hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-29 22:32:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,535 Commits 1,684 Branches 159 Tags
3a83fbd7655586a66592bf2db500f09ce49ef4ae
Commit Graph

1535 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jason Rogers
3a83fbd765 Refactor HTTP module 
This makes it easier to identify related classes and support future expansion.
 2020-12-14 07:16:24 -08:00
Owen Mansel-Chan
e4316768ef Merge pull request #426 from owen-mc/model-k8s-io-apimachinery-pkg-runtime 
Model k8s.io/apimachinery/pkg/runtime
 2020-12-09 09:16:47 +00:00
Owen Mansel-Chan
c17f1618e0 Add change note 2020-12-09 06:45:08 +00:00
Owen Mansel-Chan
4d3eb47784 Fix stubbing 
Depstubber can only stub one package at a time. We have to do some
manual editing to make a stubbed package use another stubbed package.
 2020-12-09 06:45:08 +00:00
Owen Mansel-Chan
e5fb401d50 Model runtime 2020-12-09 06:45:08 +00:00
Owen Mansel-Chan
290a4dcdf4 Merge pull request #414 from owen-mc/model-evanphx-json-patch 
Model evanphx/json-patch
 2020-12-08 17:36:10 +00:00
Owen Mansel-Chan
0b50ee7755 Change to Inline Expectations Test 2020-12-08 16:38:13 +00:00
Owen Mansel-Chan
e786fa07ee Add change note 2020-12-08 16:15:01 +00:00
Owen Mansel-Chan
5ebd637ca7 Model evanphx/json-patch 2020-12-08 16:15:01 +00:00
Chris Smowton
6b8003b0f2 Merge pull request #420 from smowton/smowton/admin/upgrade-codeql-240-and-autoformat 
Upgrade CI toolchain to CodeQL 2.4.0
 2020-12-07 14:16:19 +00:00
Chris Smowton
563f74bd45 Upgrade CI toolchain to CodeQL 2.4.0 
Also reformat code (the autoformatter has changed slightly)
 2020-12-07 12:35:07 +00:00
Chris Smowton
a794e05c74 Merge pull request #417 from smowton/smowton/fix/reduce-symlink-loop-finding-cost 
Unsafe-unzip-symlinks: reduce cost of `getAnEnclosingLoop`
 2020-12-03 12:21:38 +00:00
Chris Smowton
c1669d732b Unsafe-unzip-symlinks: reduce cost of getAnEnclosingLoop 
This used to get the closest enclosing loops of all expressions; now it is restricted to those surrounding interesting expressions.
 2020-12-02 14:33:38 +00:00
Chris Smowton
f9fc01bd73 Merge pull request #415 from smowton/smowton/feature/errorf-returns-non-nil 
Note that `fmt.Errorf` returns non-nil
 2020-12-01 12:04:23 +00:00
Owen Mansel-Chan
8c33979425 Merge pull request #388 from owen-mc/untrusted-data-flow-to-external-api 
Untrusted data flow to external API
 2020-12-01 11:25:58 +00:00
Chris Smowton
5d17b27770 Note that fmt.Errorf returns non-nil 
This enables recognising more guarding functions that return nil/non-nil conditional on a barrier guard.
 2020-11-30 19:10:58 +00:00
Chris Smowton
3338a0b10d Merge pull request #402 from smowton/smowton/feature/zipslip-more-generous-sanitisers 
ZipSlip: redefine sources closer to their origin, and make sanitizers more generous
 2020-11-27 18:25:07 +00:00
Owen Mansel-Chan
bfbf102408 Remove restriction on void and boolean-returning methods 
When the taint was in the receiver, we were excluding methods which
return nothing or a boolean.
 2020-11-27 16:51:24 +00:00
Owen Mansel-Chan
7730d66d76 Apply suggestions from code review 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
 2020-11-27 16:17:54 +00:00
Chris Smowton
70015b2c32 Add tests for zipslip using a utility function to check that the archive header is safe 
Note this currently contains some cases that are safe but are still flagged, because of weaknesses in the guardingFunction predicate.
 2020-11-27 15:11:57 +00:00
Sauyon Lee
627241aaa5 Merge pull request #401 from sauyon/stored-command 
Add stored command query
 2020-11-27 06:37:02 -08:00
Chris Smowton
1eb8fff7e1 ZipSlip: redefine sources closer to their origin, and make sanitizers more generous. 
Previously we considered certain fields of `tar` or `zip` file headers to be sources, but this meant subsequent references to the same field were not considered sanitized. For example, at least some real-world projects used a pattern like `if isIllegalPathTraversal(hdr.Name) { return nil; } ... /* other code using hdr.Name */`. By associating a source with the field-read `.Name` rather than the header itself, we were unable to see that the subsequent read was guarded by the sanitizer function.

Relatedly, it is common to use some intermediary taint-propagating function, as in `clean(s string) { if strings.HasPrefix("..", filepath.Clean(filepath.Join(target, s))) ...`, in the implementation of a sanitizer. We now follow the taint propagation (locally) backwards towards the function parameter, marking the predecessor functions and ultimately the parameter `s` as sanitized in addition to the direct argument to `strings.HasPrefix`. Existing sanitizing-function logic can then sometimes lift this out into the caller too.
 2020-11-27 13:57:25 +00:00
Chris Smowton
f775adf306 Merge pull request #404 from smowton/smowton/feature/improved-guarding-function 
Recognise many more guarding functions
 2020-11-27 13:56:31 +00:00
Chris Smowton
c6f14de065 Merge pull request #413 from smowton/smowton/admin/document-cond-root-etc 
Clarify naming and add documentation around `hasSemantics` and cousins
 2020-11-26 16:59:07 +00:00
Owen Mansel-Chan
0ee00d8647 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2020-11-26 16:49:02 +00:00
Owen Mansel-Chan
bf78189e21 Make two separate queries 2020-11-26 14:59:13 +00:00
Owen Mansel-Chan
dec7967c7a Update qhelp files 2020-11-26 14:57:56 +00:00
Owen Mansel-Chan
e7697963d3 Exclude local function pointers 2020-11-26 14:57:56 +00:00
Owen Mansel-Chan
05fe388ba3 Mark hashing functions as safe 
See https://github.com/github/codeql-go-team/issues/219 for issue to
model this better
 2020-11-26 14:57:55 +00:00
Owen Mansel-Chan
d3bef7fc4f Model safe external APIs 2020-11-26 14:57:55 +00:00
Owen Mansel-Chan
4184a6ecd8 Add testing frameworks 
Add "github.com/golang/mock/gomock", several packages under
"github.com/stretchr/testify", £gotest.tools/assert",
"k8s.io/client-go/testing" and "testing"
 2020-11-26 14:57:55 +00:00
Owen Mansel-Chan
410cf49af8 Shorten function using set literal 2020-11-26 14:57:55 +00:00
Owen Mansel-Chan
18c66e84f7 Make more package paths accessible 2020-11-26 14:57:55 +00:00
Owen Mansel-Chan
171e433593 Exclude test files 2020-11-26 14:57:55 +00:00
Owen Mansel-Chan
fe5822ae3a Exclude functions in packages which have some modeled functions 2020-11-26 14:57:55 +00:00
Owen Mansel-Chan
ff542508aa Exclude sinks from common queries 2020-11-26 14:57:55 +00:00
Owen Mansel-Chan
b698276e3a Update function name to give better text output 2020-11-26 14:57:55 +00:00
Owen Mansel-Chan
50a32f47d5 First draft 2020-11-26 14:57:50 +00:00
Chris Smowton
fb814e949d Clarify naming and add documentation around hasSemantics and cousins 2020-11-26 13:34:58 +00:00
Chris Smowton
2377337564 Treat functions that directly return a BarrierGuard like BarrierGuards themselves 2020-11-26 13:27:53 +00:00
Chris Smowton
387a13f22a Add support for barrier guards in functions that indicate success by returning nil 
Typically these are returning a nil error when sanitization succeeds.
 2020-11-24 12:39:05 +00:00
Chris Smowton
7bbf9ed860 Merge pull request #410 from github/lgtm.com 
Merge lgtm.com into main
 2020-11-23 17:17:42 +00:00
Sauyon Lee
0bf09307cf Add StoredCommand query 2020-11-23 02:11:44 -08:00
Sauyon Lee
793d6f6053 Merge pull request #399 from sauyon/stored-xss 
Add stored XSS query
 2020-11-19 23:23:21 -08:00
Chris Smowton
93a7cc944a Merge pull request #403 from smowton/smowton/fix/type-assertion-dataflow 
Add data-flow edge `from -> to` in the context `to, ok := from.(*Type)`
 2020-11-19 16:13:55 +00:00
Chris Smowton
c93b2b709d Merge pull request #407 from smowton/smowton/fix/isunreachableincall-slowness 
Improve join order in `isUnreachableInCall`
 2020-11-19 11:22:48 +00:00
Chris Smowton
38e383858e Merge pull request #394 from smowton/smowton/feature/unsafe-unzip-symlink 
Add query checking for unpacking of symlinks without using EvalSymlinks to spot existing ones.
 2020-11-18 19:10:18 +00:00
Chris Smowton
d1f607ccd8 Improve join order in isUnreachableInCall 2020-11-18 19:06:52 +00:00
Owen Mansel-Chan
7433d448d9 Merge pull request #406 from owen-mc/update-dataflow-libs-2 
Update dataflow libs 2
 2020-11-17 21:17:52 +00:00
Chris Smowton
3d8470e1e2 Add and use TypeCastNode::getResultType 
This can differ from `getType` when a `TypeAssertExpr` returns a (result, ok) pair.
 2020-11-17 16:03:33 +00:00