From f162a5be94028a0b8f6010c8fb76066b972734e6 Mon Sep 17 00:00:00 2001 From: Chris Smowton Date: Tue, 28 Jul 2020 15:36:38 +0100 Subject: [PATCH] Promote CWE-322 out of experimental status --- change-notes/2020-07-22-ssh-host-checking.md | 2 ++ .../CWE-322/InsecureHostKeyCallback.qhelp | 0 .../CWE-322/InsecureHostKeyCallback.ql | 0 .../CWE-322/InsecureHostKeyCallbackExample.go | 0 .../CWE-322/SecureHostKeyCallbackExample.go | 0 ql/test/experimental/CWE-322/InsecureHostKeyCallback.qlref | 1 - .../Security}/CWE-322/InsecureHostKeyCallback.expected | 0 .../query-tests/Security/CWE-322/InsecureHostKeyCallback.qlref | 1 + .../Security}/CWE-322/InsecureHostKeyCallbackExample.go | 0 ql/test/{experimental => query-tests/Security}/CWE-322/go.mod | 0 .../Security}/CWE-322/vendor/golang.org/LICENSE | 0 .../Security}/CWE-322/vendor/golang.org/x/crypto/ssh/stub.go | 0 .../Security}/CWE-322/vendor/modules.txt | 0 13 files changed, 3 insertions(+), 1 deletion(-) create mode 100644 change-notes/2020-07-22-ssh-host-checking.md rename ql/src/{experimental => Security}/CWE-322/InsecureHostKeyCallback.qhelp (100%) rename ql/src/{experimental => Security}/CWE-322/InsecureHostKeyCallback.ql (100%) rename ql/src/{experimental => Security}/CWE-322/InsecureHostKeyCallbackExample.go (100%) rename ql/src/{experimental => Security}/CWE-322/SecureHostKeyCallbackExample.go (100%) delete mode 100644 ql/test/experimental/CWE-322/InsecureHostKeyCallback.qlref rename ql/test/{experimental => query-tests/Security}/CWE-322/InsecureHostKeyCallback.expected (100%) create mode 100644 ql/test/query-tests/Security/CWE-322/InsecureHostKeyCallback.qlref rename ql/test/{experimental => query-tests/Security}/CWE-322/InsecureHostKeyCallbackExample.go (100%) rename ql/test/{experimental => query-tests/Security}/CWE-322/go.mod (100%) rename ql/test/{experimental => query-tests/Security}/CWE-322/vendor/golang.org/LICENSE (100%) rename ql/test/{experimental => query-tests/Security}/CWE-322/vendor/golang.org/x/crypto/ssh/stub.go (100%) rename ql/test/{experimental => query-tests/Security}/CWE-322/vendor/modules.txt (100%) diff --git a/change-notes/2020-07-22-ssh-host-checking.md b/change-notes/2020-07-22-ssh-host-checking.md new file mode 100644 index 00000000000..7f83626bf0e --- /dev/null +++ b/change-notes/2020-07-22-ssh-host-checking.md @@ -0,0 +1,2 @@ +lgtm,codescanning +* Query "Use of insecure HostKeyCallback implementation" (`go/insecure-hostkeycallback`) is promoted from experimental status. This checks for insecurely omitting SSH host-key verification. diff --git a/ql/src/experimental/CWE-322/InsecureHostKeyCallback.qhelp b/ql/src/Security/CWE-322/InsecureHostKeyCallback.qhelp similarity index 100% rename from ql/src/experimental/CWE-322/InsecureHostKeyCallback.qhelp rename to ql/src/Security/CWE-322/InsecureHostKeyCallback.qhelp diff --git a/ql/src/experimental/CWE-322/InsecureHostKeyCallback.ql b/ql/src/Security/CWE-322/InsecureHostKeyCallback.ql similarity index 100% rename from ql/src/experimental/CWE-322/InsecureHostKeyCallback.ql rename to ql/src/Security/CWE-322/InsecureHostKeyCallback.ql diff --git a/ql/src/experimental/CWE-322/InsecureHostKeyCallbackExample.go b/ql/src/Security/CWE-322/InsecureHostKeyCallbackExample.go similarity index 100% rename from ql/src/experimental/CWE-322/InsecureHostKeyCallbackExample.go rename to ql/src/Security/CWE-322/InsecureHostKeyCallbackExample.go diff --git a/ql/src/experimental/CWE-322/SecureHostKeyCallbackExample.go b/ql/src/Security/CWE-322/SecureHostKeyCallbackExample.go similarity index 100% rename from ql/src/experimental/CWE-322/SecureHostKeyCallbackExample.go rename to ql/src/Security/CWE-322/SecureHostKeyCallbackExample.go diff --git a/ql/test/experimental/CWE-322/InsecureHostKeyCallback.qlref b/ql/test/experimental/CWE-322/InsecureHostKeyCallback.qlref deleted file mode 100644 index 006d685c747..00000000000 --- a/ql/test/experimental/CWE-322/InsecureHostKeyCallback.qlref +++ /dev/null @@ -1 +0,0 @@ -experimental/CWE-322/InsecureHostKeyCallback.ql \ No newline at end of file diff --git a/ql/test/experimental/CWE-322/InsecureHostKeyCallback.expected b/ql/test/query-tests/Security/CWE-322/InsecureHostKeyCallback.expected similarity index 100% rename from ql/test/experimental/CWE-322/InsecureHostKeyCallback.expected rename to ql/test/query-tests/Security/CWE-322/InsecureHostKeyCallback.expected diff --git a/ql/test/query-tests/Security/CWE-322/InsecureHostKeyCallback.qlref b/ql/test/query-tests/Security/CWE-322/InsecureHostKeyCallback.qlref new file mode 100644 index 00000000000..b5f8712594d --- /dev/null +++ b/ql/test/query-tests/Security/CWE-322/InsecureHostKeyCallback.qlref @@ -0,0 +1 @@ +Security/CWE-322/InsecureHostKeyCallback.ql diff --git a/ql/test/experimental/CWE-322/InsecureHostKeyCallbackExample.go b/ql/test/query-tests/Security/CWE-322/InsecureHostKeyCallbackExample.go similarity index 100% rename from ql/test/experimental/CWE-322/InsecureHostKeyCallbackExample.go rename to ql/test/query-tests/Security/CWE-322/InsecureHostKeyCallbackExample.go diff --git a/ql/test/experimental/CWE-322/go.mod b/ql/test/query-tests/Security/CWE-322/go.mod similarity index 100% rename from ql/test/experimental/CWE-322/go.mod rename to ql/test/query-tests/Security/CWE-322/go.mod diff --git a/ql/test/experimental/CWE-322/vendor/golang.org/LICENSE b/ql/test/query-tests/Security/CWE-322/vendor/golang.org/LICENSE similarity index 100% rename from ql/test/experimental/CWE-322/vendor/golang.org/LICENSE rename to ql/test/query-tests/Security/CWE-322/vendor/golang.org/LICENSE diff --git a/ql/test/experimental/CWE-322/vendor/golang.org/x/crypto/ssh/stub.go b/ql/test/query-tests/Security/CWE-322/vendor/golang.org/x/crypto/ssh/stub.go similarity index 100% rename from ql/test/experimental/CWE-322/vendor/golang.org/x/crypto/ssh/stub.go rename to ql/test/query-tests/Security/CWE-322/vendor/golang.org/x/crypto/ssh/stub.go diff --git a/ql/test/experimental/CWE-322/vendor/modules.txt b/ql/test/query-tests/Security/CWE-322/vendor/modules.txt similarity index 100% rename from ql/test/experimental/CWE-322/vendor/modules.txt rename to ql/test/query-tests/Security/CWE-322/vendor/modules.txt