hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
79,688 Commits 1,671 Branches 157 Tags
codeql-cli-2.22.0
Commit Graph

3121 Commits

Author SHA1 Message Date
Jeroen Ketema
9d573e5544 Consolidate all InlineFlowTest libraries in the dataflow qlpack 2023-08-24 21:38:46 +02:00
Michael Nebel
ce6fd8ac5f Merge pull request #13432 from michaelnebel/updateissupported 
Java/C#: Update telemetry queries to report callables with sink/source neutrals as being supported.
 2023-08-22 08:39:38 +02:00
Jeroen Ketema
2d0f73d7c2 Merge pull request #13881 from jketema/shared-taint-tracking 
Introduce shared taint tracking library
 2023-08-21 12:45:49 +02:00
Michael Nebel
106ba11e10 Address review comments. 2023-08-21 09:59:02 +02:00
Michael Nebel
d66fe08661 Add QLDoc for the getKind predicate. 2023-08-21 09:59:02 +02:00
Michael Nebel
25cc561e50 Go: Sync files and make manual adjustments. 2023-08-21 09:59:01 +02:00
github-actions[bot]
098dfb4242 Release preparation for version 2.14.3 2023-08-18 14:48:15 +00:00
Michael B. Gale
a1c9deea61 Merge pull request #13867 from github/mbg/go/1.21-support 
Go: Basic Go 1.21 support
 2023-08-18 14:37:11 +01:00
Michael B. Gale
9082fd218e Add taint flow tests for clear 2023-08-17 18:39:32 +01:00
Michael B. Gale
109b96f038 Add comment explaining TaintStep test 2023-08-17 17:50:41 +01:00
Michael B. Gale
e65269be69 Add DefaultTaintSanitizer for clear 2023-08-17 17:49:46 +01:00
Jeroen Ketema
33e8310625 Merge branch 'main' into shared-taint-tracking 2023-08-17 00:14:25 +02:00
Michael B. Gale
1bd536dd9e Rename getLocation to hasLocation 2023-08-16 11:21:35 +01:00
Michael B. Gale
c981fd714e Exclude String from TaintSteps 
For `os.dirEntry` and `os.unixDirent` which are only available
on unix and Windows respectively.
 2023-08-15 20:32:41 +01:00
Michael B. Gale
ee58dbc6f7 Add new built-ins to builtinFunction predicate 
- `clear` isn't pure because it modifies a data structure in place
- `clear` may not be used correctly, but this is determined statically
 2023-08-15 20:16:42 +01:00
Chris Smowton
3bcfbcdf68 Don't warn when Go version exactly matches go.mod 
We had only previously tested this with e.g. installed go 1.20.5 >= go.mod request `go 1.20`; now we have go 1.21.0 which shouldn't elicit a warning because 1.21.0 is equal to the go.mod request `go 1.21`.
 2023-08-15 16:49:42 +01:00
Henry Mercer
1213eba630 Merge branch 'main' into post-release-prep/codeql-cli-2.14.2 2023-08-11 13:54:55 +01:00
Michael B. Gale
513da82510 Model data flow for min and max 2023-08-11 11:51:07 +01:00
Michael B. Gale
d189a15737 Exclude poly1305.mac.Write from TaintSteps 
Not available on arm64
 2023-08-11 11:33:52 +01:00
Michael B. Gale
a623733dfa Add location info to TaintSteps query 2023-08-11 11:10:39 +01:00
Michael B. Gale
ee0bfff9f4 Update expected test output for TaintStep 2023-08-11 10:57:11 +01:00
Michael B. Gale
bb56536bfa Update expected test output for LocalTaintStep 2023-08-11 10:57:10 +01:00
Michael B. Gale
14731e8fa3 Bump supported Go version to 1.21 2023-08-11 10:57:10 +01:00
Michael B. Gale
238049a870 Add Go 1.21 builtins 2023-08-11 10:57:10 +01:00
Michael B. Gale
4df4a0f51f Update expected test output for TypeParamType 2023-08-11 10:55:00 +01:00
Michael B. Gale
48c35ce5e9 Use Go 1.21 for extractor 2023-08-11 10:55:00 +01:00
Michael B. Gale
13d4bd9c0a Make CompareIdenticalValues test work on arm64 2023-08-11 10:51:52 +01:00
Owen Mansel-Chan
35a300f894 Apply suggestions from code review 
Co-authored-by: Michael B. Gale <mbg@github.com>
 2023-08-11 10:06:14 +01:00
Owen Mansel-Chan
b7dfa2347c Put QLDoc on data flow and taint tracking modules 
We preserve all old QLDocs, but move them from the
config to the Flow module. This makes more sense than
the Config module, which is often private, and is generally
not directly accessed.
 2023-08-11 10:06:12 +01:00
Owen Mansel-Chan
08e1e8a120 Improve inaccurate deprecation comments 2023-08-10 15:50:08 +01:00
Owen Mansel-Chan
94c15f712a Remove unnecessary fieldFlowBranchLimit 2023-08-10 15:50:06 +01:00
Owen Mansel-Chan
0928fa6e1f Give MyFlowstate a less generic name 2023-08-10 15:50:05 +01:00
Owen Mansel-Chan
36b1a0dc54 Update for recent changes to DsnInjection 2023-08-10 15:50:03 +01:00
Owen Mansel-Chan
2578ef4786 Remove output from running query like a test 2023-08-10 15:50:02 +01:00
Owen Mansel-Chan
089ea010d7 Improve QLDoc for Config::FlowState in StringBreak 2023-08-10 15:50:01 +01:00
Owen Mansel-Chan
e33d303b48 Do not make unnecessary changes 2023-08-10 15:49:59 +01:00
Owen Mansel-Chan
e6c8a0b653 Use more descriptive names for merged path graphs 2023-08-10 15:49:58 +01:00
Owen Mansel-Chan
6b4bf12316 Revert edit to deprecated class 2023-08-10 15:49:57 +01:00
Owen Mansel-Chan
046e517c3f Remove unnecessary import 2023-08-10 15:49:54 +01:00
Owen Mansel-Chan
81d4149a17 Note deprecation in QLDoc for LogInjection 2023-08-10 15:49:52 +01:00
Owen Mansel-Chan
b6b7e1589c Make taint tracking tests use new API 2023-08-10 15:49:51 +01:00
Owen Mansel-Chan
c11da5bf67 Make taint tracking tests use InlineFlowTest 2023-08-10 15:49:50 +01:00
Owen Mansel-Chan
663fb2cc06 Make taint tracking tests use config from InlineFlowTest 2023-08-10 15:49:48 +01:00
Owen Mansel-Chan
8db3e4a9b4 Make IncorrectIntegerConversion use new API 2023-08-10 15:49:47 +01:00
Owen Mansel-Chan
6c0c8d6963 Make BadRedirectCheck use new API 2023-08-10 15:49:45 +01:00
Owen Mansel-Chan
442dfc1833 Make InsecureTLS use new API 2023-08-10 15:49:44 +01:00
Owen Mansel-Chan
b00e44725c Make CorsMisconfiguration use new API 2023-08-10 15:49:43 +01:00
Owen Mansel-Chan
9b19cde8ab Make SensitiveConditionBypass use new API 2023-08-10 15:49:42 +01:00
Owen Mansel-Chan
2d3d21d074 Make StackTraceExposure use new API 2023-08-10 15:49:40 +01:00
Owen Mansel-Chan
d9844bd4d6 Make WrongUsageOfUnsafe use new API 2023-08-10 15:49:39 +01:00