hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 06:42:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,499 Commits 1,684 Branches 159 Tags
1eb8fff7e1db5d2140b9158554ed78167319993c
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Chris Smowton 1eb8fff7e1 ZipSlip: redefine sources closer to their origin, and make sanitizers more generous. 
Previously we considered certain fields of `tar` or `zip` file headers to be sources, but this meant subsequent references to the same field were not considered sanitized. For example, at least some real-world projects used a pattern like `if isIllegalPathTraversal(hdr.Name) { return nil; } ... /* other code using hdr.Name */`. By associating a source with the field-read `.Name` rather than the header itself, we were unable to see that the subsequent read was guarded by the sanitizer function.

Relatedly, it is common to use some intermediary taint-propagating function, as in `clean(s string) { if strings.HasPrefix("..", filepath.Clean(filepath.Join(target, s))) ...`, in the implementation of a sanitizer. We now follow the taint propagation (locally) backwards towards the function parameter, marking the predecessor functions and ultimately the parameter `s` as sanitized in addition to the direct argument to `strings.HasPrefix`. Existing sanitizing-function logic can then sometimes lift this out into the caller too.
2020-11-27 13:57:25 +00:00
.devcontainer
Update devcontainer memory settings
2020-09-02 12:07:05 -07:00
.github
Remove code scanning until build tracing is implemented.
2020-11-09 02:11:05 -08:00
build
Go analysis support for CodeQL.
2019-11-08 12:16:26 +00:00
change-notes
ZipSlip: redefine sources closer to their origin, and make sanitizers more generous.
2020-11-27 13:57:25 +00:00
codeql-tools
Use more portable syntax in codeql-tools/autobuild.sh
2020-11-13 14:30:04 +00:00
docs/language/learn-ql/go
Editorial changes to library modeling topic
2020-07-07 10:02:33 +01:00
extractor
autobuilder: Add dependency check
2020-11-09 02:13:48 -08:00
ql
ZipSlip: redefine sources closer to their origin, and make sanitizers more generous.
2020-11-27 13:57:25 +00:00
scripts
Add Action to build and upload qhelp
2020-09-29 16:16:25 +01:00
templates/project
Go analysis support for CodeQL.
2019-11-08 12:16:26 +00:00
tools
Go analysis support for CodeQL.
2019-11-08 12:16:26 +00:00
upgrades
Merge pull request #283 from github/rc/1.25
2020-08-11 07:51:17 +01:00
vendor
Update dependencies and clean go.mod
2020-10-22 04:57:21 -07:00
.codeqlmanifest.json
Add examples qlpack.yml to CodeQL manifest
2020-03-18 09:30:45 -07:00
.gitattributes
.gitattributes: Use -text instead of binary
2020-02-27 00:23:56 -08:00
.gitignore
Add main to .gitignore
2020-05-20 09:19:51 -07:00
.lgtm.yml
Update .lgtm.yml to classify examples.
2019-12-02 12:04:28 +00:00
alert_weighting.properties
Go analysis support for CodeQL.
2019-11-08 12:16:26 +00:00
CODE_OF_CONDUCT.md
Go analysis support for CodeQL.
2019-11-08 12:16:26 +00:00
codeql-extractor.yml
Teach extractor about CodeQL environment variables.
2020-01-15 14:01:30 +00:00
CONTRIBUTING.md
Docs: Master -> main and Semmle/ql -> github/codeql everywhere
2020-10-29 11:04:49 +00:00
go.mod
Update dependencies and clean go.mod
2020-10-22 04:57:21 -07:00
go.sum
Update dependencies and clean go.mod
2020-10-22 04:57:21 -07:00
LICENSE
Update copyright date
2020-04-06 14:37:09 +01:00
Makefile
Update dataflow branch from master to main
2020-11-17 15:48:50 +00:00
README.md
Fix one use of master in README
2020-08-07 08:49:57 -07:00
SECURITY.md
Go analysis support for CodeQL.
2019-11-08 12:16:26 +00:00

README.md

Go analysis support for CodeQL

This open-source repository contains the extractor, CodeQL libraries, and queries that power Go support in LGTM and the other CodeQL products that GitHub makes available to its customers worldwide.

It contains two major components:

  • an extractor, itself written in Go, that parses Go source code and converts it into a database that can be queried using CodeQL.
  • static analysis libraries and queries written in QL that can be used to analyze such a database to find coding mistakes or security vulnerabilities.

The goal of this project is to provide comprehensive static analysis support for Go in CodeQL.

For the queries and libraries that power CodeQL support for other languages, visit the CodeQL repository.

Installation

Simply clone this repository. There are no external dependencies.

If you want to use the CodeQL extension for Visual Studio Code, import this repository into your VS Code workspace.

Usage

To analyze a Go codebase, either use the CodeQL command-line interface to create a database yourself, or download a pre-built database from LGTM.com. You can then run any of the queries contained in this repository either on the command line or using the VS Code extension.

Note that the lgtm.com branch of this repository corresponds to the version of the queries that is currently deployed on LGTM.com. The main branch may contain changes that have not been deployed yet, so you may need to upgrade databases downloaded from LGTM.com before running queries on them.

Contributions

Contributions are welcome! Please see our contribution guidelines and our code of conduct for details on how to participate in our community.

Licensing

The code in this repository is licensed under the MIT license.

Resources

Description
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
codeqlgithub-advanced-securitygithub-security-labsemmle-qlworks-with-codespaces
Readme MIT 15 GiB
Languages
CodeQL 32.3%
Kotlin 27.5%
C# 17.1%
Java 7.7%
Python 4.6%
Other 10.6%