1460 Commits

Author	SHA1	Message	Date
Owen Mansel-Chan	90f07d2116	Add pragma[nomagic] to member 'succ0'	2024-01-03 16:54:58 +00:00
Owen Mansel-Chan	697aa609f4	Merge pull request #15211 from owen-mc/go/redefine-successfully-extracted-files ... Go: report any extracted file as successfully extracted	2024-01-03 16:07:09 +00:00
Owen Mansel-Chan	14cffc3170	Merge pull request #15128 from owen-mc/go/fix-fp-incorrect-integer-conversion-signedness ... Go: fix FP in incorrect integer conversion query relating to strict comparisons with MaxInt and MaxUint	2024-01-03 14:57:34 +00:00
Owen Mansel-Chan	bb44141390	Add QLDoc for succ0	2024-01-03 14:55:56 +00:00
Owen Mansel-Chan	032574f3d1	Make succ0 private	2024-01-03 14:55:42 +00:00
Owen Mansel-Chan	6ecf6ea3ac	Rename succSimple to succ0	2024-01-03 14:51:57 +00:00
Owen Mansel-Chan	9f8b5bccc2	Go: report any extracted file as successfully extracted	2024-01-02 21:39:28 +00:00
Owen Mansel-Chan	19c5d1fd1d	Merge pull request #15181 from felickz/go-xxe-libxml2 ... GO - Add sink for libxml2 in go/xml/xpath-injection via XPath.qll	2023-12-24 22:04:46 +00:00
Chad Bentz	730f6ed5b0	Merge branch 'main' into go-xxe-libxml2	2023-12-22 11:57:43 -05:00
Chad Bentz	86c258df7e	mention sinks in changelog	2023-12-22 16:56:54 +00:00
Chad Bentz	cf25cc9531	Add docs	2023-12-22 16:53:21 +00:00
Aditya Sharad	b1803d0ac2	Merge rc/3.12 into main	2023-12-21 16:40:51 -08:00
Chad Bentz	4c46be1ed0	Use 3 arg overload on Method for hasQualifiedName for Package/Name/Type	2023-12-21 00:23:01 +00:00
Owen Mansel-Chan	9697d76c2d	Stratify CFG::succ to avoid recursion ... The first level doesn't deal with defer statements properly. The second level usees the first level to deal with them properly.	2023-12-19 21:33:13 +00:00
github-actions[bot]	8f72b0e4f7	Post-release preparation for codeql-cli-2.15.5	2023-12-19 10:32:57 +00:00
github-actions[bot]	19af35b29a	Release preparation for version 2.15.5	2023-12-18 21:22:44 +00:00
Owen Mansel-Chan	e45e92eaa7	Fix MaxIntOrMaxUint.isBoundFor ... It was wrong for strictnessOffset = 1 before.	2023-12-17 06:16:33 +00:00
amammad	d84333dad8	added *ReadBody* Methods as UntrustedFlowSource	2023-12-14 15:31:09 +01:00
Anders Schack-Mulligen	a1068ce2f9	Dataflow: deprecate references	2023-12-14 15:05:33 +01:00
Tom Hvitved	c8b4a215bc	Merge pull request #14573 from hvitved/flow-summary-impl-param ... Move `FlowSummaryImpl.qll` to `dataflow` pack	2023-12-14 12:24:15 +01:00
Tom Hvitved	098afb935b	Address more review comments	2023-12-14 09:48:45 +01:00
Jeroen Ketema	99e65df6ce	Merge remote-tracking branch 'upstream/rc/3.12' into mb12	2023-12-13 15:43:39 +01:00
Owen Mansel-Chan	5675df842e	Merge pull request #15054 from owen-mc/go/find-more-callees-for-captured-variables ... Go: Also follow jump steps when looking for a callee source	2023-12-12 15:49:15 +00:00
Chad Bentz	2d33f86d41	Initial Push ... - Sample test (test not compiling) - Stubs not generating	2023-12-12 15:00:00 +00:00
Owen Mansel-Chan	0fb58caa8c	Update go/ql/lib/change-notes/2023-12-08-find-more-callees-for-captured-functions.md ... Co-authored-by: Chris Smowton <smowton@github.com>	2023-12-11 20:42:48 +00:00
amammad	cc5416406f	added more sinks related to io.Writer of BodyWriter	2023-12-10 22:06:27 +01:00
amammad	b6aaff2e64	use SimpleGlobal with source and sink to find BodyWriter successors globally	2023-12-10 15:45:42 +01:00
Tom Hvitved	35c654aa76	Go: Use FlowSummaryImpl from dataflow pack	2023-12-10 11:25:44 +01:00
Owen Mansel-Chan	2e2a82c237	Add change note	2023-12-08 23:33:58 +00:00
Owen Mansel-Chan	40b3598fd0	Also follow jump steps when looking for a callee source ... This is needed because capturing a variable is a jump step and we want to find a callee source for captured functions.	2023-12-08 18:44:14 +00:00
amammad	a3fbc3c20c	fix ResponseBody Class issues	2023-12-07 19:36:27 +01:00
amammad	dbf01a9284	fix an issue in ResponseBody, change isHTMLEscape to isHtmlEscape	2023-12-07 08:52:55 +01:00
github-actions[bot]	92af5f5386	Post-release preparation for codeql-cli-2.15.4	2023-12-06 22:59:22 +00:00
github-actions[bot]	c04457e9e7	Release preparation for version 2.15.4	2023-12-06 21:11:50 +00:00
amammad	20a3211d06	move sanitizers from sharedxss::sanitizer to EscapeFunction::Range, added proper inline tests	2023-12-06 16:19:34 +01:00
amammad	3e0ed0090f	added BodyWriter Sink, added proper content-type header in tests to comply new changed xss strategy	2023-12-06 16:00:36 +01:00
amammad	d3099ff482	fix tests, move from SharedXss::Sink to Http::* classes	2023-12-06 15:52:50 +01:00
Anders Schack-Mulligen	67f0529cda	Dataflow: Sync.	2023-12-04 12:36:57 +01:00
amammad	ffe2e398c9	fix tests, add support for Response.BodyWriter() Thanks to @owen-mc	2023-11-25 15:36:37 +01:00
amammad	accc09fd8c	Lists of strings should be in alphabetical order. In a QLDoc, there should be a full stop at the end of each sentence. shorter model summary. change target from getACall() to getACall().getResult(.). better tests	2023-11-25 13:36:06 +01:00
Owen Mansel-Chan	6f9a70475d	Merge pull request #14882 from owen-mc/go/minor-fixes ... Go: improve CallNode documentation	2023-11-24 10:36:07 +00:00
Owen Mansel-Chan	25a2aef623	Update library name in change note	2023-11-23 13:42:21 +00:00
Owen Mansel-Chan	25d5104468	Change how we refer to a query in a change note	2023-11-23 13:22:05 +00:00
Owen Mansel-Chan	dd8fb29a65	Improve QLDocs of CallNode and MethodCallNode ... When a function is assigned to a variable and called through that variable then we can't always tell it was a method.	2023-11-22 16:32:10 +00:00
Kevin Stubbings	d7e2fbc11d	Finish	2023-11-21 14:27:17 -08:00
Owen Mansel-Chan	b147bacd48	Merge branch 'main' into amammad-go-fastHttp	2023-11-21 21:36:11 +00:00
amammad	2ad59a5403	fix SSRF sinks	2023-11-21 18:46:35 +01:00
Owen Mansel-Chan	d26dc68baa	Merge pull request #14798 from owen-mc/go/improve-value-flow-through-slice-exprs ... Go: model value flow with array content through slice expressions	2023-11-21 11:50:08 +00:00
Kevin Stubbings	9958ad904c	thesame	2023-11-20 23:40:55 -08:00
Kevin Stubbings	28288e0d23	basic2	2023-11-20 23:40:55 -08:00