hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,884 Commits 1,671 Branches 157 Tags
main
Commit Graph

2823 Commits

Author SHA1 Message Date
Nick Rolfe
43d14c28c2 Tweak changenotes 2025-07-22 15:06:09 +01:00
github-actions[bot]
997547b8ef Release preparation for version 2.22.2 2025-07-22 14:04:14 +00:00
Nick Rolfe
825c813095 Revert "Release preparation for version 2.22.2" 2025-07-22 14:33:45 +01:00
Nick Rolfe
74cd982aca Tweak changenotes 2025-07-22 09:51:52 +01:00
Owen Mansel-Chan
e2f3c9d1b6 Reword change note 2025-07-22 00:09:37 +01:00
Kevin Stubbings
b4b848a25c Fix tests and simplify sanitizer 2025-07-21 21:53:35 +00:00
github-actions[bot]
c8632b70b7 Release preparation for version 2.22.2 2025-07-21 16:45:45 +00:00
Nick Rolfe
ad9b637bec Revert "Merge pull request #19994 from github/post-release-prep/codeql-cli-2.22.2" 
This reverts commit e5b4a15e35, reversing
changes made to 33e63109bb.
 2025-07-21 15:18:59 +01:00
Nora Dimitrijević
8824677e87 [DIFF-INFORMED] Go: BadRedirectCheck 2025-07-17 11:46:54 +02:00
Nora Dimitrijević
b4010ac2b4 [DIFF-INFORMED] Go: InsecureHostKeyCallback 2025-07-17 11:46:53 +02:00
Nora Dimitrijević
188fc0d933 [DIFF-INFORMED] Go: UnhandledCloseWritableHandle 2025-07-17 11:46:51 +02:00
Nora Dimitrijević
7b759f44f8 [DIFF-INFORMED] Go: AuthCookie 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/experimental/CWE-1004/CookieWithoutHttpOnly.ql#L97
 2025-07-17 11:46:49 +02:00
Nora Dimitrijević
a1fe72c423 [DIFF-INFORMED] Go: SSRF 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/experimental/CWE-918/SSRF.ql#L23
 2025-07-17 11:46:47 +02:00
Nora Dimitrijević
7bd6703f19 [DIFF-INFORMED] Go: ConditionalBypass 2025-07-17 11:46:46 +02:00
Nora Dimitrijević
19b373aa90 [DIFF-INFORMED] Go: SensitiveConditionBypass 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/experimental/CWE-807/SensitiveConditionBypass.ql#L33
 2025-07-17 11:46:44 +02:00
Nora Dimitrijević
d6ef585110 [DIFF-INFORMED] Go: RequestForgery, SafeUrlFlow 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-918/RequestForgery.ql#L21
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-601/OpenUrlRedirect.ql#L24
 2025-07-17 11:46:42 +02:00
Nora Dimitrijević
8c8625d912 [DIFF-INFORMED] Go: ReflectedXss 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-079/ReflectedXss.ql#L23
 2025-07-17 11:46:40 +02:00
Nora Dimitrijević
4b473622bc [DIFF-INFORMED] Go: InsecureRandomness 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-338/InsecureRandomness.ql#L19
 2025-07-17 11:46:39 +02:00
Nora Dimitrijević
ce7eb9b16a [DIFF-INFORMED] Go: IncorrectIntegerConversion 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-681/IncorrectIntegerConversionQuery.ql#L23
 2025-07-17 11:46:37 +02:00
Nora Dimitrijević
f228818b1f [DIFF-INFORMED] Go: HardcodedCredentials 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-798/HardcodedCredentials.ql#L62
 2025-07-17 11:46:35 +02:00
Nora Dimitrijević
109f6ddc2d [DIFF-INFORMED] Go: ExternalAPIs 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql#L18
 2025-07-17 11:46:33 +02:00
Nora Dimitrijević
89f760460b [DIFF-INFORMED] Go: CommandInjection 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-078/CommandInjection.ql#L28
 2025-07-17 11:46:30 +02:00
Nora Dimitrijević
e0d16a863b [DIFF-INFORMED] Go: AllocationSizeOverflow 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-190/AllocationSizeOverflow.ql#L24
 2025-07-17 11:46:29 +02:00
Owen Mansel-Chan
53e1939b60 Merge pull request #20053 from owen-mc/go/fix-dataflowconsistency 
Go: Fix compilation of DataFlowImplConsistency.qll
 2025-07-17 09:22:12 +01:00
Kevin Stubbings
f86152d3bd Add sanitizer changes and fix test 2025-07-16 21:27:33 +00:00
Kevin Stubbings
504ae0f35a Update go path sanitizers and sinks 2025-07-16 06:12:45 +00:00
Chris Smowton
b71f9ae240 Fix function qname 2025-07-15 16:37:30 +01:00
Chris Smowton
ac72f8523a Change note 2025-07-15 14:51:19 +01:00
Chris Smowton
c8eefb7c5c Golang: Mark filepath.IsLocal as a tainted-path sanitizer guard 2025-07-15 14:47:17 +01:00
Owen Mansel-Chan
9661ee407f Fix compilation of DataFlowImplConsistency.qll 2025-07-15 13:51:45 +01:00
Owen Mansel-Chan
391e9f7471 Merge pull request #20000 from owen-mc/go/request-forgery 
Go: Add `Head` and `Client.Head` from `net/http` as request forgery sinks
 2025-07-12 00:30:23 +01:00
Owen Mansel-Chan
a5333ae1a1 Add change note 2025-07-08 16:51:22 +01:00
Owen Mansel-Chan
990043ce86 Add net/http.Head and net/http.Client.Head as client requests 
They were previously deliberately excluded.
 2025-07-08 14:31:48 +01:00
Owen Mansel-Chan
71703aa497 Improve formatting of some QL 2025-07-08 14:29:11 +01:00
Owen Mansel-Chan
d437a096f1 Test more client request URL sinks 2025-07-08 13:20:04 +01:00
github-actions[bot]
24a0ac1223 Post-release preparation for codeql-cli-2.22.2 2025-07-07 18:15:04 +00:00
github-actions[bot]
f12daefabe Release preparation for version 2.22.2 2025-07-07 14:00:26 +00:00
Owen Mansel-Chan
0788a90d88 Convert RequestForgery test to inline expectations 2025-07-04 16:56:05 +01:00
Owen Mansel-Chan
d10b9e665c Fix linter warnings in Request Forgery tests 2025-07-04 16:55:09 +01:00
Michael Nebel
d926a6a47d Go: Freeze the quality queries in the security-and-quality suite. 2025-06-26 14:35:21 +02:00
Owen Mansel-Chan
9663ecad21 Avoid using deprecated class 2025-06-26 01:46:14 +01:00
Owen Mansel-Chan
0f07ab58cf Merge pull request #19654 from owen-mc/go/fix-definedtype-getbasetype 
Go: fix `DefinedType.getBaseType`
 2025-06-26 00:19:19 +01:00
Owen Mansel-Chan
d7b1d7bef4 Merge pull request #19677 from owen-mc/go/better-class-names-and-helpers 
Go: Improve two class names and add some helper predicates
 2025-06-26 00:17:32 +01:00
Chris Smowton
2291e10ce6 Fix typo 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-06-25 21:38:22 +02:00
Nora Dimitrijević
c4a385fa6a Merge pull request #19817 from d10c/d10c/convert-tests-to-qlref 
Convert remaining `{go,swift,ruby}-code-scanning.qls` query tests to `.qlref`
 2025-06-24 16:31:13 +02:00
Nora Dimitrijević
cf92b0e91b Go: convert IncorrectIntegerConversion test to .qlref 2025-06-24 14:57:48 +02:00
Nora Dimitrijević
76a3306c63 Go: convert UncontrolledAllocationSize test to .qlref 2025-06-24 14:57:44 +02:00
github-actions[bot]
6972c7a872 Post-release preparation for codeql-cli-2.22.1 2025-06-24 12:55:14 +00:00
github-actions[bot]
3e074b2425 Release preparation for version 2.22.1 2025-06-24 08:55:31 +00:00
Nora Dimitrijević
b62a6db314 Merge pull request #19760 from d10c/d10c/go/diff-informed-2 
Go: mass-enable diff-informed queries phase 2 - `getASelected{Source,Sink}Location() { none() }`
 2025-06-19 14:44:56 +02:00