hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,540 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.8
Commit Graph

3400 Commits

Author SHA1 Message Date
Owen Mansel-Chan
59ac2d3d3e Move TransformPath into FileLabelFor 
This way we don't have to remember to transform it at all call sites.
 2025-11-14 10:25:40 +00:00
dependabot[bot]
acfca601bc Bump golang.org/x/tools 
Bumps the extractor-dependencies group in /go/extractor with 1 update: [golang.org/x/tools](https://github.com/golang/tools).


Updates `golang.org/x/tools` from 0.38.0 to 0.39.0
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.38.0...v0.39.0)

---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-version: 0.39.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-14 03:08:48 +00:00
Nick Rolfe
86465b36e0 Merge pull request #20623 from github/nickrolfe/go-extractor-overlay 
Go: basic overlay support
 2025-11-12 14:56:25 +00:00
dependabot[bot]
c88952423e Bump golang.org/x/mod 
Bumps the extractor-dependencies group in /go/extractor with 1 update: [golang.org/x/mod](https://github.com/golang/mod).


Updates `golang.org/x/mod` from 0.29.0 to 0.30.0
- [Commits](https://github.com/golang/mod/compare/v0.29.0...v0.30.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-version: 0.30.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-12 03:08:31 +00:00
Nick Rolfe
e5ba4143ff Go: add change-note for path transformer fixes 2025-11-11 15:47:53 +00:00
Nick Rolfe
e32a5ca846 Go: add some overlay-related logging 2025-11-07 16:52:24 +00:00
Nick Rolfe
44654bdef6 Go: avoid overlay-discarding @file entities 
...since they are shared between base and overlay
 2025-11-07 16:52:22 +00:00
Nick Rolfe
734cba7b9c Go: add discard predicates for XML entities 
This is adapted from the implementation for Java.

Since the HTML/XML extractor is not (yet) incremental, it will extract
files that were not in the diff. These discard predicates are intended
to cope with that, while also being robust against a future version
where the extractor *is* overlay-aware.
 2025-11-07 16:52:21 +00:00
Nick Rolfe
10fa1d650d Go: be consistent in replacement of backslashes in file labels 2025-11-07 16:52:20 +00:00
Nick Rolfe
e4c9bb3c5c Go: enable overlay compilation 2025-11-07 16:52:19 +00:00
Nick Rolfe
50e01283da Go: overlay workaround for cgo-processed files 2025-11-07 16:52:17 +00:00
Nick Rolfe
5aaed8941a Go: pass source root from autobuilder to extractor 
This ensures the extractor can resolve the relative paths for files
changed in the overlay.
 2025-11-07 16:52:16 +00:00
Nick Rolfe
dd4f27868e Go: apply path transformer for file TRAP labels 2025-11-07 16:52:15 +00:00
Nick Rolfe
4c009d5bc9 Go: implement overlay discarding for @locatable 2025-11-07 16:52:14 +00:00
Nick Rolfe
aff874e835 Go: merge with incoming path transformer when setting GOPATH 2025-11-07 16:52:12 +00:00
Nick Rolfe
99236f7877 Go: skip overlay extraction of unchanged go.mod files 2025-11-07 16:52:10 +00:00
Nick Rolfe
604df2125d Go: implement basic overlay extraction 
When in overlay mode, extractFile will exit early if the file isn't in
the list of files that changed since the base was extracted.
 2025-11-07 16:52:08 +00:00
Nick Rolfe
05e5502680 Go: recognize CODEQL_PATH_TRANSFORMER env var 2025-11-07 16:52:07 +00:00
Nick Rolfe
4a325986e4 Go: add extractor pack field indicating overlay support 2025-11-07 16:52:06 +00:00
Nick Rolfe
c91e5618a4 Go: add dbscheme relations for overlay support 2025-11-07 16:52:05 +00:00
github-actions[bot]
4014df9a6e Post-release preparation for codeql-cli-2.23.4 2025-11-04 17:57:52 +00:00
github-actions[bot]
64fcdd1f2f Release preparation for version 2.23.4 2025-11-03 14:52:23 +00:00
Nora Dimitrijević
0f0bd0f455 Go/SSRF 
go/ql/src/experimental/CWE-918/SSRF.ql
 2025-10-28 09:42:09 +01:00
Nora Dimitrijević
d41268fc84 Go/UnhandledCloseWritableHandle 2025-10-28 09:42:06 +01:00
Nora Dimitrijević
59a8e9b78c Go/InsufficientKeySize 2025-10-28 09:39:27 +01:00
Nora Dimitrijević
7722f31cb8 Go/DivideByZero 2025-10-28 09:39:24 +01:00
github-actions[bot]
6dd07790ac Post-release preparation for codeql-cli-2.23.3 2025-10-14 11:16:33 +00:00
Henry Mercer
9507ec0853 Fix "be be" typos 2025-10-14 11:09:43 +01:00
github-actions[bot]
33542f7d40 Release preparation for version 2.23.3 2025-10-14 09:30:24 +00:00
dependabot[bot]
500421d891 Bump the extractor-dependencies group in /go/extractor with 2 updates 
Bumps the extractor-dependencies group in /go/extractor with 2 updates: [golang.org/x/mod](https://github.com/golang/mod) and [golang.org/x/tools](https://github.com/golang/tools).


Updates `golang.org/x/mod` from 0.28.0 to 0.29.0
- [Commits](https://github.com/golang/mod/compare/v0.28.0...v0.29.0)

Updates `golang.org/x/tools` from 0.37.0 to 0.38.0
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.37.0...v0.38.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-version: 0.29.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
- dependency-name: golang.org/x/tools
  dependency-version: 0.38.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-13 03:14:48 +00:00
Owen Mansel-Chan
37151791b4 Add change notes 2025-10-09 12:26:32 +01:00
Owen Mansel-Chan
3cbce80d0b Add SimpleTypeSanitizer to go/request-forgery 2025-10-09 12:17:21 +01:00
Owen Mansel-Chan
7599fdd8fa Add request forgery test for numeric type 2025-10-09 12:17:19 +01:00
Owen Mansel-Chan
0c9cd09140 Make NumericOrBooleanSanitizer easier to access and rename it 2025-10-09 12:17:17 +01:00
Owen Mansel-Chan
f35d28de45 Change note for bug fix in go/unvalidated-url-redirection 2025-10-02 17:03:55 +01:00
Owen Mansel-Chan
cce44b1f54 Update change notes for api changes 2025-10-02 16:52:16 +01:00
Owen Mansel-Chan
4d4862899e Preserve old behaviour of Write.writesComponent 2025-10-02 16:50:18 +01:00
Owen Mansel-Chan
d8891e34d1 Small improvement to go/unhandled-writable-file-close 2025-10-02 15:15:51 +01:00
Owen Mansel-Chan
7fdda87b06 Fix go/impossible-interface-nil-check for separate post-update nodes 
When tracing back from nil checks on interfaces, ignore post-update
nodes. There will always be a corresponding pre-update node that
contains the information we want.
 2025-10-02 12:34:58 +01:00
Owen Mansel-Chan
2629369c93 Improve additional flow step for Host field 2025-10-01 16:18:05 +01:00
Owen Mansel-Chan
c006777714 Simplify PathAssignmentBarrier 2025-10-01 16:18:03 +01:00
Owen Mansel-Chan
6d6852fb8d Test PathAssignmentBarrier for OpenUrlRedirect 2025-10-01 16:18:02 +01:00
Owen Mansel-Chan
f0f5fc7eac Improve SSRF additional flow step 2025-10-01 16:18:00 +01:00
Owen Mansel-Chan
c9ce2c8043 Add test for assignment to Url.Host field 2025-10-01 16:17:58 +01:00
Owen Mansel-Chan
8b04d0a2b9 Convert SSRF tests to inline expectations tests 2025-10-01 16:17:57 +01:00
Owen Mansel-Chan
6e4dbe8e22 Fix SafeUrlFlow so test passes 2025-10-01 16:17:52 +01:00
Owen Mansel-Chan
620ae33e0c Make SafeUrlFlow test more comprehensive (failing) 2025-10-01 16:17:04 +01:00
Owen Mansel-Chan
8a21a4ff92 Deprecate WriteNode.writesComponent 2025-10-01 16:13:33 +01:00
Owen Mansel-Chan
59e3c14a5e Add and use WriteNode.writesElementPreUpdate 2025-10-01 16:13:31 +01:00
Owen Mansel-Chan
6fcd35885e Fix pointer content store step for write to field of pointer dereference 2025-10-01 16:13:29 +01:00