hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 03:06:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,333 Commits 1,672 Branches 157 Tags
ginsbach/NewOverlayLocalJava
Commit Graph

1460 Commits

Author SHA1 Message Date
Owen Mansel-Chan
194491f3fb Convert BeegoControllerSource to MaD 2024-07-01 16:13:38 +01:00
Owen Mansel-Chan
6bc0ffe429 Convert BeegoInputSource to MaD 2024-07-01 16:13:37 +01:00
Owen Mansel-Chan
2bbd9ab4eb Change definition of BeegoInputSafeUrlSource 2024-07-01 16:13:36 +01:00
Owen Mansel-Chan
8d8af320bf Add in missing summary models for Beego 2024-07-01 16:13:34 +01:00
Arthur Baars
b12b33c8f9 Merge remote-tracking branch 'upstream/main' into 'rc/3.14' 2024-06-28 19:50:35 +02:00
Owen Mansel-Chan
418a56d385 Replace "$THISVERSION" suffix with "fixed-version:" prefix 2024-06-26 05:01:09 +01:00
Owen Mansel-Chan
081f32141c Accept review suggestion fixing a comment 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2024-06-26 05:01:09 +01:00
Owen Mansel-Chan
d4e8e4c943 Add QLDoc for majorVersionSuffixRegex 2024-06-26 05:01:09 +01:00
Owen Mansel-Chan
46d0c6ff9c Use lookahead in regex to not match e.g. "/v2foo" 2024-06-26 05:01:09 +01:00
Owen Mansel-Chan
c8a3bedf44 Move major version suffix regex into one place 2024-06-26 05:01:09 +01:00
Owen Mansel-Chan
cb2ccef5fa Refactor suffix check 2024-06-26 05:01:09 +01:00
Owen Mansel-Chan
c045e77d61 Fix QLDoc for interpretPackage 2024-06-26 05:01:09 +01:00
Owen Mansel-Chan
7d11fc2c7d Fix bug in regex 
I accidentally included a `$` at the end, so it only matched a major
version suffix at the end of the package path.
 2024-06-26 05:01:09 +01:00
Owen Mansel-Chan
a9afbfa993 Document version matching and "$THISVERSION" 2024-06-26 05:01:09 +01:00
Owen Mansel-Chan
3e2bbd38d4 Remove "$ANYVERSION" from models 2024-06-26 05:01:09 +01:00
Owen Mansel-Chan
47d946fb1c Make MaD package match any version without $ANYVERSION 
Note that if the package column contains major version suffix (like
"/v2") or if it ends with "$THISVERSION" (which is removed) then we
don't do any version matching.
 2024-06-26 05:01:09 +01:00
Owen Mansel-Chan
ea0db4d55e Add predicate for package path without "/v2" etc 2024-06-26 05:01:09 +01:00
Owen Mansel-Chan
890da5377e Merge pull request #16819 from owen-mc/go/remove-dataflowtype-optimizer-bug-workaround 
Go: Make DataFlowType a singleton (remove workaround)
 2024-06-25 10:03:08 +01:00
github-actions[bot]
fd385736e6 Post-release preparation for codeql-cli-2.17.6 2024-06-25 06:39:45 +00:00
github-actions[bot]
e32a587078 Release preparation for version 2.17.6 2024-06-24 14:33:10 +00:00
Owen Mansel-Chan
d8df38c683 Make DataFlowType a singleton (remove workaround) 2024-06-24 13:43:10 +01:00
Anders Schack-Mulligen
8c23e21073 Dataflow: Cache compatibleTypes. 2024-06-24 13:35:48 +02:00
Owen Mansel-Chan
f04a85e121 Merge pull request #16753 from owen-mc/go/misc-clean-up 
Go: a few small clean ups
 2024-06-24 10:47:21 +01:00
Owen Mansel-Chan
aa35bd771b Fix bug removing "vendor/" from package paths 2024-06-20 13:18:21 +01:00
Owen Mansel-Chan
754fd8e84c Drop leading . from getQualifiedName for built-in functions 
So it will be "panic" instead of ".panic".
 2024-06-19 22:04:21 +01:00
Owen Mansel-Chan
68a661f3c7 Write out whole function names 2024-06-19 21:58:31 +01:00
Owen Mansel-Chan
b79711b17e Move deprecated notice to top of comment 2024-06-19 21:58:28 +01:00
Ed Minnix
5bbd003dfc Reword change note 2024-06-18 12:27:21 -04:00
Ed Minnix
b53712cae0 Change note 2024-06-18 12:27:19 -04:00
Ed Minnix
6a0be6ad09 ExternalAPIs 2024-06-18 12:27:18 -04:00
Ed Minnix
cfd5f53eb0 Refactor Customizations libraries to use ThreatModelFlowSource 2024-06-18 12:27:15 -04:00
Edward Minnix III
8997f2cdf2 Merge pull request #16697 from egregius313/egregius313/go/dataflow/threat-modeling 
Go: Introduce Threat Modeling
 2024-06-18 12:25:33 -04:00
Chris Smowton
4da5d6660a Add change note 2024-06-17 16:49:09 +01:00
Chris Smowton
822f6eebfb Add support for flow through content of global variables 2024-06-17 16:42:23 +01:00
Ed Minnix
fa2c50616b Remove getSourceType definitions 2024-06-17 10:57:11 -04:00
Ed Minnix
7f19f449eb Change note 2024-06-17 10:51:10 -04:00
Ed Minnix
49fb372eb9 Add getSourceType declarations to existing remote flow sources 2024-06-17 10:51:09 -04:00
Ed Minnix
df6449cfc7 Go: Add the SourceNode and ThreatModelFlowSource classes 2024-06-17 10:51:07 -04:00
Ed Minnix
b697068e9a Go: Add threat modeling shared library 2024-06-17 10:51:06 -04:00
Owen Mansel-Chan
24c9062b35 Merge pull request #16671 from owen-mc/go/mad-builtin-taint-models-try-2 
Go: Convert old-style models for built-ins to MaD
 2024-06-11 19:45:34 +01:00
Owen Mansel-Chan
700604a1c2 Convert old-style models for built-ins to MaD 
These models are to cover the special cases where `append` can be used
with a second argument which is a string followed by `...`, and `copy`
can be used with a second argument which is a string. In this case the
taint is carried by the whole string, rather than in array elements.
 2024-06-11 16:16:45 +01:00
github-actions[bot]
8a25081a0e Post-release preparation for codeql-cli-2.17.5 2024-06-10 15:33:08 +00:00
github-actions[bot]
877bfa2468 Release preparation for version 2.17.5 2024-06-10 13:40:39 +00:00
Anders Schack-Mulligen
a26c01d7c7 Go: Add support for pretty-printed provenace in tests. Convert one test. 2024-06-07 11:47:45 +02:00
Owen Mansel-Chan
44a56c420f Merge pull request #16558 from owen-mc/go/sync-external-flow 
Go: sync ExternalFlow.qll
 2024-06-05 11:31:34 +01:00
Owen Mansel-Chan
60970ff015 Merge pull request #16571 from owen-mc/go/remove-step-duplication-in-config 
Go: remove flow step duplication in configs
 2024-06-04 12:57:26 +01:00
Owen Mansel-Chan
cbbdd01d5a Reinstate more descriptive QLDoc 2024-06-04 11:46:05 +01:00
Owen Mansel-Chan
7356e747e4 Add change note 2024-06-04 11:46:04 +01:00
Owen Mansel-Chan
6e67e724b4 Update documentation for receiver instead of -1 2024-06-04 11:46:02 +01:00
Owen Mansel-Chan
18fa454d33 Replace Argument[-1] with Argument[receiver] 2024-06-04 11:45:59 +01:00