hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,671 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

1526 Commits

Author SHA1 Message Date
Ed Minnix
fa2c50616b Remove getSourceType definitions 2024-06-17 10:57:11 -04:00
Ed Minnix
7f19f449eb Change note 2024-06-17 10:51:10 -04:00
Ed Minnix
49fb372eb9 Add getSourceType declarations to existing remote flow sources 2024-06-17 10:51:09 -04:00
Ed Minnix
df6449cfc7 Go: Add the SourceNode and ThreatModelFlowSource classes 2024-06-17 10:51:07 -04:00
Ed Minnix
b697068e9a Go: Add threat modeling shared library 2024-06-17 10:51:06 -04:00
Owen Mansel-Chan
24c9062b35 Merge pull request #16671 from owen-mc/go/mad-builtin-taint-models-try-2 
Go: Convert old-style models for built-ins to MaD
 2024-06-11 19:45:34 +01:00
Owen Mansel-Chan
700604a1c2 Convert old-style models for built-ins to MaD 
These models are to cover the special cases where `append` can be used
with a second argument which is a string followed by `...`, and `copy`
can be used with a second argument which is a string. In this case the
taint is carried by the whole string, rather than in array elements.
 2024-06-11 16:16:45 +01:00
github-actions[bot]
8a25081a0e Post-release preparation for codeql-cli-2.17.5 2024-06-10 15:33:08 +00:00
github-actions[bot]
877bfa2468 Release preparation for version 2.17.5 2024-06-10 13:40:39 +00:00
Anders Schack-Mulligen
a26c01d7c7 Go: Add support for pretty-printed provenace in tests. Convert one test. 2024-06-07 11:47:45 +02:00
Owen Mansel-Chan
44a56c420f Merge pull request #16558 from owen-mc/go/sync-external-flow 
Go: sync ExternalFlow.qll
 2024-06-05 11:31:34 +01:00
Owen Mansel-Chan
60970ff015 Merge pull request #16571 from owen-mc/go/remove-step-duplication-in-config 
Go: remove flow step duplication in configs
 2024-06-04 12:57:26 +01:00
Owen Mansel-Chan
cbbdd01d5a Reinstate more descriptive QLDoc 2024-06-04 11:46:05 +01:00
Owen Mansel-Chan
7356e747e4 Add change note 2024-06-04 11:46:04 +01:00
Owen Mansel-Chan
6e67e724b4 Update documentation for receiver instead of -1 2024-06-04 11:46:02 +01:00
Owen Mansel-Chan
18fa454d33 Replace Argument[-1] with Argument[receiver] 2024-06-04 11:45:59 +01:00
Owen Mansel-Chan
a8112ec62e Add neutralModel to empty.model.yml so it is defined somewhere 2024-06-04 11:45:57 +01:00
Owen Mansel-Chan
adfaae02e7 Cache interpretElement 2024-06-04 11:45:55 +01:00
Owen Mansel-Chan
479ea9f82c Remove unused predicate hasExternalSpecification 2024-06-04 11:45:54 +01:00
Owen Mansel-Chan
174712a472 Delete unused predicate paramsString 
This is needed for other languages, but in Go you cannot have two
functions which are distinguished only by their parameter types.
 2024-06-04 11:45:52 +01:00
Owen Mansel-Chan
40127583fb Make manual neutral summary models block generated summary models 2024-06-04 11:45:51 +01:00
Owen Mansel-Chan
5b04a71169 Non-trivial implementation of NeutralCallableAdapter 2024-06-04 11:45:49 +01:00
Owen Mansel-Chan
df8e04fcf9 Add predicate neutralElement matching summaryElement 2024-06-04 11:45:48 +01:00
Owen Mansel-Chan
209fe731a6 Change type of c to be more portable 2024-06-04 11:45:47 +01:00
Owen Mansel-Chan
e2008e14e2 Move summaryElement to FlowSummyImpl.qll 2024-06-04 11:45:45 +01:00
Owen Mansel-Chan
7f0f2d3438 Rename interpretSummary to summaryElement 2024-06-04 11:45:44 +01:00
Owen Mansel-Chan
961b09d63c Use methods of AccessPathToken more 2024-06-04 11:45:42 +01:00
Owen Mansel-Chan
9f7c47509a Expect "receiver" instead of "-1" 2024-06-04 11:45:41 +01:00
Owen Mansel-Chan
557adaf6f2 Update invalid model predicates 2024-06-04 11:45:40 +01:00
Owen Mansel-Chan
8e2e32742c Use neutralModel in various places 2024-06-04 11:45:38 +01:00
Owen Mansel-Chan
83672f545f Add neutralModel extensible predicate 2024-06-04 11:45:36 +01:00
Owen Mansel-Chan
a71e678bb9 Change imports 2024-06-04 11:45:33 +01:00
Owen Mansel-Chan
c3e1592815 Use AccessPath and AccessPathToken more 2024-06-04 11:45:27 +01:00
Owen Mansel-Chan
54a0c03e5d Rename canonicalPackageHasASubpackage to canonicalPkgLink 2024-06-04 11:45:25 +01:00
Owen Mansel-Chan
e81a98925a Remove QLDoc 2024-06-04 11:45:20 +01:00
Owen Mansel-Chan
797e5d0c8a Rename packageHasASubpackage to packageLink 2024-06-04 11:45:17 +01:00
Owen Mansel-Chan
7c94120eb7 Rename packageHasMaDCoverage to relevantPackage 2024-06-04 11:45:13 +01:00
Owen Mansel-Chan
89e7bab0b3 QLDoc 2024-06-04 11:45:06 +01:00
Owen Mansel-Chan
133983678c Merge pull request #16619 from owen-mc/go/fix/response-writer-variadic 
Go: Fix bug in ResponseWriter for variadic MaD
 2024-06-04 05:36:58 +01:00
Chuan-kai Lin
8d5bb21643 Merge pull request #16642 from github/post-release-prep/codeql-cli-2.17.4 
Post-release preparation for codeql-cli-2.17.4
 2024-05-31 09:08:03 -07:00
github-actions[bot]
a19149032f Post-release preparation for codeql-cli-2.17.4 2024-05-31 14:49:11 +00:00
github-actions[bot]
a22e70373a Release preparation for version 2.17.4 2024-05-31 13:40:51 +00:00
Owen Mansel-Chan
d112073a13 Edit change note 2024-05-30 21:04:05 +01:00
Owen Mansel-Chan
a5c392ed4b Add back taint models for append and copy 
This is needed when they are used with string arguments.
 2024-05-30 21:01:03 +01:00
Chuan-kai Lin
b41835a7d9 Revert "Release preparation for version 2.17.4" 2024-05-30 09:25:15 -07:00
Owen Mansel-Chan
1d9a98614a Fix bug in ResponseWriter for variadic MaD 
`getSummaryInputOrOutputNode` was giving the summary component stack for
arguments corresponding to variadic parameters. This will be a problem
when the models for variadic functions are converted to models-as-data.
 2024-05-29 21:15:49 +01:00
Anders Schack-Mulligen
2f95851537 Merge pull request #16603 from aschackmull/dataflow/location 
Dataflow/Go: Add getLocation to DataFlowCall and DataFlowCallable for easier debugging.
 2024-05-29 08:58:22 +02:00
github-actions[bot]
906b65d09c Post-release preparation for codeql-cli-2.17.4 2024-05-28 18:02:25 +00:00
github-actions[bot]
33b4ae8bbb Release preparation for version 2.17.4 2024-05-28 15:44:32 +00:00
Anders Schack-Mulligen
3b12f69dd9 Dataflow/Go: Add getLocation to calls and callables for easier debugging. 2024-05-28 13:47:08 +02:00