hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,161 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.6
Commit Graph

3351 Commits

Author SHA1 Message Date
Chris Smowton
3c8182b521 Format and reorder 2023-04-12 14:19:02 +01:00
Chris Smowton
9e38e8d675 Restore model of builtin copy function. 
This is another with no real signature type.
 2023-04-12 14:19:01 +01:00
Chris Smowton
0249669299 Accept test changes 2023-04-12 14:19:01 +01:00
Chris Smowton
c752777022 Accept test changes 2023-04-12 14:19:01 +01:00
Chris Smowton
c011e013e1 fixup restoration of variadic models 2023-04-12 14:19:01 +01:00
Chris Smowton
7c8db6eace Restore QL modelling for the built-in append function. 2023-04-12 14:19:01 +01:00
Chris Smowton
a796ddb95b Accept paths-only test changes 2023-04-12 14:19:01 +01:00
Chris Smowton
77b8103cc1 Adapt tests not to depend on TaintTracking::FunctionModel 2023-04-12 14:19:01 +01:00
Chris Smowton
2e70fada8d Bump Go version on test referencing go 1.20 methods 
This turned out not to matter for the extractor, but it means we can check the build using `go build`.
 2023-04-12 14:19:01 +01:00
Chris Smowton
a673610e18 Adapt query not to depend on TaintTracking::FunctionModel 2023-04-12 14:19:01 +01:00
Chris Smowton
c8407ba323 Revert variadic functions to use non-MaD models 2023-04-12 14:19:01 +01:00
Chris Smowton
16e3acf592 Restore old-style taint models for the unsafe package 
These functions don't have proper signature types, so are not suited to MaD models
 2023-04-12 14:19:00 +01:00
Chris Smowton
2c65e68c5f Adapt HTTP response body association to MaD models 2023-04-12 14:19:00 +01:00
Chris Smowton
2677a945f3 Autoformat 2023-04-12 14:19:00 +01:00
Chris Smowton
53723479c8 Enable model inheritence by subinterfaces 
Previously only a concrete (non-interface) method could inherit such a model
 2023-04-12 14:19:00 +01:00
Chris Smowton
9c45192a4e Remove spurious duplicate models 2023-04-12 14:19:00 +01:00
Chris Smowton
c242c28af9 Use $ANYVERSION to allow applying a model to all versions of a given package 2023-04-12 14:19:00 +01:00
Chris Smowton
f36a2143f5 Accept more test changes; add some missing models 2023-04-12 14:19:00 +01:00
Chris Smowton
bfc8db90af Accept test changes 
This is 1x path changes without result changes, and 1x expected change since the Encode function is no longer modelled using TaintTracking::FunctionModel
 2023-04-12 14:19:00 +01:00
Chris Smowton
d49840ee8e Restore mistakenly-deleted models 2023-04-12 14:19:00 +01:00
Chris Smowton
11b457d5bf Allow - character in Go package names 2023-04-12 14:19:00 +01:00
Chris Smowton
e98c70c482 Restore mistakenly deleted model 2023-04-12 14:19:00 +01:00
Chris Smowton
1b7f529949 Restore reverse-flow models 2023-04-12 14:19:00 +01:00
Chris Smowton
de0caf2445 Go: mass-convert taint-flow models to models-as-data format 2023-04-12 14:18:44 +01:00
Chris Smowton
51ebc0bef2 Amend test now that DataFlowCallable != Callable 2023-04-12 14:15:54 +01:00
Chris Smowton
a5e5a5780d Use FlowSummaryImpl::Private::summaryParameterNodeRange 2023-04-12 14:15:54 +01:00
Chris Smowton
4ea4e0dcca Go: seperate real and synthetic callables 
This means that when a function has a real body and a summary (usually because it has a real definition in source, and implements an interface that has a model), two callables are created and dispatch considers both possible paths.

This specifically overcomes the difficulty with ParameterNodes when the real callable, if any, may or may not define an SsaNode, either because the real parameter is unused or because it is anonymous. Now the synthetic callable will always have parameter nodes, while the real one may or may not depending on whether a definition is present and
whether or not it names or uses its parameter.
 2023-04-12 14:15:54 +01:00
Chris Smowton
939a025e11 Go: hide summary nodes from path explanations 
This mirrors behaviours in other languages with MaD summaries
 2023-04-06 16:41:44 +01:00
github-actions[bot]
ac426b1302 Post-release preparation for codeql-cli-2.12.6 2023-04-04 16:49:26 +00:00
Owen Mansel-Chan
00fd23d7b9 Merge pull request #12396 from porcupineyhairs/GoJwtSignImprovements 
Go: Add more JWT sinks
 2023-04-04 13:28:38 +01:00
Porcupiney Hairs
e9615c57e9 Go: Add more JWT sinks 
This pull requests adds modelling for `katras/iris/v12/middleware/jwt`, `katras/jwt` and `gogf/gf-jwt` frameworks.
 2023-03-31 23:11:24 +05:30
Owen Mansel-Chan
8e8ffb20a3 Accept test changes caused by alert message change 2023-03-31 16:48:01 +01:00
Owen Mansel-Chan
4fa57bfb2d Use set literal instead of regex comparison 2023-03-31 16:48:00 +01:00
Owen Mansel-Chan
a9f297c031 Use set literal instead of a conjunction 2023-03-31 16:47:59 +01:00
Owen Mansel-Chan
5d93ed5f52 Remove redundant term 
It's hard to tell what the original intention was, but I don't think
the location of qs should be the same as the location of q, so this
term is redundant.
 2023-03-31 16:47:59 +01:00
Owen Mansel-Chan
34bca0612b Use _ for exists-variable that is only used once 2023-03-31 16:47:58 +01:00
Owen Mansel-Chan
607e2817e5 Use not A and B instead of if A then none() else B 2023-03-31 16:47:58 +01:00
Owen Mansel-Chan
9ac0c57a3e Fix alert message to match style guide 2023-03-31 16:47:57 +01:00
Owen Mansel-Chan
cf89b00f47 Fix variable names in QLDocs 2023-03-31 16:47:57 +01:00
Owen Mansel-Chan
513409e082 Fix formatting of QLDocs 2023-03-31 16:47:56 +01:00
Owen Mansel-Chan
7a25200962 Remove fields which are only used in char pred 2023-03-31 16:47:55 +01:00
Owen Mansel-Chan
a113b8e8a4 No need for singleton set 2023-03-31 16:47:55 +01:00
Owen Mansel-Chan
f6dc9e2a35 Fix accidental over-modelling of k8s Secret DeepCopy 2023-03-31 16:47:53 +01:00
github-actions[bot]
0a3218676c Release preparation for version 2.12.6 2023-03-30 19:25:06 +00:00
github-actions[bot]
e87ce62f95 Post-release preparation for codeql-cli-2.12.5 2023-03-30 13:48:58 +00:00
Jeroen Ketema
0acca2ba76 Merge pull request #12687 from jketema/unit-2 
Make imports of `codeql.util.Unit` private
 2023-03-29 13:07:12 +02:00
Jeroen Ketema
3b8ad087eb Make imports of codeql.util.Unit private 2023-03-28 14:14:13 +02:00
Anders Schack-Mulligen
47e7aa9566 Dataflow: Add change note. 2023-03-28 13:17:48 +02:00
Anders Schack-Mulligen
d406b051fc Dataflow: Remove accidentally exposed predicates. 2023-03-28 10:04:21 +02:00
Jeroen Ketema
977f15f8a4 Merge pull request #12649 from jketema/unit 
Replace all definitions of `Unit` by `import codeql.util.Unit`
 2023-03-27 08:49:50 +02:00