hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
79,000 Commits 1,671 Branches 157 Tags
codeql-cli-2.21.3
Commit Graph

659 Commits

Author SHA1 Message Date
Dave Bartolomeo
613ccaac1d Add change note to all v1.0.0 packs 2024-05-23 13:01:22 -04:00
Owen Mansel-Chan
7e5891b443 Remove unnecessary additional flow step 
TaintTracking already adds taint steps for field reads
 2024-05-23 11:08:29 +01:00
Dave Bartolomeo
ffe4c8c87b Update all pack versions to 1.0.0 2024-05-22 13:39:08 -04:00
Erik Krogh Kristensen
bfc95c6f13 Merge pull request #16510 from erik-krogh/go-command 
Go: Update the QHelp for `go/command-injection`.
 2024-05-17 17:45:10 +02:00
erik-krogh
384649b336 changes based on review, and improve the new command-injection test 2024-05-17 08:38:54 +02:00
erik-krogh
08c0d8ec60 autoformat go files 2024-05-16 19:59:40 +02:00
erik-krogh
9aeebc6f39 update the QHelp to add a "--" example 2024-05-16 19:49:22 +02:00
Owen Mansel-Chan
410543f26b Add change note 2024-05-16 10:10:22 +01:00
erik-krogh
761f9cac97 make a new go/command-injection qhelp 2024-05-16 08:54:55 +02:00
erik-krogh
e2a4c2aa1b move the code samples for the Go command-injection queries to an examples/ folder 2024-05-16 08:54:54 +02:00
github-actions[bot]
32e8b5c667 Post-release preparation for codeql-cli-2.17.3 2024-05-14 21:14:08 +00:00
github-actions[bot]
100166fa53 Release preparation for version 2.17.3 2024-05-14 19:23:18 +00:00
Erik Krogh Kristensen
462e564c19 apply suggestion from code review 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2024-05-10 18:59:55 +02:00
erik-krogh
811c175556 add example for domain names with sub-domains to missing-regexp-anchor 2024-05-08 20:50:43 +02:00
github-actions[bot]
99928b82ed Post-release preparation for codeql-cli-2.17.2 2024-04-30 12:15:35 +00:00
github-actions[bot]
5228d94d42 Release preparation for version 2.17.2 2024-04-30 10:25:51 +00:00
Owen Mansel-Chan
c61177cf42 Add change note 2024-04-24 14:21:59 +01:00
Owen Mansel-Chan
fd306ed79b Exclude constant names from sources to avoid duplicate results 2024-04-24 14:19:30 +01:00
Owen Mansel-Chan
8962307291 Add second good go file to tests 2024-04-24 14:19:29 +01:00
Owen Mansel-Chan
0000c72329 Remove attempt at avoiding duplicate alerts 2024-04-24 14:19:26 +01:00
Owen Mansel-Chan
3ef7a0932a Add flow through string concatenation 2024-04-24 14:19:25 +01:00
Owen Mansel-Chan
f828f8ea65 Merge pull request #16250 from owen-mc/go/rename-untrusted-flow-source 
Go: Rename `UntrustedFlowSource` to `RemoteFlowSource` to match other language libraries
 2024-04-24 11:37:00 +01:00
Owen Mansel-Chan
b6f6bdc6f4 Make RemoteFlowAsSource private 
`UntrustedFlowAsSource` should have been private. Since we are deprecating them anyway
we may as well make the replacement private (and make it use `instanceof`). The deprecation
comments have been updated.
 2024-04-18 12:31:38 +01:00
Owen Mansel-Chan
a49b43fdf6 Add deprecated version of renamed public classes 2024-04-18 11:49:54 +01:00
Owen Mansel-Chan
db06c08141 Rename UntrustedSource to RemoteSource 
Including renaming some files (in the experimental folder).
 2024-04-18 11:49:30 +01:00
Owen Mansel-Chan
f39301f533 Fix "an remote" and similar 
Preserve case, allow for "a `Remote" etc.
 2024-04-18 11:49:18 +01:00
Owen Mansel-Chan
a6646021d0 Rename Untrusted Flow to Remote Flow 
Not matching case but preserving original case.
 2024-04-18 11:49:05 +01:00
Owen Mansel-Chan
d967b2baa3 Rename UntrustedFlowAsSource to RemoteFlowAsSource 2024-04-18 11:48:04 +01:00
Owen Mansel-Chan
81eaa6e327 Rename UntrustedFlowSource to RemoteFlowSource 
Relaxed whole word requirement. Again skipped one instance in an old
change note.
 2024-04-17 21:35:50 +01:00
Owen Mansel-Chan
5fba9895c6 Rename UntrustedFlowSource to RemoteFlowSource 
Only the whole word. Skipped one instance in an old change note.
 2024-04-17 21:27:32 +01:00
Owen Mansel-Chan
212a0f27ff Add change note 2024-04-17 16:32:53 +01:00
github-actions[bot]
622e176a16 Post-release preparation for codeql-cli-2.17.1 2024-04-16 14:21:32 +00:00
github-actions[bot]
9bfe4ea90a Release preparation for version 2.17.1 2024-04-15 17:34:47 +00:00
github-actions[bot]
8e61c6625b Post-release preparation for codeql-cli-2.17.0 2024-04-01 15:27:42 +00:00
github-actions[bot]
ec97d9a304 Release preparation for version 2.17.0 2024-04-01 13:46:57 +00:00
Max Schaefer
5b07e14fb3 Merge pull request #16055 from github/max-schaefer/go-open-redirect-qhelp 
Go: Improve QHelp for `go/unvalidated-url-redirection`.
 2024-03-27 13:56:48 +00:00
Henry Mercer
0646744928 Merge branch 'main' into henrymercer/merge-back-rc-3.13 2024-03-26 12:59:12 +00:00
Max Schaefer
d7258f76d3 Go: Improve QHelp for go/unvalidated-url-redirection. 
The example showed a different (and better) fix from what the help claimed, but the suggestion also had a subtle bug that I fixed at the same time.
 2024-03-26 10:57:36 +00:00
Max Schaefer
ff23f572d0 Merge pull request #16038 from github/max-schaefer/string-break-qhelp 
Go: Improve QHelp for `go/unsafe-quoting`.
 2024-03-25 20:10:02 +00:00
Max Schaefer
5bc710b406 Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2024-03-25 19:48:56 +00:00
github-actions[bot]
f67b5f9158 Post-release preparation for codeql-cli-2.16.6 2024-03-25 18:17:15 +00:00
github-actions[bot]
71ab804274 Release preparation for version 2.16.6 2024-03-25 16:58:08 +00:00
Max Schaefer
120fb93c23 Go: Improve QHelp for go/unsafe-quoting. 2024-03-25 13:32:51 +00:00
Max Schaefer
ffbe3e6ed4 Merge pull request #16020 from github/max-schaefer/go-path-injection-qhelp 
Go: Update query help for `go/path-injection` to include example fixes.
 2024-03-25 10:25:36 +00:00
Max Schaefer
034ed17227 Apply suggestions from code review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2024-03-22 15:24:29 +00:00
Max Schaefer
bc9396e0e6 Address suggestions from review. 2024-03-22 13:19:36 +00:00
Max Schaefer
4e4cd52f63 Go: Update query help for go/path-injection to include example fixes. 2024-03-22 11:45:59 +00:00
Arthur Baars
c219b1a3c7 Merge pull request #16013 from github/rc/3.13 
Merge rc/3.13 into main
 2024-03-21 16:04:58 +01:00
Henry Mercer
4e3a6e2140 Merge pull request #15874 from github/henrymercer/mark-loc-as-telemetry 
Show lines of code data in debug mode only
 2024-03-21 12:20:09 +00:00
Henry Mercer
a76832f4e0 Mark LOC queries as debug instead 2024-03-20 21:18:55 +00:00