hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-29 22:32:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,869 Commits 1,684 Branches 159 Tags
f40211bd200dfddc97b9cc772fc48f7730bf9467
Commit Graph

1869 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Chris Smowton
f40211bd20 Merge pull request #527 from smowton/smowton/fix/http-request-taint-tracking 
Improve net/http taint-tracking fidelity
 2021-04-20 12:40:19 +01:00
Chris Smowton
b2e92fa084 Remove needless model of Part.Read 
Read already gets a model as an implementation of the `Reader` interface.
 2021-04-20 11:05:36 +01:00
Chris Smowton
948e064440 Fix mis-modelling Part.Read 2021-04-20 11:03:17 +01:00
Chris Smowton
027a540c67 Update test expectations now that tuple-extracts not method calls are sources 2021-04-19 17:05:50 +01:00
Chris Smowton
a367950014 Restore OpenRedirect's exclusion of POST-only request components 2021-04-19 17:05:23 +01:00
Chris Smowton
685f4fa2a6 Add change note 2021-04-19 16:13:16 +01:00
Chris Smowton
7d258ae722 Improve net/http taint-tracking fidelity 
* Don't taint error returns from http.Request methods
* Track taint across mime/multipart.Part methods
 2021-04-19 16:05:23 +01:00
Chris Smowton
dbcf1e1cfa Merge pull request #520 from sauyon/add-diagnosticfile 
Add a new diagnostics file class and use it for errors
 2021-04-09 15:48:57 +01:00
Sauyon Lee
80fe7384cd Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2021-04-09 14:30:23 +01:00
Sauyon Lee
4462948cfc Add a new diagnostics file class and use it for errors 2021-04-09 14:30:23 +01:00
Chris Smowton
46b5f11457 Merge pull request #438 from gagliardetto/clevergo 
Pilot #0: Add web framework `clevergo`
 2021-04-09 09:48:58 +01:00
Slavomir
8e839f376e Put all tests file in to the CleverGo folder instead of having dedicated folders for each test. 2021-04-09 08:38:37 +01:00
Slavomir
4ae5bdbbec Improve naming of files and elements. 2021-04-09 08:38:37 +01:00
Slavomir
7ea0434514 Move clevergo framework to experimental 2021-04-09 08:38:37 +01:00
Slavomir
3915305361 Refactor and improve HTTP:ResponseBody models and tests 2021-04-09 08:38:37 +01:00
Slavomir
8c18aa6cbd Simplify HTTP::HeaderWrite 2021-04-09 08:38:37 +01:00
Slavomir
7edf739602 Model HTTP::HeaderWrite; regenerate stubs 2021-04-09 08:38:37 +01:00
Slavomir
93ff2459d1 Use docs instead of comments for classes. 2021-04-09 08:38:36 +01:00
Slavomir
0fe7050e7e Add models for HTTP::ResponseBody 2021-04-09 08:38:36 +01:00
Slavomir
98b3cc2dc4 Fix autoformatting 2021-04-09 08:38:36 +01:00
Slavomir
c53d8d3e56 Add http redirect model 2021-04-09 08:38:36 +01:00
Slavomir
55c8d9b22c Make naming more consistent 2021-04-09 08:38:36 +01:00
Slavomir
1de7196060 Regenerate dep stubs 2021-04-09 08:38:36 +01:00
Slavomir
0c1ae62ce9 Use //go:generate depstubber --vendor --auto 2021-04-09 08:38:36 +01:00
Slavomir
f95f35387f Cleanup comments 2021-04-09 08:38:36 +01:00
Slavomir
bdc5f90c97 Cleanup comments 2021-04-09 08:38:36 +01:00
Slavomir
d3d7d2d103 Simplify UntrustedSources struct fields 2021-04-09 08:38:36 +01:00
Slavomir
c01259ec2c Simplify UntrustedSources interface methods 2021-04-09 08:38:36 +01:00
Slavomir
54abdf1a95 Regenerate tests 2021-04-09 08:38:36 +01:00
Slavomir
a6c1acfaba Fix imports 2021-04-09 08:38:36 +01:00
Slavomir
a90f609c53 Manually add packagePath() predicate 2021-04-09 08:38:36 +01:00
Slavomir
928c12da57 Simplify UntrustedSources methods 2021-04-09 08:38:36 +01:00
Slavomir
34dcf83e11 Fix module doc 2021-04-09 08:38:36 +01:00
Slavomir
11326eb34c Update ql/src/semmle/go/frameworks/CleverGo.qll 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2021-04-09 08:38:36 +01:00
Slavomir
c4ee6175b8 Add back bindingset to packagePath 2021-04-09 08:38:36 +01:00
Slavomir
7c62c63584 codeql: add packagePath predicate 2021-04-09 08:38:36 +01:00
Slavomir
dfbad0edb9 Regenerate code implementing the code review feedback 2021-04-09 08:38:36 +01:00
Slavomir
1bfe395662 Remove import DataFlow::PathGraph 2021-04-09 08:38:36 +01:00
Slavomir
6d9b7d3240 Add web framework: clevergo 2021-04-09 08:38:35 +01:00
Chris Smowton
7bf5abf6b0 Merge pull request #493 from gagliardetto/html-template-escaping-passthrough 
Add CWE-79: HTML template escaping passthrough
 2021-04-08 20:36:54 +01:00
Slavomir
68c0073c0b Use PassthroughTypeName instead of string 2021-04-08 14:24:35 +01:00
Slavomir
7c35902724 Use DataFlow::Node as parameters 2021-04-08 14:24:35 +01:00
Slavomir
dc95902e56 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-08 14:24:35 +01:00
Slavomir
1a9b09e8bd Add NumericType sanitizer 2021-04-08 14:24:35 +01:00
Slavomir
541c411086 Add isSanitizer predicate to FlowConfFromUntrustedToTemplateExecutionCall, and a test for it 2021-04-08 14:24:35 +01:00
Slavomir
8f124f8395 Add missing docs 2021-04-08 14:24:35 +01:00
Slavomir
e2b7c035ad Use only one instance of TaintTracking. 2021-04-08 14:24:35 +01:00
Slavomir
280ffdf060 Fix test 2021-04-08 14:24:35 +01:00
Slavomir
5351a8eeb7 Use TaintTracking an TaintTracking2 2021-04-08 14:24:35 +01:00
Slavomir
b42d21f740 Improve comments and naming. 2021-04-08 14:24:35 +01:00