hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-29 22:32:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,452 Commits 1,684 Branches 159 Tags
a78c35b95ea39df22e8f62386e452602d3d8a03e
Commit Graph

871 Commits

Author SHA1 Message Date
Sauyon Lee
a78c35b95e Simplify net/http ResponseBody logic 2020-11-06 11:18:46 +00:00
Sauyon Lee
8a306af77b Make HTTP::ResponseWriter handle PostUpdateNodes in getANode 2020-11-06 11:18:46 +00:00
Chris Smowton
3817ae80e5 Add support for html.Render method. 
This entails generalising Http::ResponseBody to account for any modelled function writing to a ResponseWriter.
 2020-11-06 11:04:53 +00:00
Chris Smowton
02f353eabd Add models for the read side of golang.org/x/net/html 
This covers cases where an HTML document is retrieved and then parts of its structure are output without proper escaping.
 2020-11-06 11:04:53 +00:00
Chris Smowton
03bbef7286 Add models for the read side of golang.org/x/net/html 
This covers cases where an HTML document is retrieved and then parts of its structure are output without proper escaping.
 2020-11-06 11:04:53 +00:00
Chris Smowton
3b927f3b6b CFG: fix lastNode relating to assignments with underscores on the LHS 
For example, "x, _ := a, b" would produce an incorrect CSV that branched to the next statement after evaluating "b", skipping the assignment to 'x'. We already had test coverage for function returns, so I'm reasonably confident this only affects parallel assigns, not destructuring ones like "x, y := f()".
 2020-11-03 12:00:54 +00:00
Chris Smowton
0f637c5887 Merge pull request #379 from smowton/model-revel 
Model Revel
 2020-10-28 09:56:25 +00:00
Chris Smowton
0bf80641e8 Revel: mark header reads as user-controlled data 2020-10-26 12:26:37 +00:00
Chris Smowton
f0c0a890a5 Move OpenUrlRedirect customisation into the query's qll file 2020-10-26 12:25:56 +00:00
Chris Smowton
4a2c4bf1b8 Merge pull request #387 from sauyon/testing-framework 
Add a testing framework
 2020-10-26 10:32:22 +00:00
Sauyon Lee
1e034a1dd5 Add logrus to go.qll 2020-10-22 09:18:52 -07:00
Chris Smowton
62c6b0dc37 Add support for more Revel untrusted sources 2020-10-21 17:28:28 +01:00
Sauyon Lee
e823712adf Add utility predicates to FunctionModel 
Co-authored-by: Chris Smowton <smowton@github.com>
 2020-10-21 09:16:04 -07:00
Chris Smowton
9aceae8bd6 Revel: add support and tests for Render and Redirect sinks. 2020-10-20 10:00:05 +01:00
Owen Mansel-Chan
4dfa9d58c0 Model Revel 2020-10-19 15:47:07 +01:00
Owen Mansel-Chan
f4f29be8ac Add ability to specify default taint sanitizers 
This allows library models to specify taint sanitizers.
 2020-10-19 15:46:33 +01:00
Owen Mansel-Chan
f49ff279b8 Merge pull request #375 from owen-mc/spew 
Model Spew logging framework
 2020-10-16 13:20:13 +01:00
Owen Mansel-Chan
4b76966a49 Model Spew logging framework 2020-10-14 14:47:22 +01:00
Chris Smowton
0afa0e75c4 Merge pull request #374 from smowton/smowton/feature/more-accurate-allocation-overflow 
Improve accuracy of allocation-size-overflow by excluding len(...) calls that never see a large operand
 2020-10-14 13:25:45 +01:00
Chris Smowton
83a7411a05 Improve accuracy of allocation-size-overflow by excluding len(...) calls that never see a large operand 
This is achieved by splitting the query into two pieces: (1) trace flow from indefinitely large object creation to len(...) calls, then (2) considering those particular len(...) calls as taint propagators, trace taint from the same sources all the way to an allocation call. This is more accurate than the previous solution, which considered any len(...) call to propagate taint, potentially confusing an array that stored a large value in one of its cells for an array which is itself of large size.
 2020-10-14 10:16:08 +01:00
Chris Smowton
40869480e1 Extend context models to cover its old golang.org/x/net/context home. 2020-10-12 12:27:19 +01:00
Chris Smowton
024e8ef715 Merge pull request #368 from sauyon/xpath-fix 
Update XPathExpressionString to match the Range pattern
 2020-10-08 09:24:04 +01:00
Sauyon Lee
43de6ea836 Update XPathExpressionString to match the Range pattern 
Fixes #367
 2020-10-07 14:29:05 -07:00
Chris Smowton
c8a2d30e39 Merge pull request #360 from smowton/smowton/feature/stack-trace-exposure 
Add stack-trace exposure query
 2020-10-07 11:08:37 +01:00
Chris Smowton
d7dcf27f57 Merge pull request #362 from smowton/smowton/admin/refactor-function-node 
Refactor DataFlow::FunctionNode as a concrete class
 2020-10-06 15:08:54 +01:00
Chris Smowton
0eb7ac94cc Add stack-trace exposure query 
This is a port of `java/stack-trace-exposure`, and does the same job: warn that a stack dump is written to an HTTP response.
 2020-10-06 14:42:59 +01:00
Chris Smowton
68bb7b02fe Refactor DataFlow::FunctionNode as a concrete class 
This makes it easier to refine FunctionNode without having to define abstract members.
 2020-10-06 14:02:57 +01:00
Chris Smowton
4af5765275 Fix OWASP broken links 2020-10-01 13:06:03 +01:00
Chris Smowton
1cfad846c8 Improve variable names in example code 
These were inherited from the JS version of the example, which concerns HTML.
 2020-09-29 16:37:06 +01:00
Max Schaefer
56f295f741 Add a few useful shortcuts. 2020-09-25 16:58:28 +01:00
Max Schaefer
8667b64a1c Make result variables aware of their index. 2020-09-25 10:51:32 +01:00
Chris Smowton
88c740bbbc Merge pull request #353 from gagliardetto/remove-duplicate-models 
Remove duplicate models (the end)
 2020-09-24 13:31:18 +01:00
Arthur Baars
575c56c426 Merge pull request #354 from github/aibaars/lgtm-go-lines-of-comment 
LGTM: add Metrics/FLinesOfComment.ql to go-lgtm-full.qls
 2020-09-24 12:22:07 +02:00
Arthur Baars
240f3ed7dc LGTM: add Metrics/FLinesOfComment.ql to go-lgtm-full.qls 2020-09-24 11:04:15 +02:00
Max Schaefer
907ae20a16 Merge pull request #350 from smowton/smowton/feature/bad-regex-escape-query 
Add query spotting probably-bad escapes in regular expressions.
 2020-09-24 09:49:16 +01:00
Slavomir
8b397c1eff Remove this. from the generated method and interface models 2020-09-23 17:28:44 +02:00
Slavomir
539127b1d1 Remove models for methods for which there already is a models for the interface they implement. 2020-09-23 17:16:01 +02:00
Chris Smowton
59138048bb Add query spotting probably-bad escapes in regular expressions. 
Inspired by js/useless-regexp-character-escape, but much much simpler because the Go source code parser forbids unrecognised escapes and its regex engine refuses to compile \\x where x is not a character class or other special token (e.g. start-of-word).
 2020-09-23 15:07:22 +01:00
Chris Smowton
a094ddb988 Merge pull request #349 from gagliardetto/stdlib-339-340-342-346-347 
Merge #339 #340 #342 #346 #347
 2020-09-23 14:38:04 +01:00
Chris Smowton
1a3589ac06 Merge pull request #352 from smowton/smowton/feature/http-newrequest 
Add model for net/http.NewRequest
 2020-09-23 09:56:17 +01:00
Max Schaefer
6130720e00 Merge pull request #348 from max-schaefer/functioninput_entrynode 
Ensure `FunctionInput`s corresponding to results have an entry node
 2020-09-23 09:15:18 +01:00
Chris Smowton
c1fbbfb05a Add model for net/http.NewRequest noting that if the URL is tainted then the response should be considered tainted also. 2020-09-23 08:46:36 +01:00
Slavomir
364b6810ce Sort stdlib imports 2020-09-22 18:50:12 +02:00
Slavomir
a7148638aa Merge branch 'standard-lib-pt-6' into stdlib-339-340-342-346-347 2020-09-22 18:44:14 +02:00
Slavomir
61a0cfa06a Merge branch 'standard-lib-pt-4' into stdlib-339-340-342-346-347 2020-09-22 18:43:30 +02:00
Slavomir
315514085f Merge branch 'standard-lib-pt-9' into stdlib-339-340-342-346-347 2020-09-22 18:43:14 +02:00
Slavomir
0510404112 Merge branch 'standard-lib-pt-12' into stdlib-339-340-342-346-347 2020-09-22 18:42:46 +02:00
Slavomir
1a5d582750 Remove Regexp 2020-09-22 13:37:39 +02:00
Slavomir
e742525be5 Fix (*Logger).Writer() model 2020-09-22 13:35:55 +02:00
Slavomir
bff19d5a37 Move and extend Log module for package log with taint-tracking 2020-09-22 13:35:55 +02:00