hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,334 Commits 1,671 Branches 157 Tags
ginsbach/OverlayCallerJava
Commit Graph

3040 Commits

Author SHA1 Message Date
Owen Mansel-Chan
1f6cdc7eda Make OpenURLRedirect use new API 
The extra nodes in .expected files are due to the changes from
https://github.com/github/codeql/pull/13717, which are not applied to
configuration classes extending DataFlow::Configuration or
TaintTracking::Configuration.

Removed nodes and edges were only there originally due to multiple
configurations being in scope. `DataFlow::PathNode` has union semantics
for configurations. Nodes are only generated if they are reachable from
a source, but this includes sources from other configurations.
 2023-08-10 15:48:55 +01:00
Owen Mansel-Chan
d2a5d19439 Make SafeUrlFlow use new API 2023-08-10 15:48:54 +01:00
Owen Mansel-Chan
97c32970a0 Make RequestForgery use new API 
The extra nodes in .expected files are due to the changes from
https://github.com/github/codeql/pull/13717, which are not applied to
configuration classes extending DataFlow::Configuration or
TaintTracking::Configuration.
 2023-08-10 15:48:53 +01:00
Owen Mansel-Chan
1c2536321c Make ReflectedXss use new API 2023-08-10 15:48:51 +01:00
Owen Mansel-Chan
3d9f8d50bc Make InsecureRandomness use new API 2023-08-10 15:48:50 +01:00
Michael B. Gale
87c089e0a8 Make CommandInjection.qll use new API 
The new `edges` and `nodes` sections in the .expected files are because
the PathGraph module was not imported in the tests before, and thus
these query predicates were not in scope.
 2023-08-10 15:48:48 +01:00
Michael B. Gale
957757c271 Make UntrustedDataToUnknownExternalAPI use new API 2023-08-10 15:48:47 +01:00
Michael B. Gale
d6919dd57b Make UntrustedDataToExternalAPI use new API 2023-08-10 15:48:46 +01:00
Michael B. Gale
82a1b15d11 Make AllocationSizeOverflow use new API 
The extra nodes in .expected files are due to the changes from
https://github.com/github/codeql/pull/13717, which are not applied to
configuration classes extending DataFlow::Configuration or
TaintTracking::Configuration.
 2023-08-10 15:48:44 +01:00
github-actions[bot]
432c21d4fb Post-release preparation for codeql-cli-2.14.2 2023-08-09 18:45:18 +00:00
Michael B. Gale
9da749ad77 Bump Go extractor dependencies 2023-08-08 22:23:47 +01:00
github-actions[bot]
79c90fa36a Release preparation for version 2.14.2 2023-08-07 18:08:52 +00:00
Jeroen Ketema
8b6a7985db Refactor the traint-tracking library to follow the dataflow library refactoring 2023-08-07 15:23:15 +02:00
Jeroen Ketema
5d2984b7a5 Merge branch 'main' into shared-taint-tracking 2023-08-07 15:22:29 +02:00
Tom Hvitved
56e19411d0 Go: Adjust to data flow refactor 2023-08-07 11:35:22 +02:00
amammad
f79bd2a071 added remote flow sources related to multipart upload, added flag package command line source 2023-08-06 06:49:35 +10:00
Jeroen Ketema
747cd1745a Update all languages to use the shared taint-tracking library 2023-08-04 22:53:25 +02:00
Mathias Vorreiter Pedersen
abe3a816ce Merge pull request #13851 from MathiasVP/sink-without-states 
DataFlow: Support stateless `isSink` in `StateConfigSig`s
 2023-08-04 18:01:42 +02:00
Chris Smowton
8702efda1e Merge pull request #13835 from github/smowton/fix/logrus-with-context 
Don't treat logrus' WithContext method as a logging function
 2023-08-03 09:57:30 +01:00
Kevin Stubbings
8960453662 Add sanitizer to remove http.Error sink 2023-08-02 16:56:14 -07:00
Owen Mansel-Chan
ff5409fec7 Merge pull request #13785 from owen-mc/go/change-golangSpecificParamArgFilter 
Go: Avoid using getTarget() as it may not exist
 2023-08-02 15:40:40 +01:00
Mathias Vorreiter Pedersen
3007fdab5e Sync identical files. 2023-08-02 14:33:33 +02:00
Anders Schack-Mulligen
7bc8bf616f Merge pull request #13863 from aschackmull/dataflow/pack4 
Dataflow: Move the shared library to a properly shared qlpack.
 2023-08-02 14:19:49 +02:00
Anders Schack-Mulligen
21eb78ea5e Go: Adjust to use the qlpack data-flow api. 2023-08-01 14:02:33 +02:00
Owen Mansel-Chan
dbc6868bc1 Update go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2023-08-01 12:23:49 +01:00
Owen Mansel-Chan
5a5e921ee7 Merge pull request #13846 from owen-mc/go/better-baselines 
Go: Add language-specific baseline configuration
 2023-08-01 07:14:43 +01:00
Owen Mansel-Chan
d98079d72c Apply suggestions from code review 
Co-authored-by: Henry Mercer <henry.mercer@me.com>
 2023-07-31 16:49:11 +01:00
Owen Mansel-Chan
3d495bdd43 Add new files to CODEQL_TOOLS in Makefile 2023-07-31 16:12:52 +01:00
Owen Mansel-Chan
47a536c85d Always output valid JSON containing paths-ignore 2023-07-31 16:09:47 +01:00
amammad
7ce825c5ea convert to module based dataflow 2023-07-31 22:43:45 +10:00
amammad
ab7e797fff it seems that I must use both isSink and isSource with flow states! 2023-07-31 20:00:59 +10:00
amammad
26f1091d5f fix a mistake :( 2023-07-31 19:48:21 +10:00
amammad
56d0254d2b fix ReadAll argumrnt number 2023-07-31 19:37:28 +10:00
amammad
4ee54738fa fix a mistake :( 2023-07-31 19:36:21 +10:00
amammad
260c111932 put comment about detecting https://github.com/advisories/GHSA-jpxj-2jvg-6jv9 2023-07-31 19:32:22 +10:00
amammad
1b598c8683 v1.2 make better sinks 2023-07-31 19:26:18 +10:00
Porcupiney Hairs
74e5c15eaa Go : Improvements to Timing Attacks query 2023-07-31 06:30:47 +05:30
Owen Mansel-Chan
b5518047fa Go: Add language-specific baseline configuration 2023-07-30 21:52:33 +01:00
amammad
f1918fb4e0 v1.1 2023-07-31 05:11:09 +10:00
Owen Mansel-Chan
0895853a23 Delete unused testing predicate 2023-07-28 17:09:53 +01:00
Owen Mansel-Chan
00d5cb737c Different approach to avoiding getTarget() 2023-07-28 17:00:36 +01:00
Owen Mansel-Chan
d2b8d836e9 Avoid using getTarget() as it may not exist 
Try to also deal with the case that we are calling a function
through a variable that it has been assigned to.
 2023-07-28 17:00:34 +01:00
Chris Smowton
f08879a2df Format; add change note 2023-07-28 14:16:30 +01:00
Chris Smowton
6fa2d2764d Don't treat logrus' WithContext method as a logging function 
This isn't output by the default formatters (though a custom formatter could potentially output things stored in it)
 2023-07-28 14:11:03 +01:00
Owen Mansel-Chan
e0cc337c71 Fix DataFlow::MergePathGraph3 
Need to get the signatures correct.
 2023-07-26 21:48:08 +01:00
Owen Mansel-Chan
f40bcd0cdd Merge pull request #13824 from owen-mc/go/fix-compiler-error-messages-for-1.20.6 
Go: Compiler error messages changed in Go 1.20.6
 2023-07-26 21:46:54 +01:00
Owen Mansel-Chan
778de6b5d2 Compiler error messages changed in Go 1.20.6 2023-07-26 16:55:26 +01:00
github-actions[bot]
f91b7a9342 Post-release preparation for codeql-cli-2.14.1 2023-07-21 16:16:25 +00:00
github-actions[bot]
c936a920b0 Release preparation for version 2.14.1 2023-07-20 16:32:27 +00:00
Chris Smowton
8e63bd6c78 Correct Golang change note format 2023-07-20 16:40:18 +01:00