hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 14:52:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,244 Commits 1,684 Branches 159 Tags
412ba1263bdaad8aab547a143efce10893fc559e
Commit Graph

1244 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Slavomir
412ba1263b Add taint-tracking for encoding/ascii85 2020-09-14 13:10:24 +02:00
Slavomir
a47842d1c3 Add taint-tracking for package encoding 2020-09-14 13:10:24 +02:00
Chris Smowton
362d210bc5 Merge pull request #330 from smowton/smowton/admin/standard-lib-pt-21-with-sanitiser 
Move `strconv` and `strings` packages' taint-tracking to stdlib, and expand them + sanitise substrings of the HTTP Authorization header
 2020-09-14 11:25:57 +01:00
Chris Smowton
b9b306aade CleartextLogging: sanitize strings.Split(authheader, ":")[0] and similar 
These can represent a username, method name or other non-sensitive component of an Authorization header. For greater precision we could split the query into one investigating Authorization headers and one investigating other sources of sensitive data that can't be sanitized by splitting this way.
 2020-09-14 09:46:14 +01:00
Slavomir
cf29f9dede Remove taint-tracking on single bytes and runes 2020-09-14 09:46:14 +01:00
Slavomir
6d3e6ded26 Fix: the Append* functions do not modify the dst slice argument. 2020-09-14 09:46:14 +01:00
Slavomir
9293bcde1d Fix ql/test/library-tests/semmle/go/frameworks/TaintSteps/TaintStep.expected: calls to strings.NewReader are a step now. 2020-09-14 09:46:14 +01:00
Slavomir
3075294cd8 Move strings module to stdlib, and add more taint-tracking classes to it. 2020-09-14 09:46:13 +01:00
Slavomir
42c7f8cc0d Add taint-tracking for strconv package; rename module StrConv to Strconv and move into stdlib 2020-09-14 09:44:25 +01:00
Max Schaefer
b8d36b936e Merge pull request #321 from gagliardetto/standard-lib-pt-14 
Add taint-tracking for packages inside `mime/*`
 2020-09-14 09:26:29 +01:00
Max Schaefer
c10942d044 Merge pull request #320 from gagliardetto/standard-lib-pt-24 
Add taint-tracking for packages inside `text/*`
 2020-09-11 15:57:14 +01:00
Max Schaefer
c889bc3dae Merge branch 'main' into standard-lib-pt-24 2020-09-11 14:09:50 +01:00
Chris Smowton
84def5f6c2 Merge pull request #327 from smowton/smowton/feature/more-post-update-nodes 
Add PostUpdateNodes for nested structs and arrays
 2020-09-11 12:47:20 +01:00
Max Schaefer
903cffe7ed Merge pull request #317 from gagliardetto/standard-lib-pt-18 
Add taint-tracking for `reflect` package
 2020-09-11 11:26:48 +01:00
Chris Smowton
650bc1d38f Add PostUpdateNodes for derferenced expressions on an access path to a field- or element-write 2020-09-11 10:46:58 +01:00
Max Schaefer
e9bf3317b5 Merge pull request #328 from owen-mc/gorm-exec 
Update GORM model
 2020-09-11 08:41:09 +01:00
Max Schaefer
3758c6b7d8 Merge pull request #329 from smowton/smowton/feature/xss-detect-more-json-encoding 
Reflected XSS query: exclude more uses of encoding/json.Marshal
 2020-09-11 08:38:30 +01:00
Owen Mansel-Chan
13e82de53d Add change note 2020-09-10 17:29:06 +01:00
Chris Smowton
405babf5af Reflected XSS query: exclude more uses of encoding/json.Marshal 
Previously we only detected these if the marshalling directly fed the request body within the same function; now it's a general sanitiser for the purposes of XSS.
 2020-09-10 16:52:06 +01:00
Owen Mansel-Chan
3af90c9fc8 Update GORM tests 2020-09-10 13:48:12 +01:00
Owen Mansel-Chan
d807e8de75 Add more methods from GORM as sinks 
Cf. https://gorm.io/docs/security.html
 2020-09-09 16:18:41 +01:00
Owen Mansel-Chan
95c1f754c6 Add alternative package locations 2020-09-09 14:52:26 +01:00
Max Schaefer
baf048f293 Merge pull request #326 from owen-mc/change-note-for-allocation-size-overflow-sanitizers 
Add change note for #296
 2020-09-08 16:53:05 +01:00
Owen Mansel-Chan
cd6020810a Add change note for #296 2020-09-08 16:32:12 +01:00
Chris Smowton
5068b8b195 Add PostUpdateNodes for nested structs and arrays 
This creates a PostUpdateNode for x in the contexts `x.field[element]`, `x.field.otherfield`, `x[element].field` and so on.

Most uses of PostUpdateNode implicitly assume its old definition, but our protobuf model benefits.
 2020-09-08 16:28:02 +01:00
Max Schaefer
65c449cff0 Merge pull request #325 from max-schaefer/revert-237 
Revert "Revert "autobuilder: Add support for GITHUB_REPOSITORY environment variable""
 2020-09-08 08:04:58 +01:00
Max Schaefer
52a659183d Merge pull request #314 from smowton/smowton/admin/bump-golang-tools 
Bump to latest version of golang.org/x/tools
 2020-09-07 16:02:55 +01:00
Max Schaefer
655e229d1e Revert "Revert "autobuilder: Add support for GITHUB_REPOSITORY environment variable"" 
This reverts commit ccfccb4828.
 2020-09-07 15:14:52 +01:00
Max Schaefer
1821cca5d2 Merge pull request #285 from smowton/protobufs 
Protobuf modelling
 2020-09-07 11:42:37 +01:00
Slavomir
25e3f75ddc Add taint-tracking for mime/quotedprintable package. 2020-09-06 17:45:09 +02:00
Slavomir
99b251d4f0 Add taint-tracking for mime/multipart 2020-09-06 17:42:57 +02:00
Slavomir
c44d426794 Add taint-tracking for mime package. 2020-09-06 17:39:41 +02:00
Slavomir
3b2e16e292 Move text/template classes to TextTemplate module inside stdlib. 2020-09-06 17:32:34 +02:00
Slavomir
0d5c7e3132 Add taint-tracking for text/template template. 2020-09-06 17:32:34 +02:00
Slavomir
db0b09beb4 Add taint-tracking for text/tabwriter package. 2020-09-06 17:32:34 +02:00
Slavomir
4df363d2ce Add taint-tracking for text/scanner package. 2020-09-06 17:32:34 +02:00
Chris Smowton
cfba0896f0 Improve code style 
No behavioural changes
 2020-09-04 17:05:32 +01:00
Chris Smowton
fb85ccb2a5 Look through implicit deref operations when propagating taint down a chain of field- and element-access instructions. 
This enables us to use PostUpdateNode properly. Also introduce a test showing a case where this doesn't work, because the underlying variable doesn't have a post-update node.
 2020-09-04 17:03:52 +01:00
Chris Smowton
3635d7d007 Introduce and use writeComponent 2020-09-04 17:03:52 +01:00
Chris Smowton
2a863fbbe7 Abbreviate protobuf package names 2020-09-04 17:03:52 +01:00
Chris Smowton
18ed6bd1ee Add missing qldoc 2020-09-04 17:03:52 +01:00
Chris Smowton
90915284ba Move getUnderlyingNode into Protobuf.qll 
This is its only user for now.
 2020-09-04 17:03:52 +01:00
Chris Smowton
59f9c6073d Introduce instruction type for component access 
This is the union of a field-access and an element-access instruction
 2020-09-04 17:03:52 +01:00
Chris Smowton
455cf0c502 Add support and tests for protobuf messages with map fields 2020-09-04 17:03:52 +01:00
Chris Smowton
b2d4e2692f Taint underlying aggregates of protobuf messages when an element is written 
For example, writing to a[b].c[d] taints 'a'.
 2020-09-04 17:03:52 +01:00
Chris Smowton
3d82308e07 Introduce common base class for ElementReadNode and FieldReadNode 2020-09-04 17:03:52 +01:00
Chris Smowton
56f6e67671 Protobufs: improve comment and code style 
No functional changes
 2020-09-04 15:14:49 +01:00
Chris Smowton
65dc6272d1 Remove prototype tests 
I don't think we need these when we have the end-to-end taintFlows test.
 2020-09-04 15:14:49 +01:00
Chris Smowton
b639b6ec6a Remove redundant copies of the generated protoc output 2020-09-04 15:14:49 +01:00
Chris Smowton
8058d096d2 Model and test UnmarshalOptions.Unmarshal 
Support for UnmarshalOptions.UnmarshalState is dropped for now as too hard to model.
 2020-09-04 15:14:49 +01:00