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:477:13:477:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:494:41:494:41 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:507:34:507:34 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:524:24:524:24 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:526:24:526:24 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:532:36:532:36 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:538:25:538:27 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:558:13:558:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:575:41:575:41 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:588:34:588:34 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:603:24:603:24 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:605:24:605:24 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:609:12:609:14 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:620:53:620:55 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:621:43:621:45 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:629:36:629:36 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:635:23:635:25 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:657:13:657:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:674:41:674:41 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:687:34:687:34 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:704:24:704:24 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:706:24:706:24 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:712:36:712:36 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:718:25:718:27 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:738:13:738:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:755:41:755:41 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:768:34:768:34 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:783:24:783:24 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:785:24:785:24 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:969:8:969:13 | copied | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:984:2:984:4 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:985:2:985:4 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:986:2:986:4 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:1032:15:1032:18 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:1037:35:1037:38 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:1116:66:1116:66 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:1159:98:1159:98 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:1227:21:1227:24 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:1237:35:1237:38 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:1278:11:1278:14 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| rpc/notes/service.twirp.go:1292:23:1292:26 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| server/main.go:33:19:33:19 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
identityLocalStep
|
||||||
|
| rpc/notes/service.twirp.go:60:6:60:15 | clientOpts | Node steps to itself |
|
||||||
|
| rpc/notes/service.twirp.go:199:6:199:15 | clientOpts | Node steps to itself |
|
||||||
|
| rpc/notes/service.twirp.go:852:6:852:15 | serverOpts | Node steps to itself |
|
||||||
|
| rpc/notes/service.twirp.go:854:29:854:38 | serverOpts | Node steps to itself |
|
||||||
|
| rpc/notes/service.twirp.go:965:4:965:9 | copied | Node steps to itself |
|
||||||
@@ -0,0 +1,2 @@
|
|||||||
|
reverseRead
|
||||||
|
| WebSocketReadWrite.go:27:9:27:9 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
@@ -0,0 +1,12 @@
|
|||||||
|
reverseRead
|
||||||
|
| test.go:12:12:12:18 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:17:24:17:30 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:20:36:20:42 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:23:33:23:39 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:24:22:24:26 | nodes | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:26:45:26:51 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:27:22:27:27 | nodes2 | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:31:33:31:39 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:39:49:39:55 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:43:31:43:37 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| test.go:48:32:48:38 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
@@ -0,0 +1,6 @@
|
|||||||
|
identityLocalStep
|
||||||
|
| InconsistentLoopOrientation.go:6:3:6:3 | a | Node steps to itself |
|
||||||
|
| InconsistentLoopOrientationGood.go:6:3:6:3 | a | Node steps to itself |
|
||||||
|
| main.go:9:26:9:26 | s | Node steps to itself |
|
||||||
|
| main.go:14:29:14:29 | l | Node steps to itself |
|
||||||
|
| main.go:20:3:20:3 | a | Node steps to itself |
|
||||||
@@ -0,0 +1,3 @@
|
|||||||
|
identityLocalStep
|
||||||
|
| LengthComparisonOffByOne.go:10:19:10:28 | searchName | Node steps to itself |
|
||||||
|
| LengthComparisonOffByOneGood.go:9:14:9:23 | searchName | Node steps to itself |
|
||||||
@@ -0,0 +1,4 @@
|
|||||||
|
reverseRead
|
||||||
|
| testdata.go:206:7:206:7 | x | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
identityLocalStep
|
||||||
|
| testdata.go:583:7:583:7 | x | Node steps to itself |
|
||||||
@@ -0,0 +1,3 @@
|
|||||||
|
identityLocalStep
|
||||||
|
| main.go:35:6:35:9 | cond | Node steps to itself |
|
||||||
|
| main.go:44:6:44:9 | cond | Node steps to itself |
|
||||||
@@ -0,0 +1,5 @@
|
|||||||
|
reverseRead
|
||||||
|
| IncompleteHostnameRegexp.go:12:42:12:44 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| IncompleteHostnameRegexpGood2.go:12:42:12:44 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| IncompleteHostnameRegexpGood.go:12:42:12:44 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| main.go:18:57:18:57 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
@@ -0,0 +1,3 @@
|
|||||||
|
reverseRead
|
||||||
|
| MissingRegexpAnchor.go:12:42:12:44 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| MissingRegexpAnchorGood.go:12:42:12:44 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
@@ -0,0 +1,22 @@
|
|||||||
|
reverseRead
|
||||||
|
| TaintedPath.go:15:18:15:18 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| TaintedPath.go:84:28:84:32 | files | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
identityLocalStep
|
||||||
|
| UnsafeUnzipSymlink.go:26:18:26:18 | r | Node steps to itself |
|
||||||
|
| UnsafeUnzipSymlink.go:30:29:30:34 | target | Node steps to itself |
|
||||||
|
| UnsafeUnzipSymlink.go:42:22:42:27 | target | Node steps to itself |
|
||||||
|
| UnsafeUnzipSymlink.go:58:18:58:18 | r | Node steps to itself |
|
||||||
|
| UnsafeUnzipSymlink.go:62:3:62:7 | links | Node steps to itself |
|
||||||
|
| UnsafeUnzipSymlink.go:79:18:79:18 | r | Node steps to itself |
|
||||||
|
| UnsafeUnzipSymlink.go:85:29:85:34 | target | Node steps to itself |
|
||||||
|
| UnsafeUnzipSymlink.go:94:18:94:18 | r | Node steps to itself |
|
||||||
|
| UnsafeUnzipSymlink.go:98:29:98:34 | target | Node steps to itself |
|
||||||
|
| UnsafeUnzipSymlink.go:121:32:121:32 | r | Node steps to itself |
|
||||||
|
| UnsafeUnzipSymlink.go:125:29:125:34 | target | Node steps to itself |
|
||||||
|
| UnsafeUnzipSymlink.go:146:32:146:32 | r | Node steps to itself |
|
||||||
|
| UnsafeUnzipSymlink.go:150:29:150:34 | target | Node steps to itself |
|
||||||
|
| UnsafeUnzipSymlinkGood.go:30:18:30:18 | r | Node steps to itself |
|
||||||
|
| UnsafeUnzipSymlinkGood.go:34:33:34:38 | target | Node steps to itself |
|
||||||
|
| UnsafeUnzipSymlinkGood.go:46:26:46:31 | target | Node steps to itself |
|
||||||
|
| UnsafeUnzipSymlinkGood.go:72:18:72:18 | r | Node steps to itself |
|
||||||
|
| UnsafeUnzipSymlinkGood.go:76:41:76:46 | target | Node steps to itself |
|
||||||
@@ -0,0 +1,11 @@
|
|||||||
|
reverseRead
|
||||||
|
| ArgumentInjection.go:9:10:9:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| CommandInjection2.go:13:15:13:17 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| CommandInjection2.go:21:15:21:17 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| CommandInjection2.go:41:15:41:17 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| CommandInjection.go:9:13:9:15 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| GitSubcommands.go:11:13:11:15 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| GitSubcommands.go:22:13:22:15 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| GitSubcommands.go:33:13:33:15 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| SanitizingDoubleDash.go:9:13:9:15 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| SanitizingDoubleDash.go:92:13:92:15 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
@@ -0,0 +1,26 @@
|
|||||||
|
reverseRead
|
||||||
|
| HtmlTemplateEscapingBypassXss.go:99:9:99:9 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| ReflectedXss.go:11:15:11:15 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| ReflectedXssGood.go:15:15:15:15 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| contenttype.go:11:11:11:11 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| contenttype.go:25:11:25:11 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| contenttype.go:39:11:39:11 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| contenttype.go:49:11:49:11 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| contenttype.go:61:11:61:11 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| contenttype.go:71:11:71:11 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| contenttype.go:86:11:86:11 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| contenttype.go:98:11:98:11 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| contenttype.go:111:11:111:11 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| reflectedxsstest.go:15:13:15:13 | r | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| reflectedxsstest.go:21:13:21:13 | r | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| reflectedxsstest.go:51:14:51:14 | r | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| tst.go:14:15:14:15 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| tst.go:33:15:33:15 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| tst.go:48:14:48:14 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| tst.go:66:15:66:15 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| websocketXss.go:26:9:26:9 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
identityLocalStep
|
||||||
|
| StoredXss.go:13:18:13:18 | w | Node steps to itself |
|
||||||
|
| StoredXssGood.go:17:3:17:10 | template | Node steps to itself |
|
||||||
|
| stored.go:30:19:30:19 | w | Node steps to itself |
|
||||||
|
| stored.go:51:20:51:20 | w | Node steps to itself |
|
||||||
@@ -0,0 +1,23 @@
|
|||||||
|
reverseRead
|
||||||
|
| SqlInjection.go:11:3:11:5 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| SqlInjection.go:11:3:11:17 | call to Query | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| SqlInjectionGood.go:10:14:10:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| SqlInjectionGood.go:10:14:10:28 | call to Query | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| issue48.go:17:25:17:27 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| issue48.go:21:3:21:21 | RequestDataFromJson | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| issue48.go:27:26:27:28 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| issue48.go:31:3:31:22 | RequestDataFromJson2 | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| issue48.go:37:24:37:26 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| issue48.go:40:3:40:22 | RequestDataFromJson3 | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| main.go:15:63:15:63 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| main.go:15:63:15:75 | call to Query | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| main.go:16:63:16:63 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| main.go:30:13:30:15 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| main.go:34:3:34:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| main.go:40:25:40:27 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| main.go:43:3:43:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| main.go:49:28:49:30 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| main.go:52:3:52:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| main.go:58:28:58:30 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| main.go:61:4:61:15 | star expression | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| main.go:68:18:68:20 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
@@ -0,0 +1,11 @@
|
|||||||
|
reverseRead
|
||||||
|
| LogInjection.go:32:14:32:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| LogInjection.go:33:14:33:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| LogInjection.go:34:18:34:20 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| LogInjection.go:35:14:35:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| LogInjection.go:447:14:447:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| LogInjection.go:455:14:455:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| LogInjection.go:463:14:463:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| LogInjection.go:498:14:498:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| LogInjection.go:499:14:499:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| LogInjection.go:724:12:724:14 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
@@ -0,0 +1,3 @@
|
|||||||
|
reverseRead
|
||||||
|
| array_vs_contents.go:16:25:16:31 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
| array_vs_contents.go:33:25:33:31 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user