45 Commits

Author	SHA1	Message	Date
Max Schaefer	0d2fe473d7	Add IncompleteUrlSchemeCheck query.	2020-01-07 14:46:49 +00:00
Max Schaefer	9cff56b975	Rename StringConcatenation.qll to StringOps.qll and add HasPrefix class.	2020-01-07 14:46:49 +00:00
Max Schaefer	aeb9840144	Add SliceNode class.	2020-01-06 15:36:54 +00:00
Max Schaefer	638fe07da0	Move getReceiver from MethodCallNode to CallNode.	2020-01-03 14:14:18 +00:00
Max Schaefer	bb4052a574	Generalise result type of getACallee.	2020-01-03 14:14:18 +00:00
Max Schaefer	59498f53f0	Move FuncDec.getACall into FuncDecl. ... Also changes the result from a `CallExpr` to a `CallNode` for consistency with `Function.getACall`.	2020-01-03 14:13:38 +00:00
Max Schaefer	6f82310a9e	Alert suppression through single-line /* */ style comments.	2020-01-02 14:34:11 +00:00
Max Schaefer	1df3585c92	Merge pull request #204 from Semmle/rc/1.23 ... Merge rc/1.23 into master	2019-12-11 10:28:00 +00:00
Max Schaefer	75d78b3f62	Reduce precision of HardcodedCredentials to "medium".	2019-12-10 16:12:48 +00:00
Max Schaefer	46c4670796	Make HardcodedCredentials query less noisy. ... Considering "cert" and "account" to be sensitive leads to a massive number of false positives, especially on cockroach and kubernetes.	2019-12-10 14:14:36 +00:00
Sauyon Lee	10907c8b04	IncompleteHostnameRegexp: disallow unescaped dot before TLD	2019-12-09 08:47:17 -08:00
Max Schaefer	62a50bac2a	Update taint-tracking libraries. ... This brings `TaintTrackingImpl.qll` up-to-date with the other languages as of https://github.com/Semmle/ql/pull/2480.	2019-12-06 14:07:35 +00:00
Max Schaefer	53f5e13af1	Update data-flow libraries. ... This brings `DataFlowImpl.qll` and `DataFlowImplCommon.qll` up-to-date with the other languages as of https://github.com/Semmle/ql/pull/2480.	2019-12-06 12:14:53 +00:00
Max Schaefer	80e7376189	Merge pull request #198 from sauyon/hardcoded-cred-fix ... HardcodedCredentials: Exclude passwords that include '0123456789'	2019-12-06 09:02:17 +00:00
Max Schaefer	6bda80a47b	Merge pull request #197 from Semmle/rc/1.23 ... Merge rc/1.23 into master	2019-12-06 09:01:18 +00:00
Sauyon Lee	2de7c6f5fc	HardcodedCredentials: Exclude passwords that include '0123456789'	2019-12-05 15:37:50 -08:00
Max Schaefer	8364ba3d38	Make Expr.getType() robust against incomplete type_of table.	2019-12-05 17:05:02 +00:00
Shati Patel	e4346a17de	Merge pull request #195 from max/impossible-interface-nil-check ... Add new query ImpossibleInterfaceNilCheck	2019-11-27 11:15:05 +00:00
Max Schaefer	ba54cde86e	Add two references.	2019-11-27 10:47:42 +00:00
Max Schaefer	e5a12e9738	Add new query ImpossibleInterfaceNilCheck.	2019-11-26 20:28:53 +00:00
Max Schaefer	f4a24b0353	Improve type information for tuple elements. ... We would previously rely on the type information of the target variable into which the element is stored, but that could be a more general type. For example, in the assignment ```go x, y := f() ``` the type of `x` might be an interface while the type of `f()[0]` is a concrete type implementing that interface.	2019-11-26 16:19:17 +00:00
Max Schaefer	ee723d8a4f	Fix DeadStoreOfField false positive. ... We should look into properly desugaring embedded types in the IR, but for now this workaround should suffice.	2019-11-25 20:21:16 +00:00
Max Schaefer	adf9764085	Don't flag header injection as XSS. ... All results I have seen from this are uninteresting.	2019-11-25 15:06:53 +00:00
Max Schaefer	db4e6789bb	Address doc review comment. ... Co-Authored-By: Shati Patel <shati@semmle.com>	2019-11-25 10:44:41 +00:00
Max Schaefer	e16a81cba9	Apply review suggestions.	2019-11-25 09:15:57 +00:00
Max Schaefer	cdb843516a	Introduce DataFlow::Node.getBasicBlock() and use it.	2019-11-25 09:14:15 +00:00
Max Schaefer	1ff032d11e	Add new query ConstantLengthComparison.	2019-11-22 20:55:14 +00:00
Max Schaefer	26a656b838	Merge pull request #189 from sauyon/use-taint-split ... Use split taint predicates to emulate taint	2019-11-22 17:51:09 +00:00
Max Schaefer	e367a48f6e	Mark isEmptyInterface as noinline.	2019-11-22 09:19:34 +00:00
Sauyon Lee	4ea45dbf34	Use data-flow API in stringConcatStep	2019-11-21 23:48:23 -08:00
Sauyon Lee	9651a0bfc4	Use the split taint predicate to emulate taint where required ... In particular, the OpenUrlRedirect and CleartextLogging queries, which both have taint flow into an object when one of its fields is written.	2019-11-21 22:58:36 -08:00
Sauyon Lee	c0730fe4cc	Make taintStep public	2019-11-21 22:58:25 -08:00
Sauyon Lee	73922e98d7	Merge pull request #188 from Semmle/rc/1.23 ... Merge rc/1.23 into master	2019-11-21 22:52:12 -08:00
Sauyon Lee	81ba71e47b	Address review comments	2019-11-21 08:29:01 -08:00
Sauyon Lee	3f437612e1	Add qldoc to all taint step predicates.	2019-11-20 11:27:24 -08:00
Sauyon Lee	1092fe5870	Move SsaWithFields to the Ssa file and rework it for public use ... Also use it in OpenRedirect	2019-11-20 11:20:55 -08:00
Sauyon Lee	4c9bf2265e	OpenRedirect: treat assignments to Url.Path as a barrier	2019-11-20 11:20:54 -08:00
Sauyon Lee	09865a5f5c	Add a field read taint step	2019-11-18 23:58:01 -08:00
Sauyon Lee	e0c589060a	Split taintStep into many predicates	2019-11-18 23:58:00 -08:00
Max Schaefer	616d78e2a5	Teach CleartextLogging not to flag constant sources.	2019-11-13 14:25:32 +00:00
Max Schaefer	50cde34878	Merge pull request #181 from sauyon/hardcoded-sensitive ... HardcodedCredentials: Use SensitiveActions	2019-11-13 09:21:45 +00:00
Sauyon Lee	3b39f5c2e1	OpenUrlRedirect: Use the regexp library for RegexpCheck	2019-11-12 15:14:05 -08:00
Sauyon Lee	50a008900c	HardcodedCredentials: Use SensitiveActions	2019-11-12 14:08:44 -08:00
Max Schaefer	06fe00006a	Conservatively handle indirect updates through pointer-type receiver. ... Method references `x.m` where the receiver of `m` is a pointer implicitly take the address of `x`, so they should be treated much the same as `&x` in terms of data flow. (Ideally we'd make this explicit in the data-flow graph itself, but that's for another PR.)	2019-11-12 08:54:47 +00:00
Max Schaefer	d14eb855fc	Go analysis support for CodeQL.	2019-11-08 12:16:26 +00:00