hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-29 22:32:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,318 Commits 1,684 Branches 159 Tags
c1fbbfb05a240ad3eda22217c0fa593ec1fb2490
Commit Graph

1318 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Chris Smowton
c1fbbfb05a Add model for net/http.NewRequest noting that if the URL is tainted then the response should be considered tainted also. 2020-09-23 08:46:36 +01:00
Max Schaefer
c61881acb3 Merge pull request #344 from smowton/smowton/feature/echo-models 
Add models for the Echo framework
 2020-09-22 10:45:02 +01:00
Max Schaefer
c905149579 Merge pull request #341 from gagliardetto/standard-lib-pt-10 
Move to stdlib and extend the models for `fmt` package
 2020-09-21 22:10:56 +01:00
Chris Smowton
7b917f9dd7 Add utility functions for getting FunctionInputs and FunctionOutputs. 2020-09-21 17:35:40 +01:00
Chris Smowton
397282f41a Add models for the Echo framework 2020-09-21 17:35:40 +01:00
Chris Smowton
bdb3e54299 Add tests for stdlib-http fields that aren't supposed to cause open-redirect alerts 2020-09-21 16:26:46 +01:00
Chris Smowton
b6b7bd2717 Generalise model of HTTP libraries 
* Allow for HTTP response methods that define a content-type without a corresponding header write
* Factor out stdlib-http-specific classification of fields that aren't vulnerable to an open-redirect exploit
 2020-09-21 16:26:39 +01:00
Slavomir
0005775e2b Apply suggestions from code review 
Co-authored-by: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-09-21 16:23:21 +02:00
Chris Smowton
6770c74b7f Merge pull request #345 from gagliardetto/from-331-to-337 
Merge #331, #332, #333, #334, #335, #336, #337
 2020-09-21 09:34:41 +01:00
Slavomir
a7dba54001 Merge branch 'standard-lib-pt-15' into from-331-to-337 2020-09-20 18:25:29 +02:00
Slavomir
ad53583b5e Remove methods on IP 2020-09-20 18:23:56 +02:00
Slavomir
17868dd6b1 Merge branch 'standard-lib-pt-16' into from-331-to-337 2020-09-20 15:47:35 +02:00
Slavomir
ed965c7101 Merge branch 'standard-lib-pt-19' into from-331-to-337 2020-09-20 15:47:14 +02:00
Slavomir
53e0e3ffbf Merge branch 'standard-lib-pt-20' into from-331-to-337 2020-09-20 15:46:47 +02:00
Slavomir
9d1381349f Merge branch 'standard-lib-pt-23' into from-331-to-337 2020-09-20 15:46:26 +02:00
Slavomir
1d13ca58ff Merge branch 'standard-lib-pt-22' into from-331-to-337 2020-09-20 15:46:02 +02:00
Slavomir
cd151fcdd1 Merge branch 'standard-lib-pt-5' into from-331-to-337 2020-09-20 15:45:46 +02:00
Slavomir
a784a25a61 Remove (net.IP).UnmarshalText 2020-09-20 15:01:42 +02:00
Slavomir
1578a66731 Remove models for net.Parse* 2020-09-20 15:01:42 +02:00
Slavomir
e14f857761 Add taint-tracking for package net/textproto 2020-09-20 15:01:42 +02:00
Slavomir
75751d732b Add taint-tracking for package net/mail 2020-09-20 15:01:42 +02:00
Slavomir
e6cb8fe5ce Add taint-tracking for package net/http/httputil 2020-09-20 15:01:42 +02:00
Slavomir
85f9760662 Move existing net/http classes from private module StdlibHttp to stdlib.NetHttp 2020-09-20 15:01:41 +02:00
Slavomir
e66fcef396 Add taint-tracking for net/http package 2020-09-20 15:01:41 +02:00
Slavomir
fa04d5a74d Add taint-tracking for package net 2020-09-20 15:01:41 +02:00
Slavomir
c89cfc8867 Use go 1.14.3 2020-09-20 14:52:40 +02:00
Slavomir
8eeb019b5c Move existing OS (all caps name) module classes to stdlib.Os module (notice the camelcase name) 2020-09-20 14:52:40 +02:00
Slavomir
f811dff527 Add taint-tracking for package os 2020-09-20 14:52:40 +02:00
Chris Smowton
fee596ac83 Merge pull request #343 from smowton/smowton/feature/chi-models 
Add models for the Chi web framework
 2020-09-16 11:38:08 +01:00
Chris Smowton
1bf366c1e3 Add models for the Chi web framework 
This is mostly simple as the framework uses ordinary net/http methods and ordinary Go contexts for most purposes.
 2020-09-16 09:14:23 +01:00
Slavomir
b529cf4c86 Import Fmt module 2020-09-15 19:19:30 +02:00
Max Schaefer
88e03c3ee5 Merge pull request #322 from gagliardetto/standard-lib-pt-11 
Add taint-tracking for packages in `html/*`
 2020-09-15 17:54:35 +01:00
Slavomir
375ac63499 Move to stdlib and extend the models for fmt package 2020-09-15 17:27:56 +02:00
Slavomir
a340270dc1 Move html TemplateEscape out of Texttemplate module 2020-09-14 15:47:52 +02:00
Slavomir
9a560e994c Remove redundant field 2020-09-14 15:47:51 +02:00
Slavomir
ce67720542 Add taint-tracking for html/template package. 2020-09-14 15:47:51 +02:00
Slavomir
35136bbb2c Add escape function. 2020-09-14 15:47:51 +02:00
Slavomir
52d4c71ec2 Add taint-tracking for html package. 2020-09-14 15:47:51 +02:00
Chris Smowton
8d7cbe3aa5 Merge pull request #323 from gagliardetto/standard-lib-pt-8 
Add taint-tracking for packages in `encoding/*`
 2020-09-14 14:41:19 +01:00
Chris Smowton
3ba85576ea Merge pull request #338 from smowton/smowton/admin/update-dataflow-libs-2020-09-14 
Port codeql#4238 (Dataflow: small fixes for naming in taint tracking)…
 2020-09-14 14:19:06 +01:00
Slavomir
6bbe0182ca Rename Syscall_non_windows.go to Syscall_non_win.go 2020-09-14 13:34:24 +02:00
Slavomir
4c2537017f Fix TaintStep.expected: add params to json.MarshalIndent 2020-09-14 13:10:25 +02:00
Slavomir
64a61bd648 Remove redundant taint-tracking from MarshalingFunction and UnmarshalingFunction classes in EncodingXml module. 2020-09-14 13:10:25 +02:00
Slavomir
947bbabf62 Extend MarshalingFunction and UnmarshalingFunction with encoding/pem 2020-09-14 13:10:25 +02:00
Slavomir
d472d5abe5 Remove redundant taint-tracking from MarshalingFunction and UnmarshalingFunction classes in EncodingJson module. 2020-09-14 13:10:25 +02:00
Slavomir
ed2e5b0f92 Extend MarshalingFunction and UnmarshalingFunction with encoding/asn1 2020-09-14 13:10:25 +02:00
Slavomir
afede9bde5 Remove encoder taint-tracking for encoding/hex 2020-09-14 13:10:25 +02:00
Slavomir
96a700becb Remove encoder taint-tracking for encoding/base64 2020-09-14 13:10:25 +02:00
Slavomir
0baca5fa6c Remove encoder taint-tracking for encoding/base32 2020-09-14 13:10:25 +02:00
Slavomir
828d3863a0 Remove encoder taint-tracking for encoding/ascii85 2020-09-14 13:10:25 +02:00