hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 06:42:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
767 Commits 1,684 Branches 159 Tags
f11b95658364dfd5531357e7531cac09615dfd89
Commit Graph

245 Commits

Author SHA1 Message Date
Max Schaefer
b37bdec66c Merge pull request #157 from owen-mc/isresult-consistency 
Make FunctionOutput.isResult(0) and CallNode.getResult(0) match single results
 2020-05-29 17:13:21 +01:00
Max Schaefer
2f7ff6b56c Merge pull request #162 from max-schaefer/open-url-redirect-formvalue 
Consider `Request.FormValue(...)` as a source for URL redirects.
 2020-05-29 15:56:50 +01:00
Max Schaefer
8f0592a079 Consider Request.FormValue(...) as a source for URL redirects. 
Despite its name, this method doesn't just handle form values but also query parameters.
 2020-05-29 15:03:05 +01:00
Max Schaefer
e3501ddb44 Introduce more post-update nodes. 
To model (taint) flow through functions, we introduce post-update nodes for arguments (including receivers), but only if that argument is mutable.

However, previously our criterion for determining whether an argument is mutable was a little too restrictive. In particular, we would not consider a struct-typed argument as mutable, since structs are passed by value. While this is reasonable for data flow, it is unnecessarily restrictive for taint, since it makes perfect sense to track deep taint through structs.

So instead we now turn things round and instead consider _all_ types to be mutable except for primitive types (booleans, numbers, and strings).
 2020-05-28 15:33:09 +01:00
Max Schaefer
0dd7676bd8 Add another function-model test. 2020-05-28 15:31:00 +01:00
Owen Mansel-Chan
f0e1147551 Make CallNode.getResult(0) match single results 2020-05-27 10:24:09 +01:00
Owen Mansel-Chan
4be805966f Make FunctionOutput.isResult(0) match single results 2020-05-27 10:24:09 +01:00
Owen Mansel-Chan
ae2ed877ee Add tests for CallNode.getResult 2020-05-27 10:24:09 +01:00
Owen Mansel-Chan
53cfbcc255 Add tests for FunctionOutput.isResult 2020-05-27 10:24:03 +01:00
Max Schaefer
31c636fa55 Standardise on capitalisation WebSocket. 2020-05-22 11:11:58 +01:00
Max Schaefer
27cab43448 Merge pull request #151 from sauyon/remove-binary 
Remove accidentally committed binary
 2020-05-20 22:24:42 +01:00
Sauyon Lee
0b7eea7852 Remove accidentally added binary 2020-05-20 09:19:42 -07:00
Sauyon Lee
581a81ca1a Add missing licenses for websocket libraries 2020-05-20 09:16:38 -07:00
Sauyon Lee
92aad7ea1e Fix dependency stubs for websocket framework 2020-05-20 09:01:46 -07:00
Sauyon Lee
a2e2e260b2 Merge branch 'master' into WebsocketXss 2020-05-20 08:57:36 -07:00
Porcupiney Hairs
d1d4c2e492 Golang : Add WebSocket Read and Write Functions. 2020-05-20 20:48:43 +05:30
Max Schaefer
b871f54e4d Fix frontend error in ql/test/query-tests/Security/CWE-079. 2020-05-20 14:34:36 +01:00
Max Schaefer
7773828347 Fix frontend errors in ql/test/library-tests/semmle/go/frameworks/Websocket. 2020-05-20 14:34:22 +01:00
Max Schaefer
7e314f037a Fix frontend errors in ql/test/library-tests/semmle/go/Packages. 2020-05-20 14:27:00 +01:00
Max Schaefer
806cfc7c5e Merge pull request #149 from max-schaefer/cleanup-130 
Clean up NoSQL library
 2020-05-20 13:55:54 +01:00
Max Schaefer
d7b82b2355 Rename a few modules and classes to reflect the fact that NoSQL queries are not usually strings. 2020-05-20 10:04:59 +01:00
Sauyon Lee
f2bbbe30e2 Stub WebSocket dependencies 2020-05-19 19:53:03 +05:30
Porcupiney Hairs
2b5989cff2 Add improvements for codeql-go SSRF query 2020-05-19 19:53:03 +05:30
Max Schaefer
6d93f48933 Merge pull request #147 from owen-mc/redundant-recover 
Go: Add query for redundant calls to recover
 2020-05-19 07:14:27 +01:00
Owen Mansel-Chan
23a7db5d4d Minor textual corrections 2020-05-18 17:05:49 +01:00
Owen Mansel-Chan
fbee7fe983 Add new query for redundant calls to recover 2020-05-18 16:13:46 +01:00
Max Schaefer
27cb92fb86 Use .pp() in a few tests selecting types. 2020-05-15 15:54:23 +01:00
Max Schaefer
d300ec6324 Refine Method.implements so that interface methods only implement themselves. 
Without this restriction, the two `m`s in the following example are considered to implement each other, even though they aren't logically related:

```go
type I interface {
  m()
}

type J interface {
  m()
}

type K struct {
  I
  J
}
```

Previously, interface methods would sometimes implement themselves and sometimes not (see changes to test output for examples).
 2020-05-15 11:09:17 +01:00
Max Schaefer
d41e41812b Merge pull request #141 from sauyon/reflectedxss-fps 
ReflectedXss improvements
 2020-05-15 07:23:39 +01:00
Sauyon Lee
5e2b973ac4 Update comment in ReflectedXss test 
Co-authored-by: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-05-14 14:35:08 -07:00
Sauyon Lee
ee0f3c9fba Address review comments 2020-05-14 02:30:14 -07:00
Sauyon Lee
97b3ec5cfc Update dependency stubs 2020-05-13 10:07:14 -07:00
Max Schaefer
ac9e39120b Fix unused variable in test. 2020-05-13 15:28:49 +01:00
Max Schaefer
e034458574 Fix MongoDB tests. 2020-05-13 15:25:54 +01:00
Sauyon Lee
2089cb4543 Merge pull request #133 from max-schaefer/cleanup-conditional-bypass 
Cleanup conditional-bypass query
 2020-05-13 02:31:13 -07:00
Max Schaefer
005e49fe94 Merge pull request #130 from porcupineyhairs/MongoInjection 
Golang : Add MongoDB injection support
 2020-05-13 09:43:49 +01:00
Sauyon Lee
24e939730a Merge pull request #134 from max-schaefer/fix-test-errors 
Fix frontend errors in tests
 2020-05-13 01:38:30 -07:00
Max Schaefer
89d633ac3f Merge pull request #120 from porcupineyhairs/SensitiveActionBypass 
User-controlled bypass of sensitive action
 2020-05-12 19:48:24 +01:00
Max Schaefer
d438b5ec03 Merge pull request #131 from porcupineyhairs/IO 
Model stdlib's IO package.
 2020-05-12 19:41:40 +01:00
Slavomir
84e2a5ddd2 Add experimental library: gin web framework (#117) 2020-05-12 14:27:11 +01:00
Max Schaefer
6f21b4030e Merge pull request #135 from sauyon/tempfile-test 
Add support for ioutil TempFile and TempDir
 2020-05-12 14:25:38 +01:00
Max Schaefer
5dac94d24c Merge pull request #116 from gagliardetto/CWE-681 
CWE 681
 2020-05-12 11:59:08 +01:00
Sauyon Lee
58e41e9302 ReflectedXss: More broadly exclude values with a constant prefix 2020-05-11 15:49:37 -07:00
Porcupiney Hairs
d0061bfd4b Golang : Add MongoDB injection support 
This PR adds support for MongoDB injection to the existing SQL injection query.
This models the official Golang MongoDB driver.

A  brief summary of changes made in this query are :

1. A `NoSQL.qll` files has been created to model a `NoSQLQueryString`.

2. An entry is added in `go.qll` by default as I find these changes may be generally useful.

3. Library tests along with there expected outputs are added.

4. Query tests are added. However, I am unable to add the expected output as qltest
can't find depstubber. However, these can be easily added. I have created a separate
codeql-go database with the same files and ran the query against the same. I can see
there should be 14 correct results added from this PR.
 2020-05-11 19:55:48 +05:30
Porcupiney Hairs
9b53ad3b3c model IO package 2020-05-11 19:39:01 +05:30
Porcupiney Hairs
c1856ba260 fix tests 2020-05-11 19:32:28 +05:30
Max Schaefer
4a7171d91e Fix frontend errors in BadRedirectCheck tests. 2020-05-11 11:45:21 +01:00
Max Schaefer
17dd99d326 Fix frontend errors in Mux tests. 2020-05-11 11:45:08 +01:00
Max Schaefer
df9902512f More cleanup in help and tests. 
In particular, I have copied over the examples referenced in the qhelp into the test folder and made sure they compile.
 2020-05-11 11:07:38 +01:00
Max Schaefer
287dda0ab5 Minor cleanup in query and tests. 2020-05-11 11:05:40 +01:00