hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,868 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.4
Commit Graph

3331 Commits

Author SHA1 Message Date
Nora Dimitrijević
4b473622bc [DIFF-INFORMED] Go: InsecureRandomness 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-338/InsecureRandomness.ql#L19
 2025-07-17 11:46:39 +02:00
Nora Dimitrijević
ce7eb9b16a [DIFF-INFORMED] Go: IncorrectIntegerConversion 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-681/IncorrectIntegerConversionQuery.ql#L23
 2025-07-17 11:46:37 +02:00
Nora Dimitrijević
f228818b1f [DIFF-INFORMED] Go: HardcodedCredentials 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-798/HardcodedCredentials.ql#L62
 2025-07-17 11:46:35 +02:00
Nora Dimitrijević
109f6ddc2d [DIFF-INFORMED] Go: ExternalAPIs 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql#L18
 2025-07-17 11:46:33 +02:00
Nora Dimitrijević
89f760460b [DIFF-INFORMED] Go: CommandInjection 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-078/CommandInjection.ql#L28
 2025-07-17 11:46:30 +02:00
Nora Dimitrijević
e0d16a863b [DIFF-INFORMED] Go: AllocationSizeOverflow 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-190/AllocationSizeOverflow.ql#L24
 2025-07-17 11:46:29 +02:00
Owen Mansel-Chan
53e1939b60 Merge pull request #20053 from owen-mc/go/fix-dataflowconsistency 
Go: Fix compilation of DataFlowImplConsistency.qll
 2025-07-17 09:22:12 +01:00
Kevin Stubbings
f86152d3bd Add sanitizer changes and fix test 2025-07-16 21:27:33 +00:00
Kevin Stubbings
504ae0f35a Update go path sanitizers and sinks 2025-07-16 06:12:45 +00:00
Chris Smowton
b71f9ae240 Fix function qname 2025-07-15 16:37:30 +01:00
Chris Smowton
ac72f8523a Change note 2025-07-15 14:51:19 +01:00
Chris Smowton
c8eefb7c5c Golang: Mark filepath.IsLocal as a tainted-path sanitizer guard 2025-07-15 14:47:17 +01:00
Owen Mansel-Chan
9661ee407f Fix compilation of DataFlowImplConsistency.qll 2025-07-15 13:51:45 +01:00
dependabot[bot]
c267a88f88 Bump golang.org/x/tools 
---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-version: 0.35.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-07-14 03:37:24 +00:00
Owen Mansel-Chan
391e9f7471 Merge pull request #20000 from owen-mc/go/request-forgery 
Go: Add `Head` and `Client.Head` from `net/http` as request forgery sinks
 2025-07-12 00:30:23 +01:00
dependabot[bot]
e57b272cfa Bump golang.org/x/mod 
Bumps the extractor-dependencies group in /go/extractor with 1 update: [golang.org/x/mod](https://github.com/golang/mod).


Updates `golang.org/x/mod` from 0.25.0 to 0.26.0
- [Commits](https://github.com/golang/mod/compare/v0.25.0...v0.26.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-version: 0.26.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-07-10 03:41:42 +00:00
Owen Mansel-Chan
a5333ae1a1 Add change note 2025-07-08 16:51:22 +01:00
Owen Mansel-Chan
990043ce86 Add net/http.Head and net/http.Client.Head as client requests 
They were previously deliberately excluded.
 2025-07-08 14:31:48 +01:00
Owen Mansel-Chan
71703aa497 Improve formatting of some QL 2025-07-08 14:29:11 +01:00
Owen Mansel-Chan
d437a096f1 Test more client request URL sinks 2025-07-08 13:20:04 +01:00
github-actions[bot]
24a0ac1223 Post-release preparation for codeql-cli-2.22.2 2025-07-07 18:15:04 +00:00
github-actions[bot]
f12daefabe Release preparation for version 2.22.2 2025-07-07 14:00:26 +00:00
Owen Mansel-Chan
0788a90d88 Convert RequestForgery test to inline expectations 2025-07-04 16:56:05 +01:00
Owen Mansel-Chan
d10b9e665c Fix linter warnings in Request Forgery tests 2025-07-04 16:55:09 +01:00
Paolo Tranquilli
72bfbacaaf Merge branch 'main' into redsun82/go-internal-tests 2025-07-02 16:21:26 +02:00
Paolo Tranquilli
fa14f9540b Merge branch 'main' into redsun82/go-internal-tests 2025-06-30 17:38:59 +02:00
Michael Nebel
d926a6a47d Go: Freeze the quality queries in the security-and-quality suite. 2025-06-26 14:35:21 +02:00
Owen Mansel-Chan
9663ecad21 Avoid using deprecated class 2025-06-26 01:46:14 +01:00
Owen Mansel-Chan
0f07ab58cf Merge pull request #19654 from owen-mc/go/fix-definedtype-getbasetype 
Go: fix `DefinedType.getBaseType`
 2025-06-26 00:19:19 +01:00
Owen Mansel-Chan
d7b1d7bef4 Merge pull request #19677 from owen-mc/go/better-class-names-and-helpers 
Go: Improve two class names and add some helper predicates
 2025-06-26 00:17:32 +01:00
Chris Smowton
2291e10ce6 Fix typo 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-06-25 21:38:22 +02:00
Nora Dimitrijević
c4a385fa6a Merge pull request #19817 from d10c/d10c/convert-tests-to-qlref 
Convert remaining `{go,swift,ruby}-code-scanning.qls` query tests to `.qlref`
 2025-06-24 16:31:13 +02:00
Nora Dimitrijević
cf92b0e91b Go: convert IncorrectIntegerConversion test to .qlref 2025-06-24 14:57:48 +02:00
Nora Dimitrijević
76a3306c63 Go: convert UncontrolledAllocationSize test to .qlref 2025-06-24 14:57:44 +02:00
github-actions[bot]
6972c7a872 Post-release preparation for codeql-cli-2.22.1 2025-06-24 12:55:14 +00:00
github-actions[bot]
3e074b2425 Release preparation for version 2.22.1 2025-06-24 08:55:31 +00:00
Nora Dimitrijević
b62a6db314 Merge pull request #19760 from d10c/d10c/go/diff-informed-2 
Go: mass-enable diff-informed queries phase 2 - `getASelected{Source,Sink}Location() { none() }`
 2025-06-19 14:44:56 +02:00
Owen Mansel-Chan
ebd917600d Update quality suite integration test 2025-06-19 10:37:49 +01:00
Owen Mansel-Chan
a26610a05c Add change note 2025-06-19 10:34:01 +01:00
Owen Mansel-Chan
a2ff045a7a Update tags for high precision quality queries 2025-06-19 10:33:58 +01:00
Tamas Vajk
e6a9ff08a3 Adjust query-suite integration test expected files 2025-06-18 13:10:34 +02:00
Tamas Vajk
40274dcd69 Add code-quality-extended query suites 2025-06-18 13:10:34 +02:00
Nora Dimitrijević
51826c72d0 Go: mass-add none() location overrides 2025-06-17 17:02:08 +02:00
Nora Dimitrijević
a8dc3008ef Merge pull request #19660 from d10c/d10c/go/diff-informed 
Go: mass enable diff-informed data flow
 2025-06-17 14:52:46 +02:00
Paolo Tranquilli
0d803698ac Go: remove language tests from workflows 
Now that they are run internally using QLucie.
 2025-06-16 14:01:40 +02:00
Jon Janego
6ec48117b5 Merge pull request #19739 from github/changedocs-2.22.0 
fixing some improperly escaped URLs
 2025-06-11 16:24:29 -05:00
Jon Janego
6336e3d44b fixing another bracket 2025-06-11 16:02:28 -05:00
Jon Janego
8f55dcdd67 removing brackets around a url 2025-06-11 15:36:30 -05:00
Nora Dimitrijević
e233501144 Go: mass enable diff-informed data flow 
An auto-generated patch that enables diff-informed data flow in the obvious cases.

Builds on https://github.com/github/codeql/pull/18345 and https://github.com/github/codeql-patch/pull/88
 2025-06-11 18:44:24 +02:00
github-actions[bot]
21463a9653 Post-release preparation for codeql-cli-2.22.0 2025-06-09 18:50:20 +00:00