Merge pull request #444 from smowton/smowton/admin/merge-rc-126

Merge rc/1.26 back into `main`
2026-01-29 22:32:58 +01:00 · 2021-01-05 11:40:34 +00:00
parent ace9271cc4 2b608e5822
commit e6327f502c
8 changed files with 24 additions and 0 deletions
--- a/change-notes/2020-08-27-protobufs.md
+++ b/change-notes/2020-08-27-protobufs.md
@@ -0,0 +1,2 @@
+lgtm,codescanning
+* Taint is now propagated across protocol buffer ("protobuf")  marshalling and unmarshalling operations. This may result in more results from existing queries where the protocol buffer format is used.
--- a/change-notes/2020-09-14-split-string-sanitizer.md
+++ b/change-notes/2020-09-14-split-string-sanitizer.md
@@ -0,0 +1,2 @@
+lgtm,codescanning
+* Splitting a string by whitespace or a colon is now considered sanitizing by the `go/clear-text-logging` query, because this is frequently used to split a username and password or other secret.
--- a/ql/src/semmle/go/Architectures.qll
+++ b/ql/src/semmle/go/Architectures.qll
@@ -26,5 +26,11 @@ class Architecture extends string {
    bitSize = 64
  }

+  /**
+   * Gets the integer and pointer type width for this architecture.
+   *
+   * As of the time of writing, this appears to always be identical -- there aren't
+   * Go architectures with 64-bit pointers but 32-bit ints, for example.
+   */
  int getBitSize() { result = bitSize }
 }
--- a/ql/src/semmle/go/dataflow/FunctionInputsAndOutputs.qll
+++ b/ql/src/semmle/go/dataflow/FunctionInputsAndOutputs.qll
@@ -51,6 +51,7 @@ class FunctionInput extends TFunctionInput {
  abstract string toString();
 }

+/** Defines convenience methods that get particular `FunctionInput` instances. */
 module FunctionInput {
  /** Gets a `FunctionInput` representing the `i`th parameter. */
  FunctionInput parameter(int i) { result.isParameter(i) }
@@ -191,6 +192,7 @@ class FunctionOutput extends TFunctionOutput {
  abstract string toString();
 }

+/** Defines convenience methods that get particular `FunctionOutput` instances. */
 module FunctionOutput {
  /** Gets a `FunctionOutput` representing the result of a single-result function. */
  FunctionOutput functionResult() { result.isResult() }
--- a/ql/src/semmle/go/dataflow/TaintTracking2.qll
+++ b/ql/src/semmle/go/dataflow/TaintTracking2.qll
@@ -1,3 +1,8 @@
+/**
+ * Provides classes for performing local (intra-procedural) and
+ * global (inter-procedural) taint-tracking analyses.
+ */
+
 /**
 * Provides classes for performing local (intra-procedural) and
 * global (inter-procedural) taint-tracking analyses.
--- a/ql/src/semmle/go/dataflow/internal/TaintTrackingUtil.qll
+++ b/ql/src/semmle/go/dataflow/internal/TaintTrackingUtil.qll
@@ -177,6 +177,9 @@ predicate defaultAdditionalTaintStep(DataFlow::Node src, DataFlow::Node sink) {
  localAdditionalTaintStep(src, sink)
 }

+/**
+ * A sanitizer in all global taint flow configurations but not in local taint.
+ */
 abstract class DefaultTaintSanitizer extends DataFlow::Node { }

 /**
--- a/ql/src/semmle/go/frameworks/Revel.qll
+++ b/ql/src/semmle/go/frameworks/Revel.qll
@@ -5,6 +5,7 @@
 import go
 private import semmle.go.security.OpenUrlRedirectCustomizations

+/** Provides classes and methods modelling the Revel web framework. */
 module Revel {
  /** Gets the package name. */
  bindingset[result]
--- a/ql/src/semmle/go/security/OpenUrlRedirectCustomizations.qll
+++ b/ql/src/semmle/go/security/OpenUrlRedirectCustomizations.qll
@@ -39,6 +39,9 @@ module OpenUrlRedirect {
   */
  bindingset[this]
  abstract class AdditionalStep extends string {
+    /**
+     * Holds if `pred` to `succ` is an additional taint-propagating step for this query.
+     */
    abstract predicate hasTaintStep(DataFlow::Node pred, DataFlow::Node succ);
  }