codeql

mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00

Author	SHA1	Message	Date
Yunus AYDIN	a47ffc6833	Remove unnecessary rules	2023-12-13 01:52:06 +03:00
Yunus AYDIN	bb2083d10a	Remove database directory and add WebCacheDeceptionLib.qll	2023-12-13 01:50:56 +03:00
Owen Mansel-Chan	5675df842e	Merge pull request #15054 from owen-mc/go/find-more-callees-for-captured-variables Go: Also follow jump steps when looking for a callee source	2023-12-12 15:49:15 +00:00
Mathew Payne	7a48152ea9	Add Go Stubs for LibXML2	2023-12-12 15:10:08 +00:00
Chad Bentz	2d33f86d41	Initial Push - Sample test (test not compiling) - Stubs not generating	2023-12-12 15:00:00 +00:00
Yunus AYDIN	bc81201c2e	Update expected file	2023-12-12 00:07:51 +03:00
Owen Mansel-Chan	0fb58caa8c	Update go/ql/lib/change-notes/2023-12-08-find-more-callees-for-captured-functions.md Co-authored-by: Chris Smowton <smowton@github.com>	2023-12-11 20:42:48 +00:00
Malayke	7121282b27	add new query for detect DOS	2023-12-11 23:05:04 +08:00
amammad	572777f11b	fix a bug in stubs	2023-12-10 22:18:49 +01:00
amammad	bfa0fb6d74	remove a duplicate test	2023-12-10 22:08:12 +01:00
amammad	cc5416406f	added more sinks related to io.Writer of BodyWriter	2023-12-10 22:06:27 +01:00
Yunus AYDIN	cf8f2a38c3	Update expected file	2023-12-11 00:03:50 +03:00
Yunus AYDIN	a6b092d8c1	Update rules ids	2023-12-10 22:26:05 +03:00
Yunus AYDIN	4d97c42ee5	Remove debugging select on go-chi.ql	2023-12-10 22:18:48 +03:00
Yunus AYDIN	501f617eaa	Update qhelp and and go-chi	2023-12-10 22:07:17 +03:00
Yunus AYDIN	34fb1c4a9f	Add go-chi middleware stub to vendor	2023-12-10 22:06:23 +03:00
Am	59195cccdd	Merge branch 'main' into amammad-go-bombs	2023-12-10 18:12:10 +01:00
amammad	bb5017121f	Merge branch 'main' into amammad-go-bombs	2023-12-10 18:11:49 +01:00
amammad	737f3e8899	fix stubs	2023-12-10 18:10:23 +01:00
amammad	b6aaff2e64	use SimpleGlobal with source and sink to find BodyWriter successors globally	2023-12-10 15:45:42 +01:00
Tom Hvitved	35c654aa76	Go: Use `FlowSummaryImpl` from `dataflow` pack	2023-12-10 11:25:44 +01:00
Yunus AYDIN	0813199c7f	Update vendor directory and go files	2023-12-10 01:24:29 +03:00
Yunus AYDIN	a925c23d14	Add go.mod and modules.txt	2023-12-09 23:36:50 +03:00
Yunus AYDIN	6bd3c8c07b	Format Document	2023-12-09 23:36:13 +03:00
Yunus AYDIN	6378c5e22f	Update Fiber Rule for checking files	2023-12-09 23:35:42 +03:00
Yunus AYDIN	63123f3984	Add GoChi Rule	2023-12-09 23:34:48 +03:00
Yunus AYDIN	ba4f8612eb	Add GoChi Test Cases	2023-12-09 23:33:18 +03:00
Yunus AYDIN	ad1284853b	remove unnecessary file	2023-12-09 19:49:21 +03:00
Yunus AYDIN	eb25d0df66	Add test cases	2023-12-09 19:44:58 +03:00
Yunus AYDIN	85636ccab7	Add Web Cache Deception QHelp and Example Code Snippet for Vulnerable Go Fiber usage	2023-12-09 19:12:20 +03:00
Owen Mansel-Chan	2e2a82c237	Add change note	2023-12-08 23:33:58 +00:00
Owen Mansel-Chan	ab68c4e341	Update test	2023-12-08 23:29:44 +00:00
Owen Mansel-Chan	40b3598fd0	Also follow jump steps when looking for a callee source This is needed because capturing a variable is a jump step and we want to find a callee source for captured functions.	2023-12-08 18:44:14 +00:00
Anders Schack-Mulligen	64eb4ff753	Merge pull request #14983 from aschackmull/dataflow/deprecate-old-api Data Flow: Deprecate old data flow api.	2023-12-08 14:27:25 +01:00
amammad	2cb0afee73	fix some qldocs and some spells	2023-12-08 11:12:57 +01:00
amammad	a3fbc3c20c	fix ResponseBody Class issues	2023-12-07 19:36:27 +01:00
amammad	dbf01a9284	fix an issue in ResponseBody, change isHTMLEscape to isHtmlEscape	2023-12-07 08:52:55 +01:00
github-actions[bot]	92af5f5386	Post-release preparation for codeql-cli-2.15.4	2023-12-06 22:59:22 +00:00
github-actions[bot]	c04457e9e7	Release preparation for version 2.15.4	2023-12-06 21:11:50 +00:00
amammad	20a3211d06	move sanitizers from sharedxss::sanitizer to EscapeFunction::Range, added proper inline tests	2023-12-06 16:19:34 +01:00
amammad	3e0ed0090f	added BodyWriter Sink, added proper content-type header in tests to comply new changed xss strategy	2023-12-06 16:00:36 +01:00
amammad	d3099ff482	fix tests, move from SharedXss::Sink to Http::* classes	2023-12-06 15:52:50 +01:00
Owen Mansel-Chan	aad847497b	Merge pull request #14962 from owen-mc/go/improve-tests-incorrect-integer-conversion Go: Improve tests for Incorrect Integer Conversion	2023-12-06 07:40:00 +00:00
Owen Mansel-Chan	570538b4ec	Merge pull request #14938 from owen-mc/go/improve-test-unhandled-close-writable-handle Go: improve test unhandled close writable handle	2023-12-04 16:56:09 +00:00
Anders Schack-Mulligen	67f0529cda	Dataflow: Sync.	2023-12-04 12:36:57 +01:00
Owen Mansel-Chan	d52b23db8e	Improve tests for Incorrect Integer Conversion We changed the test query when the query was changed so that the comments in the test file would stay the same. I've reverted the test query and updated the comments in the test file. This avoids problems in the branch switching to use-use flow.	2023-11-30 11:58:10 +00:00
Owen Mansel-Chan	e958a75223	Add comments indicating whether results are expected at new calls	2023-11-30 11:48:10 +00:00
Owen Mansel-Chan	de87dd5dee	Test no result if deferred function returns error	2023-11-28 14:23:37 +00:00
Owen Mansel-Chan	57dafd3732	Improve test for UnhandledCloseWritableHandle Now the different paths won't have the same two sources.	2023-11-28 14:21:43 +00:00
dependabot[bot]	d2cad03e28	Bump the extractor-dependencies group in /go/extractor with 1 update Bumps the extractor-dependencies group in /go/extractor with 1 update: [golang.org/x/tools](https://github.com/golang/tools). - [Release notes](https://github.com/golang/tools/releases) - [Commits](https://github.com/golang/tools/compare/v0.15.0...v0.16.0) --- updated-dependencies: - dependency-name: golang.org/x/tools dependency-type: direct:production update-type: version-update:semver-minor dependency-group: extractor-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>	2023-11-28 03:58:15 +00:00

... 36 37 38 39 40 ...

3323 Commits