hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,672 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

1526 Commits

Author SHA1 Message Date
github-actions[bot]
31ab22e3a0 Release preparation for version 2.11.5 2022-12-01 20:05:14 +00:00
Tom Hvitved
b33f5925bb Data flow: Sync files 2022-11-30 13:39:25 +01:00
Owen Mansel-Chan
55c4643b20 Dataflow: Sync. 2022-11-30 11:00:07 +00:00
Owen Mansel-Chan
818f02826c Update shared library files for go to f3dca95 2022-11-29 16:15:01 +00:00
Owen Mansel-Chan
d9f8420c86 Update shared library files for go to PR #11183 
Merge commit: 94bca43
 2022-11-29 16:15:00 +00:00
Owen Mansel-Chan
b63d0892ab Update shared library files for go to PR #10777 
Merge commit: 9c6875e
 2022-11-29 16:15:00 +00:00
Owen Mansel-Chan
309ab772da Update shared library files for go to PR #10886 
Merge commit: 99ca28e
 2022-11-29 16:15:00 +00:00
Owen Mansel-Chan
804d131d3b Update shared library files for go to PR #11060 
Merge commit: 587e673
 2022-11-29 16:14:59 +00:00
Owen Mansel-Chan
40eb422524 Update shared library files for go to PR #10814 
Merge commit: 6ef5fac
 2022-11-29 16:14:58 +00:00
Owen Mansel-Chan
3006551eb1 Update shared library files for go to PR #10806 
Merge commit: d79a7e8
 2022-11-29 16:14:58 +00:00
Owen Mansel-Chan
5c7f7328ff Update shared library files for go to PR #10754 
Merge commit: d6df69d
 2022-11-29 16:14:58 +00:00
Owen Mansel-Chan
c19ab7bc85 Update shared library files for go to PR #10744 
Merge commit: 60fe370
 2022-11-29 16:14:57 +00:00
Owen Mansel-Chan
8957437a4c Update shared library files for go to PR #10691 
Merge commit: 0e6735b
 2022-11-29 16:14:57 +00:00
Owen Mansel-Chan
d63f161f06 Update shared library files for go to PR #10577 
Merge commit: df2b586
 2022-11-29 16:14:57 +00:00
Owen Mansel-Chan
c9aef4ac9f Update shared library files for go to PR #10575 
Merge commit: 9f1bbf2
 2022-11-29 16:14:56 +00:00
Owen Mansel-Chan
6ccfb4b4ba Update shared library files for go to PR #10505 
Merge commit: 8b424d1
 2022-11-29 16:14:56 +00:00
Owen Mansel-Chan
628230f14c Update shared library files for go to PR #10360 
Merge commit: 569fad6
 2022-11-29 16:14:55 +00:00
Owen Mansel-Chan
569da2da60 Update shared library files for go to PR #10127 
Merge commit: e265b07
 2022-11-29 16:14:55 +00:00
Owen Mansel-Chan
c2b64d4545 Update shared library files for go to PR #9867 
Merge commit: c514c88
 2022-11-29 16:14:54 +00:00
Owen Mansel-Chan
f05da69392 Update shared library files for go to PR #10007 
Merge commit: a3fb54c
 2022-11-29 16:14:54 +00:00
Owen Mansel-Chan
ae408290dd Update shared library files for go to PR #9823 
Merge commit: aa36556
 2022-11-29 16:14:54 +00:00
Owen Mansel-Chan
ebdea243b2 Make qldoc clearer about behaviour of override 2022-11-25 09:46:07 +00:00
Erik Krogh Kristensen
b2267c0e49 Merge pull request #11343 from erik-krogh/redundantAssignment 
QL: add redundant-assignment query
 2022-11-22 13:03:14 +01:00
Edoardo Pirovano
6c33ddcd47 Merge pull request #11349 from github/edoardo/2.11.4-mergeback 
Merge `rc/3.8` into `main`
 2022-11-21 18:08:27 +00:00
erik-krogh
64707f4f7b remove redundant assignments 2022-11-21 17:45:05 +01:00
github-actions[bot]
5b14ebf22a Post-release preparation for codeql-cli-2.11.4 2022-11-18 11:26:00 +00:00
Alvaro Muñoz
69ecbda133 add change note 2022-11-18 09:43:17 +01:00
Alvaro Muñoz
7496b61b8d Add rsync since both --rsh and --rsync-path admit commands 2022-11-18 09:43:17 +01:00
github-actions[bot]
e105c13e77 Release preparation for version 2.11.4 2022-11-17 16:40:45 +00:00
Owen Mansel-Chan
4073d77635 Add change notes 2022-11-17 14:27:07 +00:00
Owen Mansel-Chan
ab15a19028 Address review comments 2022-11-17 14:27:07 +00:00
Owen Mansel-Chan
166a3688f8 Use standard variable names for hasLocationInfo 
This makes them match the QLDoc and also other implementations of
`hasLocationInfo`.
 2022-11-17 14:27:07 +00:00
Owen Mansel-Chan
f2e2c02db6 Rename predicates to avoid clashes 2022-11-17 14:27:06 +00:00
Owen Mansel-Chan
1718ef88be Data flow: Inline local(Expr)?(Flow|Taint) 
See https://github.com/github/codeql/pull/7791
 2022-11-17 14:27:05 +00:00
Owen Mansel-Chan
736435adda Go: Add stub expectsContent 
Corresponds to https://github.com/github/codeql/pull/8870
 2022-11-17 14:27:05 +00:00
Owen Mansel-Chan
50210a9d24 Go: ParameterPosition and ArgumentPosition 
Corresponds to https://github.com/github/codeql/pull/7260, though some
of those changes had already been made.
 2022-11-17 14:27:05 +00:00
Owen Mansel-Chan
83a3af2fff Go: Summarized Callable 
Corresponds to https://github.com/github/codeql/pull/9270
 2022-11-17 14:27:04 +00:00
Owen Mansel-Chan
10ed4ad3df Go: Split summaryThroughStep into two predicates 
Cf. https://github.com/github/codeql/pull/9195
 2022-11-17 14:27:04 +00:00
Owen Mansel-Chan
1ee5d3e80e Move ParameterPosition etc to DataflowDispatch.qll 2022-11-17 14:27:04 +00:00
Owen Mansel-Chan
e5829201e1 Go: Implement ContentSet 2022-11-17 14:27:03 +00:00
Owen Mansel-Chan
282699e5b5 Go: Refactor SummarizedCallable. 
Equivalent of https://github.com/github/codeql/pull/9210
 2022-11-17 14:27:03 +00:00
Owen Mansel-Chan
c768f04e32 Go: Introduce generated flag as a part of the kind column for flow summaries 
Equivalent of https://github.com/github/codeql/pull/8628
 2022-11-17 14:27:03 +00:00
Owen Mansel-Chan
dae60c9deb Update data flow libraries to 55e052af26 2022-11-17 14:27:02 +00:00
github-actions[bot]
fca754bddd Post-release preparation for codeql-cli-2.11.3 2022-11-05 14:30:48 +00:00
github-actions[bot]
508327235a Release preparation for version 2.11.3 2022-11-04 20:16:23 +00:00
Chris Smowton
b6e4f472d1 Remove unnecessary import 2022-10-29 11:40:57 +01:00
Chris Smowton
0c6c135967 Go: exclude protobuf read steps from cleartext-logging query 
This query already treats structs differently to usual: it includes field -> whole struct taint steps, but explicitly excludes struct -> field steps. This means that a logging framework sinking an entire struct with a tainted field yields an alert, but we don't get FPs caused by writing field `x` but then reading field `y`.

However, protobuf messages have a special treatment, with taint usually associated with the whole struct and getter methods propagating that taint out. Suppressing these getter method steps specifically for the cleartext-logging query mirrors its treatment of structs in general and avoids this sort of field-mismatch FP.

On the downside we will miss same-field propagation like `m.field = password; Log(m.GetField())` if we don't have source code for the implementation of `m`. However this is hopefully unusual since the typical use of protobufs is to serialize and deserialize, rather than using the struct as a general-purpose datastructure.
 2022-10-29 11:40:57 +01:00
github-actions[bot]
be7693283b Post-release preparation for codeql-cli-2.11.2 2022-10-21 08:07:17 +00:00
github-actions[bot]
9a0848bbc4 Release preparation for version 2.11.2 2022-10-20 11:05:19 +00:00
Dave Bartolomeo
5ee7986649 Merge pull request #10736 from github/post-release-prep/codeql-cli-2.11.1 
Post-release preparation for codeql-cli-2.11.1
 2022-10-07 14:23:31 -04:00