hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,161 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.6
Commit Graph

2743 Commits

Author SHA1 Message Date
github-actions[bot]
02a1b1efcb Release preparation for version 2.23.1 2025-09-16 14:14:42 +00:00
Jeroen Ketema
0f5bd3799e Merge branch 'main' into go-log 2025-09-12 11:12:01 +02:00
Jeroen Ketema
3de9356141 Go: Retrofit the change log to mention Go 1.25 
This can only be a minor change (or something similar) to stay within the
semantic versioning contraints. This is because only the patch version of
the Go ql library pack was bumped during the release. Since there were no new
language features in Go 1.25, this might also be the most accurate choice here.
 2025-09-12 11:08:42 +02:00
Owen Mansel-Chan
d9e7c89af0 Add indirect method calls 2025-09-11 11:31:28 +01:00
Owen Mansel-Chan
84e70e166e Add direct method calls 2025-09-11 11:27:56 +01:00
Owen Mansel-Chan
fa18fd2782 Add method defs 2025-09-11 11:24:53 +01:00
Owen Mansel-Chan
cbbf7c2578 Include pre-update node in output 2025-09-11 11:22:17 +01:00
Arthur Baars
5d3ec35e29 Remove non-breaking spaces from code 2025-09-05 09:41:15 +02:00
Owen Mansel-Chan
2a45b28e5f Merge pull request #20064 from Kwstubbs/go-path-separator 
Update Go Path Injection Sanitizer and Sink
 2025-09-03 16:45:15 +01:00
github-actions[bot]
e8a2600a0c Post-release preparation for codeql-cli-2.23.0 2025-09-02 11:46:23 +00:00
github-actions[bot]
0bfa93828b Release preparation for version 2.23.0 2025-09-02 11:09:32 +00:00
Michael Nebel
55e5281429 Go: Fix a couple more spelling errors. 2025-09-02 10:47:36 +02:00
Michael Nebel
d0323a6425 Fix one more violation. 2025-09-02 09:42:05 +02:00
Michael Nebel
ea664e08d1 Go: Fix some Ql4Ql violations. 2025-09-01 15:00:34 +02:00
github-actions[bot]
42e3d31c49 Post-release preparation for codeql-cli-2.22.4 2025-08-18 14:42:42 +00:00
github-actions[bot]
90d29994c8 Release preparation for version 2.22.4 2025-08-18 14:06:09 +00:00
Nora Dimitrijević
0512940c0c Merge pull request #20075 from d10c/d10c/diff-informed-phase-3-go 
Go: Diff-informed queries: phase 3 (non-trivial locations)
 2025-08-15 12:23:53 +02:00
github-actions[bot]
fb4b0aac53 Post-release preparation for codeql-cli-2.22.3 2025-08-04 17:18:08 +00:00
github-actions[bot]
fd82aeb1f8 Release preparation for version 2.22.3 2025-08-04 15:47:57 +00:00
github-actions[bot]
37cc78255a Post-release preparation for codeql-cli-2.22.2 2025-07-22 14:22:20 +00:00
Nick Rolfe
43d14c28c2 Tweak changenotes 2025-07-22 15:06:09 +01:00
github-actions[bot]
997547b8ef Release preparation for version 2.22.2 2025-07-22 14:04:14 +00:00
Nick Rolfe
825c813095 Revert "Release preparation for version 2.22.2" 2025-07-22 14:33:45 +01:00
Nick Rolfe
74cd982aca Tweak changenotes 2025-07-22 09:51:52 +01:00
Owen Mansel-Chan
e2f3c9d1b6 Reword change note 2025-07-22 00:09:37 +01:00
Kevin Stubbings
b4b848a25c Fix tests and simplify sanitizer 2025-07-21 21:53:35 +00:00
github-actions[bot]
c8632b70b7 Release preparation for version 2.22.2 2025-07-21 16:45:45 +00:00
Nick Rolfe
ad9b637bec Revert "Merge pull request #19994 from github/post-release-prep/codeql-cli-2.22.2" 
This reverts commit e5b4a15e35, reversing
changes made to 33e63109bb.
 2025-07-21 15:18:59 +01:00
Nora Dimitrijević
8824677e87 [DIFF-INFORMED] Go: BadRedirectCheck 2025-07-17 11:46:54 +02:00
Nora Dimitrijević
b4010ac2b4 [DIFF-INFORMED] Go: InsecureHostKeyCallback 2025-07-17 11:46:53 +02:00
Nora Dimitrijević
188fc0d933 [DIFF-INFORMED] Go: UnhandledCloseWritableHandle 2025-07-17 11:46:51 +02:00
Nora Dimitrijević
7b759f44f8 [DIFF-INFORMED] Go: AuthCookie 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/experimental/CWE-1004/CookieWithoutHttpOnly.ql#L97
 2025-07-17 11:46:49 +02:00
Nora Dimitrijević
a1fe72c423 [DIFF-INFORMED] Go: SSRF 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/experimental/CWE-918/SSRF.ql#L23
 2025-07-17 11:46:47 +02:00
Nora Dimitrijević
7bd6703f19 [DIFF-INFORMED] Go: ConditionalBypass 2025-07-17 11:46:46 +02:00
Nora Dimitrijević
19b373aa90 [DIFF-INFORMED] Go: SensitiveConditionBypass 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/experimental/CWE-807/SensitiveConditionBypass.ql#L33
 2025-07-17 11:46:44 +02:00
Nora Dimitrijević
d6ef585110 [DIFF-INFORMED] Go: RequestForgery, SafeUrlFlow 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-918/RequestForgery.ql#L21
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-601/OpenUrlRedirect.ql#L24
 2025-07-17 11:46:42 +02:00
Nora Dimitrijević
8c8625d912 [DIFF-INFORMED] Go: ReflectedXss 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-079/ReflectedXss.ql#L23
 2025-07-17 11:46:40 +02:00
Nora Dimitrijević
4b473622bc [DIFF-INFORMED] Go: InsecureRandomness 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-338/InsecureRandomness.ql#L19
 2025-07-17 11:46:39 +02:00
Nora Dimitrijević
ce7eb9b16a [DIFF-INFORMED] Go: IncorrectIntegerConversion 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-681/IncorrectIntegerConversionQuery.ql#L23
 2025-07-17 11:46:37 +02:00
Nora Dimitrijević
f228818b1f [DIFF-INFORMED] Go: HardcodedCredentials 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-798/HardcodedCredentials.ql#L62
 2025-07-17 11:46:35 +02:00
Nora Dimitrijević
109f6ddc2d [DIFF-INFORMED] Go: ExternalAPIs 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql#L18
 2025-07-17 11:46:33 +02:00
Nora Dimitrijević
89f760460b [DIFF-INFORMED] Go: CommandInjection 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-078/CommandInjection.ql#L28
 2025-07-17 11:46:30 +02:00
Nora Dimitrijević
e0d16a863b [DIFF-INFORMED] Go: AllocationSizeOverflow 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-190/AllocationSizeOverflow.ql#L24
 2025-07-17 11:46:29 +02:00
Owen Mansel-Chan
53e1939b60 Merge pull request #20053 from owen-mc/go/fix-dataflowconsistency 
Go: Fix compilation of DataFlowImplConsistency.qll
 2025-07-17 09:22:12 +01:00
Kevin Stubbings
f86152d3bd Add sanitizer changes and fix test 2025-07-16 21:27:33 +00:00
Kevin Stubbings
504ae0f35a Update go path sanitizers and sinks 2025-07-16 06:12:45 +00:00
Chris Smowton
b71f9ae240 Fix function qname 2025-07-15 16:37:30 +01:00
Chris Smowton
ac72f8523a Change note 2025-07-15 14:51:19 +01:00
Chris Smowton
c8eefb7c5c Golang: Mark filepath.IsLocal as a tainted-path sanitizer guard 2025-07-15 14:47:17 +01:00
Owen Mansel-Chan
9661ee407f Fix compilation of DataFlowImplConsistency.qll 2025-07-15 13:51:45 +01:00