hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
79,000 Commits 1,671 Branches 157 Tags
codeql-cli-2.21.3
Commit Graph

3063 Commits

Author SHA1 Message Date
github-actions[bot]
aebe9f6992 Post-release preparation for codeql-cli-2.16.5 2024-03-18 12:16:26 +00:00
github-actions[bot]
0a6243d07b Release preparation for version 2.16.5 2024-03-18 10:14:07 +00:00
Max Schaefer
d3e0a90ae5 Go: Mention raw string iterals in QHelp for go/incomplete-hostname-regexp. 2024-03-15 11:22:40 +00:00
Tony Torralba
20691e409c Add change note 2024-03-14 11:56:43 +01:00
Tony Torralba
87b2dcc892 Adjust test expectations 2024-03-14 10:25:04 +01:00
Tony Torralba
d8c0ab8e1f Go: Consider more strings as hardcoded credentials 2024-03-14 10:11:39 +01:00
Tom Hvitved
e4a4c18166 Go: Implement new data flow interface 2024-03-13 14:41:57 +01:00
Tom Hvitved
dddba3228b Merge pull request #15867 from hvitved/dataflow/ap-limit 
Data flow: Add `ConfigSig::accessPathLimit`
 2024-03-12 14:57:51 +01:00
Owen Mansel-Chan
33c17313b4 Add test for not extracting values for intermediate string concatenations 2024-03-12 11:59:10 +00:00
Kevin Stubbings
5acc15bfff fix grammar 2024-03-11 20:13:08 -07:00
Kevin Stubbings
30fe4168e3 Removed filepath.base sanitizer 2024-03-11 15:08:10 -07:00
Kevin Stubbings
c4c0b22bc7 Formattinga and change notes 2024-03-11 14:54:30 -07:00
Kevin Stubbings
c9b49d3760 resolve feedback 2024-03-11 14:54:28 -07:00
Kevin Stubbings
530c76ca8b Add New Sanitizers and Modify Old Ones 2024-03-11 14:53:29 -07:00
Henry Mercer
c325ff8a23 Mark lines of code queries as telemetry queries 
The new file coverage metrics are available in all supported GHES
versions. This PR tags lines of code queries as telemetry queries. Lines
of code information will still be available in the SARIF file, but it
will no longer be displayed in the logging output of the CLI.

The one exception is the metric queries for Java/Kotlin that provides
separate lines of code information for Java and Kotlin. I've kept these
since separate file coverage information for languages like Java and
Kotlin is only available for GHES 3.12 and later.
 2024-03-11 16:40:31 +00:00
Tony Torralba
04436208ab Merge pull request #15843 from atorralba/atorralba/go/uncontrolled-allocation-size 
Go: Promote `go/uncontrolled-allocation-size` from experimental
 2024-03-11 16:12:27 +01:00
Tony Torralba
ff2d78d2c8 Update go/ql/src/Security/CWE-770/UncontrolledAllocationSize.ql 2024-03-11 15:53:40 +01:00
Tom Hvitved
da66281fef Sync files 2024-03-11 13:02:04 +01:00
Owen Mansel-Chan
da8cc13506 go extractor: avoid long string concatenations 
When we see "a" + "b" + "c" + "d", do not add a
row to the constvalues table for the intermiediate
strings "ab" and "abc". We still have entries for
the string literals ("a", "b", "c", and "d") and
the whole string concatenation ("abcd").
 2024-03-11 10:53:26 +00:00
Tony Torralba
a09eb9f4c5 Update go/ql/src/Security/CWE-770/UncontrolledAllocationSize.ql 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2024-03-11 08:58:59 +01:00
Owen Mansel-Chan
820c14577a Merge pull request #13553 from am0o0/amammad-go-bombs 
Go: Decompression Bombs
 2024-03-10 13:48:04 +00:00
am0o0
43df6a2c07 add comments for already implemented io.Read and io.WriteTo Sinks. 
remove some sinks about `"decompressor"` which was added wrongly.
change `GeneralReadIoSink` type from module to class.
separate `KlauspostGzipAndPgzip` `KlauspostPgzip` and `KlauspostGzip`.
 2024-03-08 20:05:46 +04:00
am0o0
66130d208e convert abstract predicate isAdditionalFlowStep to non-abstract 2024-03-08 19:30:41 +04:00
Tony Torralba
138ce42cf6 Fix qhelp 2024-03-07 15:22:46 +01:00
Tony Torralba
7d74125508 Go: Promote go/uncontrolled-allocation-size 2024-03-07 15:17:49 +01:00
github-actions[bot]
dc9092c9ec Post-release preparation for codeql-cli-2.16.4 2024-03-06 22:19:33 +00:00
github-actions[bot]
2f058ffb4d Release preparation for version 2.16.4 2024-03-06 20:56:51 +00:00
Angela P Wen
ce31f8641a Revert "Release preparation for version 2.16.4" 2024-03-06 12:07:33 -08:00
Owen Mansel-Chan
4e5a6d770a Merge branch 'main' into workflow/coverage/update 2024-03-06 13:43:05 +00:00
Owen Mansel-Chan
f1115af146 Merge pull request #15130 from Malayke/main 
Go: new query for detect DOS vulnerability
 2024-03-06 11:32:57 +00:00
Tony Torralba
f4c2e65614 Merge pull request #15812 from atorralba/atorralba/go/squirrel-sinks 
Go: Add SQLi sinks for Squirrel
 2024-03-06 12:09:19 +01:00
Malayke
02bab4c15a Update go/ql/src/experimental/CWE-770/DenialOfService.ql 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2024-03-06 17:57:20 +08:00
github-actions[bot]
b71074f9c4 Add changed framework coverage reports 2024-03-06 00:16:26 +00:00
github-actions[bot]
661e68dab5 Release preparation for version 2.16.4 2024-03-05 18:13:58 +00:00
Angela P Wen
967963a653 Revert "Release preparation for version 2.16.4" 2024-03-05 08:53:33 -08:00
Tony Torralba
e78e71c875 List Squirrel builders explicitly 2024-03-05 16:05:22 +01:00
Michael B. Gale
40ff75db07 Go: Update list of expected files for single-go-mod-and-go-files-not-under-it test 2024-03-05 14:56:51 +00:00
Tony Torralba
a264ea23c6 Go: Add SQLi sinks for Squirrel 2024-03-05 15:35:34 +01:00
Michael B. Gale
a8d240dd72 Go: Add integration test for mixed layout project 2024-03-05 14:08:16 +00:00
Michael B. Gale
ac394dc80c Go: Better check for path prefixes 2024-03-05 13:46:33 +00:00
Owen Mansel-Chan
8e43c5c683 Merge pull request #15811 from owen-mc/go/limit-password-heuristics 
Go: Only check strings of length <= 100 for dummy password with <= 2 unique characters
 2024-03-05 13:42:26 +00:00
Michael B. Gale
b1e0bc03ab Go: Fix check for whether it is safe to initialise a go.mod file in a given directory 2024-03-05 12:48:21 +00:00
Michael B. Gale
367ecf75d5 Go: Use import path for auto-generated Go module names 2024-03-05 12:48:21 +00:00
Michael B. Gale
2aa093c95c Go: Move getImportPath to shared util package 2024-03-05 12:48:19 +00:00
Owen Mansel-Chan
4dde1fb117 Only check strings of length <= 100 for dummy password with <= 2 unique characters 2024-03-05 11:45:17 +00:00
Tony Torralba
a78e04eb34 Merge pull request #15795 from atorralba/atorralba/go/macaron-sources 
Go: Add Macaron sources
 2024-03-05 09:08:58 +01:00
github-actions[bot]
a67218a027 Release preparation for version 2.16.4 2024-03-04 17:42:08 +00:00
Tony Torralba
7286f56718 Change tests to inline expectations 2024-03-04 17:29:12 +01:00
Owen Mansel-Chan
dcc2b2c50d Merge pull request #15057 from aydinnyunus/main 
Web Cache Deception Vulnerability on Go Frameworks
 2024-03-04 14:36:39 +00:00
Owen Mansel-Chan
c0974934bc Fix test expectations again 2024-03-04 14:05:04 +00:00