hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,334 Commits 1,671 Branches 157 Tags
ginsbach/OverlayCallerJava
Commit Graph

3040 Commits

Author SHA1 Message Date
amammad
0efb00724d Add hasFlowToComparison to all sinks as a sanitizer 2024-01-15 00:05:11 +04:00
Tony Torralba
448439e76b Merge pull request #15294 from atorralba/atorralba/go/insecure-randomness-index-flowstep 
Go: Recognize unsafe candidate selection in `go/insecure-randomness`
 2024-01-12 11:08:56 +01:00
Tony Torralba
31c11add85 Updated change note 2024-01-12 08:55:24 +01:00
dependabot[bot]
dd08c31dc5 Bump the extractor-dependencies group in /go/extractor with 1 update 
Bumps the extractor-dependencies group in /go/extractor with 1 update: [golang.org/x/tools](https://github.com/golang/tools).


Updates `golang.org/x/tools` from 0.16.1 to 0.17.0
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.16.1...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-12 03:24:29 +00:00
Tony Torralba
12c5b46a0a Reduce FPs 
* Restrict allowed types in the flow step

* Discard more non-crypto-related TLS APIs
 2024-01-11 16:20:46 +01:00
Tony Torralba
05b487e3a6 Go: Recognize unsafe candidate selection in go/insecure-randomness 2024-01-11 11:58:12 +01:00
github-actions[bot]
7db46b6ab6 Add changed framework coverage reports 2024-01-11 00:16:44 +00:00
Tony Torralba
5e8c63c3aa Use arg position instead of arg as class field to reduce number of instances 2024-01-10 14:12:29 +01:00
Tony Torralba
78c0cdfa2c Apply suggestions from code review 
co-authored-by: Owen Mansel-Chan <owen-mc@github.com>
 2024-01-10 13:33:41 +01:00
Tony Torralba
3534f692dc Fix test expectations 
Barrier-in addition removes an overlapping path
 2024-01-10 13:33:41 +01:00
Tony Torralba
80526e509e Go: Adds sources and sinks to go/clear-text-logging 2024-01-10 13:33:41 +01:00
Tony Torralba
ca0a1dc7ae Merge pull request #15267 from atorralba/atorralba/go/fmt-appenderorsprinter-mad 
Go: Migrate AppenderOrSprinter model to models-as-data
 2024-01-10 13:31:19 +01:00
Tony Torralba
46df5857ec Update test expectations 2024-01-10 12:31:02 +01:00
Tony Torralba
dc911c3f28 Apply suggestions from code review 
co-authored-by: Owen Mansel-Chan <owen-mc@github.com>
 2024-01-10 11:53:53 +01:00
Tony Torralba
a0f6b5ea10 Update test expectations 2024-01-09 17:00:20 +01:00
Tony Torralba
da4049e25c Go: Migrate AppenderOrSprinter model to models-as-data 2024-01-09 16:35:47 +01:00
Tom Hvitved
f90201eb56 Data flow: Remove column from mayBenefitFromCallContext 2024-01-09 11:34:43 +01:00
github-actions[bot]
a6c8cc9551 Release preparation for version 2.16.0 2024-01-08 13:11:26 +00:00
Owen Mansel-Chan
6f9242b1cb Merge pull request #15162 from owen-mc/go/stratify-cfg-succ 
Go: Stratify `CFG::succ` to avoid recursion
 2024-01-04 14:11:25 +00:00
Owen Mansel-Chan
e2e91ebe1c Fix capitalization in predicate name 
This was introduced by a copy-paste error
 2024-01-04 07:08:37 +00:00
Owen Mansel-Chan
dfd25f705d Add pragma[nomagic] to top-level succ0 and remove cached 2024-01-04 07:06:55 +00:00
Owen Mansel-Chan
90f07d2116 Add pragma[nomagic] to member 'succ0' 2024-01-03 16:54:58 +00:00
Owen Mansel-Chan
697aa609f4 Merge pull request #15211 from owen-mc/go/redefine-successfully-extracted-files 
Go: report any extracted file as successfully extracted
 2024-01-03 16:07:09 +00:00
Owen Mansel-Chan
14cffc3170 Merge pull request #15128 from owen-mc/go/fix-fp-incorrect-integer-conversion-signedness 
Go: fix FP in incorrect integer conversion query relating to strict comparisons with MaxInt and MaxUint
 2024-01-03 14:57:34 +00:00
Owen Mansel-Chan
bb44141390 Add QLDoc for succ0 2024-01-03 14:55:56 +00:00
Owen Mansel-Chan
032574f3d1 Make succ0 private 2024-01-03 14:55:42 +00:00
Owen Mansel-Chan
6ecf6ea3ac Rename succSimple to succ0 2024-01-03 14:51:57 +00:00
Owen Mansel-Chan
0279e4903f Mention query in change note 2024-01-03 13:02:49 +00:00
Owen Mansel-Chan
13b00bae17 Update test expectation 2024-01-02 22:38:30 +00:00
Owen Mansel-Chan
9f8b5bccc2 Go: report any extracted file as successfully extracted 2024-01-02 21:39:28 +00:00
Owen Mansel-Chan
19c5d1fd1d Merge pull request #15181 from felickz/go-xxe-libxml2 
GO - Add sink for libxml2 in go/xml/xpath-injection via XPath.qll
 2023-12-24 22:04:46 +00:00
Chad Bentz
730f6ed5b0 Merge branch 'main' into go-xxe-libxml2 2023-12-22 11:57:43 -05:00
Chad Bentz
86c258df7e mention sinks in changelog 2023-12-22 16:56:54 +00:00
Chad Bentz
cf25cc9531 Add docs 2023-12-22 16:53:21 +00:00
Aditya Sharad
b1803d0ac2 Merge rc/3.12 into main 2023-12-21 16:40:51 -08:00
Chad Bentz
7c93a2c825 Add const XMLParseNoEnt to stub 2023-12-21 00:49:14 +00:00
Chad Bentz
667861f575 depstubber with latest change 
- still failing with ./tst.go:195:25: undefined: parser.XMLParseNoEnt
 2023-12-21 00:42:37 +00:00
Chad Bentz
6f3867d804 stub the type Parser + the function New 
(it will automatically make stubs for all the methods on that type)

Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2023-12-20 19:25:48 -05:00
Chad Bentz
4c46be1ed0 Use 3 arg overload on Method for hasQualifiedName for Package/Name/Type 2023-12-21 00:23:01 +00:00
Owen Mansel-Chan
9697d76c2d Stratify CFG::succ to avoid recursion 
The first level doesn't deal with defer statements properly.
The second level usees the first level to deal with them properly.
 2023-12-19 21:33:13 +00:00
github-actions[bot]
8f72b0e4f7 Post-release preparation for codeql-cli-2.15.5 2023-12-19 10:32:57 +00:00
github-actions[bot]
19af35b29a Release preparation for version 2.15.5 2023-12-18 21:22:44 +00:00
amammad
a72bd7efcc add GOOD and BAD comment to sinks, some chore improvements on tests 2023-12-17 20:07:16 +01:00
amammad
87b1028aab fix pgzip missed sink, apply isBarrier directly to CopyN sink, add new flow state for pgzip 2023-12-17 19:55:50 +01:00
Owen Mansel-Chan
5a2c48f37f Add change note 2023-12-17 06:28:35 +00:00
Owen Mansel-Chan
e45e92eaa7 Fix MaxIntOrMaxUint.isBoundFor 
It was wrong for strictnessOffset = 1 before.
 2023-12-17 06:16:33 +00:00
Owen Mansel-Chan
36c4f5d1b2 Add failing test 
The cause of the test failure is confusion about
whether the architecture is 32 bit or 64 bit.
 2023-12-17 04:43:14 +00:00
Malayke
ac465b9234 Merge branch 'github:main' into main 2023-12-16 18:02:14 +08:00
Chad Bentz
b02bac5190 Test run 2023-12-15 22:55:10 +00:00
Yunus AYDIN
8a7c3c19fe Merge branch 'main' into main 2023-12-15 09:05:50 +03:00