codeql

mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00

Author	SHA1	Message	Date
Porcupiney Hairs	2c518c1fa6	Include changes from review	2023-05-12 01:59:42 +05:30
Porcupiney Hairs	d536157c1a	Go : Add query to detect potential timing attacks	2023-05-11 09:57:50 +05:30
Owen Mansel-Chan	270ba09ffb	Merge pull request #11732 from owen-mc/go/fix/model-data-flow-through-varargs Go: Allow data flow through varargs parameters	2023-05-11 05:26:40 +01:00
Porcupiney Hairs	ec424d7e51	Go: Add query to detect DSN Injection.	2023-05-11 03:45:29 +05:30
Kasper Svendsen	46727af948	Go: Enable warnings for implicit this receivers	2023-05-03 15:41:55 +02:00
Kasper Svendsen	e969018f99	Go: Make implicit this receivers explicit	2023-05-03 12:45:42 +02:00
Michael B. Gale	5a44fae515	Go: add test for unrelated A->C data flow	2023-04-28 10:56:12 +01:00
Owen Mansel-Chan	f2368a9441	Do not use variadic sink fn in tests	2023-04-28 06:09:11 +01:00
Owen Mansel-Chan	bc0f9030e3	use CallNode.getSyntacticArgument	2023-04-28 06:09:10 +01:00
Owen Mansel-Chan	2d3fed9c07	Accept intended test result changes	2023-04-28 06:09:10 +01:00
Michael B. Gale	72b082806b	Go: Update `html-template-escaping-passthrough` Modify this query to apply sanitizers only in the data flow between untrusted inputs and passthrough conversion types.	2023-04-27 17:14:38 +01:00
Michael B. Gale	1aa1153ed6	Go: Add `html/template` as XSS queries sanitizer	2023-04-26 21:21:52 +01:00
Owen Mansel-Chan	2914480ff6	Avoid platform-specific results These were introduced in https://github.com/github/codeql/pull/12750 but the relevant tests that should have caught it weren't run.	2023-04-19 11:18:19 +01:00
Tom Hvitved	3cc9dec9c8	Remove all `queries.xml` files	2023-04-13 11:18:58 +02:00
Chris Smowton	d648b34037	Accept test changes These are caused by nodes being hidden by https://github.com/github/codeql/pull/12783	2023-04-12 15:05:04 +01:00
Chris Smowton	9f4b77e851	Accept test changes	2023-04-12 14:19:06 +01:00
Chris Smowton	0129167cc4	Convert Beego's MapGet method to MaD	2023-04-12 14:19:06 +01:00
Chris Smowton	2abffccded	Accept test changes	2023-04-12 14:19:05 +01:00
Chris Smowton	8c553ec0fc	Autoformat go	2023-04-12 14:19:05 +01:00
Chris Smowton	ac4dcc6c4b	Add ioutil usage to TaintSteps test It appears at present the Go standard library imports the deprecated io/ioutil package internally on some platforms but not others. Therefore I add a test explicitly using it to make the test behave more uniformly.	2023-04-12 14:19:05 +01:00
Chris Smowton	3c48609635	Accept test changes	2023-04-12 14:19:05 +01:00
Chris Smowton	140505222f	Update test expectations	2023-04-12 14:19:04 +01:00
Chris Smowton	1a7927d3a1	Fix x/net/html.EscapeString modelling This had never worked due to accidentally extending non-abstract class HtmlEscapeFunction; consequently it was neither a taint propagator in general, nor an HTML escape function. Added tests to ensure it is now behaving as intended.	2023-04-12 14:19:04 +01:00
Chris Smowton	141d6b8d7b	Accept paths test changes	2023-04-12 14:19:04 +01:00
Chris Smowton	477341dd3b	Remove unnecessary variable	2023-04-12 14:19:04 +01:00
Chris Smowton	18d00c1116	Autoformat QL	2023-04-12 14:19:03 +01:00
Chris Smowton	54d08e11ca	Autoformat Go	2023-04-12 14:19:03 +01:00
Chris Smowton	6b9b4c8da0	Remove binary file	2023-04-12 14:19:03 +01:00
Chris Smowton	12f35bc6ac	Add missing tests for RevelHeader mutators	2023-04-12 14:19:02 +01:00
Chris Smowton	2024747827	Add missing tests for html.Node taint propagators The TaintTracking::FunctionModels for these appeared broken, so I suspect they had never worked.	2023-04-12 14:19:02 +01:00
Chris Smowton	8f4567349d	Add missing NewTokenizerFragment model and test	2023-04-12 14:19:02 +01:00
Chris Smowton	ed7f351be7	Add missing tests for mime/multipart.Part	2023-04-12 14:19:02 +01:00
Chris Smowton	405a56326c	Add missing tests for CertStorage	2023-04-12 14:19:02 +01:00
Chris Smowton	803b9d38cc	Add missing tests and models for json-patch	2023-04-12 14:19:02 +01:00
Chris Smowton	5e74930881	Add missing tests and models for go-pg/pg/orm.Formatter	2023-04-12 14:19:02 +01:00
Chris Smowton	0249669299	Accept test changes	2023-04-12 14:19:01 +01:00
Chris Smowton	c752777022	Accept test changes	2023-04-12 14:19:01 +01:00
Chris Smowton	a796ddb95b	Accept paths-only test changes	2023-04-12 14:19:01 +01:00
Chris Smowton	77b8103cc1	Adapt tests not to depend on TaintTracking::FunctionModel	2023-04-12 14:19:01 +01:00
Chris Smowton	2e70fada8d	Bump Go version on test referencing go 1.20 methods This turned out not to matter for the extractor, but it means we can check the build using `go build`.	2023-04-12 14:19:01 +01:00
Chris Smowton	f36a2143f5	Accept more test changes; add some missing models	2023-04-12 14:19:00 +01:00
Chris Smowton	bfc8db90af	Accept test changes This is 1x path changes without result changes, and 1x expected change since the Encode function is no longer modelled using TaintTracking::FunctionModel	2023-04-12 14:19:00 +01:00
Chris Smowton	de0caf2445	Go: mass-convert taint-flow models to models-as-data format	2023-04-12 14:18:44 +01:00
Chris Smowton	51ebc0bef2	Amend test now that DataFlowCallable != Callable	2023-04-12 14:15:54 +01:00
Chris Smowton	939a025e11	Go: hide summary nodes from path explanations This mirrors behaviours in other languages with MaD summaries	2023-04-06 16:41:44 +01:00
Owen Mansel-Chan	00fd23d7b9	Merge pull request #12396 from porcupineyhairs/GoJwtSignImprovements Go: Add more JWT sinks	2023-04-04 13:28:38 +01:00
Porcupiney Hairs	e9615c57e9	Go: Add more JWT sinks This pull requests adds modelling for `katras/iris/v12/middleware/jwt`, `katras/jwt` and `gogf/gf-jwt` frameworks.	2023-03-31 23:11:24 +05:30
Owen Mansel-Chan	8e8ffb20a3	Accept test changes caused by alert message change	2023-03-31 16:48:01 +01:00
Owen Mansel-Chan	4fa57bfb2d	Use set literal instead of regex comparison	2023-03-31 16:48:00 +01:00
Owen Mansel-Chan	a9f297c031	Use set literal instead of a conjunction	2023-03-31 16:47:59 +01:00

... 14 15 16 17 18 ...

921 Commits