diff --git a/cpp/lib/codeql-pack.lock.yml b/cpp/lib/codeql-pack.lock.yml index e7600d8..78b4cc1 100644 --- a/cpp/lib/codeql-pack.lock.yml +++ b/cpp/lib/codeql-pack.lock.yml @@ -1,10 +1,28 @@ --- lockVersion: 1.0.0 dependencies: + codeql/controlflow: + version: 2.0.22 codeql/cpp-all: - version: 0.6.1 + version: 6.1.3 + codeql/dataflow: + version: 2.0.22 + codeql/mad: + version: 1.0.38 + codeql/quantum: + version: 0.0.16 + codeql/rangeanalysis: + version: 1.0.38 codeql/ssa: - version: 0.0.14 + version: 2.0.14 codeql/tutorial: - version: 0.0.7 + version: 1.0.38 + codeql/typeflow: + version: 1.0.38 + codeql/typetracking: + version: 2.0.22 + codeql/util: + version: 2.0.25 + codeql/xml: + version: 1.0.38 compiled: false diff --git a/cpp/src/codeql-pack.lock.yml b/cpp/src/codeql-pack.lock.yml index 55116c2..78b4cc1 100644 --- a/cpp/src/codeql-pack.lock.yml +++ b/cpp/src/codeql-pack.lock.yml @@ -1,24 +1,28 @@ --- lockVersion: 1.0.0 dependencies: + codeql/controlflow: + version: 2.0.22 codeql/cpp-all: - version: 3.0.0 + version: 6.1.3 codeql/dataflow: - version: 1.1.7 + version: 2.0.22 codeql/mad: - version: 1.0.13 + version: 1.0.38 + codeql/quantum: + version: 0.0.16 codeql/rangeanalysis: - version: 1.0.13 + version: 1.0.38 codeql/ssa: - version: 1.0.13 + version: 2.0.14 codeql/tutorial: - version: 1.0.13 + version: 1.0.38 codeql/typeflow: - version: 1.0.13 + version: 1.0.38 codeql/typetracking: - version: 1.0.13 + version: 2.0.22 codeql/util: - version: 2.0.0 + version: 2.0.25 codeql/xml: - version: 1.0.13 + version: 1.0.38 compiled: false diff --git a/cpp/test/codeql-pack.lock.yml b/cpp/test/codeql-pack.lock.yml index 55116c2..78b4cc1 100644 --- a/cpp/test/codeql-pack.lock.yml +++ b/cpp/test/codeql-pack.lock.yml @@ -1,24 +1,28 @@ --- lockVersion: 1.0.0 dependencies: + codeql/controlflow: + version: 2.0.22 codeql/cpp-all: - version: 3.0.0 + version: 6.1.3 codeql/dataflow: - version: 1.1.7 + version: 2.0.22 codeql/mad: - version: 1.0.13 + version: 1.0.38 + codeql/quantum: + version: 0.0.16 codeql/rangeanalysis: - version: 1.0.13 + version: 1.0.38 codeql/ssa: - version: 1.0.13 + version: 2.0.14 codeql/tutorial: - version: 1.0.13 + version: 1.0.38 codeql/typeflow: - version: 1.0.13 + version: 1.0.38 codeql/typetracking: - version: 1.0.13 + version: 2.0.22 codeql/util: - version: 2.0.0 + version: 2.0.25 codeql/xml: - version: 1.0.13 + version: 1.0.38 compiled: false diff --git a/go/src/codeql-pack.lock.yml b/go/src/codeql-pack.lock.yml index a3cbfd5..bfe9e40 100644 --- a/go/src/codeql-pack.lock.yml +++ b/go/src/codeql-pack.lock.yml @@ -1,20 +1,24 @@ --- lockVersion: 1.0.0 dependencies: + codeql/concepts: + version: 0.0.12 + codeql/controlflow: + version: 2.0.22 codeql/dataflow: - version: 1.1.7 + version: 2.0.22 codeql/go-all: - version: 3.0.0 + version: 5.0.5 codeql/mad: - version: 1.0.13 + version: 1.0.38 codeql/ssa: - version: 1.0.13 + version: 2.0.14 codeql/threat-models: - version: 1.0.13 + version: 1.0.38 codeql/tutorial: - version: 1.0.13 + version: 1.0.38 codeql/typetracking: - version: 1.0.13 + version: 2.0.22 codeql/util: - version: 2.0.0 + version: 2.0.25 compiled: false diff --git a/go/src/security/MissingMinVersionTLS/MissingMinVersionTLS.ql b/go/src/security/MissingMinVersionTLS/MissingMinVersionTLS.ql index 389855c..8a5326a 100644 --- a/go/src/security/MissingMinVersionTLS/MissingMinVersionTLS.ql +++ b/go/src/security/MissingMinVersionTLS/MissingMinVersionTLS.ql @@ -62,7 +62,12 @@ module TlsConfigCreationConfig implements DataFlow::ConfigSig { /** * Holds if it is TLS.Config instance (a Variable). */ - predicate isSink(DataFlow::Node sink) { exists(Variable v | sink.asExpr() = v.getAReference()) } + predicate isSink(DataFlow::Node sink) { + exists(Variable v | + sink.asExpr() = v.getAReference() or + sink.(DataFlow::PostUpdateNode).getPreUpdateNode().asExpr() = v.getAReference() + ) + } /** * Holds if TLS.Config literal is saved in a structure's field @@ -87,13 +92,13 @@ predicate configOrConfigPointer(Type t) { or exists(Type tp | tp.hasQualifiedName("crypto/tls", "Config") and - t.(NamedType).getUnderlyingType().(StructType).hasField(_, tp) + t.(DefinedType).getUnderlyingType().(StructType).hasField(_, tp) ) or exists(Type tp, Type tp2 | tp.hasQualifiedName("crypto/tls", "Config") and tp2 = tp.getPointerType+() and - t.(NamedType).getUnderlyingType().(StructType).hasField(_, tp2) + t.(DefinedType).getUnderlyingType().(StructType).hasField(_, tp2) ) } @@ -225,7 +230,10 @@ where // find tls.Config structures with MinVersion not set on the structure initialization ( TlsConfigCreationFlow::flow(source, sink) and - sink.asExpr() = v.getAReference() and + ( + sink.asExpr() = v.getAReference() or + sink.(DataFlow::PostUpdateNode).getPreUpdateNode().asExpr() = v.getAReference() + ) and source.asExpr() = configStruct ) and // only explicitely defined, e.g., skip function arguments diff --git a/go/test/codeql-pack.lock.yml b/go/test/codeql-pack.lock.yml index a3cbfd5..bfe9e40 100644 --- a/go/test/codeql-pack.lock.yml +++ b/go/test/codeql-pack.lock.yml @@ -1,20 +1,24 @@ --- lockVersion: 1.0.0 dependencies: + codeql/concepts: + version: 0.0.12 + codeql/controlflow: + version: 2.0.22 codeql/dataflow: - version: 1.1.7 + version: 2.0.22 codeql/go-all: - version: 3.0.0 + version: 5.0.5 codeql/mad: - version: 1.0.13 + version: 1.0.38 codeql/ssa: - version: 1.0.13 + version: 2.0.14 codeql/threat-models: - version: 1.0.13 + version: 1.0.38 codeql/tutorial: - version: 1.0.13 + version: 1.0.38 codeql/typetracking: - version: 1.0.13 + version: 2.0.22 codeql/util: - version: 2.0.0 + version: 2.0.25 compiled: false diff --git a/java/src/codeql-pack.lock.yml b/java/src/codeql-pack.lock.yml index b1acfc0..a8830bf 100644 --- a/java/src/codeql-pack.lock.yml +++ b/java/src/codeql-pack.lock.yml @@ -1,28 +1,32 @@ --- lockVersion: 1.0.0 dependencies: + codeql/controlflow: + version: 2.0.22 codeql/dataflow: - version: 1.1.5 + version: 2.0.22 codeql/java-all: - version: 4.2.0 + version: 7.8.2 codeql/mad: - version: 1.0.11 + version: 1.0.38 + codeql/quantum: + version: 0.0.16 codeql/rangeanalysis: - version: 1.0.11 + version: 1.0.38 codeql/regex: - version: 1.0.11 + version: 1.0.38 codeql/ssa: - version: 1.0.11 + version: 2.0.14 codeql/threat-models: - version: 1.0.11 + version: 1.0.38 codeql/tutorial: - version: 1.0.11 + version: 1.0.38 codeql/typeflow: - version: 1.0.11 + version: 1.0.38 codeql/typetracking: - version: 1.0.11 + version: 2.0.22 codeql/util: - version: 1.0.11 + version: 2.0.25 codeql/xml: - version: 1.0.11 + version: 1.0.38 compiled: false diff --git a/java/test/codeql-pack.lock.yml b/java/test/codeql-pack.lock.yml index b1acfc0..a8830bf 100644 --- a/java/test/codeql-pack.lock.yml +++ b/java/test/codeql-pack.lock.yml @@ -1,28 +1,32 @@ --- lockVersion: 1.0.0 dependencies: + codeql/controlflow: + version: 2.0.22 codeql/dataflow: - version: 1.1.5 + version: 2.0.22 codeql/java-all: - version: 4.2.0 + version: 7.8.2 codeql/mad: - version: 1.0.11 + version: 1.0.38 + codeql/quantum: + version: 0.0.16 codeql/rangeanalysis: - version: 1.0.11 + version: 1.0.38 codeql/regex: - version: 1.0.11 + version: 1.0.38 codeql/ssa: - version: 1.0.11 + version: 2.0.14 codeql/threat-models: - version: 1.0.11 + version: 1.0.38 codeql/tutorial: - version: 1.0.11 + version: 1.0.38 codeql/typeflow: - version: 1.0.11 + version: 1.0.38 codeql/typetracking: - version: 1.0.11 + version: 2.0.22 codeql/util: - version: 1.0.11 + version: 2.0.25 codeql/xml: - version: 1.0.11 + version: 1.0.38 compiled: false