hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 14:52:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
491 Commits 1,684 Branches 159 Tags
407493094de3d6bc3be7e5f1065fb765f760ed09
Commit Graph

48 Commits

Author SHA1 Message Date
Sauyon Lee
830c3fce2a RequestForgery: Add tests 2020-04-02 23:49:57 -07:00
Sauyon Lee
bc59fa40d7 Merge pull request #73 from intrigus-lgtm/make-CWE-643-supported 
Make cwe 643 supported
 2020-04-01 17:45:45 -07:00
intrigus
615fe09ed7 Format go test stubs 2020-04-01 15:52:55 +02:00
intrigus
4924be54a7 Fix one test method 2020-03-31 16:46:29 +02:00
intrigus
0586fe9235 Add missing stubs in vendor/ 2020-03-31 16:46:08 +02:00
intrigus
66451a776d Add test cases for all libraries 
Note: This is currently missing appropriate vendoring
so will probably fail for now.
 2020-03-30 23:44:25 +02:00
intrigus
8278dd358e Try to fix test 2020-03-27 16:13:00 +01:00
intrigus
35a6fdb589 Add XPath framework models 2020-03-26 20:18:16 +01:00
Sauyon Lee
bd5f0b01cf Fix tests 2020-03-25 04:01:14 -07:00
Sauyon Lee
fd88d913f7 Fix tests 2020-03-25 04:01:09 -07:00
Sauyon Lee
cc13a5d618 OpenUrlRedirect: Expand safe URL flow configuration 
Also add some more tests
 2020-03-25 04:01:08 -07:00
Max Schaefer
62b79721ea Track taint through element writes. 
This adds a taint step from `pred` to (the post-update node) of `succ` in `succ[idx] = pred` and its syntactic variants.

Unlike for structs, where partially tainted values are quite common, the theory is that arrays, maps, and slices are usually either completely tainted or completely clean.
 2020-03-23 09:15:01 +00:00
Max Schaefer
39fa6052e6 Also treat second argument to make (slice capacity) as an allocation size. 2020-03-13 12:17:53 +00:00
Max Schaefer
ea36d49218 Add new query AllocationSizeOverflow. 2020-03-13 10:18:51 +00:00
Max Schaefer
1be0cc57a8 Add test case from https://github.com/github/codeql-go/issues/48. 2020-03-06 17:35:50 +00:00
Max Schaefer
bcb9ce2498 Add another test for StringBreak. 2020-03-06 17:35:50 +00:00
Max Schaefer
285f392a12 Sharpen the sources for StringBreak. 
`json.Marshal` returns two results, we only want to consider the first one as a source.
 2020-02-21 10:19:09 +00:00
Sauyon Lee
3e6a96d21b IncompleteHostnameRegexp: Use a reluctant regexp 
This should help make results more comprehensible by including the
maximal string after an unescaped dot.
 2020-02-19 13:04:16 -08:00
Sauyon Lee
e4d228fa0f Fix CleartextStorage tests 2020-02-07 03:13:13 -08:00
Sauyon Lee
6300fdf85e Remove accidentally added CleartextStorage tests 2020-02-07 03:13:12 -08:00
Sauyon Lee
559ac8f0d2 Fix squirrel test build 2020-02-07 03:12:19 -08:00
Sauyon Lee
87865afa42 ReflectedXss: Remove FPs from constant prefix Fprintfs 2020-02-03 16:00:33 -08:00
Sauyon Lee
3c88eab84c Merge pull request #229 from max/string-break 
Add query to find unsafe quoting
 2020-02-03 09:47:36 -08:00
Max Schaefer
af3d91ffd3 Add query StringBreak. 2020-02-03 09:01:40 +00:00
Sauyon Lee
d2e5322b94 Apply review comments 2020-01-28 13:01:35 -08:00
Sauyon Lee
a2b5bb85ab OpenUrlRedirect: Fix test compilation 2020-01-28 13:01:19 -08:00
Sauyon Lee
abfdd7ee1e OpenUrlRedirect: make functions like isValidRedirect barrier guards 2020-01-28 12:59:44 -08:00
Sauyon Lee
82635a46ad OpenUrlRedirect: only make some parts of the URL untrusted 2020-01-28 12:59:43 -08:00
Sauyon Lee
497bfeee83 BadRedirectSanitizer: Use SsaWithFields instead of ValueEntity 2020-01-27 17:33:54 -08:00
Sauyon Lee
a31ad88fc9 BadRedirectSanitizer: Transition to using data-flow API 2020-01-27 17:33:53 -08:00
Sauyon Lee
aa28724f7c Add BadRedirectCheck query 2020-01-27 17:33:50 -08:00
Sauyon Lee
9c6aa80718 Move OpenUrlRedirect tests into their own directory 2020-01-27 17:33:49 -08:00
Max Schaefer
baeae0f69c Add a few variants to test. 2020-01-21 09:56:59 +00:00
Max Schaefer
a2879dc754 Model implicit dereferences in data flow. 2020-01-21 09:56:59 +00:00
Max Schaefer
1d33a619d9 Add failing test case. 2020-01-20 20:46:12 +00:00
Sauyon Lee
471d843025 Merge pull request #222 from max/switch-guard-nodes 
Switch guard nodes
 2020-01-17 21:44:59 +00:00
Max Schaefer
98c7c4a255 Autoformat. 2020-01-17 10:25:10 +00:00
Max Schaefer
36c620d1dd Add tests and change note. 2020-01-13 08:37:01 +00:00
Max Schaefer
c60ddb0f7c Model Header.Get as a source of untrusted input. 2020-01-10 12:29:18 +00:00
Max Schaefer
0d2fe473d7 Add IncompleteUrlSchemeCheck query. 2020-01-07 14:46:49 +00:00
Max Schaefer
1df3585c92 Merge pull request #204 from Semmle/rc/1.23 
Merge rc/1.23 into master
 2019-12-11 10:28:00 +00:00
Max Schaefer
46c4670796 Make HardcodedCredentials query less noisy. 
Considering "cert" and "account" to be sensitive leads to a massive number of false positives, especially on cockroach and kubernetes.
 2019-12-10 14:14:36 +00:00
Sauyon Lee
10907c8b04 IncompleteHostnameRegexp: disallow unescaped dot before TLD 2019-12-09 08:47:17 -08:00
Max Schaefer
53f5e13af1 Update data-flow libraries. 
This brings `DataFlowImpl.qll` and `DataFlowImplCommon.qll` up-to-date with the other languages as of https://github.com/Semmle/ql/pull/2480.
 2019-12-06 12:14:53 +00:00
Max Schaefer
adf9764085 Don't flag header injection as XSS. 
All results I have seen from this are uninteresting.
 2019-11-25 15:06:53 +00:00
Max Schaefer
616d78e2a5 Teach CleartextLogging not to flag constant sources. 2019-11-13 14:25:32 +00:00
Sauyon Lee
50a008900c HardcodedCredentials: Use SensitiveActions 2019-11-12 14:08:44 -08:00
Max Schaefer
d14eb855fc Go analysis support for CodeQL. 2019-11-08 12:16:26 +00:00