hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-29 14:23:03 +01:00
Code Issues Packages Projects Releases Wiki Activity
437 Commits 1,684 Branches 159 Tags
eba8dd0a36f0ff0ed52ebd2eaf092ab8987cbcef
Commit Graph

437 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Sauyon Lee
eba8dd0a36 Merge pull request #82 from github/max-schaefer-patch-1 
Improve autobuilder logging
 2020-04-01 09:07:55 -07:00
Sauyon Lee
c2eb3f5d6b Merge pull request #80 from max-schaefer/build-command-env-var 
Introduce `CODEQL_GO_EXTRACTOR_BUILD_COMMAND` as an alias for `LGTM_INDEX_BUILD_COMMAND`.
 2020-04-01 09:07:31 -07:00
Max Schaefer
611751a9c3 Improve autobuilder logging 2020-04-01 15:31:50 +01:00
Max Schaefer
efc9ecefc8 Introduce CODEQL_GO_EXTRACTOR_BUILD_COMMAND as an alias for LGTM_INDEX_BUILD_COMMAND. 
We've occasionally had to tell people to set this variable manually, so we might as well have an alias that doesn't refer to a soon-to-be obsolete product.
 2020-04-01 09:35:57 +01:00
Max Schaefer
1c40d6c1ce Merge pull request #78 from sauyon/1.14-change-note 
Add change notes for Go 1.14 support
 2020-03-31 07:34:26 +01:00
Sauyon Lee
3d3f35cc48 Add change notes for Go 1.14 support 2020-03-30 13:45:37 -07:00
Max Schaefer
487b1e3f80 Merge pull request #76 from max-schaefer/even-more-qldoc 
Add Qldoc for the last few remaining predicates.
 2020-03-30 11:58:28 +01:00
Max Schaefer
28ed803fae Data flow: Add module doc comment for TaintTrackingImpl.qll 
cf https://github.com/Semmle/ql/pull/3155
 2020-03-30 11:21:53 +01:00
Max Schaefer
bb34c91b38 Add Qldoc for the last few remaining predicates. 
Apart from a missing module doc comment for `TaintTrackingImpl.qll` which we'll need to synchronize with the other languages (https://github.com/Semmle/ql/pull/3155), this gets us to 100% Qldoc coverage.
 2020-03-30 10:38:25 +01:00
Max Schaefer
cf6e255a6d Merge pull request #74 from sauyon/http-formvalue 
HTTP Library Improvements
 2020-03-27 14:07:30 +00:00
Sauyon Lee
080d14ea50 Add a test for the Read taint step 2020-03-27 04:22:13 -07:00
Sauyon Lee
4747524fee Address review comments 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-03-27 04:15:30 -07:00
Sauyon Lee
05761bc2cd Address review comments 2020-03-27 04:03:30 -07:00
Sauyon Lee
a4f1e2b527 Add a model for Read methods on io.Reader 2020-03-26 18:57:44 -07:00
Sauyon Lee
1f4d67b77b OpenUrlRedirect: Whitelist some more fields and methods 2020-03-26 07:20:51 -07:00
Sauyon Lee
541c82a7f3 HTTP: Add some more untrusted fields and methods 
Also, fix up broken tests.
 2020-03-26 07:20:14 -07:00
Sauyon Lee
e1b0bed6b3 Merge pull request #72 from max-schaefer/improve-virtual-call-resolution 
Refine virtual call targets by local reasoning where possible
 2020-03-26 06:00:59 -07:00
Max Schaefer
46a1a4e010 Add a test. 2020-03-25 20:34:34 +00:00
Max Schaefer
e6bdc1809b Update ql/src/semmle/go/dataflow/internal/DataFlowDispatch.qll 
Co-Authored-By: Sauyon Lee <sauyon@github.com>
 2020-03-25 15:04:48 +00:00
Max Schaefer
13b61383e2 Merge pull request #65 from sauyon/openredirect-fps 
OpenUrlRedirect: Expand safe URL flow configuration
 2020-03-25 15:04:21 +00:00
Sauyon Lee
fbc2499118 OpenUrlRedirect: Add change note for fixed FPs 2020-03-25 04:01:17 -07:00
Sauyon Lee
f77d46f296 Address review comments. 2020-03-25 04:01:15 -07:00
Sauyon Lee
bd5f0b01cf Fix tests 2020-03-25 04:01:14 -07:00
Sauyon Lee
9321ff9110 OpenUrlRedirect: Add support for url.Host reassignments 2020-03-25 04:01:14 -07:00
Sauyon Lee
5f83dbd07b OpenUrlRedirect: Exclude header sources 2020-03-25 04:01:13 -07:00
Sauyon Lee
49aa43bd49 Make header Get and Values calls into taint steps 2020-03-25 04:01:12 -07:00
Sauyon Lee
83a417f52e OpenUrlRedirect: Use a taint-tracking safe URLs 2020-03-25 04:01:11 -07:00
Sauyon Lee
932840b0a3 Address review comments. 2020-03-25 04:01:10 -07:00
Sauyon Lee
fd88d913f7 Fix tests 2020-03-25 04:01:09 -07:00
Sauyon Lee
cc13a5d618 OpenUrlRedirect: Expand safe URL flow configuration 
Also add some more tests
 2020-03-25 04:01:08 -07:00
Max Schaefer
6edbe74c09 Revert "Add queries to inspect and measure dispatch differences." 
This reverts commit 752ee3909a.
 2020-03-25 10:43:05 +00:00
Max Schaefer
4ca87b84db Merge pull request #68 from adityasharad/go/request-forgery 
Add experimental query for request forgery.
 2020-03-25 09:09:34 +00:00
Aditya Sharad
c44e5379df Experimental: Remove query precision for now. 
Address review comment.
 2020-03-24 10:57:51 -07:00
Aditya Sharad
4f32d6651c Experimental: Add sanitiser edge for request forgery. 
Consider a URL string sanitised if the hostname cannot be controlled.
This approach is used by URL redirection queries.
 2020-03-24 10:57:51 -07:00
Aditya Sharad
f984532236 Experimental: Add query for request forgery. 
Tracks the flow of tainted data from untrusted input to the URL of an HTTP request.
Ported from the corresponding query for JavaScript, though currently limited in scope.
Includes companion libraries for customisation.
 2020-03-24 10:57:51 -07:00
Aditya Sharad
d41e6a9d85 Model HTTP request functions in net/http package. 2020-03-24 10:57:51 -07:00
Aditya Sharad
b057ce8d46 Concepts: Add HTTP::ClientRequest class and module. 
Extensible model of client requests to a URL.
Ported from the CodeQL JavaScript library.
 2020-03-24 10:57:51 -07:00
Max Schaefer
330f11c2a3 Merge pull request #71 from intrigus-lgtm/patch-1 
Fix error in Qldoc
 2020-03-24 16:55:22 +00:00
intrigus-lgtm
24b3133e0c Fix error in Qldoc 2020-03-24 17:53:51 +01:00
Max Schaefer
8dda4bd97f Merge pull request #66 from intrigus-lgtm/CWE-643 
CWE-643 XPathInjection on Go
 2020-03-24 10:53:57 +00:00
Sauyon Lee
81e13473db Merge pull request #69 from max-schaefer/issue-72 
Track taint through element writes.
 2020-03-24 03:41:05 -07:00
Max Schaefer
752ee3909a Add queries to inspect and measure dispatch differences. 2020-03-24 09:34:42 +00:00
Max Schaefer
084fa80a57 Refine virtual call targets by local reasoning where possible. 2020-03-24 09:34:42 +00:00
intrigus
1f635806b3 Fix copy-paste errors, remove debugging code 2020-03-23 16:49:45 +01:00
intrigus-lgtm
9187bacd3c Apply suggestion from code review 
Use getUnderlyingType() to account for named aliases.

Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-03-23 16:45:56 +01:00
Sauyon Lee
4ff3177fae Merge pull request #67 from max-schaefer/more-qldoc 
Add missing Qldoc for modules.
 2020-03-23 05:29:40 -07:00
Max Schaefer
62b79721ea Track taint through element writes. 
This adds a taint step from `pred` to (the post-update node) of `succ` in `succ[idx] = pred` and its syntactic variants.

Unlike for structs, where partially tainted values are quite common, the theory is that arrays, maps, and slices are usually either completely tainted or completely clean.
 2020-03-23 09:15:01 +00:00
intrigus
d81c9b145e Update query help to use goxpath 2020-03-20 21:38:46 +01:00
intrigus
948b79df87 Update xpath example, use goxpath package 2020-03-20 21:38:46 +01:00
intrigus
c7ead88b91 Restructure query, add default sanitizer 2020-03-20 21:38:46 +01:00