diff --git a/change-notes/2020-08-27-protobufs.md b/change-notes/2020-08-27-protobufs.md new file mode 100644 index 00000000000..2628fd12d91 --- /dev/null +++ b/change-notes/2020-08-27-protobufs.md @@ -0,0 +1,2 @@ +lgtm,codescanning +* Taint is now propagated across protocol buffer ("protobuf") marshalling and unmarshalling operations. This may result in more results from existing queries where the protocol buffer format is used. diff --git a/change-notes/2020-09-14-split-string-sanitizer.md b/change-notes/2020-09-14-split-string-sanitizer.md new file mode 100644 index 00000000000..970da425e87 --- /dev/null +++ b/change-notes/2020-09-14-split-string-sanitizer.md @@ -0,0 +1,2 @@ +lgtm,codescanning +* Splitting a string by whitespace or a colon is now considered sanitizing by the `go/clear-text-logging` query, because this is frequently used to split a username and password or other secret. diff --git a/ql/src/semmle/go/Architectures.qll b/ql/src/semmle/go/Architectures.qll index 3de0a81e20c..f86b1054642 100644 --- a/ql/src/semmle/go/Architectures.qll +++ b/ql/src/semmle/go/Architectures.qll @@ -26,5 +26,11 @@ class Architecture extends string { bitSize = 64 } + /** + * Gets theĀ integer and pointer type width for this architecture. + * + * As of the time of writing, this appears to always be identical -- there aren't + * Go architectures with 64-bit pointers but 32-bit ints, for example. + */ int getBitSize() { result = bitSize } } diff --git a/ql/src/semmle/go/dataflow/FunctionInputsAndOutputs.qll b/ql/src/semmle/go/dataflow/FunctionInputsAndOutputs.qll index e3d3059cfbc..c1653f5b3ad 100644 --- a/ql/src/semmle/go/dataflow/FunctionInputsAndOutputs.qll +++ b/ql/src/semmle/go/dataflow/FunctionInputsAndOutputs.qll @@ -51,6 +51,7 @@ class FunctionInput extends TFunctionInput { abstract string toString(); } +/** Defines convenience methods that get particular `FunctionInput` instances. */ module FunctionInput { /** Gets a `FunctionInput` representing the `i`th parameter. */ FunctionInput parameter(int i) { result.isParameter(i) } @@ -191,6 +192,7 @@ class FunctionOutput extends TFunctionOutput { abstract string toString(); } +/** Defines convenience methods that get particular `FunctionOutput` instances. */ module FunctionOutput { /** Gets a `FunctionOutput` representing the result of a single-result function. */ FunctionOutput functionResult() { result.isResult() } diff --git a/ql/src/semmle/go/dataflow/TaintTracking2.qll b/ql/src/semmle/go/dataflow/TaintTracking2.qll index 1e6639d8539..6b1b2487e5b 100644 --- a/ql/src/semmle/go/dataflow/TaintTracking2.qll +++ b/ql/src/semmle/go/dataflow/TaintTracking2.qll @@ -1,3 +1,8 @@ +/** + * Provides classes for performing local (intra-procedural) and + * global (inter-procedural) taint-tracking analyses. + */ + /** * Provides classes for performing local (intra-procedural) and * global (inter-procedural) taint-tracking analyses. diff --git a/ql/src/semmle/go/dataflow/internal/TaintTrackingUtil.qll b/ql/src/semmle/go/dataflow/internal/TaintTrackingUtil.qll index d8b192951ef..94ccce8f869 100644 --- a/ql/src/semmle/go/dataflow/internal/TaintTrackingUtil.qll +++ b/ql/src/semmle/go/dataflow/internal/TaintTrackingUtil.qll @@ -177,6 +177,9 @@ predicate defaultAdditionalTaintStep(DataFlow::Node src, DataFlow::Node sink) { localAdditionalTaintStep(src, sink) } +/** + * A sanitizer in all global taint flow configurations but not in local taint. + */ abstract class DefaultTaintSanitizer extends DataFlow::Node { } /** diff --git a/ql/src/semmle/go/frameworks/Revel.qll b/ql/src/semmle/go/frameworks/Revel.qll index 592f5aa394b..380251e4686 100644 --- a/ql/src/semmle/go/frameworks/Revel.qll +++ b/ql/src/semmle/go/frameworks/Revel.qll @@ -5,6 +5,7 @@ import go private import semmle.go.security.OpenUrlRedirectCustomizations +/** Provides classes and methods modelling the Revel web framework. */ module Revel { /** Gets the package name. */ bindingset[result] diff --git a/ql/src/semmle/go/security/OpenUrlRedirectCustomizations.qll b/ql/src/semmle/go/security/OpenUrlRedirectCustomizations.qll index d33754deb86..586f15b4c42 100644 --- a/ql/src/semmle/go/security/OpenUrlRedirectCustomizations.qll +++ b/ql/src/semmle/go/security/OpenUrlRedirectCustomizations.qll @@ -39,6 +39,9 @@ module OpenUrlRedirect { */ bindingset[this] abstract class AdditionalStep extends string { + /** + * Holds if `pred` to `succ` is an additional taint-propagating step for this query. + */ abstract predicate hasTaintStep(DataFlow::Node pred, DataFlow::Node succ); }