hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 03:36:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
80,824 Commits 1,672 Branches 157 Tags
ginsbach/EnableJavaOverlayCompilation
Commit Graph

1488 Commits

Author SHA1 Message Date
Owen Mansel-Chan
5675df842e Merge pull request #15054 from owen-mc/go/find-more-callees-for-captured-variables 
Go: Also follow jump steps when looking for a callee source
 2023-12-12 15:49:15 +00:00
Chad Bentz
2d33f86d41 Initial Push 
- Sample test  (test not compiling)
- Stubs not generating
 2023-12-12 15:00:00 +00:00
Owen Mansel-Chan
0fb58caa8c Update go/ql/lib/change-notes/2023-12-08-find-more-callees-for-captured-functions.md 
Co-authored-by: Chris Smowton <smowton@github.com>
 2023-12-11 20:42:48 +00:00
amammad
cc5416406f added more sinks related to io.Writer of BodyWriter 2023-12-10 22:06:27 +01:00
amammad
b6aaff2e64 use SimpleGlobal with source and sink to find BodyWriter successors globally 2023-12-10 15:45:42 +01:00
Tom Hvitved
35c654aa76 Go: Use FlowSummaryImpl from dataflow pack 2023-12-10 11:25:44 +01:00
Owen Mansel-Chan
2e2a82c237 Add change note 2023-12-08 23:33:58 +00:00
Owen Mansel-Chan
40b3598fd0 Also follow jump steps when looking for a callee source 
This is needed because capturing a variable is a jump step
and we want to find a callee source for captured functions.
 2023-12-08 18:44:14 +00:00
amammad
a3fbc3c20c fix ResponseBody Class issues 2023-12-07 19:36:27 +01:00
amammad
dbf01a9284 fix an issue in ResponseBody, change isHTMLEscape to isHtmlEscape 2023-12-07 08:52:55 +01:00
github-actions[bot]
92af5f5386 Post-release preparation for codeql-cli-2.15.4 2023-12-06 22:59:22 +00:00
github-actions[bot]
c04457e9e7 Release preparation for version 2.15.4 2023-12-06 21:11:50 +00:00
amammad
20a3211d06 move sanitizers from sharedxss::sanitizer to EscapeFunction::Range, added proper inline tests 2023-12-06 16:19:34 +01:00
amammad
3e0ed0090f added BodyWriter Sink, added proper content-type header in tests to comply new changed xss strategy 2023-12-06 16:00:36 +01:00
amammad
d3099ff482 fix tests, move from SharedXss::Sink to Http::* classes 2023-12-06 15:52:50 +01:00
Anders Schack-Mulligen
67f0529cda Dataflow: Sync. 2023-12-04 12:36:57 +01:00
amammad
ffe2e398c9 fix tests, add support for Response.BodyWriter() Thanks to @owen-mc 2023-11-25 15:36:37 +01:00
amammad
accc09fd8c Lists of strings should be in alphabetical order. In a QLDoc, there should be a full stop at the end of each sentence. shorter model summary. change target from getACall() to getACall().getResult(.). better tests 2023-11-25 13:36:06 +01:00
Owen Mansel-Chan
6f9a70475d Merge pull request #14882 from owen-mc/go/minor-fixes 
Go: improve CallNode documentation
 2023-11-24 10:36:07 +00:00
Owen Mansel-Chan
25a2aef623 Update library name in change note 2023-11-23 13:42:21 +00:00
Owen Mansel-Chan
25d5104468 Change how we refer to a query in a change note 2023-11-23 13:22:05 +00:00
Owen Mansel-Chan
dd8fb29a65 Improve QLDocs of CallNode and MethodCallNode 
When a function is assigned to a variable and called through that
variable then we can't always tell it was a method.
 2023-11-22 16:32:10 +00:00
Kevin Stubbings
d7e2fbc11d Finish 2023-11-21 14:27:17 -08:00
Owen Mansel-Chan
b147bacd48 Merge branch 'main' into amammad-go-fastHttp 2023-11-21 21:36:11 +00:00
amammad
2ad59a5403 fix SSRF sinks 2023-11-21 18:46:35 +01:00
Owen Mansel-Chan
d26dc68baa Merge pull request #14798 from owen-mc/go/improve-value-flow-through-slice-exprs 
Go: model value flow with array content through slice expressions
 2023-11-21 11:50:08 +00:00
Kevin Stubbings
9958ad904c thesame 2023-11-20 23:40:55 -08:00
Kevin Stubbings
28288e0d23 basic2 2023-11-20 23:40:55 -08:00
Kevin Stubbings
3b78477406 Basics 2023-11-20 23:40:55 -08:00
github-actions[bot]
bad499e360 Post-release preparation for codeql-cli-2.15.3 2023-11-17 14:35:41 +00:00
github-actions[bot]
6ec9b95072 Release preparation for version 2.15.3 2023-11-16 13:07:16 +00:00
Owen Mansel-Chan
1ac3a9e8d3 Add change note 2023-11-15 15:12:58 +00:00
Owen Mansel-Chan
aaa8f9c41f Add read and store steps for SliceElementNode 2023-11-15 14:58:23 +00:00
Owen Mansel-Chan
2b897a9825 Add synthetic SliceElementNode 2023-11-15 14:58:21 +00:00
Owen Mansel-Chan
83d1fc33e1 Add change note 2023-11-14 23:16:32 +00:00
Owen Mansel-Chan
45faed057c Improve SliceExpr documentation 2023-11-14 11:25:16 +00:00
Owen Mansel-Chan
ed349f7d6b Improve value flow through arrays 2023-11-13 23:26:16 +00:00
Owen Mansel-Chan
359dcf37e9 Merge pull request #14649 from Kwstubbs/go-cors 
Go: Add Cors Gin Support
 2023-11-13 15:46:59 +00:00
amammad
c361caf0b0 fix tests for FileSystemAccess, add comments for adding some functions in future, remove old comments 2023-11-08 14:15:26 +01:00
Tom Hvitved
af7b295c59 Address review comments 2023-11-07 13:01:19 +01:00
Kevin Stubbings
57c645bd24 Added support for same struct and added new test 2023-11-05 22:34:35 -08:00
Kevin Stubbings
1f2e8d898d Address Feedback 2023-11-05 14:28:34 -08:00
amammad
88e75a6ec8 add flow summary instead of additional flow steps 2023-11-05 17:49:32 +03:30
amammad
23f7f9a24a fix some grammer mistakes, an unnecessary import, put blank like after go generate 2023-11-05 17:49:32 +03:30
amammad
e38cb0f36e fix a issue in fasthttp library, add SSRF inline queires 2023-11-05 17:49:32 +03:30
amammad
3bc24c3534 add inline tests for open redirect,xss, fix some issues in fasthttp.qll 2023-11-05 17:49:32 +03:30
amammad
29219922ac add inline tests for UntrustedFlowSource, and fix some not necessarily flow sources 2023-11-05 17:49:32 +03:30
amammad
defe964f3a update tests 2023-11-05 17:49:32 +03:30
amammad
1ff1c5cfe0 fix two bugs, make package path more neat 2023-11-05 17:49:32 +03:30
amammad
2048d8945b fix qldoc and tests 2023-11-05 17:49:32 +03:30