Apply suggestions from code review

jkcso · xcorail · web-flow · commit a29b9b8c90fd · 2022-11-30T22:12:32.000Z
Co-authored-by: Xavier RENE-CORAIL &lt;xcorail@github.com&gt;
diff --git a/CodeQL_Queries/cpp/Qualcomm-MSM-copy_from_user/README.md b/CodeQL_Queries/cpp/Qualcomm-MSM-copy_from_user/README.md
@@ -1,4 +1,4 @@
-[Blog post](https://github.blog/category/security/stack-buffer-overflow-qualcomm-msm/)
+[Blog post](https://securitylab.github.com/research/stack-buffer-overflow-qualcomm-msm/)
 
 [Snapshot for this demo](https://github.com/github/securitylab/releases/download/qualcomm-msm-codeql-database/msm-4.4-revision-2017-May-07--08-33-56.zip)
 
diff --git a/CodeQL_Queries/cpp/XNU_DTrace_CVE-2017-13782/README.md b/CodeQL_Queries/cpp/XNU_DTrace_CVE-2017-13782/README.md
@@ -1,4 +1,4 @@
-[Blog post](https://github.blog/category/security/apple-xnu-dtrace-CVE-2017-13782/)
+[Blog post](https://securitylab.github.com/research/apple-xnu-dtrace-CVE-2017-13782/)
 
 Bug was fixed in [macOS High Sierra 10.13.1](https://support.apple.com/en-us/HT208221).
 
diff --git a/CodeQL_Queries/cpp/XNU_NFS_Boot_CVE-2018-4136_CVE-2018-4160/README.md b/CodeQL_Queries/cpp/XNU_NFS_Boot_CVE-2018-4136_CVE-2018-4160/README.md
@@ -1,4 +1,4 @@
-[Blog post](https://github.blog/category/security/apple-xnu-nfs-boot/)
+[Blog post](https://securitylab.github.com/research/apple-xnu-nfs-boot/)
 
 Bug was fixed in [macOS High Sierra 10.13.4](https://support.apple.com/en-gb/HT208692).
 
diff --git a/CodeQL_Queries/cpp/XNU_icmp_error_CVE-2018-4407/00_mbuf_copydata_tainted_size.ql b/CodeQL_Queries/cpp/XNU_icmp_error_CVE-2018-4407/00_mbuf_copydata_tainted_size.ql
@@ -10,7 +10,7 @@
 /*
  * This query is explained in detail in this blog post:
  *
- * https://github.blog/category/security/apple-xnu-icmp-error-CVE-2018-4407/
+ * https://securitylab.github.com/research/apple-xnu-icmp-error-CVE-2018-4407/
  *
  * It is based on the assumption that the function `m_mtod`, which returns
  * a pointer to the data stored in an `mbuf`, often returns a buffer
diff --git a/CodeQL_Queries/cpp/XNU_icmp_error_CVE-2018-4407/README.md b/CodeQL_Queries/cpp/XNU_icmp_error_CVE-2018-4407/README.md
@@ -2,4 +2,4 @@
 
 Use [this snapshot](https://github.com/github/securitylab/releases/download/xnu-macos10.13.6-codeql-database/xnu-4570.71.2_macOS-10.13.6_Semmle-1.18.0.zip) for the demo.
 
-There are two parts to this demo. The first part is `00_mbuf_copydata_tainted_size.ql`, which is the dataflow query that found the bug. It is explained in detail in [this blog post](https://github.blog/category/security/apple-xnu-icmp-error-CVE-2018-4407/). The problem with this query is that it does not find the true source of the untrusted data. This is because it assumes that any call to the function named `m_mtod` can return untrusted data. But not every `mbuf` contains untrusted data. So the second part of the demo, corresponding to [this blog post](https://github.blog/category/security/apple-xnu-exploit-icmp-poc/), is to use dataflow analysis to find a path that gets an untrusted `mbuf` into `icmp_error`. The second part of the demo is developed in steps, starting with `01_paths_to_icmp_error.ql`.
+There are two parts to this demo. The first part is `00_mbuf_copydata_tainted_size.ql`, which is the dataflow query that found the bug. It is explained in detail in [this blog post](https://securitylab.github.com/research/apple-xnu-icmp-error-CVE-2018-4407/). The problem with this query is that it does not find the true source of the untrusted data. This is because it assumes that any call to the function named `m_mtod` can return untrusted data. But not every `mbuf` contains untrusted data. So the second part of the demo, corresponding to [this blog post](https://securitylab.github.com/research/apple-xnu-exploit-icmp-poc/), is to use dataflow analysis to find a path that gets an untrusted `mbuf` into `icmp_error`. The second part of the demo is developed in steps, starting with `01_paths_to_icmp_error.ql`.
diff --git a/CodeQL_Queries/cpp/XNU_packet-mangler_CVE-2018-4249/README.md b/CodeQL_Queries/cpp/XNU_packet-mangler_CVE-2018-4249/README.md
@@ -1,4 +1,4 @@
-https://github.blog/category/security/CVE-2018-4249-apple-xnu-packet-mangler/
+https://securitylab.github.com/research/CVE-2018-4249-apple-xnu-packet-mangler/
 
 There were multiple bugs in `packet_mangler.c`. One of the infinite loop bugs was fixed in macOS High Sierra 10.13.2. The other bugs were fixed in macOS High Sierra 10.13.5.
 
diff --git a/CodeQL_Queries/cpp/rsyslog_CVE-2018-1000140/README.md b/CodeQL_Queries/cpp/rsyslog_CVE-2018-1000140/README.md
@@ -1,4 +1,4 @@
-[Blog post](https://github.blog/category/security/librelp-buffer-overflow-cve-2018-1000140/).
+[Blog post](https://securitylab.github.com/research/librelp-buffer-overflow-cve-2018-1000140/).
 
 This bug was found by one of [CodeQL](https://codeql.github.com/) default queries. However, it also makes a good example of using QL interactively. The queries in this directory show how you can interactively develop the query.
 
diff --git a/CodeQL_Queries/java/Apache_Struts_CVE-2017-9805/README.md b/CodeQL_Queries/java/Apache_Struts_CVE-2017-9805/README.md
@@ -1,4 +1,4 @@
-[Blog post](https://github.blog/category/security/apache-struts-vulnerability-cve-2017-9805/)
+[Blog post](https://securitylab.github.com/research/apache-struts-vulnerability-cve-2017-9805/)
 
 [This snapshot](https://github.com/github/securitylab/releases/download/apache-struts-codeql-database/apache-struts-91ae344-CVE-2017-9805.zip) has the bug.
 
diff --git a/CodeQL_Queries/java/Apache_Struts_CVE-2018-11776/README.md b/CodeQL_Queries/java/Apache_Struts_CVE-2018-11776/README.md
@@ -1,6 +1,6 @@
 # Apache Struts CVE-2018-11776
 
-[Blog post](https://github.blog/category/security/apache-struts-CVE-2018-11776/)
+[Blog post](https://securitylab.github.com/research/apache-struts-CVE-2018-11776/)
 
 [This snapshot](https://github.com/github/securitylab/releases/download/apache-struts-CVE-2018-11776-codeql-database/apache-struts-7fd1622-CVE-2018-11776.zip) has the bug.
 
diff --git a/CodeQL_Queries/javascript/Etherpad_CVE-2018-6835/README.md b/CodeQL_Queries/javascript/Etherpad_CVE-2018-6835/README.md
@@ -1,4 +1,4 @@
-[Blog post](https://github.blog/category/security/etherpad-reflected-file-download/)
+[Blog post](https://securitylab.github.com/research/etherpad-reflected-file-download/)
 
 [This snapshot](https://github.com/github/securitylab/releases/download/etherpad-vulnerable-codeql-database/Etherpad_1.6.2.zip) has the vulnerability.
 
diff --git a/CodeQL_Queries/javascript/Etherpad_CVE-2018-6835/alternative/README.md b/CodeQL_Queries/javascript/Etherpad_CVE-2018-6835/alternative/README.md
@@ -1,5 +1,5 @@
 This is an alternative presentation of the query from the blog post about
-[Detecting Reflected File Download vulnerabilities using QL](https://github.blog/category/security/etherpad-reflected-file-download/),
+[Detecting Reflected File Download vulnerabilities using QL](https://securitylab.github.com/research/etherpad-reflected-file-download/),
 phrasing it as a customization of Semmle's standard Reflected XSS query.
 
 Use [this snapshot](https://github.com/github/securitylab/releases/download/etherpad-vulnerable-codeql-database/Etherpad_1.6.2.zip) (etherpad-lite v1.6.2)
diff --git a/SecurityExploits/apple/darwin-xnu/DTrace/CVE-2017-13782/README.md b/SecurityExploits/apple/darwin-xnu/DTrace/CVE-2017-13782/README.md
@@ -1,4 +1,4 @@
-For more information about this exploit PoC, see the [blog post](https://github.blog/category/security/apple-xnu-dtrace-CVE-2017-13782/).
+For more information about this exploit PoC, see the [blog post](https://securitylab.github.com/research/apple-xnu-dtrace-CVE-2017-13782/).
 
 This exploit PoC is designed for macOS High Sierra version 10.13. Apple released a patch on [Oct 31, 2017](https://support.apple.com/en-us/HT208221).
 
diff --git a/SecurityExploits/apple/darwin-xnu/DTrace/CVE-2017-13782/cve-2017-13782-poc.c b/SecurityExploits/apple/darwin-xnu/DTrace/CVE-2017-13782/cve-2017-13782-poc.c
@@ -2,7 +2,6 @@
  * Copyright Kevin Backhouse / Semmle Ltd (2017)
  * License: Apache License 2.0
  * 
- * For more information: https://github.blog/category/security/
  */
 #include <stdlib.h>
 #include <stdint.h>
diff --git a/SecurityExploits/apple/darwin-xnu/icmp_error_CVE-2018-4407/README.md b/SecurityExploits/apple/darwin-xnu/icmp_error_CVE-2018-4407/README.md
@@ -2,7 +2,7 @@
 
 Proof-of-concept exploit for a remotely triggerable heap buffer overflow vulnerability in iOS 11.4.1 and macOS 10.13.6. This exploit can be used to crash any vulnerable iOS or macOS device that is connected to the same network as the attacker's computer. The vulnerability can be triggered without any user interaction on the victim's device. The exploit involves sending a TCP packet with non-zero options in the IP and TCP headers. It is possible that some routers or switches will refuse to deliver such packets, but it has worked for me on all the home and office networks that I have tried it on. However, I have found that it is not usually possible to send the malicious packet across the internet. 
 
-For more information about the vulnerability, see the [blog post](https://github.blog/category/security/apple-xnu-icmp-error-CVE-2018-4407/).
+For more information about the vulnerability, see the [blog post](https://securitylab.github.com/research/apple-xnu-icmp-error-CVE-2018-4407/).
 
 The buffer overflow is in this code [bsd/netinet/ip_icmp.c:339](https://github.com/apple/darwin-xnu/blob/0a798f6738bc1db01281fc08ae024145e84df927/bsd/netinet/ip_icmp.c#L339):
 
diff --git a/SecurityExploits/apple/darwin-xnu/nfs_vfsops_CVE-2018-4259/README.md b/SecurityExploits/apple/darwin-xnu/nfs_vfsops_CVE-2018-4259/README.md
@@ -2,7 +2,7 @@
 
 This directory contains a minimal [NFS](https://en.wikipedia.org/wiki/Network_File_System) server. It only implements a very small subset of the [NFS protocol](https://www.ietf.org/rfc/rfc1813.txt): just enough to trigger one of the buffer overflow vulnerabilities in the macOS XNU operating system kernel. The vulnerabilities were fixed in macOS version [10.13.6](https://support.apple.com/en-gb/HT208937).
 
-For more details about the vulnerabilities, see the [blog post](https://github.blog/category/security/cve-2018-4259-macos-nfs-vulnerability/).
+For more details about the vulnerabilities, see the [blog post](https://securitylab.github.com/research/cve-2018-4259-macos-nfs-vulnerability/).
 
 To compile and run (on Linux):
 
diff --git a/SecurityExploits/apple/darwin-xnu/packet_mangler_CVE-2017-13904/README.md b/SecurityExploits/apple/darwin-xnu/packet_mangler_CVE-2017-13904/README.md
@@ -4,4 +4,4 @@ Proof-of-concept exploit for remote code execution vulnerability in the packet-m
 
 Update: Apple's fix for the infinite loop bug was incomplete. The fix for CVE-2018-4460 was released on December 5, 2018.
 
-For details on how to compile and run this exploit, see the [blog post](https://github.blog/category/security/CVE-2018-4249-apple-xnu-packet-mangler/).
+For details on how to compile and run this exploit, see the [blog post](https://securitylab.github.com/research/CVE-2018-4249-apple-xnu-packet-mangler/).
diff --git a/SecurityExploits/rsyslog/CVE-2018-1000140_snprintf_librelp/README.md b/SecurityExploits/rsyslog/CVE-2018-1000140_snprintf_librelp/README.md
@@ -2,4 +2,4 @@
 
 This directory contains a proof-of-concept exploit for a remote code execution vulnerability in [librelp](https://www.rsyslog.com/librelp/). The vulnerability was fixed in librelp version [1.2.15](https://www.rsyslog.com/librelp-1-2-15/), released on 2018-03-22.
 
-For more information about the vulnerability and for instructions on how to run the proof-of-concept exploit, please see our blog post which is published on both [Rainer Gerhards's blog](https://rainer.gerhards.net/how-we-found-and-fixed-cve-in-librelp) and on the [blog](https://github.blog/category/security/librelp-buffer-overflow-cve-2018-1000140/).
+For more information about the vulnerability and for instructions on how to run the proof-of-concept exploit, please see our blog post which is published on both [Rainer Gerhards's blog](https://rainer.gerhards.net/how-we-found-and-fixed-cve-in-librelp) and on the [blog](https://securitylab.github.com/research/librelp-buffer-overflow-cve-2018-1000140/).

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-[Blog post](https://github.blog/category/security/stack-buffer-overflow-qualcomm-msm/)`
	`1`	`+[Blog post](https://securitylab.github.com/research/stack-buffer-overflow-qualcomm-msm/)`
`2`	`2`
`3`	`3`	`[Snapshot for this demo](https://github.com/github/securitylab/releases/download/qualcomm-msm-codeql-database/msm-4.4-revision-2017-May-07--08-33-56.zip)`
`4`	`4`
Original file line number	Diff line number	Diff line change
`@@ -10,7 +10,7 @@`
`10`	`10`	`/*`
`11`	`11`	`* This query is explained in detail in this blog post:`
`12`	`12`	`*`
`13`		`- * https://github.blog/category/security/apple-xnu-icmp-error-CVE-2018-4407/`
	`13`	`+ * https://securitylab.github.com/research/apple-xnu-icmp-error-CVE-2018-4407/`
`14`	`14`	`*`
`15`	`15`	* It is based on the assumption that the function `m_mtod`, which returns
`16`	`16`	* a pointer to the data stored in an `mbuf`, often returns a buffer
Original file line number	Diff line number	Diff line change
`@@ -2,4 +2,4 @@`
`2`	`2`
`3`	`3`	`Use [this snapshot](https://github.com/github/securitylab/releases/download/xnu-macos10.13.6-codeql-database/xnu-4570.71.2_macOS-10.13.6_Semmle-1.18.0.zip) for the demo.`
`4`	`4`
`5`		-There are two parts to this demo. The first part is `00_mbuf_copydata_tainted_size.ql`, which is the dataflow query that found the bug. It is explained in detail in [this blog post](https://github.blog/category/security/apple-xnu-icmp-error-CVE-2018-4407/). The problem with this query is that it does not find the true source of the untrusted data. This is because it assumes that any call to the function named `m_mtod` can return untrusted data. But not every `mbuf` contains untrusted data. So the second part of the demo, corresponding to [this blog post](https://github.blog/category/security/apple-xnu-exploit-icmp-poc/), is to use dataflow analysis to find a path that gets an untrusted `mbuf` into `icmp_error`. The second part of the demo is developed in steps, starting with `01_paths_to_icmp_error.ql`.
	`5`	+There are two parts to this demo. The first part is `00_mbuf_copydata_tainted_size.ql`, which is the dataflow query that found the bug. It is explained in detail in [this blog post](https://securitylab.github.com/research/apple-xnu-icmp-error-CVE-2018-4407/). The problem with this query is that it does not find the true source of the untrusted data. This is because it assumes that any call to the function named `m_mtod` can return untrusted data. But not every `mbuf` contains untrusted data. So the second part of the demo, corresponding to [this blog post](https://securitylab.github.com/research/apple-xnu-exploit-icmp-poc/), is to use dataflow analysis to find a path that gets an untrusted `mbuf` into `icmp_error`. The second part of the demo is developed in steps, starting with `01_paths_to_icmp_error.ql`.
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-https://github.blog/category/security/CVE-2018-4249-apple-xnu-packet-mangler/`
	`1`	`+https://securitylab.github.com/research/CVE-2018-4249-apple-xnu-packet-mangler/`
`2`	`2`
`3`	`3`	There were multiple bugs in `packet_mangler.c`. One of the infinite loop bugs was fixed in macOS High Sierra 10.13.2. The other bugs were fixed in macOS High Sierra 10.13.5.
`4`	`4`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-For more information about this exploit PoC, see the [blog post](https://github.blog/category/security/apple-xnu-dtrace-CVE-2017-13782/).`
	`1`	`+For more information about this exploit PoC, see the [blog post](https://securitylab.github.com/research/apple-xnu-dtrace-CVE-2017-13782/).`
`2`	`2`
`3`	`3`	`This exploit PoC is designed for macOS High Sierra version 10.13. Apple released a patch on [Oct 31, 2017](https://support.apple.com/en-us/HT208221).`
`4`	`4`
Original file line number	Diff line number	Diff line change
`@@ -2,7 +2,6 @@`
`2`	`2`	`* Copyright Kevin Backhouse / Semmle Ltd (2017)`
`3`	`3`	`* License: Apache License 2.0`
`4`	`4`	`*`
`5`		`- * For more information: https://github.blog/category/security/`
`6`	`5`	`*/`
`7`	`6`	`#include <stdlib.h>`
`8`	`7`	`#include <stdint.h>`
Original file line number	Diff line number	Diff line change
`@@ -4,4 +4,4 @@ Proof-of-concept exploit for remote code execution vulnerability in the packet-m`
`4`	`4`
`5`	`5`	`Update: Apple's fix for the infinite loop bug was incomplete. The fix for CVE-2018-4460 was released on December 5, 2018.`
`6`	`6`
`7`		`-For details on how to compile and run this exploit, see the [blog post](https://github.blog/category/security/CVE-2018-4249-apple-xnu-packet-mangler/).`
	`7`	`+For details on how to compile and run this exploit, see the [blog post](https://securitylab.github.com/research/CVE-2018-4249-apple-xnu-packet-mangler/).`
Original file line number	Diff line number	Diff line change
`@@ -2,4 +2,4 @@`
`2`	`2`
`3`	`3`	`This directory contains a proof-of-concept exploit for a remote code execution vulnerability in [librelp](https://www.rsyslog.com/librelp/). The vulnerability was fixed in librelp version [1.2.15](https://www.rsyslog.com/librelp-1-2-15/), released on 2018-03-22.`
`4`	`4`
`5`		`-For more information about the vulnerability and for instructions on how to run the proof-of-concept exploit, please see our blog post which is published on both [Rainer Gerhards's blog](https://rainer.gerhards.net/how-we-found-and-fixed-cve-in-librelp) and on the [blog](https://github.blog/category/security/librelp-buffer-overflow-cve-2018-1000140/).`
	`5`	`+For more information about the vulnerability and for instructions on how to run the proof-of-concept exploit, please see our blog post which is published on both [Rainer Gerhards's blog](https://rainer.gerhards.net/how-we-found-and-fixed-cve-in-librelp) and on the [blog](https://securitylab.github.com/research/librelp-buffer-overflow-cve-2018-1000140/).`