hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 23:02:56 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,746 Commits 1,684 Branches 159 Tags
870fcb453101a12eeafc484d8b15d0983bc30321
Commit Graph

1042 Commits

Author SHA1 Message Date
Sauyon Lee
c2321bd365 Add support for XSS sink kinds 2021-03-18 10:51:16 -07:00
Sauyon Lee
9f5a9cf7b8 Add HTTP template response body concept 2021-03-18 10:51:15 -07:00
Sauyon Lee
844f0e49a6 Add getEnclosingTextNode to template statements 2021-03-18 10:51:15 -07:00
Sauyon Lee
96d2777431 Add models for Revel raw templates 2021-03-18 10:51:14 -07:00
Sauyon Lee
4932574083 Add HTML template variable model 2021-03-18 10:51:14 -07:00
Sauyon Lee
e3f68771fc Add VariableWithFields 2021-03-18 10:51:13 -07:00
Sauyon Lee
8438b893ec Add HTML tracing capability 2021-03-18 10:51:12 -07:00
sn00py
263d813b58 Merge branch 'main' into add-transport-roundtrip 2021-03-16 23:54:53 +08:00
Owen Mansel-Chan
f9c4e12c95 Make this. explicit 2021-03-16 13:40:58 +00:00
Owen Mansel-Chan
ea7ecbaa55 Add hint so optimizer doesn't choose bad join order 2021-03-16 13:40:58 +00:00
Owen Mansel-Chan
c940eb61e7 Cache TControlFlowNode 2021-03-16 13:40:58 +00:00
snoopywu
cee30cfde4 fix: autoformat 2021-03-16 01:43:33 +08:00
sn00py
00f12f9210 Update ql/src/semmle/go/frameworks/stdlib/NetHttp.qll 
Co-authored-by: Sauyon Lee <sauyon@github.com>
 2021-03-16 00:41:52 +08:00
snoopywu
e1219480d8 Add Transport.RoundTrip() 2021-03-13 03:17:58 +08:00
Sauyon Lee
db20119267 Remove now-unnecessary bindingset annotations 2021-03-10 08:58:45 -08:00
Sauyon Lee
8ad1010860 Restrict 'package' to real package paths 2021-03-10 08:58:41 -08:00
Owen Mansel-Chan
0a48fef0e7 Model Apply methods correctly 
They were accidentally modeled as functions
 2021-03-05 15:55:44 +00:00
Owen Mansel-Chan
f6ff3c009e Merge branch 'main' into sync-dataflow-libraries 2021-02-24 14:14:44 +00:00
Sauyon Lee
a4b701d2c5 Merge pull request #480 from sauyon/go116 
Add preliminary support for go 1.16
 2021-02-23 08:16:12 -08:00
Owen Mansel-Chan
ff317e63de Remove http:// in package path 2021-02-22 15:11:59 +00:00
Owen Mansel-Chan
f32b4883bf Make use of URLs in comments more consistent 2021-02-22 15:08:20 +00:00
Owen Mansel-Chan
370afe3383 Fix incorrect calls to package() 2021-02-22 15:08:20 +00:00
Owen Mansel-Chan
083512acef Add extra module path for xmlpath package 2021-02-22 15:08:20 +00:00
Owen Mansel-Chan
2bcf73c9fb Add new module path for beego 
Beego moved from astaxie/beego to beego/beego on 13 Dec 2020. The
old location still works but is not being updated.
 2021-02-22 11:38:13 +00:00
Sauyon Lee
23103fd8e0 Add support for 'path/filepath.WalkDir' 2021-02-19 07:59:13 -08:00
Sauyon Lee
41cacd579f Model moved io/ioutil functions 2021-02-19 07:59:12 -08:00
Sauyon Lee
4056ac4ab5 os.FileInfo -> io/fs.FileInfo 2021-02-19 06:25:52 -08:00
Sauyon Lee
a327fb7e97 Add support for go 1.16 frameworks 2021-02-19 06:25:51 -08:00
Owen Mansel-Chan
fbbe4692d8 Re-add call to defaultTaintSanitizerGuard() 2021-02-19 14:16:19 +00:00
Owen Mansel-Chan
1c1ebf817f Rename default taint sanitizer predicate 
`defaultTaintSanitizer()` is referenced in one of the files that
gets synced, so it is better for us to not change its name. We should
also keep `defaultTaintSanitizerGuard()` consistent.
 2021-02-19 14:14:12 +00:00
Owen Mansel-Chan
24d35c35a1 Add Unit class to DataFlowPrivate 2021-02-17 16:42:17 +00:00
Owen Mansel-Chan
4f55ecc995 Sync dataflow libraries 2021-02-17 16:32:16 +00:00
Sauyon Lee
e6d11fc99e Merge pull request #475 from sauyon/yaml 
Add models for gopkg.in/yaml
 2021-02-16 15:11:47 +00:00
Owen Mansel-Chan
1c6a68ae93 Merge pull request #478 from owen-mc/update-logrus-model 
Simplify Logrus model
 2021-02-16 07:35:44 +00:00
Sauyon Lee
1acbfaafcc Add models for gopkg.in/yaml 2021-02-15 18:27:09 +00:00
Owen Mansel-Chan
a2c0b6ade6 Merge pull request #464 from owen-mc/list-constants-sanitizers 
List of constants sanitizer guards (switch statement in function only)
 2021-02-15 11:39:40 +00:00
Owen Mansel-Chan
6d29a35ac9 Factor the duplicate code in LogCall 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-02-15 11:20:19 +00:00
Owen Mansel-Chan
68c54d43e6 Move code to TaintTrackingUtil.qll 2021-02-15 10:18:00 +00:00
Owen Mansel-Chan
ef94cde0b3 Simplify Logrus model 
Make methods which add data to entries sinks in their own right, rather
than trying to track the data flow of the entry to a later logging call.

This may cause some false positives, but only in the situation that
tainted data is added to an entry and that entry is never logged. It will
save us from false negatives when tainted data is added to an entry
which flows across a function boundary to a logging call.
 2021-02-15 09:18:34 +00:00
Owen Mansel-Chan
1dc474650a Model zap 2021-02-11 14:35:36 +00:00
Chris Smowton
2d08173631 Merge pull request #442 from monkey-junkie/main 
[CWE-369] Query for divide by zero detection
 2021-02-11 12:11:45 +00:00
Chris Smowton
b84aef6b83 Prevent getACalleeSource() from sharing magic with other users of getASuccessor* 
This avoids recursion through the magic side-condition as each discovery of a ListOfConstantsComparisonSanitizerGuard expands the set of things whose getASuccessor* is wanted, which in turn enlarges the set of transitive successors and causes getACalleeSource() to be pointlessly recomputed (pointlessly because all exprNode(getCalleeExpr())s were already computed)
 2021-02-11 10:29:30 +00:00
Chris Smowton
617b5510d9 Merge pull request #465 from smowton/smowton/feature/less-equality-test-panic-edges 
Remove panicking edges leading from an equality test where possible
 2021-02-10 08:20:27 +00:00
user
c29ab8958f tests and docs updated 2021-02-10 00:26:46 +03:00
Your Name
4b24e5641e formatting + example 
fix

test fix

Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.qhelp

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.qhelp

Co-authored-by: Chris Smowton <smowton@github.com>
 2021-02-10 00:26:46 +03:00
Your Name
bd09868686 test fixed, comments added 
Update ql/src/experimental/CWE-369/DivideByZero.qhelp

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.qhelp

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.qhelp

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>
 2021-02-10 00:26:46 +03:00
Your Name
8c5e0a42b3 test fixed 
Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>
 2021-02-10 00:26:40 +03:00
Your Name
41e808dab4 conversion detect + tests 2021-02-10 00:26:40 +03:00
Your Name
a77f36fba8 formatting fix 
Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>
 2021-02-10 00:26:33 +03:00
Chris Smowton
ef658b292a Fix join order for ListOfConstantsComparisonSanitizerGuard 2021-02-09 19:42:23 +00:00