hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-31 07:12:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,697 Commits 1,684 Branches 159 Tags
6c0fe2ed45a03454da8548610fcfe18e8eb3e607
Commit Graph

626 Commits

Author SHA1 Message Date
Owen Mansel-Chan
6c0fe2ed45 Merge branch 'main' into add-missing-licences-for-stubbed-libraries 2021-02-23 17:14:28 +00:00
Owen Mansel-Chan
4728b7a866 Add license files for stubbed dependencies 2021-02-23 16:29:17 +00:00
Sauyon Lee
23103fd8e0 Add support for 'path/filepath.WalkDir' 2021-02-19 07:59:13 -08:00
Sauyon Lee
41cacd579f Model moved io/ioutil functions 2021-02-19 07:59:12 -08:00
Sauyon Lee
adc2f08b76 Add tests for go 1.16 libraries 2021-02-19 06:25:51 -08:00
Sauyon Lee
62ae3ec7c5 Add extractor test for go 1.16 2021-02-18 14:52:54 -08:00
Sauyon Lee
e6d11fc99e Merge pull request #475 from sauyon/yaml 
Add models for gopkg.in/yaml
 2021-02-16 15:11:47 +00:00
Owen Mansel-Chan
1c6a68ae93 Merge pull request #478 from owen-mc/update-logrus-model 
Simplify Logrus model
 2021-02-16 07:35:44 +00:00
Sauyon Lee
1acbfaafcc Add models for gopkg.in/yaml 2021-02-15 18:27:09 +00:00
Owen Mansel-Chan
a2c0b6ade6 Merge pull request #464 from owen-mc/list-constants-sanitizers 
List of constants sanitizer guards (switch statement in function only)
 2021-02-15 11:39:40 +00:00
Owen Mansel-Chan
ef94cde0b3 Simplify Logrus model 
Make methods which add data to entries sinks in their own right, rather
than trying to track the data flow of the entry to a later logging call.

This may cause some false positives, but only in the situation that
tainted data is added to an entry and that entry is never logged. It will
save us from false negatives when tainted data is added to an entry
which flows across a function boundary to a logging call.
 2021-02-15 09:18:34 +00:00
Owen Mansel-Chan
1dc474650a Model zap 2021-02-11 14:35:36 +00:00
Chris Smowton
2d08173631 Merge pull request #442 from monkey-junkie/main 
[CWE-369] Query for divide by zero detection
 2021-02-11 12:11:45 +00:00
Chris Smowton
617b5510d9 Merge pull request #465 from smowton/smowton/feature/less-equality-test-panic-edges 
Remove panicking edges leading from an equality test where possible
 2021-02-10 08:20:27 +00:00
user
c29ab8958f tests and docs updated 2021-02-10 00:26:46 +03:00
Your Name
4b24e5641e formatting + example 
fix

test fix

Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.qhelp

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.qhelp

Co-authored-by: Chris Smowton <smowton@github.com>
 2021-02-10 00:26:46 +03:00
Your Name
bd09868686 test fixed, comments added 
Update ql/src/experimental/CWE-369/DivideByZero.qhelp

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.qhelp

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.qhelp

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>
 2021-02-10 00:26:46 +03:00
Your Name
8c5e0a42b3 test fixed 
Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>
 2021-02-10 00:26:40 +03:00
Your Name
41e808dab4 conversion detect + tests 2021-02-10 00:26:40 +03:00
Chris Smowton
02d21cfce8 Remove models for html/template execution 
These escape HTML and JavaScript anyhow; because they don't write to their return value they don't quite fit the form of EscapeFunction, so to be expedient I've simply removed their models entirely. Presumably the case where someone HTML-templates something and then uses it for a purpose where HTML sanitisation is insufficient is very rare anyhow.
 2021-02-08 19:55:04 +00:00
Sauyon Lee
00e5b7cdfc InsecureRNG: Select first result in fn only 2021-02-05 22:51:09 -08:00
Chris Smowton
42ff256c42 Remove panicking edges leading from an equality test where possible 
These exist because an equality comparison of explicitly-incomparable interface values can panic, as can comparisons of arrays or structs containing them. Other type comparisons cannot panic.
 2021-02-04 15:58:54 +00:00
Owen Mansel-Chan
36fafadda5 Add fallthrough statements to switch statement tests 2021-02-03 15:26:07 +00:00
Owen Mansel-Chan
a7545cd11b Add test with multiple switch statements 2021-02-03 14:38:53 +00:00
Owen Mansel-Chan
08c59f0f48 Add a default sanitizer guard for list of constants comparison 
Currently it only deals with the case of a switch statement in
a function.
 2021-02-02 16:25:25 +00:00
Sauyon Lee
73dc135480 Move insecure randomness query to cwe-338 
Also give it a precision
 2021-02-02 08:04:12 +00:00
Sauyon Lee
82bd293e5c Polish insecure randomness query 2021-02-02 08:04:11 +00:00
Sauyon Lee
cfb9593af8 Move InsecureRandomness out of experimental 2021-02-01 15:54:51 +00:00
Sauyon Lee
48a52cfd2f Merge pull request #437 from sauyon/goproxy 
Model elazarl/goproxy
 2021-01-28 06:05:52 +00:00
Sauyon Lee
53b468174f Make InsecureHostnameRegex check for rejecting handlers 2021-01-27 17:38:22 +00:00
Sauyon Lee
4712afae83 Add models for github.com/elazarl/goproxy 2021-01-27 17:38:02 +00:00
Sauyon Lee
bf9bba79c2 Add getHeaderValue predicate to HTTP::HeaderWrite 2021-01-27 17:38:01 +00:00
Sauyon Lee
39c33c5db1 Add HTTP handler concept 2021-01-27 17:38:01 +00:00
Sauyon Lee
3ed9e66c7a Add gokit models 2021-01-25 08:15:14 -08:00
Owen Mansel-Chan
b623a4c8ec Add tests for guarding functions proxied by a variable 
Negation doesn't appear to be handled correctly, so one
of the lines is marked as a false positive.
 2021-01-20 14:36:53 +00:00
Owen Mansel-Chan
d8105a5be0 Add tests for Couchbase v2 NoSQL queries 2021-01-13 09:18:54 +00:00
Owen Mansel-Chan
b02fc16dfc Add tests for Couchbase v1 NoSQL queries 2021-01-13 09:18:54 +00:00
Owen Mansel-Chan
2ee20b3026 Add tests for Couchbase v1 2021-01-13 09:18:54 +00:00
Owen Mansel-Chan
d2164e16d1 Switch NoSQL tests to use inline expectations 2021-01-13 09:18:54 +00:00
Chris Smowton
83cee4a334 Add 'git' as a possible command-interpreter, unless arguments are sanitized using "--" 
This is because some git flags can specify arbitrary commands to execute, but its positional arguments cannot, and "--" like in many commands instructs git to consume no further flags.
 2021-01-07 11:54:41 +00:00
Tom Payne
9bbdf86487 Support more regexp anchors 2020-12-23 14:04:33 +01:00
Jason Rogers
baa169cc77 Refactored HTTP tests 
This will align test location with the library.
 2020-12-17 08:10:06 -08:00
Owen Mansel-Chan
dcb6cc3a7c Merge pull request #434 from owen-mc/model-kubernetes-secret 
Model Secret and SecretList from k8s.io/api/core/v1
 2020-12-16 17:17:21 +00:00
Chris Smowton
8060993b3b Merge pull request #430 from smowton/smowton/feature/model-beego-orm 
Model the Beego ORM subpackage
 2020-12-16 16:08:18 +00:00
Owen Mansel-Chan
0cb0879381 Model Secret and SecretList from k8s.io/api/core/v1 2020-12-16 16:03:48 +00:00
Chris Smowton
44a63b2f94 Model the Beego ORM subpackage 2020-12-16 14:39:58 +00:00
Owen Mansel-Chan
87f2cad475 Merge pull request #427 from owen-mc/model-kubernetes-secret 
Model kubernetes SecretInterface
 2020-12-15 17:12:45 +00:00
Owen Mansel-Chan
0980a50627 Remove erroneous import from stub 2020-12-15 16:00:58 +00:00
Owen Mansel-Chan
676ca529b5 Add tests 2020-12-15 16:00:58 +00:00
Chris Smowton
8e7abbac0a Model Beego web framework 
This excludes the ORM, email and validation components, which I will follow up with seperately.
 2020-12-15 14:04:36 +00:00