hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-29 22:32:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,677 Commits 1,684 Branches 159 Tags
62ae3ec7c5abdddeb192468660648c729ae102fd
Commit Graph

1677 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Sauyon Lee
62ae3ec7c5 Add extractor test for go 1.16 2021-02-18 14:52:54 -08:00
Sauyon Lee
fc9bc68829 Add change note for go 1.16 2021-02-18 11:49:00 -08:00
Sauyon Lee
42939a70b8 Update go.mod to 1.16 2021-02-18 11:48:48 -08:00
Sauyon Lee
fee0355ea0 Update actions to use go 1.16 2021-02-18 11:48:36 -08:00
Sauyon Lee
e6d11fc99e Merge pull request #475 from sauyon/yaml 
Add models for gopkg.in/yaml
 2021-02-16 15:11:47 +00:00
Chris Smowton
2be66d1d74 Merge pull request #479 from smowton/smowton/admin/add-missing-change-notes 
Add missing change notes
 2021-02-16 09:58:29 +00:00
Owen Mansel-Chan
1c6a68ae93 Merge pull request #478 from owen-mc/update-logrus-model 
Simplify Logrus model
 2021-02-16 07:35:44 +00:00
Sauyon Lee
1acbfaafcc Add models for gopkg.in/yaml 2021-02-15 18:27:09 +00:00
Chris Smowton
95008d1ccb Update change-notes/2021-02-09-html-templates.md 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2021-02-15 14:39:24 +00:00
Chris Smowton
6f5f1c4829 Add missing change notes 2021-02-15 14:07:10 +00:00
Owen Mansel-Chan
46cc9e9fa4 Add change note 2021-02-15 13:51:01 +00:00
Owen Mansel-Chan
a2c0b6ade6 Merge pull request #464 from owen-mc/list-constants-sanitizers 
List of constants sanitizer guards (switch statement in function only)
 2021-02-15 11:39:40 +00:00
Owen Mansel-Chan
6d29a35ac9 Factor the duplicate code in LogCall 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-02-15 11:20:19 +00:00
Owen Mansel-Chan
68c54d43e6 Move code to TaintTrackingUtil.qll 2021-02-15 10:18:00 +00:00
Owen Mansel-Chan
ef94cde0b3 Simplify Logrus model 
Make methods which add data to entries sinks in their own right, rather
than trying to track the data flow of the entry to a later logging call.

This may cause some false positives, but only in the situation that
tainted data is added to an entry and that entry is never logged. It will
save us from false negatives when tainted data is added to an entry
which flows across a function boundary to a logging call.
 2021-02-15 09:18:34 +00:00
Owen Mansel-Chan
4a2a1871f7 Merge pull request #476 from owen-mc/model-zap 
Model zap
 2021-02-13 13:15:06 +00:00
Owen Mansel-Chan
1dc474650a Model zap 2021-02-11 14:35:36 +00:00
Chris Smowton
b9a1d9a17e Merge pull request #474 from sauyon/update-codeql 
Update actions codeql to 2.4.3
 2021-02-11 12:34:51 +00:00
Chris Smowton
2d08173631 Merge pull request #442 from monkey-junkie/main 
[CWE-369] Query for divide by zero detection
 2021-02-11 12:11:45 +00:00
Chris Smowton
b84aef6b83 Prevent getACalleeSource() from sharing magic with other users of getASuccessor* 
This avoids recursion through the magic side-condition as each discovery of a ListOfConstantsComparisonSanitizerGuard expands the set of things whose getASuccessor* is wanted, which in turn enlarges the set of transitive successors and causes getACalleeSource() to be pointlessly recomputed (pointlessly because all exprNode(getCalleeExpr())s were already computed)
 2021-02-11 10:29:30 +00:00
Sauyon Lee
9452df1a5c Update actions codeql to 2.4.3 2021-02-10 22:43:02 +00:00
Chris Smowton
617b5510d9 Merge pull request #465 from smowton/smowton/feature/less-equality-test-panic-edges 
Remove panicking edges leading from an equality test where possible
 2021-02-10 08:20:27 +00:00
user
c29ab8958f tests and docs updated 2021-02-10 00:26:46 +03:00
Your Name
4b24e5641e formatting + example 
fix

test fix

Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.qhelp

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.qhelp

Co-authored-by: Chris Smowton <smowton@github.com>
 2021-02-10 00:26:46 +03:00
Your Name
bd09868686 test fixed, comments added 
Update ql/src/experimental/CWE-369/DivideByZero.qhelp

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.qhelp

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.qhelp

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>
 2021-02-10 00:26:46 +03:00
Your Name
8c5e0a42b3 test fixed 
Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>
 2021-02-10 00:26:40 +03:00
Your Name
41e808dab4 conversion detect + tests 2021-02-10 00:26:40 +03:00
Your Name
a77f36fba8 formatting fix 
Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>
 2021-02-10 00:26:33 +03:00
Chris Smowton
ef658b292a Fix join order for ListOfConstantsComparisonSanitizerGuard 2021-02-09 19:42:23 +00:00
Chris Smowton
1b9abc5310 Merge pull request #470 from sauyon/go116flagadd 
Add -overlay to recognized go build flags
 2021-02-09 18:31:41 +00:00
Sauyon Lee
8c60c614db Add -overlay to recognized go build flags 2021-02-09 17:09:48 +00:00
Owen Mansel-Chan
abf59ec98f Merge pull request #469 from github/owen-mc-code-owners-file 
Create CODEOWNERS
 2021-02-09 17:04:29 +00:00
Owen Mansel-Chan
5cab5b2912 Create CODEOWNERS 
This is so that `@codeql-go` is automatically suggested as a reviewer for PRs
 2021-02-09 17:02:29 +00:00
Chris Smowton
9a919cc6c8 Merge pull request #466 from smowton/smowton/fix/remove-html-template-models 
Remove models for html/template execution
 2021-02-09 11:55:13 +00:00
Chris Smowton
02d21cfce8 Remove models for html/template execution 
These escape HTML and JavaScript anyhow; because they don't write to their return value they don't quite fit the form of EscapeFunction, so to be expedient I've simply removed their models entirely. Presumably the case where someone HTML-templates something and then uses it for a purpose where HTML sanitisation is insufficient is very rare anyhow.
 2021-02-08 19:55:04 +00:00
Sauyon Lee
a325161819 Merge pull request #455 from sauyon/insecure-rng 
Promote Insecure RNG Query
 2021-02-06 08:42:26 -08:00
Sauyon Lee
00e5b7cdfc InsecureRNG: Select first result in fn only 2021-02-05 22:51:09 -08:00
Chris Smowton
42ff256c42 Remove panicking edges leading from an equality test where possible 
These exist because an equality comparison of explicitly-incomparable interface values can panic, as can comparisons of arrays or structs containing them. Other type comparisons cannot panic.
 2021-02-04 15:58:54 +00:00
Owen Mansel-Chan
d75cc40483 Make test with multiple switch statements pass 
Made various changes to make it work when there are multiple
switch statements.

Also addressed performance problems.
 2021-02-04 14:30:06 +00:00
Owen Mansel-Chan
36fafadda5 Add fallthrough statements to switch statement tests 2021-02-03 15:26:07 +00:00
Owen Mansel-Chan
a7545cd11b Add test with multiple switch statements 2021-02-03 14:38:53 +00:00
Owen Mansel-Chan
760d89b0d3 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-02-03 14:34:28 +00:00
Owen Mansel-Chan
5ec25de1fc Add change note 2021-02-02 16:27:44 +00:00
Owen Mansel-Chan
08c59f0f48 Add a default sanitizer guard for list of constants comparison 
Currently it only deals with the case of a switch statement in
a function.
 2021-02-02 16:25:25 +00:00
Owen Mansel-Chan
4c30ed9054 Add predicate to get return statement from return instruction 2021-02-02 15:57:02 +00:00
Owen Mansel-Chan
c4eaf791e6 Add predicate for cast test passing edge in switch statement 2021-02-02 15:57:02 +00:00
Owen Mansel-Chan
dd079d4e51 (clean-up) Make use of this explicit 2021-02-02 11:04:16 +00:00
Owen Mansel-Chan
f279fa17af (clean-up) Move comment 2021-02-02 11:03:52 +00:00
Sauyon Lee
73dc135480 Move insecure randomness query to cwe-338 
Also give it a precision
 2021-02-02 08:04:12 +00:00
Sauyon Lee
82bd293e5c Polish insecure randomness query 2021-02-02 08:04:11 +00:00