hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
81,514 Commits 1,671 Branches 157 Tags
codeql-cli-2.22.3
Commit Graph

3181 Commits

Author SHA1 Message Date
github-actions[bot]
432c21d4fb Post-release preparation for codeql-cli-2.14.2 2023-08-09 18:45:18 +00:00
Michael B. Gale
9da749ad77 Bump Go extractor dependencies 2023-08-08 22:23:47 +01:00
github-actions[bot]
79c90fa36a Release preparation for version 2.14.2 2023-08-07 18:08:52 +00:00
Jeroen Ketema
8b6a7985db Refactor the traint-tracking library to follow the dataflow library refactoring 2023-08-07 15:23:15 +02:00
Jeroen Ketema
5d2984b7a5 Merge branch 'main' into shared-taint-tracking 2023-08-07 15:22:29 +02:00
Tom Hvitved
56e19411d0 Go: Adjust to data flow refactor 2023-08-07 11:35:22 +02:00
amammad
f79bd2a071 added remote flow sources related to multipart upload, added flag package command line source 2023-08-06 06:49:35 +10:00
Jeroen Ketema
747cd1745a Update all languages to use the shared taint-tracking library 2023-08-04 22:53:25 +02:00
Mathias Vorreiter Pedersen
abe3a816ce Merge pull request #13851 from MathiasVP/sink-without-states 
DataFlow: Support stateless `isSink` in `StateConfigSig`s
 2023-08-04 18:01:42 +02:00
Chris Smowton
8702efda1e Merge pull request #13835 from github/smowton/fix/logrus-with-context 
Don't treat logrus' WithContext method as a logging function
 2023-08-03 09:57:30 +01:00
Kevin Stubbings
8960453662 Add sanitizer to remove http.Error sink 2023-08-02 16:56:14 -07:00
Owen Mansel-Chan
ff5409fec7 Merge pull request #13785 from owen-mc/go/change-golangSpecificParamArgFilter 
Go: Avoid using getTarget() as it may not exist
 2023-08-02 15:40:40 +01:00
Mathias Vorreiter Pedersen
3007fdab5e Sync identical files. 2023-08-02 14:33:33 +02:00
Anders Schack-Mulligen
7bc8bf616f Merge pull request #13863 from aschackmull/dataflow/pack4 
Dataflow: Move the shared library to a properly shared qlpack.
 2023-08-02 14:19:49 +02:00
Anders Schack-Mulligen
21eb78ea5e Go: Adjust to use the qlpack data-flow api. 2023-08-01 14:02:33 +02:00
Owen Mansel-Chan
dbc6868bc1 Update go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2023-08-01 12:23:49 +01:00
Owen Mansel-Chan
5a5e921ee7 Merge pull request #13846 from owen-mc/go/better-baselines 
Go: Add language-specific baseline configuration
 2023-08-01 07:14:43 +01:00
Owen Mansel-Chan
d98079d72c Apply suggestions from code review 
Co-authored-by: Henry Mercer <henry.mercer@me.com>
 2023-07-31 16:49:11 +01:00
Owen Mansel-Chan
3d495bdd43 Add new files to CODEQL_TOOLS in Makefile 2023-07-31 16:12:52 +01:00
Owen Mansel-Chan
47a536c85d Always output valid JSON containing paths-ignore 2023-07-31 16:09:47 +01:00
amammad
7ce825c5ea convert to module based dataflow 2023-07-31 22:43:45 +10:00
amammad
ab7e797fff it seems that I must use both isSink and isSource with flow states! 2023-07-31 20:00:59 +10:00
amammad
26f1091d5f fix a mistake :( 2023-07-31 19:48:21 +10:00
amammad
56d0254d2b fix ReadAll argumrnt number 2023-07-31 19:37:28 +10:00
amammad
4ee54738fa fix a mistake :( 2023-07-31 19:36:21 +10:00
amammad
260c111932 put comment about detecting https://github.com/advisories/GHSA-jpxj-2jvg-6jv9 2023-07-31 19:32:22 +10:00
amammad
1b598c8683 v1.2 make better sinks 2023-07-31 19:26:18 +10:00
Porcupiney Hairs
74e5c15eaa Go : Improvements to Timing Attacks query 2023-07-31 06:30:47 +05:30
Owen Mansel-Chan
b5518047fa Go: Add language-specific baseline configuration 2023-07-30 21:52:33 +01:00
amammad
f1918fb4e0 v1.1 2023-07-31 05:11:09 +10:00
Owen Mansel-Chan
0895853a23 Delete unused testing predicate 2023-07-28 17:09:53 +01:00
Owen Mansel-Chan
00d5cb737c Different approach to avoiding getTarget() 2023-07-28 17:00:36 +01:00
Owen Mansel-Chan
d2b8d836e9 Avoid using getTarget() as it may not exist 
Try to also deal with the case that we are calling a function
through a variable that it has been assigned to.
 2023-07-28 17:00:34 +01:00
Chris Smowton
f08879a2df Format; add change note 2023-07-28 14:16:30 +01:00
Chris Smowton
6fa2d2764d Don't treat logrus' WithContext method as a logging function 
This isn't output by the default formatters (though a custom formatter could potentially output things stored in it)
 2023-07-28 14:11:03 +01:00
Owen Mansel-Chan
e0cc337c71 Fix DataFlow::MergePathGraph3 
Need to get the signatures correct.
 2023-07-26 21:48:08 +01:00
Owen Mansel-Chan
f40bcd0cdd Merge pull request #13824 from owen-mc/go/fix-compiler-error-messages-for-1.20.6 
Go: Compiler error messages changed in Go 1.20.6
 2023-07-26 21:46:54 +01:00
Owen Mansel-Chan
778de6b5d2 Compiler error messages changed in Go 1.20.6 2023-07-26 16:55:26 +01:00
github-actions[bot]
f91b7a9342 Post-release preparation for codeql-cli-2.14.1 2023-07-21 16:16:25 +00:00
github-actions[bot]
c936a920b0 Release preparation for version 2.14.1 2023-07-20 16:32:27 +00:00
Chris Smowton
8e63bd6c78 Correct Golang change note format 2023-07-20 16:40:18 +01:00
Owen Mansel-Chan
374f13e0dc Revert "Go: Fix missing flow through receiver for function variable" 2023-07-20 13:31:14 +01:00
Owen Mansel-Chan
5b0d4ce7cb Merge pull request #13644 from porcupineyhairs/dsnImprove 
Go : Improvements to DSN Injection query
 2023-07-19 16:10:34 +01:00
Owen Mansel-Chan
0a0e9bb25b Merge pull request #13767 from owen-mc/go/missing-flow-through-receiver 
Go: Fix missing flow through receiver for function variable
 2023-07-19 13:52:25 +01:00
Anders Schack-Mulligen
a9c76d4175 Merge pull request #13717 from aschackmull/dataflow/neverskipadditionalsteps 
Dataflow: Add support for not skipping configuration-specific nodes in big-step
 2023-07-19 14:06:54 +02:00
Owen Mansel-Chan
b9027a0806 Avoid using getTarget() as it may not exist 2023-07-19 12:48:34 +01:00
Owen Mansel-Chan
a1fdc6f438 Merge pull request #13599 from pwntester/ruby/gopg_improvements 
Go: Improve go-pg support
 2023-07-19 12:40:39 +01:00
Owen Mansel-Chan
9b3ff82279 Address review comments 2023-07-19 11:18:20 +01:00
Owen Mansel-Chan
a3ba74a6a6 Cast to MethodCallNode before calling getReceiver() 
This is not required, because getReceiver is still defined on CallNode,
but is done for consistency.
 2023-07-19 11:17:38 +01:00
Anders Schack-Mulligen
e72a0b2f8c Dataflow: Add change notes. 2023-07-19 11:41:15 +02:00