hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
79,000 Commits 1,672 Branches 157 Tags
codeql-cli-2.21.3
Commit Graph

3063 Commits

Author SHA1 Message Date
Michael B. Gale
9082fd218e Add taint flow tests for clear 2023-08-17 18:39:32 +01:00
Michael B. Gale
109b96f038 Add comment explaining TaintStep test 2023-08-17 17:50:41 +01:00
Michael B. Gale
e65269be69 Add DefaultTaintSanitizer for clear 2023-08-17 17:49:46 +01:00
Jeroen Ketema
33e8310625 Merge branch 'main' into shared-taint-tracking 2023-08-17 00:14:25 +02:00
Michael B. Gale
1bd536dd9e Rename getLocation to hasLocation 2023-08-16 11:21:35 +01:00
Michael B. Gale
c981fd714e Exclude String from TaintSteps 
For `os.dirEntry` and `os.unixDirent` which are only available
on unix and Windows respectively.
 2023-08-15 20:32:41 +01:00
Michael B. Gale
ee58dbc6f7 Add new built-ins to builtinFunction predicate 
- `clear` isn't pure because it modifies a data structure in place
- `clear` may not be used correctly, but this is determined statically
 2023-08-15 20:16:42 +01:00
Chris Smowton
3bcfbcdf68 Don't warn when Go version exactly matches go.mod 
We had only previously tested this with e.g. installed go 1.20.5 >= go.mod request `go 1.20`; now we have go 1.21.0 which shouldn't elicit a warning because 1.21.0 is equal to the go.mod request `go 1.21`.
 2023-08-15 16:49:42 +01:00
Henry Mercer
1213eba630 Merge branch 'main' into post-release-prep/codeql-cli-2.14.2 2023-08-11 13:54:55 +01:00
Michael B. Gale
513da82510 Model data flow for min and max 2023-08-11 11:51:07 +01:00
Michael B. Gale
d189a15737 Exclude poly1305.mac.Write from TaintSteps 
Not available on arm64
 2023-08-11 11:33:52 +01:00
Michael B. Gale
a623733dfa Add location info to TaintSteps query 2023-08-11 11:10:39 +01:00
Michael B. Gale
ee0bfff9f4 Update expected test output for TaintStep 2023-08-11 10:57:11 +01:00
Michael B. Gale
bb56536bfa Update expected test output for LocalTaintStep 2023-08-11 10:57:10 +01:00
Michael B. Gale
14731e8fa3 Bump supported Go version to 1.21 2023-08-11 10:57:10 +01:00
Michael B. Gale
238049a870 Add Go 1.21 builtins 2023-08-11 10:57:10 +01:00
Michael B. Gale
4df4a0f51f Update expected test output for TypeParamType 2023-08-11 10:55:00 +01:00
Michael B. Gale
48c35ce5e9 Use Go 1.21 for extractor 2023-08-11 10:55:00 +01:00
Michael B. Gale
13d4bd9c0a Make CompareIdenticalValues test work on arm64 2023-08-11 10:51:52 +01:00
Owen Mansel-Chan
35a300f894 Apply suggestions from code review 
Co-authored-by: Michael B. Gale <mbg@github.com>
 2023-08-11 10:06:14 +01:00
Owen Mansel-Chan
b7dfa2347c Put QLDoc on data flow and taint tracking modules 
We preserve all old QLDocs, but move them from the
config to the Flow module. This makes more sense than
the Config module, which is often private, and is generally
not directly accessed.
 2023-08-11 10:06:12 +01:00
Owen Mansel-Chan
08e1e8a120 Improve inaccurate deprecation comments 2023-08-10 15:50:08 +01:00
Owen Mansel-Chan
94c15f712a Remove unnecessary fieldFlowBranchLimit 2023-08-10 15:50:06 +01:00
Owen Mansel-Chan
0928fa6e1f Give MyFlowstate a less generic name 2023-08-10 15:50:05 +01:00
Owen Mansel-Chan
36b1a0dc54 Update for recent changes to DsnInjection 2023-08-10 15:50:03 +01:00
Owen Mansel-Chan
2578ef4786 Remove output from running query like a test 2023-08-10 15:50:02 +01:00
Owen Mansel-Chan
089ea010d7 Improve QLDoc for Config::FlowState in StringBreak 2023-08-10 15:50:01 +01:00
Owen Mansel-Chan
e33d303b48 Do not make unnecessary changes 2023-08-10 15:49:59 +01:00
Owen Mansel-Chan
e6c8a0b653 Use more descriptive names for merged path graphs 2023-08-10 15:49:58 +01:00
Owen Mansel-Chan
6b4bf12316 Revert edit to deprecated class 2023-08-10 15:49:57 +01:00
Owen Mansel-Chan
046e517c3f Remove unnecessary import 2023-08-10 15:49:54 +01:00
Owen Mansel-Chan
81d4149a17 Note deprecation in QLDoc for LogInjection 2023-08-10 15:49:52 +01:00
Owen Mansel-Chan
b6b7e1589c Make taint tracking tests use new API 2023-08-10 15:49:51 +01:00
Owen Mansel-Chan
c11da5bf67 Make taint tracking tests use InlineFlowTest 2023-08-10 15:49:50 +01:00
Owen Mansel-Chan
663fb2cc06 Make taint tracking tests use config from InlineFlowTest 2023-08-10 15:49:48 +01:00
Owen Mansel-Chan
8db3e4a9b4 Make IncorrectIntegerConversion use new API 2023-08-10 15:49:47 +01:00
Owen Mansel-Chan
6c0c8d6963 Make BadRedirectCheck use new API 2023-08-10 15:49:45 +01:00
Owen Mansel-Chan
442dfc1833 Make InsecureTLS use new API 2023-08-10 15:49:44 +01:00
Owen Mansel-Chan
b00e44725c Make CorsMisconfiguration use new API 2023-08-10 15:49:43 +01:00
Owen Mansel-Chan
9b19cde8ab Make SensitiveConditionBypass use new API 2023-08-10 15:49:42 +01:00
Owen Mansel-Chan
2d3d21d074 Make StackTraceExposure use new API 2023-08-10 15:49:40 +01:00
Owen Mansel-Chan
d9844bd4d6 Make WrongUsageOfUnsafe use new API 2023-08-10 15:49:39 +01:00
Owen Mansel-Chan
00ea023fdb Make ConditionalBypass use new API 2023-08-10 15:49:37 +01:00
Owen Mansel-Chan
1b4fef9c21 Make HTMLTemplateEscapingPassthrough use new API 
Removed edges and nodes are mostly duplicates. They were only there
originally due to multiple configurations being in scope.
`DataFlow::PathNode` has union semantics for configurations. Nodes are
only generated if they are reachable from a source, but this includes
sources from other configurations.

No alerts are lost.
 2023-08-10 15:49:36 +01:00
Owen Mansel-Chan
ea1f39683d Make DivideByZero use new API 
The extra nodes in .expected files are due to the changes from
https://github.com/github/codeql/pull/13717, which are not applied to
configuration classes extending DataFlow::Configuration or
TaintTracking::Configuration.
 2023-08-10 15:49:35 +01:00
Owen Mansel-Chan
045936b1fd Make PamAuthBypass use new API 2023-08-10 15:49:33 +01:00
Owen Mansel-Chan
cfc4a6a6b7 Make Timing use new API 2023-08-10 15:49:32 +01:00
Owen Mansel-Chan
39762da5e0 Make DsnInjection use new API 2023-08-10 15:49:31 +01:00
Owen Mansel-Chan
a53da376d1 Make LDAPInjection use new API 2023-08-10 15:49:29 +01:00
Owen Mansel-Chan
f60ca76eb2 Make EmailInjection use new API 2023-08-10 15:49:28 +01:00