hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 06:42:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,876 Commits 1,684 Branches 159 Tags
a152eec9f22f4fa2ef17017ca53619dfa2ff3195
Commit Graph

1356 Commits

Author SHA1 Message Date
Chris Smowton
a152eec9f2 Add test for ExtractTupleElementInstruction.getResultType() 2021-04-21 12:33:51 +01:00
Chris Smowton
4fb714f445 Simplify implementation of ExtractTupleElementInstruction.getResultType 2021-04-21 12:33:00 +01:00
Sauyon Lee
50bb6187b8 Revert ReflectedXss.go to example 2021-04-20 23:27:03 -07:00
Sauyon Lee
d1daca541e Add types for more tuple extractions 
Specifically, extractions where the RHS is a map element read or a channel receive
will now have types.
 2021-04-20 14:23:31 -07:00
Sauyon Lee
ba2da6d9a9 Add test exercising channel data flow 2021-04-20 14:23:31 -07:00
Chris Smowton
0cef5fb5d0 Add test case for map extraction 2021-04-20 14:23:29 -07:00
Chris Smowton
b2e92fa084 Remove needless model of Part.Read 
Read already gets a model as an implementation of the `Reader` interface.
 2021-04-20 11:05:36 +01:00
Chris Smowton
948e064440 Fix mis-modelling Part.Read 2021-04-20 11:03:17 +01:00
Chris Smowton
027a540c67 Update test expectations now that tuple-extracts not method calls are sources 2021-04-19 17:05:50 +01:00
Chris Smowton
a367950014 Restore OpenRedirect's exclusion of POST-only request components 2021-04-19 17:05:23 +01:00
Chris Smowton
7d258ae722 Improve net/http taint-tracking fidelity 
* Don't taint error returns from http.Request methods
* Track taint across mime/multipart.Part methods
 2021-04-19 16:05:23 +01:00
Sauyon Lee
80fe7384cd Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2021-04-09 14:30:23 +01:00
Sauyon Lee
4462948cfc Add a new diagnostics file class and use it for errors 2021-04-09 14:30:23 +01:00
Slavomir
8e839f376e Put all tests file in to the CleverGo folder instead of having dedicated folders for each test. 2021-04-09 08:38:37 +01:00
Slavomir
4ae5bdbbec Improve naming of files and elements. 2021-04-09 08:38:37 +01:00
Slavomir
7ea0434514 Move clevergo framework to experimental 2021-04-09 08:38:37 +01:00
Slavomir
3915305361 Refactor and improve HTTP:ResponseBody models and tests 2021-04-09 08:38:37 +01:00
Slavomir
8c18aa6cbd Simplify HTTP::HeaderWrite 2021-04-09 08:38:37 +01:00
Slavomir
7edf739602 Model HTTP::HeaderWrite; regenerate stubs 2021-04-09 08:38:37 +01:00
Slavomir
93ff2459d1 Use docs instead of comments for classes. 2021-04-09 08:38:36 +01:00
Slavomir
0fe7050e7e Add models for HTTP::ResponseBody 2021-04-09 08:38:36 +01:00
Slavomir
98b3cc2dc4 Fix autoformatting 2021-04-09 08:38:36 +01:00
Slavomir
c53d8d3e56 Add http redirect model 2021-04-09 08:38:36 +01:00
Slavomir
55c8d9b22c Make naming more consistent 2021-04-09 08:38:36 +01:00
Slavomir
1de7196060 Regenerate dep stubs 2021-04-09 08:38:36 +01:00
Slavomir
0c1ae62ce9 Use //go:generate depstubber --vendor --auto 2021-04-09 08:38:36 +01:00
Slavomir
f95f35387f Cleanup comments 2021-04-09 08:38:36 +01:00
Slavomir
bdc5f90c97 Cleanup comments 2021-04-09 08:38:36 +01:00
Slavomir
d3d7d2d103 Simplify UntrustedSources struct fields 2021-04-09 08:38:36 +01:00
Slavomir
c01259ec2c Simplify UntrustedSources interface methods 2021-04-09 08:38:36 +01:00
Slavomir
54abdf1a95 Regenerate tests 2021-04-09 08:38:36 +01:00
Slavomir
a6c1acfaba Fix imports 2021-04-09 08:38:36 +01:00
Slavomir
a90f609c53 Manually add packagePath() predicate 2021-04-09 08:38:36 +01:00
Slavomir
928c12da57 Simplify UntrustedSources methods 2021-04-09 08:38:36 +01:00
Slavomir
34dcf83e11 Fix module doc 2021-04-09 08:38:36 +01:00
Slavomir
11326eb34c Update ql/src/semmle/go/frameworks/CleverGo.qll 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2021-04-09 08:38:36 +01:00
Slavomir
c4ee6175b8 Add back bindingset to packagePath 2021-04-09 08:38:36 +01:00
Slavomir
7c62c63584 codeql: add packagePath predicate 2021-04-09 08:38:36 +01:00
Slavomir
dfbad0edb9 Regenerate code implementing the code review feedback 2021-04-09 08:38:36 +01:00
Slavomir
1bfe395662 Remove import DataFlow::PathGraph 2021-04-09 08:38:36 +01:00
Slavomir
6d9b7d3240 Add web framework: clevergo 2021-04-09 08:38:35 +01:00
Slavomir
68c0073c0b Use PassthroughTypeName instead of string 2021-04-08 14:24:35 +01:00
Slavomir
7c35902724 Use DataFlow::Node as parameters 2021-04-08 14:24:35 +01:00
Slavomir
dc95902e56 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-08 14:24:35 +01:00
Slavomir
1a9b09e8bd Add NumericType sanitizer 2021-04-08 14:24:35 +01:00
Slavomir
541c411086 Add isSanitizer predicate to FlowConfFromUntrustedToTemplateExecutionCall, and a test for it 2021-04-08 14:24:35 +01:00
Slavomir
8f124f8395 Add missing docs 2021-04-08 14:24:35 +01:00
Slavomir
e2b7c035ad Use only one instance of TaintTracking. 2021-04-08 14:24:35 +01:00
Slavomir
280ffdf060 Fix test 2021-04-08 14:24:35 +01:00
Slavomir
5351a8eeb7 Use TaintTracking an TaintTracking2 2021-04-08 14:24:35 +01:00