From 18d32047cd639ed32aff1c7b54e54d6fa476ba43 Mon Sep 17 00:00:00 2001 From: GrosQuildu Date: Tue, 17 Dec 2024 12:02:13 +0100 Subject: [PATCH 1/2] fix trim misuse --- go/src/security/TrimMisuse/TrimMisuse.ql | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/go/src/security/TrimMisuse/TrimMisuse.ql b/go/src/security/TrimMisuse/TrimMisuse.ql index 311e1a0..3a3db95 100644 --- a/go/src/security/TrimMisuse/TrimMisuse.ql +++ b/go/src/security/TrimMisuse/TrimMisuse.ql @@ -11,7 +11,7 @@ */ import go -import DataFlow2 +import semmle.go.dataflow.DataFlow /* * Flows from a string to TrimFamilyCall cutSet argument @@ -32,7 +32,7 @@ module Trim2ndArgFlow = DataFlow::Global; /* * Calls to Trim methods that we are interested in */ -class TrimFamilyCall extends CallNode { +class TrimFamilyCall extends DataFlow::CallNode { TrimFamilyCall() { this.getTarget().hasQualifiedName("strings", ["TrimRight", "TrimLeft", "Trim"]) or From 6381cb57406e4faa0daec8bcf4cd4c90f30348df Mon Sep 17 00:00:00 2001 From: GrosQuildu Date: Tue, 17 Dec 2024 12:02:28 +0100 Subject: [PATCH 2/2] fix pack locks --- cpp/src/codeql-pack.lock.yml | 22 +++++++++++++++++++++- cpp/test/codeql-pack.lock.yml | 22 +++++++++++++++++++++- go/src/codeql-pack.lock.yml | 18 +++++++++++++++++- go/test/codeql-pack.lock.yml | 18 +++++++++++++++++- 4 files changed, 76 insertions(+), 4 deletions(-) diff --git a/cpp/src/codeql-pack.lock.yml b/cpp/src/codeql-pack.lock.yml index 5300427..55116c2 100644 --- a/cpp/src/codeql-pack.lock.yml +++ b/cpp/src/codeql-pack.lock.yml @@ -1,4 +1,24 @@ --- lockVersion: 1.0.0 -dependencies: {} +dependencies: + codeql/cpp-all: + version: 3.0.0 + codeql/dataflow: + version: 1.1.7 + codeql/mad: + version: 1.0.13 + codeql/rangeanalysis: + version: 1.0.13 + codeql/ssa: + version: 1.0.13 + codeql/tutorial: + version: 1.0.13 + codeql/typeflow: + version: 1.0.13 + codeql/typetracking: + version: 1.0.13 + codeql/util: + version: 2.0.0 + codeql/xml: + version: 1.0.13 compiled: false diff --git a/cpp/test/codeql-pack.lock.yml b/cpp/test/codeql-pack.lock.yml index 5300427..55116c2 100644 --- a/cpp/test/codeql-pack.lock.yml +++ b/cpp/test/codeql-pack.lock.yml @@ -1,4 +1,24 @@ --- lockVersion: 1.0.0 -dependencies: {} +dependencies: + codeql/cpp-all: + version: 3.0.0 + codeql/dataflow: + version: 1.1.7 + codeql/mad: + version: 1.0.13 + codeql/rangeanalysis: + version: 1.0.13 + codeql/ssa: + version: 1.0.13 + codeql/tutorial: + version: 1.0.13 + codeql/typeflow: + version: 1.0.13 + codeql/typetracking: + version: 1.0.13 + codeql/util: + version: 2.0.0 + codeql/xml: + version: 1.0.13 compiled: false diff --git a/go/src/codeql-pack.lock.yml b/go/src/codeql-pack.lock.yml index 5300427..a3cbfd5 100644 --- a/go/src/codeql-pack.lock.yml +++ b/go/src/codeql-pack.lock.yml @@ -1,4 +1,20 @@ --- lockVersion: 1.0.0 -dependencies: {} +dependencies: + codeql/dataflow: + version: 1.1.7 + codeql/go-all: + version: 3.0.0 + codeql/mad: + version: 1.0.13 + codeql/ssa: + version: 1.0.13 + codeql/threat-models: + version: 1.0.13 + codeql/tutorial: + version: 1.0.13 + codeql/typetracking: + version: 1.0.13 + codeql/util: + version: 2.0.0 compiled: false diff --git a/go/test/codeql-pack.lock.yml b/go/test/codeql-pack.lock.yml index 5300427..a3cbfd5 100644 --- a/go/test/codeql-pack.lock.yml +++ b/go/test/codeql-pack.lock.yml @@ -1,4 +1,20 @@ --- lockVersion: 1.0.0 -dependencies: {} +dependencies: + codeql/dataflow: + version: 1.1.7 + codeql/go-all: + version: 3.0.0 + codeql/mad: + version: 1.0.13 + codeql/ssa: + version: 1.0.13 + codeql/threat-models: + version: 1.0.13 + codeql/tutorial: + version: 1.0.13 + codeql/typetracking: + version: 1.0.13 + codeql/util: + version: 2.0.0 compiled: false