hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-31 15:22:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,054 Commits 1,684 Branches 159 Tags
7f980a4901452f184da21200a6e4eda8bd16d886
Commit Graph

634 Commits

Author SHA1 Message Date
dilanbhalla
7f980a4901 pr fixes 2020-08-14 00:45:08 -07:00
dilanbhalla
40d3f22193 fixing commit error 2020-08-12 10:49:11 -07:00
dilanbhalla
37eca95d44 restructured library 2020-08-11 23:53:50 -07:00
dilanbhalla
79002b0c38 pr fixes 2020-08-11 10:34:45 -07:00
dilanbhalla
4433f193f9 pr fixes for typo and qldoc 2020-08-10 16:06:02 -07:00
dilanbhalla
7ce9e976c2 removing precision tag 2020-08-10 12:06:10 -07:00
dilanbhalla
95342cdea7 adding go crypto library 2020-08-10 11:56:41 -07:00
Max Schaefer
2ef421255a Add a clarifying comment. 2020-08-10 14:49:19 +01:00
Max Schaefer
c2a26f8ec9 Don't allow varargs as function outputs. 
In a call of the form `f(xs...)`, when we say that `f` taints its 0th argument its ambiguous whether that means that it taints the slice `xs` or its 0th element `xs[0]`.

In practice, it's usually the latter, but we have no way of expressing that using our current `FunctionOutput` implementation.
 2020-08-10 07:30:23 +01:00
Max Schaefer
bdfd1d131f Teach extractor to record the presence of an ellipsis in a call expression. 2020-08-10 07:30:23 +01:00
Slavomir
df71f0bf8b Remove ReadByte, WriteByte, ReadRune, WriteRune 2020-08-04 17:53:50 +03:00
Slavomir
c1f2e77488 Fix generated codeql 2020-08-04 17:11:55 +03:00
Slavomir
6b1bbf16aa Remove taint-tracking for objects that implement io.Reader 2020-08-04 16:01:30 +03:00
Slavomir
3fd6062b3d Add taint-tracking for package "bytes" 2020-08-04 14:15:26 +03:00
Slavomir
dd8e1243a2 Add bufio taint-tracking 2020-08-04 14:11:00 +03:00
Max Schaefer
b057cbee7b Merge pull request #256 from smowton/smowton/admin/cwe-327-cleanup 
Polish CWE-327 (weak TLS config) query
 2020-08-03 10:28:53 +01:00
Max Schaefer
f6da34b546 Speed up unresolvedReference. 2020-07-31 14:13:05 +01:00
Chris Smowton
2a7754af59 Factor ErrorType out of two duplicate tests 2020-07-30 17:25:53 +01:00
Chris Smowton
4b6810eefc InsecureFeatureFlag: make getAFlag a member of FlagKind 2020-07-30 17:23:01 +01:00
Chris Smowton
7dd20107fe Insecure-TLS query: trivial style and typo fixes 2020-07-30 17:18:54 +01:00
Max Schaefer
2134757ebf Merge pull request #261 from smowton/smowton/admin/cleanup-cwe-322 
Polish CWE-322: detect and exclude cases where host-checking is optional
 2020-07-30 10:38:57 +01:00
Chris Smowton
cce3a70412 Insecure-TLS: restrict sources to potentially interesting integers. 2020-07-29 16:46:36 +01:00
Chris Smowton
d0e86f787d SSH host checking: Expand definition of a host-key checking function to include calls with multiple return types 
For example, https://godoc.org/golang.org/x/crypto/ssh/knownhosts#New returns a host-key checker and an error value, and we previously didn't consider the first return value a candidate checker function.
 2020-07-29 16:06:38 +01:00
Chris Smowton
e89cd16cb1 Move query-specific flag definitions into their respective .ql files 2020-07-29 15:21:49 +01:00
Chris Smowton
f31ed52943 Clean up InsecureFeatureFlag 
Move the flag regexes inline, use `any` instead of a constructor function to select a particular flag kind, and remove explicit limitation on the common superclass FlagKind.
 2020-07-29 15:15:50 +01:00
Chris Smowton
f162a5be94 Promote CWE-322 out of experimental status 2020-07-29 14:43:47 +01:00
Chris Smowton
99f08750f3 Polish CWE-322: detect and exclude cases where host-checking is optional 2020-07-29 14:43:47 +01:00
Max Schaefer
2831ffdad0 Merge pull request #270 from smowton/smowton/cleanup/ricterz-libraries 
Add support for Gorm, Gorestful, Sqlx and Json-iterator
 2020-07-29 14:21:41 +01:00
Max Schaefer
f8b8af5ac5 Merge pull request #269 from aibaars/lgtm-suites 
CodeQL: complete LGTM suites
 2020-07-29 07:19:41 +01:00
Arthur Baars
0db8ba881b CodeQL: complete LGTM suites 2020-07-28 20:36:53 +02:00
Chris Smowton
abfae4365f Move CWE-327 out of experimental 2020-07-28 15:47:44 +01:00
Chris Smowton
0e6feb923c Add test for json-iterator package, and support more of its API 
Specifically the top-level functions Unmarshal and UnmarshalFromString are just convenience wrappers around the type API, which is the usual documented way to use the library.
 2020-07-28 14:52:10 +01:00
Chris Smowton
a813607a76 go-restful model: Add support for ReadEntity method 2020-07-28 14:52:10 +01:00
Chris Smowton
3c4a1b90fe Add test for Go-restful 2020-07-28 14:52:10 +01:00
Chris Smowton
b96546b0f8 Improve style of library models 2020-07-28 14:40:48 +01:00
Max Schaefer
e9ae697d0d Merge pull request #251 from gagliardetto/standard-lib-pt-1 
Add taint-tracking for archive/tar and archive/zip
 2020-07-28 14:27:02 +01:00
Chris Smowton
88cb435843 Split security flags into more distinct categories 
There are now three categories: general security or option flags, those related to TLS version selection, and those related to certificate configuration. The TLS and disabled-certificate-check queries use two categories each.
 2020-07-28 13:54:37 +01:00
Chris Smowton
3c244e2235 Insecure-TLS: remove obsolete TODO 
The case noted works fine.
 2020-07-28 13:04:16 +01:00
Chris Smowton
9b4e189374 Insecure-TLS: Use DataFlow::Node::getRoot, and factor getEnclosingFunction 2020-07-28 11:55:58 +01:00
Chris Smowton
db9760082d Insecure-TLS: simplify warning message 2020-07-28 11:55:58 +01:00
Chris Smowton
2a0642b67b Insecure-TLS: remove is-test-file filter 2020-07-28 11:55:58 +01:00
Chris Smowton
d0c76187da Fix comment 2020-07-28 11:55:58 +01:00
Chris Smowton
a10db25b7d Remove redundant constraint 2020-07-28 11:55:58 +01:00
Chris Smowton
779901cdbd Reference Mozilla's TLS advice in qhelp 2020-07-28 11:55:58 +01:00
Chris Smowton
21d107e0e9 Check for suspected feature-flags more uniformly 
These are now checked of all source *and* sink nodes, and the checks are factored with similar paths for is-insecure and is-old flags.
 2020-07-28 11:55:58 +01:00
Chris Smowton
7d294c5d81 Factor and generalise InsecureFeatureFlag 
The same path is now used to classify flags relating to old/legacy versions.
 2020-07-28 11:21:51 +01:00
Chris Smowton
34c8cc5019 Improve documentation and function naming 2020-07-28 11:21:51 +01:00
Chris Smowton
17200a8569 Use SsaWithFields to find similar good-tls-version flows 
Note: if accepted, merge this into a previous commit before submitting the PR
 2020-07-28 10:31:45 +01:00
Chris Smowton
a7e549e771 Exclude TLS version sources accompanied by a non-nil error 
It is common to return 0 has a dummy value with an error; these are very likely not going to be used as a real TLS version.
 2020-07-28 10:31:44 +01:00
Chris Smowton
af960ed2cd Exclude more hits whose context suggests an intentionally old TLS configuration 2020-07-28 10:31:44 +01:00