hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 06:42:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,845 Commits 1,684 Branches 159 Tags
f95f35387fc083546babafcfc600ae9fa0220395
Commit Graph

1845 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Slavomir
f95f35387f Cleanup comments 2021-04-09 08:38:36 +01:00
Slavomir
bdc5f90c97 Cleanup comments 2021-04-09 08:38:36 +01:00
Slavomir
d3d7d2d103 Simplify UntrustedSources struct fields 2021-04-09 08:38:36 +01:00
Slavomir
c01259ec2c Simplify UntrustedSources interface methods 2021-04-09 08:38:36 +01:00
Slavomir
54abdf1a95 Regenerate tests 2021-04-09 08:38:36 +01:00
Slavomir
a6c1acfaba Fix imports 2021-04-09 08:38:36 +01:00
Slavomir
a90f609c53 Manually add packagePath() predicate 2021-04-09 08:38:36 +01:00
Slavomir
928c12da57 Simplify UntrustedSources methods 2021-04-09 08:38:36 +01:00
Slavomir
34dcf83e11 Fix module doc 2021-04-09 08:38:36 +01:00
Slavomir
11326eb34c Update ql/src/semmle/go/frameworks/CleverGo.qll 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2021-04-09 08:38:36 +01:00
Slavomir
c4ee6175b8 Add back bindingset to packagePath 2021-04-09 08:38:36 +01:00
Slavomir
7c62c63584 codeql: add packagePath predicate 2021-04-09 08:38:36 +01:00
Slavomir
dfbad0edb9 Regenerate code implementing the code review feedback 2021-04-09 08:38:36 +01:00
Slavomir
1bfe395662 Remove import DataFlow::PathGraph 2021-04-09 08:38:36 +01:00
Slavomir
6d9b7d3240 Add web framework: clevergo 2021-04-09 08:38:35 +01:00
Chris Smowton
7bf5abf6b0 Merge pull request #493 from gagliardetto/html-template-escaping-passthrough 
Add CWE-79: HTML template escaping passthrough
 2021-04-08 20:36:54 +01:00
Slavomir
68c0073c0b Use PassthroughTypeName instead of string 2021-04-08 14:24:35 +01:00
Slavomir
7c35902724 Use DataFlow::Node as parameters 2021-04-08 14:24:35 +01:00
Slavomir
dc95902e56 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-04-08 14:24:35 +01:00
Slavomir
1a9b09e8bd Add NumericType sanitizer 2021-04-08 14:24:35 +01:00
Slavomir
541c411086 Add isSanitizer predicate to FlowConfFromUntrustedToTemplateExecutionCall, and a test for it 2021-04-08 14:24:35 +01:00
Slavomir
8f124f8395 Add missing docs 2021-04-08 14:24:35 +01:00
Slavomir
e2b7c035ad Use only one instance of TaintTracking. 2021-04-08 14:24:35 +01:00
Slavomir
280ffdf060 Fix test 2021-04-08 14:24:35 +01:00
Slavomir
5351a8eeb7 Use TaintTracking an TaintTracking2 2021-04-08 14:24:35 +01:00
Slavomir
b42d21f740 Improve comments and naming. 2021-04-08 14:24:35 +01:00
Slavomir
d5355eb6b4 Cleanup 2021-04-08 14:24:35 +01:00
Slavomir
cc31cd2fe2 Fix test 2021-04-08 14:24:35 +01:00
Slavomir
0bb5ef6af2 Fix test 2021-04-08 14:24:35 +01:00
Slavomir
7b4a748793 Remove DummySource 2021-04-08 14:24:35 +01:00
Slavomir
7e9f23ab8e Refactor flow logic to ensure untrusted flows to conversion, and conversion flows to template-exec. 2021-04-08 14:24:35 +01:00
Slavomir
963631dedf Improve naming. 2021-04-08 14:24:35 +01:00
Slavomir
687e556df6 Fixes from code review 2021-04-08 14:24:35 +01:00
Slavomir
ad91e4abcb Remove DummySource 2021-04-08 14:24:35 +01:00
Slavomir
63d51205c9 Apply suggestions from code review 
Co-authored-by: Sauyon Lee <sauyon@github.com>
 2021-04-08 14:24:35 +01:00
Slavomir
49894341a8 Add CWE-79: HTML template escaping passthrough 2021-04-08 14:24:35 +01:00
Sauyon Lee
29bf388b83 Merge pull request #519 from sauyon/fix-consistency 
Extract files for error locations
 2021-04-02 01:37:11 -07:00
Chris Smowton
c742a131de Remove filename containing hiragana 
Good test, but unfortunately it turns out our ODASA build under Windows can't cope -- we get `make: *** No rule to make target 'language-packs/go/ql/test/library-tests/semmle/go/Files/�.go', needed by 'target/general/go-tools/output/tools/tokenizer.jar'.  Stop.`

Evidently our windows Actions build *does* work, so this is possible in principle, but let's not delay this PR finding out the exact reasons why right now.
 2021-04-01 08:57:15 +01:00
Sauyon Lee
4451920ada fixup windows 2021-03-31 08:56:34 -07:00
Sauyon Lee
9b60aff45e Sort extractor smoke test output 2021-03-31 08:12:19 -07:00
Sauyon Lee
44cb8f4f0f Check database consistency in smoke tests 2021-03-31 03:37:55 -07:00
Sauyon Lee
cd6fb7d699 Extract files for error locations 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-03-31 03:37:55 -07:00
Sauyon Lee
7e3e2f9adf Add file tests 2021-03-31 02:01:26 -07:00
Owen Mansel-Chan
2ef85291fd Merge pull request #492 from owen-mc/promoted-field-data-flow-non-pointer-type 
Add control flow nodes for implicit fields reads when reading a promoted field
 2021-03-30 11:15:55 +01:00
Owen Mansel-Chan
2fce333a0b Fix bad join order in getBaseInstruction 
It was joining on the index first, rather than the selector expression
 2021-03-30 10:13:31 +01:00
Owen Mansel-Chan
3e57ea0e75 Fix Revel template test 
We want the controller, which is the type which embeds *Revel.Controller.
We have to skip the implicit field reads to get to the base of the selector
expression.
 2021-03-30 10:13:30 +01:00
Owen Mansel-Chan
b507c0d584 Add implicit field reads for promoted method calls 2021-03-30 10:13:30 +01:00
Owen Mansel-Chan
a89a42df6f Expand PromotedField to PromotedValueEntity 
This includes promoted methods as well
 2021-03-30 10:13:29 +01:00
Owen Mansel-Chan
770c770a8f Add tests for promoted methods 
We need implicit field reads for calls to promoted methods.
False negative flags have been added to make this pass on main.
 2021-03-30 10:13:29 +01:00
Owen Mansel-Chan
42300819a5 Remove incorrect assumption 
Now that we have implicit field reads, it is no longer the case
that the base of a field read instruction will be an eval
instruction.
 2021-03-30 10:13:28 +01:00