Slavomir
75751d732b
Add taint-tracking for package net/mail
2020-09-20 15:01:42 +02:00
Slavomir
e6cb8fe5ce
Add taint-tracking for package net/http/httputil
2020-09-20 15:01:42 +02:00
Slavomir
85f9760662
Move existing net/http classes from private module StdlibHttp to stdlib.NetHttp
2020-09-20 15:01:41 +02:00
Slavomir
e66fcef396
Add taint-tracking for net/http package
2020-09-20 15:01:41 +02:00
Slavomir
fa04d5a74d
Add taint-tracking for package net
2020-09-20 15:01:41 +02:00
Chris Smowton
fee596ac83
Merge pull request #343 from smowton/smowton/feature/chi-models
...
Add models for the Chi web framework
2020-09-16 11:38:08 +01:00
Chris Smowton
1bf366c1e3
Add models for the Chi web framework
...
This is mostly simple as the framework uses ordinary net/http methods and ordinary Go contexts for most purposes.
2020-09-16 09:14:23 +01:00
Max Schaefer
88e03c3ee5
Merge pull request #322 from gagliardetto/standard-lib-pt-11
...
Add taint-tracking for packages in `html/*`
2020-09-15 17:54:35 +01:00
Slavomir
a340270dc1
Move html TemplateEscape out of Texttemplate module
2020-09-14 15:47:52 +02:00
Slavomir
9a560e994c
Remove redundant field
2020-09-14 15:47:51 +02:00
Slavomir
ce67720542
Add taint-tracking for html/template package.
2020-09-14 15:47:51 +02:00
Slavomir
35136bbb2c
Add escape function.
2020-09-14 15:47:51 +02:00
Slavomir
52d4c71ec2
Add taint-tracking for html package.
2020-09-14 15:47:51 +02:00
Chris Smowton
8d7cbe3aa5
Merge pull request #323 from gagliardetto/standard-lib-pt-8
...
Add taint-tracking for packages in `encoding/*`
2020-09-14 14:41:19 +01:00
Chris Smowton
3ba85576ea
Merge pull request #338 from smowton/smowton/admin/update-dataflow-libs-2020-09-14
...
Port codeql#4238 (Dataflow: small fixes for naming in taint tracking)…
2020-09-14 14:19:06 +01:00
Slavomir
4c2537017f
Fix TaintStep.expected: add params to json.MarshalIndent
2020-09-14 13:10:25 +02:00
Slavomir
64a61bd648
Remove redundant taint-tracking from MarshalingFunction and UnmarshalingFunction classes in EncodingXml module.
2020-09-14 13:10:25 +02:00
Slavomir
947bbabf62
Extend MarshalingFunction and UnmarshalingFunction with encoding/pem
2020-09-14 13:10:25 +02:00
Slavomir
d472d5abe5
Remove redundant taint-tracking from MarshalingFunction and UnmarshalingFunction classes in EncodingJson module.
2020-09-14 13:10:25 +02:00
Slavomir
ed2e5b0f92
Extend MarshalingFunction and UnmarshalingFunction with encoding/asn1
2020-09-14 13:10:25 +02:00
Slavomir
afede9bde5
Remove encoder taint-tracking for encoding/hex
2020-09-14 13:10:25 +02:00
Slavomir
96a700becb
Remove encoder taint-tracking for encoding/base64
2020-09-14 13:10:25 +02:00
Slavomir
0baca5fa6c
Remove encoder taint-tracking for encoding/base32
2020-09-14 13:10:25 +02:00
Slavomir
828d3863a0
Remove encoder taint-tracking for encoding/ascii85
2020-09-14 13:10:25 +02:00
Slavomir
f3a61ed65c
Add MarshalFunction and UnmarshalFunction classes to EncodingXml module.
2020-09-14 13:10:25 +02:00
Slavomir
b4ff653071
Add taint-tracking for encoding/xml
2020-09-14 13:10:25 +02:00
Slavomir
e7fc3c5039
Add taint-tracking for encoding/pem
2020-09-14 13:10:25 +02:00
Slavomir
669ed91b0b
Move EncodingJson to stdlib; add Escape class.
2020-09-14 13:10:25 +02:00
Slavomir
24c23ba333
Add taint-tracking for encoding/json
2020-09-14 13:10:25 +02:00
Slavomir
f5fc9494fc
Remove old EncodingHex module
2020-09-14 13:10:25 +02:00
Slavomir
74fdfba85c
Add taint-tracking for encoding/hex
2020-09-14 13:10:25 +02:00
Slavomir
7a42992850
Add taint-tracking for encoding/gob
2020-09-14 13:10:25 +02:00
Slavomir
57518c7e3d
Add taint-tracking for encoding/csv
2020-09-14 13:10:25 +02:00
Slavomir
df55bb459f
Add taint-tracking for encoding/binary
2020-09-14 13:10:25 +02:00
Slavomir
20b4826e8e
Add taint-tracking for encoding/base64
2020-09-14 13:10:25 +02:00
Slavomir
7060367de5
Add taint-tracking for encoding/base32
2020-09-14 13:10:24 +02:00
Slavomir
ba78eda277
Add taint-tracking for encoding/asn1
2020-09-14 13:10:24 +02:00
Slavomir
412ba1263b
Add taint-tracking for encoding/ascii85
2020-09-14 13:10:24 +02:00
Slavomir
a47842d1c3
Add taint-tracking for package encoding
2020-09-14 13:10:24 +02:00
Chris Smowton
86ed037fd3
Port codeql#4238 (Dataflow: small fixes for naming in taint tracking) to Go's local copy of the dataflow libs
2020-09-14 12:01:30 +01:00
Chris Smowton
362d210bc5
Merge pull request #330 from smowton/smowton/admin/standard-lib-pt-21-with-sanitiser
...
Move `strconv` and `strings` packages' taint-tracking to stdlib, and expand them + sanitise substrings of the HTTP Authorization header
2020-09-14 11:25:57 +01:00
Chris Smowton
b9b306aade
CleartextLogging: sanitize strings.Split(authheader, ":")[0] and similar
...
These can represent a username, method name or other non-sensitive component of an Authorization header. For greater precision we could split the query into one investigating Authorization headers and one investigating other sources of sensitive data that can't be sanitized by splitting this way.
2020-09-14 09:46:14 +01:00
Slavomir
cf29f9dede
Remove taint-tracking on single bytes and runes
2020-09-14 09:46:14 +01:00
Slavomir
6d3e6ded26
Fix: the Append* functions do not modify the dst slice argument.
2020-09-14 09:46:14 +01:00
Slavomir
9293bcde1d
Fix ql/test/library-tests/semmle/go/frameworks/TaintSteps/TaintStep.expected: calls to strings.NewReader are a step now.
2020-09-14 09:46:14 +01:00
Slavomir
3075294cd8
Move strings module to stdlib, and add more taint-tracking classes to it.
2020-09-14 09:46:13 +01:00
Slavomir
42c7f8cc0d
Add taint-tracking for strconv package; rename module StrConv to Strconv and move into stdlib
2020-09-14 09:44:25 +01:00
Max Schaefer
b8d36b936e
Merge pull request #321 from gagliardetto/standard-lib-pt-14
...
Add taint-tracking for packages inside `mime/*`
2020-09-14 09:26:29 +01:00
Max Schaefer
c10942d044
Merge pull request #320 from gagliardetto/standard-lib-pt-24
...
Add taint-tracking for packages inside `text/*`
2020-09-11 15:57:14 +01:00
Max Schaefer
c889bc3dae
Merge branch 'main' into standard-lib-pt-24
2020-09-11 14:09:50 +01:00
