hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
76,612 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.7
Commit Graph

2968 Commits

Author SHA1 Message Date
Chuan-kai Lin
b41835a7d9 Revert "Release preparation for version 2.17.4" 2024-05-30 09:25:15 -07:00
Cornelius Riemenschneider
dcd44859f5 Go: Move to new packaging rules. 2024-05-30 14:25:17 +02:00
Owen Mansel-Chan
1d9a98614a Fix bug in ResponseWriter for variadic MaD 
`getSummaryInputOrOutputNode` was giving the summary component stack for
arguments corresponding to variadic parameters. This will be a problem
when the models for variadic functions are converted to models-as-data.
 2024-05-29 21:15:49 +01:00
Owen Mansel-Chan
7ff1eabfc3 Add tests (mostly failing) for writes to global variables 
This was based on the equivalent for java:
https://github.com/github/codeql/pull/16500
 2024-05-29 16:07:16 +01:00
Anders Schack-Mulligen
2f95851537 Merge pull request #16603 from aschackmull/dataflow/location 
Dataflow/Go: Add getLocation to DataFlowCall and DataFlowCallable for easier debugging.
 2024-05-29 08:58:22 +02:00
github-actions[bot]
906b65d09c Post-release preparation for codeql-cli-2.17.4 2024-05-28 18:02:25 +00:00
github-actions[bot]
33b4ae8bbb Release preparation for version 2.17.4 2024-05-28 15:44:32 +00:00
Anders Schack-Mulligen
3b12f69dd9 Dataflow/Go: Add getLocation to calls and callables for easier debugging. 2024-05-28 13:47:08 +02:00
Anders Schack-Mulligen
1432519cc2 Dataflow: Add totalorder predicates to all languages. 2024-05-27 11:01:52 +02:00
Anders Schack-Mulligen
bc8ca1af86 Dataflow: Introduce NodeRegions for use in isUnreachableInCall. 2024-05-27 11:01:51 +02:00
Dave Bartolomeo
613ccaac1d Add change note to all v1.0.0 packs 2024-05-23 13:01:22 -04:00
Owen Mansel-Chan
b2deea4606 Avoid duplicate additional flow steps in configs 
`localTaintStep` includes a lot of steps which are already part of value
flow. Instead use `defaultAdditionalTaintStep`, which is just the extra
steps that are added for taint tracking.
 2024-05-23 11:13:35 +01:00
Owen Mansel-Chan
7e5891b443 Remove unnecessary additional flow step 
TaintTracking already adds taint steps for field reads
 2024-05-23 11:08:29 +01:00
Owen Mansel-Chan
cf997fddf6 Trivial: improve parameter names 
These names make more sense and match everywhere
else that this function signature is used.
 2024-05-23 11:04:09 +01:00
Dave Bartolomeo
ffe4c8c87b Update all pack versions to 1.0.0 2024-05-22 13:39:08 -04:00
Anders Schack-Mulligen
f931c8d836 Go: Accept qltest .expected file changes. 2024-05-22 15:39:47 +02:00
Anders Schack-Mulligen
8db9187698 Go: Accept qltest .expected file changes (interesting). 2024-05-22 15:38:01 +02:00
Rasmus Wriedt Larsen
2451a6d3f6 Accept .expected changes 2024-05-21 14:47:42 +02:00
Tom Hvitved
454687d583 Data flow: Synthesize parameter return nodes 2024-05-21 14:47:42 +02:00
Erik Krogh Kristensen
bfc95c6f13 Merge pull request #16510 from erik-krogh/go-command 
Go: Update the QHelp for `go/command-injection`.
 2024-05-17 17:45:10 +02:00
erik-krogh
384649b336 changes based on review, and improve the new command-injection test 2024-05-17 08:38:54 +02:00
erik-krogh
2848ccf0e2 fix frontend errors that Go complained about 2024-05-16 20:06:26 +02:00
erik-krogh
08c0d8ec60 autoformat go files 2024-05-16 19:59:40 +02:00
erik-krogh
9aeebc6f39 update the QHelp to add a "--" example 2024-05-16 19:49:22 +02:00
Owen Mansel-Chan
2dd42f7aa5 Merge pull request #16509 from owen-mc/go/fix-missing-underlying-types 
Go: make two barriers recognise named types whose underlying types are integer types
 2024-05-16 12:41:42 +01:00
Owen Mansel-Chan
8cc118f781 Add change note 2024-05-16 11:16:54 +01:00
Owen Mansel-Chan
b008f98782 Fix missing getUnderlyingType() calls 
In both cases we also care about named types whose underlying type is
an integer type.
 2024-05-16 11:10:15 +01:00
Owen Mansel-Chan
410543f26b Add change note 2024-05-16 10:10:22 +01:00
Owen Mansel-Chan
e71cf0ff1d Use value flow instead of taint flow 2024-05-16 10:10:18 +01:00
Owen Mansel-Chan
5dbb91f508 Merge pull request #16504 from owen-mc/go/allow-array-reads-from-named-types 
Go: allow read and store steps from named types
 2024-05-16 09:47:54 +01:00
erik-krogh
ea2b73bda2 add a sanitizer that checks that the string does not start with "--" 2024-05-16 09:25:19 +02:00
erik-krogh
b9a7f6a8f7 add regexp check as a sanitizer for command-injection 2024-05-16 08:55:03 +02:00
erik-krogh
761f9cac97 make a new go/command-injection qhelp 2024-05-16 08:54:55 +02:00
erik-krogh
e2a4c2aa1b move the code samples for the Go command-injection queries to an examples/ folder 2024-05-16 08:54:54 +02:00
Owen Mansel-Chan
6ffa821aa3 Add change note 2024-05-16 00:41:28 +01:00
Owen Mansel-Chan
21ff705b73 Fix bug with read/store steps and named types 2024-05-16 00:35:45 +01:00
Owen Mansel-Chan
1af3374322 Add tests for data flow through ranged for loops 
Including the case where the type of the domain is a named type rather
than an array type or map type or whatever.
 2024-05-16 00:32:30 +01:00
Michael B. Gale
81297aad8c Go: Use standard semver format in outputEnvironmentJson 2024-05-15 12:21:23 +01:00
Michael B. Gale
fabd7a9c51 Go: Better preserve original versions 2024-05-15 12:01:03 +01:00
Michael B. Gale
e0543d1d59 Go: Support all permutations of version prefixes and suffixes 2024-05-15 10:43:02 +01:00
Owen Mansel-Chan
253965096b Merge branch 'main' into workflow/coverage/update 2024-05-15 10:10:44 +01:00
Michael B. Gale
6652685f5a Go: Restore toolchain.IsInstalled check 2024-05-15 10:07:44 +01:00
Michael B. Gale
898383ccff Go: Fix comment in NewSemVer for empty string 2024-05-15 10:07:44 +01:00
Michael B. Gale
054efa648c Go: Move version constants to shared location 2024-05-15 10:03:35 +01:00
Michael B. Gale
9e618b6961 Go: Use SemVer type in autobuilder package 2024-05-15 10:03:35 +01:00
Michael B. Gale
a6d2aa3913 Go: Use SemVer type in project package 2024-05-15 10:03:32 +01:00
Michael B. Gale
010df54657 Go: Use SemVer type in toolchain package 2024-05-15 10:03:01 +01:00
Michael B. Gale
d171750678 Go: Add SemVer type to track valid semantic versions 2024-05-15 10:02:10 +01:00
Michael B. Gale
964b3f2339 Merge pull request #16480 from github/mbg/go/improve-script-fail-message 
Go: Improve log messages in `buildWithoutCustomCommands`
 2024-05-15 10:00:30 +01:00
Michael B. Gale
586e90043a Merge pull request #16462 from github/mbg/go/add-resolve-env-tests 
Go: Add tests for `resolve build-environment`
 2024-05-15 09:59:52 +01:00