hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,334 Commits 1,671 Branches 157 Tags
ginsbach/OverlayCallerJava
Commit Graph

3040 Commits

Author SHA1 Message Date
Kasper Svendsen
e0e3a1d621 Dataflow: remove revFlowApAlias trick 2023-03-20 13:04:13 +01:00
Michael Nebel
37484a415f Sync files. 2023-03-20 09:38:40 +01:00
Kasper Svendsen
9630feb5e4 Dataflow: Remove revFlowAlias trick 2023-03-20 09:04:35 +01:00
github-actions[bot]
981e171525 Post-release preparation for codeql-cli-2.12.5 2023-03-17 13:27:00 +00:00
Chris Smowton
0cadf4d94a Merge pull request #12558 from smowton/smowton/fix/flow-to-external-api-write-only-methods 
Go: exclude `net/http.Header.Set` and `.Del` from `go/untrusted-data-to-external-api`
 2023-03-17 11:52:48 +00:00
Chris Smowton
3e9924fcd2 Add change note 2023-03-16 15:35:00 +00:00
Chris Smowton
647bd44666 Go: exclude net/http.Header.Set and .Del from go/untrusted-data-to-external-api 
These functions (and doubtless many others) are write-only with respect to their receiver argument, so it doesn't really make sense to flag externally-controlled data flowing there.
 2023-03-16 15:31:35 +00:00
Michael Nebel
3fea9e4d0b Sync files. 2023-03-16 14:12:29 +01:00
github-actions[bot]
fe4d27e8cc Release preparation for version 2.12.5 2023-03-16 12:58:50 +00:00
Tom Hvitved
bdd56f1b6e Data flow: Sync files 2023-03-14 10:01:56 +01:00
Tony Torralba
705691b096 Merge pull request #12446 from github/java/update-mad-decls-after-triage-2023-03-08T14-51-59 
Java: Update MaD Declarations after Triage
 2023-03-13 14:07:59 +01:00
Anders Schack-Mulligen
0c95ab2cdc Merge pull request #12474 from hvitved/dataflow/call-back-post-update 
Data flow: Synthesize post-update nodes for callback arguments inside summarized callables
 2023-03-13 13:21:52 +01:00
Anders Schack-Mulligen
f53a05bf13 Merge pull request #12475 from aschackmull/dataflow/mergepathgraph 
Dataflow: Add MergePathGraph module.
 2023-03-13 11:26:24 +01:00
Anders Schack-Mulligen
c380ecbbbc Data flow: Add change notes. 2023-03-13 11:09:13 +01:00
Anders Schack-Mulligen
1e64748ffe Dataflow: Autoformat. 2023-03-10 15:12:19 +01:00
Anders Schack-Mulligen
289f921171 Dataflow: Sync. 2023-03-10 14:56:54 +01:00
Anders Schack-Mulligen
00f0879ff5 Dataflow: Sync. 2023-03-10 14:56:54 +01:00
Owen Mansel-Chan
674799af8c Implement diagnostic for relative package paths 2023-03-10 12:20:44 +00:00
Owen Mansel-Chan
d6712b2111 Add test for unexpected directory layout error 2023-03-10 12:20:43 +00:00
Tom Hvitved
32a699e34a Data flow: Sync files 2023-03-10 12:43:21 +01:00
Tony Torralba
8aa80882ea Sync files 2023-03-10 12:35:13 +01:00
Anders Schack-Mulligen
159d8e978c Dataflow: one more autoformat post rebase 2023-03-10 10:04:35 +01:00
Anders Schack-Mulligen
08c658e66b Go: Autoformat 2023-03-10 09:41:20 +01:00
Owen Mansel-Chan
250a0a71e1 Merge pull request #12466 from owen-mc/update-go-diagnostics 
The source name of a diagnostic should not change
 2023-03-09 15:51:32 +00:00
Mathias Vorreiter Pedersen
59402eb754 Merge pull request #12462 from MathiasVP/disable-std-order-in-fwd-flow-stage-1 
DataFlow: Disable standard order in `Stage1::fwdFlow`
 2023-03-09 15:30:05 +00:00
Asger F
6e744093e2 Merge pull request #12398 from github/post-release-prep/codeql-cli-2.12.4 
Post-release preparation for codeql-cli-2.12.4
 2023-03-09 15:38:21 +01:00
Owen Mansel-Chan
f87b307ddb The source name of a diagnostic should not change 2023-03-09 14:00:52 +00:00
Mathias Vorreiter Pedersen
1f77f77153 DataFlow: Sync identical files. 2023-03-09 10:41:15 +00:00
Owen Mansel-Chan
55003300fe Merge pull request #12341 from owen-mc/go-tools-status 
Go: tools status page support
 2023-03-09 09:59:01 +00:00
Chris Smowton
db5bd98781 Return on failure to create file 2023-03-08 22:48:57 +00:00
Owen Mansel-Chan
820de5d36f Remove fatal/panic exits from diagnostic code 2023-03-08 22:00:34 +00:00
Owen Mansel-Chan
9fc119cc55 Rearrange diagnostic error message 
The context should come in the middle and the call to action should come
last.
 2023-03-08 17:09:52 +00:00
Owen Mansel-Chan
63d3b3ff2a Fix diagnostic-limit-reached visibility and location 2023-03-08 16:34:29 +00:00
Owen Mansel-Chan
0d6f17ec90 Do not use field internal, which is deprecated 2023-03-08 16:34:01 +00:00
Owen Mansel-Chan
17c550bc88 Address review comments 2023-03-08 15:51:45 +00:00
Chris Smowton
a63a4c29e2 Go: fix incorrect-integer-conversion sanitizer 
This was amended as part of https://github.com/github/codeql/pull/12186, but the conversion was inadequate because the new implementation didn't work when a sink (type conversion) led directly to a non-`localTaintStep` step, such as a store step or an interprocedural step. Here I move the sink back one step to the argument of the type
conversion and sanitize the result of the conversion instead, to ensure there is always a unique local successor to a sink.

This should eliminate unexpected extra results that resulted from https://github.com/github/codeql/pull/12186. Independently there are also *lost* results that stem from needing a higher `fieldFlowBranchLimit` that are not addressed in this PR, but raising that limit is a performance risk and so I will address this separately.
 2023-03-08 09:48:35 +00:00
Owen Mansel-Chan
07098bf8bf Minor refactor in diagnostics.go 2023-03-07 16:38:53 +00:00
Owen Mansel-Chan
2edccec693 Do not link to GitHub AE version of documentation 2023-03-07 16:38:53 +00:00
Owen Mansel-Chan
c28f51f820 Remove diagnostics-limit-exceeded test 
There is no way to trigger this any more.
 2023-03-07 16:38:52 +00:00
Owen Mansel-Chan
05a4fdf6d8 Put all package-not-found errors into one diagnostic 2023-03-07 16:38:52 +00:00
Owen Mansel-Chan
a4c9120a9a Update one of the diagnostic messages 2023-03-07 16:38:52 +00:00
Owen Mansel-Chan
2c5239ff7b Use full stops at the end of diagnostics messages 2023-03-07 16:38:51 +00:00
Owen Mansel-Chan
a7a10de9ea Emit diagnostic to pass fourth integration tests 2023-03-07 16:38:51 +00:00
Owen Mansel-Chan
8d28253175 Add tests for fourth diagnostic (Go files found but not processed) 2023-03-07 16:38:51 +00:00
Owen Mansel-Chan
01a2e74df7 Add test for diagnostic-limit-hit diagnostic 2023-03-07 16:38:50 +00:00
Owen Mansel-Chan
b6a9f87238 Use "go/autobuilder/" as prefix for all diagnostics 2023-03-07 16:38:50 +00:00
Owen Mansel-Chan
4907e5754f Address review comments 2023-03-07 16:38:49 +00:00
Owen Mansel-Chan
2a41e6ae66 Emit diagnostic to pass third inegration tests 2023-03-07 16:38:49 +00:00
Owen Mansel-Chan
4fe4dfbf83 Add tests for third diagnostic (package not found) 2023-03-07 16:38:49 +00:00
Owen Mansel-Chan
c0cc1c3fd5 Emit diagnostic to pass second integration test 2023-03-07 16:38:48 +00:00