hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 14:52:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
856 Commits 1,684 Branches 159 Tags
a89b87f64366d9fd5fc452b4e85a8d882c9b492e
Commit Graph

856 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Remco Vermeulen
a89b87f643 CWE-322 InsecureHostKeyCallback (#234) 2020-06-30 15:38:21 +01:00
Chris Smowton
595866a6d8 Extractor: give the go.mod comment groups a source location (#232) 
The comment group is now omitted entirely if empty, and otherwise delimits the range of the comments ascribed to this group.
 2020-06-30 14:59:13 +01:00
Max Schaefer
e374f92555 Merge pull request #236 from max-schaefer/update-data-flow 
Update data-flow libraries
 2020-06-30 14:32:56 +01:00
Max Schaefer
2b3e3bda8f Data flow: Model field clearing. 
cf https://github.com/github/codeql/pull/3762
 2020-06-29 11:06:35 +01:00
Max Schaefer
f7ed65692f Data flow: Use accessPathLimit() in partial flow as well. 
cf. https://github.com/github/codeql/pull/3494
 2020-06-29 11:02:35 +01:00
Max Schaefer
5275168253 Make target branch configurable for sync-dataflow-libraries. 
You can now do `make DATAFLOW_BRANCH=<committish> sync-dataflow-libraries`; default is still `master`.
 2020-06-29 10:02:59 +01:00
Max Schaefer
76f482682c Merge pull request #182 from owen-mc/gin-framework 
Move model for Gin framework out of experimental
 2020-06-26 20:26:48 +01:00
Max Schaefer
91ca2bb434 Merge pull request #231 from max-schaefer/taint-through-range 
Propagate taint through `range` statements
 2020-06-26 19:58:53 +01:00
Sauyon Lee
468d9812c4 Merge pull request #227 from max-schaefer/cve-2018-15798 
Teach `OpenUrlRedirect` to propagate out of `URL.Path` and a few other fields.
 2020-06-26 06:21:59 -07:00
Max Schaefer
57f8b08568 Update expected test output. 
The tests for `UnsafeTLS` now work as expected.
 2020-06-26 11:30:26 +01:00
Max Schaefer
66ec160f64 Add change note. 2020-06-26 11:20:45 +01:00
Max Schaefer
258a276242 Propagate taint through range loops. 2020-06-26 11:20:45 +01:00
Max Schaefer
ce3007395f Rename arrayStep to elementStep, which is more accurate. 2020-06-26 11:20:45 +01:00
Max Schaefer
ba82a76948 Merge pull request #229 from max-schaefer/getAPrimaryQlClass 
Rename `describeQlClass` to `getAPrimaryQlClass`.
 2020-06-26 07:51:04 +01:00
Max Schaefer
9904b9e926 Allow flow through more URL fields. 2020-06-26 07:50:08 +01:00
Max Schaefer
3bf934d64b Add change note. 2020-06-25 22:23:49 +01:00
Owen Mansel-Chan
82361ce060 Fix modelling of Params part 2 2020-06-25 21:55:10 +01:00
Owen Mansel-Chan
cf47159a30 Change how Param and Params are modeled 
Previously any read of type Param or Params was a source. Now reading
Context.Params is a source. This should reduce the number of duplicate
paths.
 2020-06-25 21:55:10 +01:00
Owen Mansel-Chan
9fd892ab94 Fix context bind sources 
Using FunctionOutput was recommended in the first PR but not implemented.
 2020-06-25 21:55:00 +01:00
Owen Mansel-Chan
93399c6348 Add tests for bind methods with pointer-typed variables 2020-06-25 16:17:57 +01:00
Max Schaefer
d290bea39a Rename describeQlClass to getAPrimaryQlClass. 2020-06-25 15:08:01 +01:00
Max Schaefer
a89e4971ac Merge pull request #221 from gagliardetto/bad-tls 
Add CWE-327 (unsafe TLS)
 2020-06-25 09:18:42 +01:00
Slavomir
95b76dceca Remove check 2020-06-24 21:39:23 +03:00
Slavomir
4dc1399385 Update comments on the lines that have incorrect flagging 2020-06-24 15:11:33 +03:00
Sauyon Lee
6883a97628 Merge pull request #223 from max-schaefer/update-data-flow 
Data flow: Track precise types during field flow
 2020-06-24 00:10:54 -07:00
Max Schaefer
8c27e16190 Merge pull request #226 from smowton/smowton/fix/remove-spurious-cfg-edge-from-expressionless-switch 
Remove spurious control-flow edge around switch block without a test
 2020-06-24 07:47:37 +01:00
Slavomir
3aa9b25673 Fix comment 2020-06-23 22:40:25 +03:00
Chris Smowton
4882f277f5 Remove spurious control-flow edge around switch block without a test-expression 
Previously we thought it possible to get from top to bottom of a block like "switch { case f(): ... }", when in fact this is only possible if there are no case blocks to execute.

I also add tests for two possible corner cases of a switch without a test-expression: a completely empty switch (the 'true' is indeed the last node) and switch with an empty default block (a single 'skip' is generated for the default block and the 'true' is not the last node)
 2020-06-23 17:46:08 +01:00
Chris Smowton
1dc427a2c5 Cleanup: use TypeSwitchStmt.getAssign, not a raw child accessor 2020-06-23 17:46:08 +01:00
Max Schaefer
4e6d9b3811 Teach OpenUrlRedirect to propagate out of URL.Path and a few other fields. 2020-06-23 15:29:18 +01:00
Slavomir
561c5b91d2 Implement code review feedback 2020-06-23 16:07:05 +03:00
Max Schaefer
95011cebc2 Merge pull request #225 from sauyon/unqualify-functioninput 
Unqualify uses of FunctionInput and FunctionOutput
 2020-06-23 11:24:46 +01:00
Slavomir
56727b220b Try different ways of passing taint through a field 2020-06-23 12:14:49 +03:00
Sauyon Lee
ecff1e6a16 Unqualify uses of FunctionInput and FunctionOutput 2020-06-22 22:25:33 -07:00
Max Schaefer
d3e6e5c0b3 Data flow: Track precise types during field flow 
cf https://github.com/github/codeql/pull/3456
 2020-06-22 20:53:05 +01:00
Slavomir
4ab929a656 Simplify 2020-06-22 17:54:07 +03:00
Slavomir
29eba441d7 Determine TLS version from int value 2020-06-22 17:50:20 +03:00
Slavomir
70bc4c81a0 Fix typo 2020-06-22 17:15:56 +03:00
Slavomir
783f710188 Fix comments 2020-06-22 17:12:15 +03:00
Slavomir
e38d4ecd9c Fix typos 2020-06-22 17:00:31 +03:00
Slavomir
bbf8d7306b Add CWE-327 2020-06-22 16:54:14 +03:00
Max Schaefer
d8374adbde Merge pull request #219 from max-schaefer/refine-virtual-dispatch 
Refine potential targets for method call through interface
 2020-06-22 13:47:48 +01:00
Max Schaefer
b2ea23685c Merge pull request #220 from max-schaefer/master 
Temporarily disable CodeQL analysis
 2020-06-22 13:46:51 +01:00
Max Schaefer
b64d3467aa Temporarily disable CodeQL analysis 
https://github.com/github/codeql-go/pull/184 added a regression test for the non-termination it was fixing. The fix hasn't made it into Code Scanning yet, so for the time being it will fail with precisely that non-termination when analysing the regression tests.
 2020-06-22 12:18:29 +01:00
Max Schaefer
1f68a32cdc Add change note. 2020-06-22 09:22:47 +01:00
Max Schaefer
759e3d5632 Further refine potential call targets for interface calls. 
The call target must belong to the method set of a type that implements the interface type of the method call receiver, if any.

For example, assume `h` has type `hash.Hash`, then `h.Write(...)` should only be resolved to implementations of `Write` in types implementing `hash.Hash`, not arbitrary other `Writer`s.
 2020-06-22 09:22:47 +01:00
Max Schaefer
1c58028ae3 Expose receiver type in isInterfaceCallReceiver. 2020-06-22 09:22:47 +01:00
Max Schaefer
0e5e116217 Add a few more utility predicates to DataFlow::Node. 2020-06-22 09:22:47 +01:00
Max Schaefer
18db1fe79f Merge pull request #184 from max-schaefer/lookup-fields-in-cyclic-struct 
Fix field lookup in cyclic structs
 2020-06-21 09:23:57 +01:00
Max Schaefer
47c4c55923 Merge pull request #185 from github/max-schaefer-patch-2 
Set up Code Scanning
 2020-06-20 10:41:25 +01:00