Skip to content

Commit

Permalink
Merge pull request #18 from trailofbits/fix-trim-misuse-df
Browse files Browse the repository at this point in the history 
Fix trim misuse df
  • Loading branch information
@GrosQuildu
GrosQuildu authored Dec 18, 2024
2 parents fd6e8cd + 6381cb5 commit d994c7c
Show file tree
Hide file tree
Showing 5 changed files with 78 additions and 6 deletions.
22 changes: 21 additions & 1 deletion cpp/src/codeql-pack.lock.yml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,24 @@
---
lockVersion: 1.0.0
dependencies: {}
dependencies:
codeql/cpp-all:
version: 3.0.0
codeql/dataflow:
version: 1.1.7
codeql/mad:
version: 1.0.13
codeql/rangeanalysis:
version: 1.0.13
codeql/ssa:
version: 1.0.13
codeql/tutorial:
version: 1.0.13
codeql/typeflow:
version: 1.0.13
codeql/typetracking:
version: 1.0.13
codeql/util:
version: 2.0.0
codeql/xml:
version: 1.0.13
compiled: false
22 changes: 21 additions & 1 deletion cpp/test/codeql-pack.lock.yml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,24 @@
---
lockVersion: 1.0.0
dependencies: {}
dependencies:
codeql/cpp-all:
version: 3.0.0
codeql/dataflow:
version: 1.1.7
codeql/mad:
version: 1.0.13
codeql/rangeanalysis:
version: 1.0.13
codeql/ssa:
version: 1.0.13
codeql/tutorial:
version: 1.0.13
codeql/typeflow:
version: 1.0.13
codeql/typetracking:
version: 1.0.13
codeql/util:
version: 2.0.0
codeql/xml:
version: 1.0.13
compiled: false
18 changes: 17 additions & 1 deletion go/src/codeql-pack.lock.yml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,20 @@
---
lockVersion: 1.0.0
dependencies: {}
dependencies:
codeql/dataflow:
version: 1.1.7
codeql/go-all:
version: 3.0.0
codeql/mad:
version: 1.0.13
codeql/ssa:
version: 1.0.13
codeql/threat-models:
version: 1.0.13
codeql/tutorial:
version: 1.0.13
codeql/typetracking:
version: 1.0.13
codeql/util:
version: 2.0.0
compiled: false
4 changes: 2 additions & 2 deletions go/src/security/TrimMisuse/TrimMisuse.ql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
*/

import go
import DataFlow2
import semmle.go.dataflow.DataFlow

/*
* Flows from a string to TrimFamilyCall cutSet argument
Expand All @@ -32,7 +32,7 @@ module Trim2ndArgFlow = DataFlow::Global<Trim2ndArgConfig>;
/*
* Calls to Trim methods that we are interested in
*/
class TrimFamilyCall extends CallNode {
class TrimFamilyCall extends DataFlow::CallNode {
TrimFamilyCall() {
this.getTarget().hasQualifiedName("strings", ["TrimRight", "TrimLeft", "Trim"])
or
Expand Down
18 changes: 17 additions & 1 deletion go/test/codeql-pack.lock.yml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,20 @@
---
lockVersion: 1.0.0
dependencies: {}
dependencies:
codeql/dataflow:
version: 1.1.7
codeql/go-all:
version: 3.0.0
codeql/mad:
version: 1.0.13
codeql/ssa:
version: 1.0.13
codeql/threat-models:
version: 1.0.13
codeql/tutorial:
version: 1.0.13
codeql/typetracking:
version: 1.0.13
codeql/util:
version: 2.0.0
compiled: false

0 comments on commit d994c7c

Please sign in to comment.
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy