hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 14:52:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,697 Commits 1,684 Branches 159 Tags
6c0fe2ed45a03454da8548610fcfe18e8eb3e607
Commit Graph

1234 Commits

Author SHA1 Message Date
Owen Mansel-Chan
6c0fe2ed45 Merge branch 'main' into add-missing-licences-for-stubbed-libraries 2021-02-23 17:14:28 +00:00
Owen Mansel-Chan
4728b7a866 Add license files for stubbed dependencies 2021-02-23 16:29:17 +00:00
Sauyon Lee
a4b701d2c5 Merge pull request #480 from sauyon/go116 
Add preliminary support for go 1.16
 2021-02-23 08:16:12 -08:00
Owen Mansel-Chan
ff317e63de Remove http:// in package path 2021-02-22 15:11:59 +00:00
Owen Mansel-Chan
f32b4883bf Make use of URLs in comments more consistent 2021-02-22 15:08:20 +00:00
Owen Mansel-Chan
370afe3383 Fix incorrect calls to package() 2021-02-22 15:08:20 +00:00
Owen Mansel-Chan
083512acef Add extra module path for xmlpath package 2021-02-22 15:08:20 +00:00
Owen Mansel-Chan
2bcf73c9fb Add new module path for beego 
Beego moved from astaxie/beego to beego/beego on 13 Dec 2020. The
old location still works but is not being updated.
 2021-02-22 11:38:13 +00:00
Sauyon Lee
23103fd8e0 Add support for 'path/filepath.WalkDir' 2021-02-19 07:59:13 -08:00
Sauyon Lee
41cacd579f Model moved io/ioutil functions 2021-02-19 07:59:12 -08:00
Sauyon Lee
4056ac4ab5 os.FileInfo -> io/fs.FileInfo 2021-02-19 06:25:52 -08:00
Sauyon Lee
adc2f08b76 Add tests for go 1.16 libraries 2021-02-19 06:25:51 -08:00
Sauyon Lee
a327fb7e97 Add support for go 1.16 frameworks 2021-02-19 06:25:51 -08:00
Sauyon Lee
62ae3ec7c5 Add extractor test for go 1.16 2021-02-18 14:52:54 -08:00
Sauyon Lee
e6d11fc99e Merge pull request #475 from sauyon/yaml 
Add models for gopkg.in/yaml
 2021-02-16 15:11:47 +00:00
Owen Mansel-Chan
1c6a68ae93 Merge pull request #478 from owen-mc/update-logrus-model 
Simplify Logrus model
 2021-02-16 07:35:44 +00:00
Sauyon Lee
1acbfaafcc Add models for gopkg.in/yaml 2021-02-15 18:27:09 +00:00
Owen Mansel-Chan
a2c0b6ade6 Merge pull request #464 from owen-mc/list-constants-sanitizers 
List of constants sanitizer guards (switch statement in function only)
 2021-02-15 11:39:40 +00:00
Owen Mansel-Chan
6d29a35ac9 Factor the duplicate code in LogCall 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-02-15 11:20:19 +00:00
Owen Mansel-Chan
68c54d43e6 Move code to TaintTrackingUtil.qll 2021-02-15 10:18:00 +00:00
Owen Mansel-Chan
ef94cde0b3 Simplify Logrus model 
Make methods which add data to entries sinks in their own right, rather
than trying to track the data flow of the entry to a later logging call.

This may cause some false positives, but only in the situation that
tainted data is added to an entry and that entry is never logged. It will
save us from false negatives when tainted data is added to an entry
which flows across a function boundary to a logging call.
 2021-02-15 09:18:34 +00:00
Owen Mansel-Chan
1dc474650a Model zap 2021-02-11 14:35:36 +00:00
Chris Smowton
2d08173631 Merge pull request #442 from monkey-junkie/main 
[CWE-369] Query for divide by zero detection
 2021-02-11 12:11:45 +00:00
Chris Smowton
b84aef6b83 Prevent getACalleeSource() from sharing magic with other users of getASuccessor* 
This avoids recursion through the magic side-condition as each discovery of a ListOfConstantsComparisonSanitizerGuard expands the set of things whose getASuccessor* is wanted, which in turn enlarges the set of transitive successors and causes getACalleeSource() to be pointlessly recomputed (pointlessly because all exprNode(getCalleeExpr())s were already computed)
 2021-02-11 10:29:30 +00:00
Chris Smowton
617b5510d9 Merge pull request #465 from smowton/smowton/feature/less-equality-test-panic-edges 
Remove panicking edges leading from an equality test where possible
 2021-02-10 08:20:27 +00:00
user
c29ab8958f tests and docs updated 2021-02-10 00:26:46 +03:00
Your Name
4b24e5641e formatting + example 
fix

test fix

Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.qhelp

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.qhelp

Co-authored-by: Chris Smowton <smowton@github.com>
 2021-02-10 00:26:46 +03:00
Your Name
bd09868686 test fixed, comments added 
Update ql/src/experimental/CWE-369/DivideByZero.qhelp

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.qhelp

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.qhelp

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>
 2021-02-10 00:26:46 +03:00
Your Name
8c5e0a42b3 test fixed 
Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>
 2021-02-10 00:26:40 +03:00
Your Name
41e808dab4 conversion detect + tests 2021-02-10 00:26:40 +03:00
Your Name
a77f36fba8 formatting fix 
Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>
 2021-02-10 00:26:33 +03:00
Chris Smowton
ef658b292a Fix join order for ListOfConstantsComparisonSanitizerGuard 2021-02-09 19:42:23 +00:00
Chris Smowton
02d21cfce8 Remove models for html/template execution 
These escape HTML and JavaScript anyhow; because they don't write to their return value they don't quite fit the form of EscapeFunction, so to be expedient I've simply removed their models entirely. Presumably the case where someone HTML-templates something and then uses it for a purpose where HTML sanitisation is insufficient is very rare anyhow.
 2021-02-08 19:55:04 +00:00
Sauyon Lee
00e5b7cdfc InsecureRNG: Select first result in fn only 2021-02-05 22:51:09 -08:00
Chris Smowton
42ff256c42 Remove panicking edges leading from an equality test where possible 
These exist because an equality comparison of explicitly-incomparable interface values can panic, as can comparisons of arrays or structs containing them. Other type comparisons cannot panic.
 2021-02-04 15:58:54 +00:00
Owen Mansel-Chan
d75cc40483 Make test with multiple switch statements pass 
Made various changes to make it work when there are multiple
switch statements.

Also addressed performance problems.
 2021-02-04 14:30:06 +00:00
Owen Mansel-Chan
36fafadda5 Add fallthrough statements to switch statement tests 2021-02-03 15:26:07 +00:00
Owen Mansel-Chan
a7545cd11b Add test with multiple switch statements 2021-02-03 14:38:53 +00:00
Owen Mansel-Chan
760d89b0d3 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-02-03 14:34:28 +00:00
Owen Mansel-Chan
08c59f0f48 Add a default sanitizer guard for list of constants comparison 
Currently it only deals with the case of a switch statement in
a function.
 2021-02-02 16:25:25 +00:00
Owen Mansel-Chan
4c30ed9054 Add predicate to get return statement from return instruction 2021-02-02 15:57:02 +00:00
Owen Mansel-Chan
c4eaf791e6 Add predicate for cast test passing edge in switch statement 2021-02-02 15:57:02 +00:00
Owen Mansel-Chan
dd079d4e51 (clean-up) Make use of this explicit 2021-02-02 11:04:16 +00:00
Owen Mansel-Chan
f279fa17af (clean-up) Move comment 2021-02-02 11:03:52 +00:00
Sauyon Lee
73dc135480 Move insecure randomness query to cwe-338 
Also give it a precision
 2021-02-02 08:04:12 +00:00
Sauyon Lee
82bd293e5c Polish insecure randomness query 2021-02-02 08:04:11 +00:00
Sauyon Lee
cfb9593af8 Move InsecureRandomness out of experimental 2021-02-01 15:54:51 +00:00
Sauyon Lee
48a52cfd2f Merge pull request #437 from sauyon/goproxy 
Model elazarl/goproxy
 2021-01-28 06:05:52 +00:00
Chris Smowton
93aaa74c8c Merge pull request #451 from sauyon/gokit 
Add gokit models
 2021-01-27 17:47:22 +00:00
Sauyon Lee
53b468174f Make InsecureHostnameRegex check for rejecting handlers 2021-01-27 17:38:22 +00:00