691 Commits

Author	SHA1	Message	Date
Chris Smowton	2ca6157836	Protobuf: support both legacy and modern APIs	2020-09-04 15:14:49 +01:00
Chris Smowton	df0238a352	Fix proto.Clone method ... This is top-level, not a member.	2020-09-04 15:14:49 +01:00
Sauyon Lee	4ff325aa13	--wip-- [skip ci]	2020-09-04 15:14:49 +01:00
Chris Smowton	b487799f69	Oauth2 state query: avoid duplicate paths by excluding variable references as sources	2020-09-02 17:40:53 +01:00
Chris Smowton	6fea8abd82	Oauth2 state query: improve code style ... No behavioural changes intended.	2020-09-02 15:06:23 +01:00
Chris Smowton	2f175e365e	Oauth2 state query: remove unnecessary isSource overload	2020-09-02 15:05:22 +01:00
Chris Smowton	8f99972833	OAuth2 CSRF query: improve documentation	2020-09-02 15:05:22 +01:00
Chris Smowton	0ba42f7f87	OAuth2 state query: set precision	2020-09-02 15:05:22 +01:00
Chris Smowton	406ea741f4	Improve comment style	2020-09-02 15:05:22 +01:00
Chris Smowton	faf43efb60	Promote OAuth2 constant-state query to mainline	2020-09-02 15:05:22 +01:00
Chris Smowton	f61c62d2d8	Generalise isReturnedWithError ... It now recognises any function returning an Error alongside other return values	2020-09-02 15:05:21 +01:00
Chris Smowton	9e4ee0accf	OAuth2 constant state query: trace local URLs across reference operations and Sprintf calls	2020-09-02 15:05:21 +01:00
Chris Smowton	050a823397	OAuth2 exclusion: hide cases that clearly target an out-of-band process or private HTTP server	2020-09-02 15:05:21 +01:00
Chris Smowton	bcb65157e6	Oauth2-state query: treat log calls the same as stdout printers ... These presumably get to the user somehow, and in conjunction with stdin use are enough to identify use of oauth at the terminal.	2020-09-02 15:05:21 +01:00
Chris Smowton	3d877fc67d	Oauth2 state: note bufio.NewScanner is also a sign of probable terminal-interactive use	2020-09-02 15:05:21 +01:00
Chris Smowton	6fee4f382f	Constant-oauth2-state: exclude strings returned alongside an error value ... For example, getState() { ... return "", someError } is commonly seen in the wild.	2020-09-02 15:05:21 +01:00
Slavomir	386005d361	Add path and path/filepath packages to stdlib	2020-09-01 13:09:41 +02:00
Max Schaefer	031a48ecd3	Merge pull request #296 from owen-mc/allocation-size-overflow-improve-sanitizers-easy ... Add new sanitizer guard to Allocation size overflow query	2020-08-28 07:44:45 +01:00
Max Schaefer	b4550f244b	Merge pull request #313 from github/rc/1.25 ... Merge rc/1.25 into main	2020-08-27 14:27:26 +01:00
Max Schaefer	4c82ad6064	Apply suggestions from code review ... Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>	2020-08-25 07:37:11 +01:00
Max Schaefer	bdcb1f233c	Prevent misoptimisation in StringOps.	2020-08-24 20:11:23 +01:00
Max Schaefer	42c1116ac7	Merge pull request #303 from github/rc/1.25 ... Merge rc/1.25 into main	2020-08-24 17:22:56 +01:00
Sauyon Lee	402b239520	Merge pull request #300 from srt32/patch-1 ... Update bad / good message for CWE 079	2020-08-24 08:57:26 -07:00
Owen Mansel-Chan	a669fa4aa1	Do not flow taint through remainder expressions ... If the tainted operand is the first operand then it is being bounded above by the remainder expression. If it is the second operand then	2020-08-24 16:18:08 +01:00
Owen Mansel-Chan	aed3ef4cde	Improve performance of new barrier guard ... Some projects on lgtm were taking >1 hour, and with this commit they take <10 minutes	2020-08-24 16:18:08 +01:00
Simon Taranto	bd9100eb4e	Update other file too	2020-08-24 09:00:26 -06:00
Max Schaefer	111d2a745b	Fix qhelp for incorrect integer-conversion query. ... It seems qhelp doesn't like `<code>` inside `<a>`.	2020-08-24 09:55:43 +01:00
Owen Mansel-Chan	dbf1d24e19	Add new barrier guard for second half of path	2020-08-20 11:37:07 +01:00
Philip Ginsbach	1149d43488	remove reliance on InferredBinding from InsecureFeatureFlag::getAFlagName	2020-08-20 10:26:46 +01:00
Owen Mansel-Chan	17b3d56195	Remove unnecessary string concat	2020-08-19 15:36:48 +01:00
Owen Mansel-Chan	103e655395	Import Gin framework by default	2020-08-19 15:26:12 +01:00
Chris Smowton	60d3de1911	Document undocumented public symbols	2020-08-19 14:29:12 +01:00
Sauyon Lee	5b9fb2a28b	openurlredirect: make isValidURI and the like sanitizers	2020-08-17 10:45:46 -07:00
dilanbhalla	986f3c3084	Add experimental query detecting use of an insecure PRNG in a cryptographic context	2020-08-17 10:52:36 +01:00
Max Schaefer	d675daa1d1	Merge pull request #284 from dilanbhalla/gocrypto ... Adding Crypto Query/Library	2020-08-14 12:00:18 +01:00
dilanbhalla	7f980a4901	pr fixes	2020-08-14 00:45:08 -07:00
Max Schaefer	fe6cf8c625	Merge pull request #275 from owen-mc/incorrect-integer-conversion ... Incorrect integer conversion	2020-08-13 20:19:47 +01:00
Owen Mansel-Chan	951d59752a	Address review comments 7	2020-08-13 18:22:58 +01:00
dilanbhalla	40d3f22193	fixing commit error	2020-08-12 10:49:11 -07:00
Owen Mansel-Chan	2e60d40ccd	Address review comments 6	2020-08-12 17:07:29 +01:00
Owen Mansel-Chan	69212b9ad9	Deal with build constraints ... Note that build constraints can be explicit (comments at the top of the file) or implicit (part of the file name)	2020-08-12 17:07:29 +01:00
dilanbhalla	37eca95d44	restructured library	2020-08-11 23:53:50 -07:00
dilanbhalla	79002b0c38	pr fixes	2020-08-11 10:34:45 -07:00
Owen Mansel-Chan	08d9af1bd7	Merge pull request #280 from owen-mc/negative-length-check-unsigned ... Extend negativeLengthCheck query to unsigned integers	2020-08-11 11:59:24 +01:00
Owen Mansel-Chan	1e0b9cc6a3	Address review comments 5	2020-08-11 10:57:02 +01:00
Owen Mansel-Chan	97bbdca8a3	Extend negativeLengthCheck query to unsigned integers ... Like return values from len and cap, unsigned integers are never negative	2020-08-11 10:48:03 +01:00
Max Schaefer	117fd686c4	Merge pull request #276 from gagliardetto/standard-lib-pt-3 ... Add taint tracking for the compress/* packages	2020-08-11 07:56:45 +01:00
Owen Mansel-Chan	4907f6529e	Address review comments 4	2020-08-11 07:24:58 +01:00
dilanbhalla	4433f193f9	pr fixes for typo and qldoc	2020-08-10 16:06:02 -07:00
dilanbhalla	7ce9e976c2	removing precision tag	2020-08-10 12:06:10 -07:00