Owen Mansel-Chan
d8891e34d1
Small improvement to go/unhandled-writable-file-close
2025-10-02 15:15:51 +01:00
Owen Mansel-Chan
7fdda87b06
Fix go/impossible-interface-nil-check for separate post-update nodes
...
When tracing back from nil checks on interfaces, ignore post-update
nodes. There will always be a corresponding pre-update node that
contains the information we want.
2025-10-02 12:34:58 +01:00
Owen Mansel-Chan
2629369c93
Improve additional flow step for Host field
2025-10-01 16:18:05 +01:00
Owen Mansel-Chan
c006777714
Simplify PathAssignmentBarrier
2025-10-01 16:18:03 +01:00
Owen Mansel-Chan
6d6852fb8d
Test PathAssignmentBarrier for OpenUrlRedirect
2025-10-01 16:18:02 +01:00
Owen Mansel-Chan
f0f5fc7eac
Improve SSRF additional flow step
2025-10-01 16:18:00 +01:00
Owen Mansel-Chan
c9ce2c8043
Add test for assignment to Url.Host field
2025-10-01 16:17:58 +01:00
Owen Mansel-Chan
8b04d0a2b9
Convert SSRF tests to inline expectations tests
2025-10-01 16:17:57 +01:00
Owen Mansel-Chan
6e4dbe8e22
Fix SafeUrlFlow so test passes
2025-10-01 16:17:52 +01:00
Owen Mansel-Chan
620ae33e0c
Make SafeUrlFlow test more comprehensive (failing)
2025-10-01 16:17:04 +01:00
Owen Mansel-Chan
8a21a4ff92
Deprecate WriteNode.writesComponent
2025-10-01 16:13:33 +01:00
Owen Mansel-Chan
59e3c14a5e
Add and use WriteNode.writesElementPreUpdate
2025-10-01 16:13:31 +01:00
Owen Mansel-Chan
6fcd35885e
Fix pointer content store step for write to field of pointer dereference
2025-10-01 16:13:29 +01:00
Owen Mansel-Chan
2ffb638b7e
Delete WriteNode.writesFieldOnSsaWithFields
...
This can be easily expressed in terms of `WriteNode.writesFieldPreUpdate`.
2025-10-01 16:13:27 +01:00
Owen Mansel-Chan
489b8431ea
Add and use WriteNode.writesFieldPreUpdate
2025-10-01 16:13:25 +01:00
Owen Mansel-Chan
c9a2816bfe
Fix OpenUrlRedirect barrier for write to Url.Host
2025-10-01 16:13:24 +01:00
Owen Mansel-Chan
414bab1f30
Add OpenUrlRedirect tests for Url.Host field
2025-10-01 16:13:22 +01:00
Owen Mansel-Chan
1144bb99b4
Convert OpenUrlRedirect tests to InlineExpectations
2025-10-01 16:13:21 +01:00
Owen Mansel-Chan
7b426186aa
Rephrase change note to avoid technical terms
2025-10-01 16:13:19 +01:00
Owen Mansel-Chan
630a8446ad
Rename confusing predicate and add qldoc
2025-10-01 16:13:17 +01:00
Owen Mansel-Chan
b1bcbec37d
Use slightly less confusing syntax
2025-10-01 16:13:15 +01:00
Owen Mansel-Chan
1d9a93a731
Rename helper predicate
2025-10-01 16:13:14 +01:00
Owen Mansel-Chan
4ee236d73f
Delete commented out code
2025-10-01 16:13:12 +01:00
Owen Mansel-Chan
25f182302d
Fix email injection sink that needs local flow
2025-10-01 16:13:10 +01:00
Owen Mansel-Chan
f5f6d64d9d
Add change notes
2025-10-01 16:13:08 +01:00
Owen Mansel-Chan
52b6539697
Typo
...
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
2025-10-01 16:13:06 +01:00
Owen Mansel-Chan
a9420d46c8
Fix bad join order
2025-10-01 16:13:04 +01:00
Owen Mansel-Chan
6cb69535a5
Add missing qldocs
2025-10-01 16:13:03 +01:00
Owen Mansel-Chan
5efc8ac1a4
Fix backwards flow through TaintTracking::FunctionModel
...
We only do this for taint models as there isn't any backwards flow
through data flow function models.
2025-10-01 16:13:01 +01:00
Owen Mansel-Chan
3906f2560d
Adjust Stack Exposure test so it passes
...
A minor bug in our CFG means that we evaluate the base of a
SliceExpr before the bounds. Since the bounds may have side
effects, as in this case, it would be better to evaluate them first.
But in the short term I am just adjusting the test to make it work.
2025-10-01 16:12:59 +01:00
Owen Mansel-Chan
62155876c5
Fix flow to variable capture
...
The jump step to a `SsaCaptureVariable` should start at the last use
before it, rather than from the previous definition.
2025-10-01 16:12:57 +01:00
Owen Mansel-Chan
748c53a791
Refactor: Create writesFieldOnSsaWithFields
2025-10-01 16:12:56 +01:00
Owen Mansel-Chan
cf6cfe2a1e
Non-initializing writes should target post-update nodes
2025-10-01 16:12:54 +01:00
Owen Mansel-Chan
8a3bd8408b
Fix test expectations for Cleartext Logging
...
One spurious alert was removed, one missing alert was added, and some
source locations changed.
2025-10-01 16:12:52 +01:00
Owen Mansel-Chan
3229630598
Make store step to send stmt's channel use post-update node
2025-10-01 16:12:51 +01:00
Owen Mansel-Chan
ac71f9cd8e
Expected change in test output
...
These sources are now modeled using models-as-data, which (probably
correctly) uses the post-update node as the source. But the deprecated
QL models still exist, so we get two test results for each of these
calls.
2025-10-01 16:12:49 +01:00
Owen Mansel-Chan
d2230c531d
Expected changes in test output
2025-10-01 16:12:47 +01:00
Owen Mansel-Chan
118def8d28
Make separate post-update nodes
2025-10-01 16:12:45 +01:00
Owen Mansel-Chan
a0c647ce83
Add Email Injection tests for reverse flow models
2025-10-01 16:12:43 +01:00
Owen Mansel-Chan
9892836f14
Switch order of PUN test output
2025-10-01 16:12:42 +01:00
Owen Mansel-Chan
89ae0e3bf3
Inline predicate only used once
2025-10-01 16:12:40 +01:00
Owen Mansel-Chan
05a16dc100
Convert post-update logic to IR (part 3)
2025-10-01 16:12:38 +01:00
Owen Mansel-Chan
ad1801827b
Implement writesComponent at IR level
2025-10-01 16:12:37 +01:00
Owen Mansel-Chan
203952fa47
Convert post-update logic to IR (part 2)
...
Note that we don't create post-update nodes for method receivers if the
call to the method is indirect, via a function variable. We could aim to
do this in future.
2025-10-01 16:12:35 +01:00
Owen Mansel-Chan
c8b8e25fbb
Convert post-update logic to IR (part 1)
2025-10-01 16:12:34 +01:00
Owen Mansel-Chan
7a515c101a
Pull out post-update node logic into predicate
2025-10-01 16:12:32 +01:00
Owen Mansel-Chan
d13d7173ed
Fix QLDoc typo
2025-10-01 16:12:30 +01:00
Owen Mansel-Chan
14301e0af4
Expected changes in dataflow edges
2025-10-01 16:12:28 +01:00
Owen Mansel-Chan
c20abf6d58
Line numbers change because 3 lines were added
2025-10-01 16:12:27 +01:00
Owen Mansel-Chan
521066578b
Test result that was missing is now found
2025-10-01 16:12:25 +01:00
