hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,644 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.1
Commit Graph

240 Commits

Author SHA1 Message Date
Owen Mansel-Chan
2a45b28e5f Merge pull request #20064 from Kwstubbs/go-path-separator 
Update Go Path Injection Sanitizer and Sink
 2025-09-03 16:45:15 +01:00
Kevin Stubbings
b4b848a25c Fix tests and simplify sanitizer 2025-07-21 21:53:35 +00:00
Kevin Stubbings
f86152d3bd Add sanitizer changes and fix test 2025-07-16 21:27:33 +00:00
Kevin Stubbings
504ae0f35a Update go path sanitizers and sinks 2025-07-16 06:12:45 +00:00
Chris Smowton
c8eefb7c5c Golang: Mark filepath.IsLocal as a tainted-path sanitizer guard 2025-07-15 14:47:17 +01:00
Owen Mansel-Chan
990043ce86 Add net/http.Head and net/http.Client.Head as client requests 
They were previously deliberately excluded.
 2025-07-08 14:31:48 +01:00
Owen Mansel-Chan
d437a096f1 Test more client request URL sinks 2025-07-08 13:20:04 +01:00
Owen Mansel-Chan
0788a90d88 Convert RequestForgery test to inline expectations 2025-07-04 16:56:05 +01:00
Owen Mansel-Chan
d10b9e665c Fix linter warnings in Request Forgery tests 2025-07-04 16:55:09 +01:00
Nora Dimitrijević
cf92b0e91b Go: convert IncorrectIntegerConversion test to .qlref 2025-06-24 14:57:48 +02:00
Nora Dimitrijević
76a3306c63 Go: convert UncontrolledAllocationSize test to .qlref 2025-06-24 14:57:44 +02:00
Owen Mansel-Chan
ef5e605cc4 Merge pull request #19386 from owen-mc/go/promote/html-template-escaping-bypass-xss 
Go: promote `html-template-escaping-bypass-xss`
 2025-06-06 12:36:27 +01:00
Owen Mansel-Chan
d39e7c2066 Added named import to definitions test 
This makes the test slightly more thorough.
 2025-05-20 13:13:21 +01:00
Owen Mansel-Chan
e6c19b0cbd Modernize tests 2025-05-01 15:40:14 +01:00
Owen Mansel-Chan
cba0bec3c6 Rename files 2025-05-01 15:40:12 +01:00
Owen Mansel-Chan
cbdbb0310b Tidy up test (remove duplicated main) 2025-05-01 15:40:06 +01:00
Owen Mansel-Chan
4e5a865337 Manually fix copilot's mistakes and get query working 2025-05-01 15:40:04 +01:00
Owen Mansel-Chan
c2ebdf5266 Change query id to go/html-template-escaping-bypass-xss 2025-05-01 15:39:20 +01:00
Owen Mansel-Chan
1926ffd450 Convert XSS tests to use inline expectations 2025-05-01 15:39:19 +01:00
Owen Mansel-Chan
1530ac123c Update path in qlref and update test results 2025-05-01 15:39:17 +01:00
Owen Mansel-Chan
5bce70f78c Move files out of experimental (no changes) 2025-05-01 15:39:15 +01:00
Owen Mansel-Chan
b6053e3f91 Merge pull request #19076 from owen-mc/go/update-depstubber-files 
Go: update files generated by depstubber
 2025-04-09 11:44:20 +01:00
Owen Mansel-Chan
e44f7f946f Sort package paths in vendor/modules.txt 2025-03-21 09:45:50 +00:00
Owen Mansel-Chan
11ff0a08f3 Add log injection and cleartext logging tests for %T 2025-03-20 15:08:02 +00:00
Owen Mansel-Chan
646d28feeb Make cleartext logging tests more realistic 2025-03-20 15:08:00 +00:00
Owen Mansel-Chan
94c812cbe6 Convert cleartext logging tests to inline expectations 2025-03-20 15:07:59 +00:00
Owen Mansel-Chan
59d82b3b62 Make log injection tests more realistic 2025-03-20 15:07:57 +00:00
Owen Mansel-Chan
40768332d8 Remove empty imports from stubs 2025-03-20 12:32:12 +00:00
Owen Mansel-Chan
81e85010f9 List subpackages in vendor/modules.txt 
These were all generated by running depstubber.
 2025-03-20 12:30:57 +00:00
Owen Mansel-Chan
7b2912376b Add failing test for os.File.Sync with defered Close calls 2025-03-06 10:14:28 +00:00
Owen Mansel-Chan
63bfa36be8 Convert to inline expectations test 2025-03-05 21:39:04 +00:00
Owen Mansel-Chan
f322cb7968 Use getLocation instead of hasLocationInfo 2025-02-27 13:32:45 +00:00
Owen Mansel-Chan
baa4c509ca Use location of control flow root for EntryNode 2025-02-26 12:16:38 +00:00
Owen Mansel-Chan
347e5ed029 Update model in test expectation 2025-02-14 10:49:51 +00:00
Owen Mansel-Chan
250cbb6b05 Change location of postprocess queries 2025-02-14 10:26:55 +00:00
Kevin Stubbings
74f16ee866 Merge branch 'main' into path-sanitizers 2025-02-14 01:11:39 -08:00
Owen Mansel-Chan
b8297924eb Revert some test expectations changes 2025-02-11 22:04:10 +00:00
Michael B. Gale
e93c4228ea Go: Update test expectations for Go 1.24 2025-02-11 22:04:07 +00:00
Owen Mansel-Chan
0f8f5d2793 Merge branch 'main' into post-release-prep/codeql-cli-2.20.1 2025-01-08 16:28:23 +00:00
Ed Minnix
bc68e4456a Fix test results 2025-01-08 10:22:00 -05:00
Dave Bartolomeo
1323b3f067 Revert "Merge pull request #18235 from owen-mc/go/varargs-out-param" 
This reverts commit 4f8645b4dd, reversing
changes made to 22aaf74184.
 2025-01-07 14:59:31 -05:00
Dave Bartolomeo
3dcf49cea0 Revert "Merge pull request #18275 from owen-mc/go/mad/variadic-params-sources" 
This reverts commit 7ab06fca2f, reversing
changes made to 0c5e260ae6.
 2025-01-07 14:55:06 -05:00
Ed Minnix
60cf1eccae Update test results 2025-01-07 06:41:39 -05:00
Ed Minnix
c02430607a Add post-processing to StoredXss.qlref test 2025-01-03 13:26:29 -05:00
Michael Nebel
aaf0cd5dee Merge pull request #17968 from michaelnebel/java/movetestutils 
Move test utilities to the query pack.
 2024-12-16 13:41:30 +01:00
Owen Mansel-Chan
3a3e053f12 Only add taint steps for implicit varargs slice post-update nodes 2024-12-13 13:17:44 +00:00
Michael Nebel
96fe1449f8 Go: Update all test util paths to point to the new location. 2024-12-12 13:54:21 +01:00
Owen Mansel-Chan
3f7c37e1ed Treat container flow as taint flow in global taint flow 2024-12-12 11:41:32 +00:00
Owen Mansel-Chan
7e5e634bc7 Update .expected files (no new results) 2024-12-06 15:41:28 +00:00
Jeroen Ketema
99cbeb7eb6 Go: Update expected test results 2024-12-03 19:18:50 +01:00