hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 03:06:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,333 Commits 1,672 Branches 157 Tags
ginsbach/NewOverlayLocalJava
Commit Graph

1460 Commits

Author SHA1 Message Date
Chris Smowton
4d8ca3d759 Add dataflow callback to filter out receiver argument flow to Golang interface dispatch candidates. 
Other langauges stub the callback.
 2023-04-12 14:19:06 +01:00
Chris Smowton
7ffe863ba6 Remove addressed FIXME 
This was addressed by adding `getAPackageWithSummarizedCallables`
 2023-04-12 14:19:06 +01:00
Chris Smowton
985e07d902 pragma[nomagic] hasQualifiedName 
These are cheap and frequently-used, and magicking them with respect to `interpretPackage` was yielding expensive, unnecessary regex operations.
 2023-04-12 14:19:06 +01:00
Chris Smowton
0129167cc4 Convert Beego's MapGet method to MaD 2023-04-12 14:19:06 +01:00
Chris Smowton
b86f0cf268 Sort models 2023-04-12 14:19:06 +01:00
Chris Smowton
12527e406b Remove unnecessary model 
This referred to a private type
 2023-04-12 14:19:05 +01:00
Chris Smowton
3cea01b6c8 Fix functions with multiple models 
In some cases multiple return value outputs can be coalesced, and in others we had accidentally conflated two independent flows (e.g. Arg1 -> Arg2 | Arg3 -> Arg4 led to accidentally introducing Arg1 -> Arg4 and Arg3 -> Arg2)
 2023-04-12 14:19:05 +01:00
Chris Smowton
4a89dbc498 Revert "Remove unnecessary models" 
This reverts commit 12eaedc188487275e8cd6bed4a4318fed4d4b752.

We can't do this now, because there is nothing to guarantee an interface has actually been extracted, and therefore whether a model will get applied. Therefore explicitly modelling methods that may be interface implementations where the interface is in a different package may still make a difference to behaviour.
 2023-04-12 14:19:05 +01:00
Chris Smowton
3f6ceccbe8 US spelling 2023-04-12 14:19:05 +01:00
Chris Smowton
ed56461ed7 Remove unnecessary models 
These are inherited from Stringer, Reader, Writer and BinaryMarshaler
 2023-04-12 14:19:05 +01:00
Chris Smowton
19e8974766 Fix comment 2023-04-12 14:19:05 +01:00
Chris Smowton
1a7927d3a1 Fix x/net/html.EscapeString modelling 
This had never worked due to accidentally extending non-abstract class HtmlEscapeFunction; consequently it was neither a taint propagator in general, nor an HTML escape function. Added tests to ensure it is now behaving as intended.
 2023-04-12 14:19:04 +01:00
Chris Smowton
fa4145b5e4 Remove dead code 2023-04-12 14:19:04 +01:00
Chris Smowton
8a06ca5a43 Allow $ANYVERSION token in Go package names 2023-04-12 14:19:04 +01:00
Chris Smowton
952bc8458f Use explicit this 2023-04-12 14:19:04 +01:00
Chris Smowton
affe42b079 Use US spelling 2023-04-12 14:19:04 +01:00
Chris Smowton
aaa7f34386 Fix mixing of source and summary models 2023-04-12 14:19:04 +01:00
Chris Smowton
18d00c1116 Autoformat QL 2023-04-12 14:19:03 +01:00
Chris Smowton
8fb75f412a Consider MaD models ref whether a package should be considered an unknown external. 2023-04-12 14:19:03 +01:00
Chris Smowton
9447dfd636 Combine net/http models 2023-04-12 14:19:03 +01:00
Chris Smowton
0d306e6189 Restore versioning to one more protobuf model 2023-04-12 14:19:03 +01:00
Chris Smowton
2658a47f21 Remove another protobuf instance now handled in Protobuf.qll 2023-04-12 14:19:03 +01:00
Chris Smowton
a16d56258f Clean up protobuf models 2023-04-12 14:19:03 +01:00
Chris Smowton
95a9fcae47 Remove spurious model 
This referenced a test-specific package; these protobuf models are more than MaD can specify, so they have already moved back into Protobuf.qll.
 2023-04-12 14:19:03 +01:00
Chris Smowton
0d66b68a56 Restore more package / subpackage boundaries and alternate package names 
Note none of these alternate names are apparently tested, either before or afterwards.
 2023-04-12 14:19:03 +01:00
Chris Smowton
5e121fb4fd Restore Couchbase alternate package names 2023-04-12 14:19:03 +01:00
Chris Smowton
fd16c03fcf Add Beego v2 models 2023-04-12 14:19:02 +01:00
Chris Smowton
172ff082d3 Default to tolerating multiple package versions 
Subpackages still need to use the $ANYVERSION trick
 2023-04-12 14:19:02 +01:00
Chris Smowton
2024747827 Add missing tests for html.Node taint propagators 
The TaintTracking::FunctionModels for these appeared broken, so I suspect they had never worked.
 2023-04-12 14:19:02 +01:00
Chris Smowton
8f4567349d Add missing NewTokenizerFragment model and test 2023-04-12 14:19:02 +01:00
Chris Smowton
e6718322bb Restore query-specific FunctionModels 
MaD can't be used to introduce query-specific sumamries at the moment.
 2023-04-12 14:19:02 +01:00
Chris Smowton
803b9d38cc Add missing tests and models for json-patch 2023-04-12 14:19:02 +01:00
Chris Smowton
5e74930881 Add missing tests and models for go-pg/pg/orm.Formatter 2023-04-12 14:19:02 +01:00
Chris Smowton
3c8182b521 Format and reorder 2023-04-12 14:19:02 +01:00
Chris Smowton
9e38e8d675 Restore model of builtin copy function. 
This is another with no real signature type.
 2023-04-12 14:19:01 +01:00
Chris Smowton
c011e013e1 fixup restoration of variadic models 2023-04-12 14:19:01 +01:00
Chris Smowton
7c8db6eace Restore QL modelling for the built-in append function. 2023-04-12 14:19:01 +01:00
Chris Smowton
c8407ba323 Revert variadic functions to use non-MaD models 2023-04-12 14:19:01 +01:00
Chris Smowton
16e3acf592 Restore old-style taint models for the unsafe package 
These functions don't have proper signature types, so are not suited to MaD models
 2023-04-12 14:19:00 +01:00
Chris Smowton
2c65e68c5f Adapt HTTP response body association to MaD models 2023-04-12 14:19:00 +01:00
Chris Smowton
2677a945f3 Autoformat 2023-04-12 14:19:00 +01:00
Chris Smowton
53723479c8 Enable model inheritence by subinterfaces 
Previously only a concrete (non-interface) method could inherit such a model
 2023-04-12 14:19:00 +01:00
Chris Smowton
9c45192a4e Remove spurious duplicate models 2023-04-12 14:19:00 +01:00
Chris Smowton
c242c28af9 Use $ANYVERSION to allow applying a model to all versions of a given package 2023-04-12 14:19:00 +01:00
Chris Smowton
f36a2143f5 Accept more test changes; add some missing models 2023-04-12 14:19:00 +01:00
Chris Smowton
d49840ee8e Restore mistakenly-deleted models 2023-04-12 14:19:00 +01:00
Chris Smowton
11b457d5bf Allow - character in Go package names 2023-04-12 14:19:00 +01:00
Chris Smowton
e98c70c482 Restore mistakenly deleted model 2023-04-12 14:19:00 +01:00
Chris Smowton
1b7f529949 Restore reverse-flow models 2023-04-12 14:19:00 +01:00
Chris Smowton
de0caf2445 Go: mass-convert taint-flow models to models-as-data format 2023-04-12 14:18:44 +01:00