hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
80,824 Commits 1,672 Branches 157 Tags
ginsbach/EnableJavaOverlayCompilation
Commit Graph

921 Commits

Author SHA1 Message Date
Owen Mansel-Chan
4f10cb5fa0 Local flow tests: do not list summary models 
This is so that when we don't change the test results every time we add
a summary model for a built-in function.
 2024-05-08 16:13:37 +01:00
Owen Mansel-Chan
57ff30c5f3 Update tests: built-in models now work 2024-05-08 16:07:02 +01:00
Owen Mansel-Chan
4140942479 Update tests 2024-04-24 14:19:33 +01:00
Owen Mansel-Chan
8962307291 Add second good go file to tests 2024-04-24 14:19:29 +01:00
Owen Mansel-Chan
f828f8ea65 Merge pull request #16250 from owen-mc/go/rename-untrusted-flow-source 
Go: Rename `UntrustedFlowSource` to `RemoteFlowSource` to match other language libraries
 2024-04-24 11:37:00 +01:00
Owen Mansel-Chan
79b4890794 Also rename .expected files 2024-04-18 14:17:04 +01:00
Owen Mansel-Chan
317c335269 Rename test query files 2024-04-18 11:49:42 +01:00
Owen Mansel-Chan
db06c08141 Rename UntrustedSource to RemoteSource 
Including renaming some files (in the experimental folder).
 2024-04-18 11:49:30 +01:00
Owen Mansel-Chan
a6646021d0 Rename Untrusted Flow to Remote Flow 
Not matching case but preserving original case.
 2024-04-18 11:49:05 +01:00
Owen Mansel-Chan
a4df20da85 Rename UntrustedFlowSource to RemoteFlowSource 
Relaxed match case requirement. Again skipped one instance in an old
change note.
 2024-04-17 21:40:46 +01:00
Owen Mansel-Chan
81eaa6e327 Rename UntrustedFlowSource to RemoteFlowSource 
Relaxed whole word requirement. Again skipped one instance in an old
change note.
 2024-04-17 21:35:50 +01:00
Owen Mansel-Chan
5fba9895c6 Rename UntrustedFlowSource to RemoteFlowSource 
Only the whole word. Skipped one instance in an old change note.
 2024-04-17 21:27:32 +01:00
Owen Mansel-Chan
80c3993ddc Remove redundant test 
It was introduced in https://github.com/github/codeql-go/pull/718 in
response to https://github.com/github/codeql-go/issues/717, to check
that we don't have type assertions as sinks. We now have other tests
covering type assertions.
 2024-04-17 16:32:41 +01:00
Owen Mansel-Chan
3ad2d90014 Make type switches tranform flow state 2024-04-17 16:32:36 +01:00
Owen Mansel-Chan
611f98bca4 Make type assertions transform the flow state 2024-04-17 16:32:30 +01:00
Owen Mansel-Chan
f08a598821 Add tests for FPs: type switches, type assertions 2024-04-17 16:32:13 +01:00
Anders Schack-Mulligen
20e91f9cac Go: Update expected output (uninteresting). 2024-04-12 09:20:23 +02:00
Owen Mansel-Chan
d4bb4d4faa Merge pull request #16120 from owen-mc/go/fix/type-switch-control-flow 
Go: Fix data flow through variable defined in type switch guard
 2024-04-11 11:39:40 +01:00
Owen Mansel-Chan
1e8315d797 Merge pull request #16180 from owen-mc/go/tweak-go-tainted-path-additions 
Go: Tweak go tainted path additions
 2024-04-11 11:17:30 +01:00
Owen Mansel-Chan
c3fefa8f69 Add extra sanitizer Part.FileName() 2024-04-11 07:35:45 +01:00
Owen Mansel-Chan
1c0ef90e96 Merge pull request #15865 from owen-mc/go/extractor/no-intermediate-string-values 
Go: extractor: do not store intermediate values in long string concatenations
 2024-04-10 15:31:51 +01:00
Owen Mansel-Chan
dc3ea6c418 Merge pull request #11703 from Kwstubbs/go-taintedpath-additions 
Go: Add and Modify Sanitizers For TaintedPath
 2024-04-10 15:13:13 +01:00
Owen Mansel-Chan
5ec3934ac8 Merge branch 'main' into go/extractor/no-intermediate-string-values 2024-04-10 14:51:22 +01:00
Owen Mansel-Chan
a65b02eb28 Update test expectations 2024-04-09 10:59:06 +01:00
Owen Mansel-Chan
4ffc4f5c62 Add test for dataflow through switches 2024-04-09 10:58:42 +01:00
Owen Mansel-Chan
0ed330056d Add extra CFG test for type switch 2024-04-09 10:55:52 +01:00
Owen Mansel-Chan
8df23522f0 Delete redundant test 2024-04-09 10:55:40 +01:00
Max Schaefer
d7258f76d3 Go: Improve QHelp for go/unvalidated-url-redirection. 
The example showed a different (and better) fix from what the help claimed, but the suggestion also had a subtle bug that I fixed at the same time.
 2024-03-26 10:57:36 +00:00
Tom Hvitved
fc55567d90 Merge pull request #15853 from hvitved/dataflow/get-location 
Data flow: Replace `hasLocationInfo` with `getLocation`
 2024-03-18 20:21:46 +01:00
Tony Torralba
87b2dcc892 Adjust test expectations 2024-03-14 10:25:04 +01:00
Tom Hvitved
e4a4c18166 Go: Implement new data flow interface 2024-03-13 14:41:57 +01:00
Owen Mansel-Chan
33c17313b4 Add test for not extracting values for intermediate string concatenations 2024-03-12 11:59:10 +00:00
Kevin Stubbings
30fe4168e3 Removed filepath.base sanitizer 2024-03-11 15:08:10 -07:00
Kevin Stubbings
c9b49d3760 resolve feedback 2024-03-11 14:54:28 -07:00
Kevin Stubbings
530c76ca8b Add New Sanitizers and Modify Old Ones 2024-03-11 14:53:29 -07:00
Tony Torralba
04436208ab Merge pull request #15843 from atorralba/atorralba/go/uncontrolled-allocation-size 
Go: Promote `go/uncontrolled-allocation-size` from experimental
 2024-03-11 16:12:27 +01:00
Owen Mansel-Chan
820c14577a Merge pull request #13553 from am0o0/amammad-go-bombs 
Go: Decompression Bombs
 2024-03-10 13:48:04 +00:00
Tony Torralba
7d74125508 Go: Promote go/uncontrolled-allocation-size 2024-03-07 15:17:49 +01:00
Owen Mansel-Chan
f1115af146 Merge pull request #15130 from Malayke/main 
Go: new query for detect DOS vulnerability
 2024-03-06 11:32:57 +00:00
Tony Torralba
a264ea23c6 Go: Add SQLi sinks for Squirrel 2024-03-05 15:35:34 +01:00
Tony Torralba
a78e04eb34 Merge pull request #15795 from atorralba/atorralba/go/macaron-sources 
Go: Add Macaron sources
 2024-03-05 09:08:58 +01:00
Tony Torralba
7286f56718 Change tests to inline expectations 2024-03-04 17:29:12 +01:00
Owen Mansel-Chan
dcc2b2c50d Merge pull request #15057 from aydinnyunus/main 
Web Cache Deception Vulnerability on Go Frameworks
 2024-03-04 14:36:39 +00:00
Owen Mansel-Chan
c0974934bc Fix test expectations again 2024-03-04 14:05:04 +00:00
Owen Mansel-Chan
39a802fb98 Add new columns to test expectations 2024-03-04 13:45:54 +00:00
Owen Mansel-Chan
6a1bb9bfb0 Merge branch 'main' into main 2024-03-04 13:42:53 +00:00
Tony Torralba
fc12537699 Go: Add Macaron sources 2024-03-04 14:29:56 +01:00
Chris Smowton
9f84653283 Merge pull request #15613 from smowton/smowton/fix/golang-map-range-read-dataflow 
Golang: fix flow from a map value via a range statement
 2024-02-27 15:42:43 +00:00
Chris Smowton
a6480a4ca1 Autoformat again / tabify 2024-02-27 13:55:26 +00:00
Chris Smowton
74448c092a Autoformat / uglify 2024-02-27 13:49:12 +00:00