hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 14:52:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
404 Commits 1,684 Branches 159 Tags
21feb9d996ef324f57e57dff00a109459ab752fe
Commit Graph

280 Commits

Author SHA1 Message Date
intrigus
21feb9d996 Add byte slice type 2020-03-27 15:37:36 +01:00
intrigus
d609c0ca43 Shorten example code 2020-03-27 15:31:20 +01:00
intrigus
c5a1185939 Apply style suggestions 2020-03-27 15:29:21 +01:00
intrigus
b24c23389c Don't match unexported functions 2020-03-27 15:21:00 +01:00
intrigus-lgtm
5eaaa4264a Apply suggestions from code review 
Co-Authored-By: Sauyon Lee <sauyon@github.com>
 2020-03-27 13:42:30 +01:00
intrigus
be50db1cc7 Move XPath injection query to supported query 
The XPath injection query is moved to the supported queries.
Removed unnecessary code from the go test file
 2020-03-26 20:19:58 +01:00
intrigus
03023e8205 Add XPath model to default imports 2020-03-26 20:19:19 +01:00
intrigus
35a6fdb589 Add XPath framework models 2020-03-26 20:18:16 +01:00
Max Schaefer
8dda4bd97f Merge pull request #66 from intrigus-lgtm/CWE-643 
CWE-643 XPathInjection on Go
 2020-03-24 10:53:57 +00:00
Sauyon Lee
81e13473db Merge pull request #69 from max-schaefer/issue-72 
Track taint through element writes.
 2020-03-24 03:41:05 -07:00
intrigus
1f635806b3 Fix copy-paste errors, remove debugging code 2020-03-23 16:49:45 +01:00
intrigus-lgtm
9187bacd3c Apply suggestion from code review 
Use getUnderlyingType() to account for named aliases.

Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-03-23 16:45:56 +01:00
Max Schaefer
62b79721ea Track taint through element writes. 
This adds a taint step from `pred` to (the post-update node) of `succ` in `succ[idx] = pred` and its syntactic variants.

Unlike for structs, where partially tainted values are quite common, the theory is that arrays, maps, and slices are usually either completely tainted or completely clean.
 2020-03-23 09:15:01 +00:00
intrigus
d81c9b145e Update query help to use goxpath 2020-03-20 21:38:46 +01:00
intrigus
948b79df87 Update xpath example, use goxpath package 2020-03-20 21:38:46 +01:00
intrigus
c7ead88b91 Restructure query, add default sanitizer 2020-03-20 21:38:46 +01:00
intrigus-lgtm
ec40cf0379 Apply suggestions from review 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-03-20 21:38:02 +01:00
Max Schaefer
60fe6f4390 Add missing Qldoc for modules. 2020-03-20 17:36:08 +00:00
intrigus
d6ff6b74c5 CWE-643 XPathInjection on Go 2020-03-19 22:26:37 +01:00
Max Schaefer
f53732ec5a Merge pull request #39 from sauyon/go1.14 
Go 1.14 support
 2020-03-18 10:08:50 +00:00
Max Schaefer
0a59470640 Fix tests. (#3) 2020-03-18 02:10:24 -07:00
Max Schaefer
ad1324d2dd Add test. 2020-03-17 12:08:42 +00:00
Max Schaefer
49c5779112 Add model of go-pg/pg. 2020-03-17 12:08:42 +00:00
Sauyon Lee
e9b47298ed Merge pull request #61 from max-schaefer/better-method-sets 
Reformulate `Method.hasQualifiedName` in terms of method sets
 2020-03-17 07:46:19 -04:00
Max Schaefer
8cadc94f49 Clarify behaviour of getMethod on struct types. 2020-03-17 10:58:58 +00:00
Max Schaefer
74bcfdd01c Remove an unused and potentially confusing predicate. 2020-03-16 13:24:57 +00:00
Max Schaefer
0fc7febd1d Add another test. 2020-03-13 15:54:39 +00:00
Max Schaefer
f41151350a Merge pull request #60 from sauyon/bitwise-xor-fps 
MistypedExponentiation: Add a heuristic to reduce FPs
 2020-03-13 15:46:03 +00:00
Max Schaefer
8898858fff Add tests. 2020-03-13 14:19:27 +00:00
Max Schaefer
5175f1dcbe Take promoted methods into account when computing method sets. 2020-03-13 14:19:27 +00:00
Max Schaefer
d0c6206a6a Reformulate hasQualifiedName in terms of method sets. 2020-03-13 14:19:27 +00:00
Sauyon Lee
78ad006e68 Merge pull request #55 from max-schaefer/tainted-arithmetic 
Add new query `AllocationSizeOverflow`.
 2020-03-13 07:16:54 -07:00
Max Schaefer
39fa6052e6 Also treat second argument to make (slice capacity) as an allocation size. 2020-03-13 12:17:53 +00:00
Max Schaefer
864c85e886 Fix typo. 2020-03-13 10:27:58 +00:00
Max Schaefer
b2f1da8942 Simplify a condition. 2020-03-13 10:27:58 +00:00
Max Schaefer
d66888e651 Make query more extensible. 2020-03-13 10:27:58 +00:00
Max Schaefer
ea36d49218 Add new query AllocationSizeOverflow. 2020-03-13 10:18:51 +00:00
Sauyon Lee
630d0cef89 Address review comments 2020-03-12 09:13:52 -07:00
Sauyon Lee
6e681f829b MistypedExponentiation: Add a heuristic to reduce FPs 2020-03-12 09:13:52 -07:00
Max Schaefer
b3022c9fc8 Standardise RangeAnalysis.qll. 
This brings the library in line with our usual syntactic conventions regarding QLDoc and names. I've also made a few superficial simplifications here and there.

Overall, the code would benefit from being rewritten to make use of the data-flow graph, but that is a larger undertaking.
 2020-03-11 11:20:59 +00:00
Max Schaefer
a95b9c8e02 Rename a few files and clean up wording. 2020-03-11 11:04:42 +00:00
Max Schaefer
2fd925fe90 Autoformat. 2020-03-11 10:47:23 +00:00
Max Schaefer
f1d489f6f9 Merge pull request #51 from singleghost/master 
Add integer overflow detection support for codeql-go.
 2020-03-11 10:00:39 +00:00
Max Schaefer
a8c1731f9d Merge pull request #50 from sauyon/uintptr 
Make uintptrtype a subclass of unsignedintegertype
 2020-03-11 09:57:00 +00:00
singleghost
2aa2f608a3 Move files related to integer overflow detection under the src/experimental folder 2020-03-10 19:02:05 +08:00
Sauyon Lee
cdf3bc4fa0 Merge pull request #52 from max-schaefer/issue-48 
Improve taint-tracking through pointers and other fixes
 2020-03-09 06:36:43 -07:00
Sauyon Lee
2428efcb6d Make @uintptrtype a @unsignedintegertype 2020-03-09 04:40:02 -07:00
Sauyon Lee
5b81775670 Fix constant values test data 2020-03-09 04:40:01 -07:00
Max Schaefer
4dca00e99c Merge pull request #45 from sauyon/go-mod-libs 
Go.mod extraction libraries and tests
 2020-03-09 09:40:41 +00:00
singleghost
77ec4c913f Add integer overflow detection support for codeql-go. 
I wrote a ql library which can perform range analysis on expression and
can detect whether an arithmetic operation may overflow. I wrote this library with reference to the `SimpleRangeAnalysis.qll` for C language. I hope this helps a little bit for those who want to detect integer overflow issues in code.
 2020-03-07 21:34:38 +08:00