992 Commits

Author	SHA1	Message	Date
Owen Mansel-Chan	a20c8cfd52	Add post-update nodes for implicit field read nodes	2025-12-04 12:00:02 +00:00
Owen Mansel-Chan	9bf20702c6	Remove identity steps	2025-12-04 11:59:58 +00:00
Owen Mansel-Chan	e9cb183670	Revert "Delete dummy.ql for now" ... This reverts commit 38cb6e5a00.	2025-12-02 11:41:39 +00:00
Owen Mansel-Chan	848677e580	Merge pull request #20917 from owen-mc/go/enable-data-flow-consistency-checks ... Go: enable data flow consistency checks	2025-12-02 10:52:47 +00:00
Owen Mansel-Chan	303deab608	Remove redundant conjunct	2025-11-28 02:12:12 +00:00
Owen Mansel-Chan	38cb6e5a00	Delete dummy.ql for now ... This is needed because a PR to another repo is needed to update the location of the consistency queries, and until that PR is merged we don't want to runny dummy.ql as a consistency query. After that PR is merged we should reinstate these files so that consistency tests are run on this test folder.	2025-11-26 15:03:09 +00:00
Owen Mansel-Chan	eca9ec59c4	Add exclusions to data flow consistency checks	2025-11-26 11:12:44 +00:00
Owen Mansel-Chan	916fe69e65	Accept data flow consistency test results	2025-11-26 11:00:25 +00:00
Owen Mansel-Chan	7cd04e346e	Move existing consistency query to new place	2025-11-26 10:44:59 +00:00
Joe Farebrother	cece73bdbf	Remove references to gorilla	2025-11-25 14:36:16 +00:00
Joe Farebrother	c7b16a043e	Address reviews - update comments, remove unneeded stubs	2025-11-25 14:36:00 +00:00
Joe Farebrother	6282c34396	Update formatting	2025-11-25 14:35:09 +00:00
Joe Farebrother	536e885f18	Remove experimental query	2025-11-25 14:34:41 +00:00
Joe Farebrother	8d544e5b15	Add tests	2025-11-25 14:33:51 +00:00
Owen Mansel-Chan	a70d74220f	Add test for good password hashing	2025-11-19 14:36:26 +00:00
Owen Mansel-Chan	f562b3d26e	Make line differences in test comments relative	2025-11-19 14:36:26 +00:00
Owen Mansel-Chan	52d7e2dd18	Add query for hashing sensitive data with weak hashing algorithm	2025-11-19 14:36:26 +00:00
Owen Mansel-Chan	713e19f6f1	Make non-path query for encryption only	2025-11-19 14:36:26 +00:00
Owen Mansel-Chan	f34a625ac2	Model cryptographic operations	2025-11-19 14:36:26 +00:00
Owen Mansel-Chan	34b2e3e2bf	Copy the structure of the Javascript query	2025-11-19 14:36:26 +00:00
Owen Mansel-Chan	a71bb4ba9a	Convert test to inline expectations	2025-11-19 14:36:26 +00:00
Owen Mansel-Chan	3cbce80d0b	Add SimpleTypeSanitizer to go/request-forgery	2025-10-09 12:17:21 +01:00
Owen Mansel-Chan	7599fdd8fa	Add request forgery test for numeric type	2025-10-09 12:17:19 +01:00
Owen Mansel-Chan	2629369c93	Improve additional flow step for Host field	2025-10-01 16:18:05 +01:00
Owen Mansel-Chan	6d6852fb8d	Test PathAssignmentBarrier for OpenUrlRedirect	2025-10-01 16:18:02 +01:00
Owen Mansel-Chan	f0f5fc7eac	Improve SSRF additional flow step	2025-10-01 16:18:00 +01:00
Owen Mansel-Chan	c9ce2c8043	Add test for assignment to Url.Host field	2025-10-01 16:17:58 +01:00
Owen Mansel-Chan	8b04d0a2b9	Convert SSRF tests to inline expectations tests	2025-10-01 16:17:57 +01:00
Owen Mansel-Chan	6e4dbe8e22	Fix SafeUrlFlow so test passes	2025-10-01 16:17:52 +01:00
Owen Mansel-Chan	620ae33e0c	Make SafeUrlFlow test more comprehensive (failing)	2025-10-01 16:17:04 +01:00
Owen Mansel-Chan	c9a2816bfe	Fix OpenUrlRedirect barrier for write to Url.Host	2025-10-01 16:13:24 +01:00
Owen Mansel-Chan	414bab1f30	Add OpenUrlRedirect tests for Url.Host field	2025-10-01 16:13:22 +01:00
Owen Mansel-Chan	1144bb99b4	Convert OpenUrlRedirect tests to InlineExpectations	2025-10-01 16:13:21 +01:00
Owen Mansel-Chan	25f182302d	Fix email injection sink that needs local flow	2025-10-01 16:13:10 +01:00
Owen Mansel-Chan	52b6539697	Typo ... Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>	2025-10-01 16:13:06 +01:00
Owen Mansel-Chan	5efc8ac1a4	Fix backwards flow through TaintTracking::FunctionModel ... We only do this for taint models as there isn't any backwards flow through data flow function models.	2025-10-01 16:13:01 +01:00
Owen Mansel-Chan	3906f2560d	Adjust Stack Exposure test so it passes ... A minor bug in our CFG means that we evaluate the base of a SliceExpr before the bounds. Since the bounds may have side effects, as in this case, it would be better to evaluate them first. But in the short term I am just adjusting the test to make it work.	2025-10-01 16:12:59 +01:00
Owen Mansel-Chan	62155876c5	Fix flow to variable capture ... The jump step to a `SsaCaptureVariable` should start at the last use before it, rather than from the previous definition.	2025-10-01 16:12:57 +01:00
Owen Mansel-Chan	cf6cfe2a1e	Non-initializing writes should target post-update nodes	2025-10-01 16:12:54 +01:00
Owen Mansel-Chan	8a3bd8408b	Fix test expectations for Cleartext Logging ... One spurious alert was removed, one missing alert was added, and some source locations changed.	2025-10-01 16:12:52 +01:00
Owen Mansel-Chan	3229630598	Make store step to send stmt's channel use post-update node	2025-10-01 16:12:51 +01:00
Owen Mansel-Chan	ac71f9cd8e	Expected change in test output ... These sources are now modeled using models-as-data, which (probably correctly) uses the post-update node as the source. But the deprecated QL models still exist, so we get two test results for each of these calls.	2025-10-01 16:12:49 +01:00
Owen Mansel-Chan	d2230c531d	Expected changes in test output	2025-10-01 16:12:47 +01:00
Owen Mansel-Chan	118def8d28	Make separate post-update nodes	2025-10-01 16:12:45 +01:00
Owen Mansel-Chan	a0c647ce83	Add Email Injection tests for reverse flow models	2025-10-01 16:12:43 +01:00
Owen Mansel-Chan	9892836f14	Switch order of PUN test output	2025-10-01 16:12:42 +01:00
Owen Mansel-Chan	14301e0af4	Expected changes in dataflow edges	2025-10-01 16:12:28 +01:00
Owen Mansel-Chan	c20abf6d58	Line numbers change because 3 lines were added	2025-10-01 16:12:27 +01:00
Owen Mansel-Chan	521066578b	Test result that was missing is now found	2025-10-01 16:12:25 +01:00
Owen Mansel-Chan	3594dba83c	Make insecure randomness test more realistic	2025-10-01 16:12:24 +01:00