hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 08:43:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,879 Commits 1,670 Branches 157 Tags
main
Commit Graph

3433 Commits

Author SHA1 Message Date
Nick Rolfe
05e5502680 Go: recognize CODEQL_PATH_TRANSFORMER env var 2025-11-07 16:52:07 +00:00
Nick Rolfe
4a325986e4 Go: add extractor pack field indicating overlay support 2025-11-07 16:52:06 +00:00
Nick Rolfe
c91e5618a4 Go: add dbscheme relations for overlay support 2025-11-07 16:52:05 +00:00
github-actions[bot]
4014df9a6e Post-release preparation for codeql-cli-2.23.4 2025-11-04 17:57:52 +00:00
github-actions[bot]
64fcdd1f2f Release preparation for version 2.23.4 2025-11-03 14:52:23 +00:00
Nora Dimitrijević
0f0bd0f455 Go/SSRF 
go/ql/src/experimental/CWE-918/SSRF.ql
 2025-10-28 09:42:09 +01:00
Nora Dimitrijević
d41268fc84 Go/UnhandledCloseWritableHandle 2025-10-28 09:42:06 +01:00
Nora Dimitrijević
59a8e9b78c Go/InsufficientKeySize 2025-10-28 09:39:27 +01:00
Nora Dimitrijević
7722f31cb8 Go/DivideByZero 2025-10-28 09:39:24 +01:00
github-actions[bot]
6dd07790ac Post-release preparation for codeql-cli-2.23.3 2025-10-14 11:16:33 +00:00
Henry Mercer
9507ec0853 Fix "be be" typos 2025-10-14 11:09:43 +01:00
github-actions[bot]
33542f7d40 Release preparation for version 2.23.3 2025-10-14 09:30:24 +00:00
dependabot[bot]
500421d891 Bump the extractor-dependencies group in /go/extractor with 2 updates 
Bumps the extractor-dependencies group in /go/extractor with 2 updates: [golang.org/x/mod](https://github.com/golang/mod) and [golang.org/x/tools](https://github.com/golang/tools).


Updates `golang.org/x/mod` from 0.28.0 to 0.29.0
- [Commits](https://github.com/golang/mod/compare/v0.28.0...v0.29.0)

Updates `golang.org/x/tools` from 0.37.0 to 0.38.0
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.37.0...v0.38.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-version: 0.29.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
- dependency-name: golang.org/x/tools
  dependency-version: 0.38.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-13 03:14:48 +00:00
Owen Mansel-Chan
37151791b4 Add change notes 2025-10-09 12:26:32 +01:00
Owen Mansel-Chan
3cbce80d0b Add SimpleTypeSanitizer to go/request-forgery 2025-10-09 12:17:21 +01:00
Owen Mansel-Chan
7599fdd8fa Add request forgery test for numeric type 2025-10-09 12:17:19 +01:00
Owen Mansel-Chan
0c9cd09140 Make NumericOrBooleanSanitizer easier to access and rename it 2025-10-09 12:17:17 +01:00
Owen Mansel-Chan
f35d28de45 Change note for bug fix in go/unvalidated-url-redirection 2025-10-02 17:03:55 +01:00
Owen Mansel-Chan
cce44b1f54 Update change notes for api changes 2025-10-02 16:52:16 +01:00
Owen Mansel-Chan
4d4862899e Preserve old behaviour of Write.writesComponent 2025-10-02 16:50:18 +01:00
Owen Mansel-Chan
d8891e34d1 Small improvement to go/unhandled-writable-file-close 2025-10-02 15:15:51 +01:00
Owen Mansel-Chan
7fdda87b06 Fix go/impossible-interface-nil-check for separate post-update nodes 
When tracing back from nil checks on interfaces, ignore post-update
nodes. There will always be a corresponding pre-update node that
contains the information we want.
 2025-10-02 12:34:58 +01:00
Owen Mansel-Chan
2629369c93 Improve additional flow step for Host field 2025-10-01 16:18:05 +01:00
Owen Mansel-Chan
c006777714 Simplify PathAssignmentBarrier 2025-10-01 16:18:03 +01:00
Owen Mansel-Chan
6d6852fb8d Test PathAssignmentBarrier for OpenUrlRedirect 2025-10-01 16:18:02 +01:00
Owen Mansel-Chan
f0f5fc7eac Improve SSRF additional flow step 2025-10-01 16:18:00 +01:00
Owen Mansel-Chan
c9ce2c8043 Add test for assignment to Url.Host field 2025-10-01 16:17:58 +01:00
Owen Mansel-Chan
8b04d0a2b9 Convert SSRF tests to inline expectations tests 2025-10-01 16:17:57 +01:00
Owen Mansel-Chan
6e4dbe8e22 Fix SafeUrlFlow so test passes 2025-10-01 16:17:52 +01:00
Owen Mansel-Chan
620ae33e0c Make SafeUrlFlow test more comprehensive (failing) 2025-10-01 16:17:04 +01:00
Owen Mansel-Chan
8a21a4ff92 Deprecate WriteNode.writesComponent 2025-10-01 16:13:33 +01:00
Owen Mansel-Chan
59e3c14a5e Add and use WriteNode.writesElementPreUpdate 2025-10-01 16:13:31 +01:00
Owen Mansel-Chan
6fcd35885e Fix pointer content store step for write to field of pointer dereference 2025-10-01 16:13:29 +01:00
Owen Mansel-Chan
2ffb638b7e Delete WriteNode.writesFieldOnSsaWithFields 
This can be easily expressed in terms of `WriteNode.writesFieldPreUpdate`.
 2025-10-01 16:13:27 +01:00
Owen Mansel-Chan
489b8431ea Add and use WriteNode.writesFieldPreUpdate 2025-10-01 16:13:25 +01:00
Owen Mansel-Chan
c9a2816bfe Fix OpenUrlRedirect barrier for write to Url.Host 2025-10-01 16:13:24 +01:00
Owen Mansel-Chan
414bab1f30 Add OpenUrlRedirect tests for Url.Host field 2025-10-01 16:13:22 +01:00
Owen Mansel-Chan
1144bb99b4 Convert OpenUrlRedirect tests to InlineExpectations 2025-10-01 16:13:21 +01:00
Owen Mansel-Chan
7b426186aa Rephrase change note to avoid technical terms 2025-10-01 16:13:19 +01:00
Owen Mansel-Chan
630a8446ad Rename confusing predicate and add qldoc 2025-10-01 16:13:17 +01:00
Owen Mansel-Chan
b1bcbec37d Use slightly less confusing syntax 2025-10-01 16:13:15 +01:00
Owen Mansel-Chan
1d9a93a731 Rename helper predicate 2025-10-01 16:13:14 +01:00
Owen Mansel-Chan
4ee236d73f Delete commented out code 2025-10-01 16:13:12 +01:00
Owen Mansel-Chan
25f182302d Fix email injection sink that needs local flow 2025-10-01 16:13:10 +01:00
Owen Mansel-Chan
f5f6d64d9d Add change notes 2025-10-01 16:13:08 +01:00
Owen Mansel-Chan
52b6539697 Typo 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-10-01 16:13:06 +01:00
Owen Mansel-Chan
a9420d46c8 Fix bad join order 2025-10-01 16:13:04 +01:00
Owen Mansel-Chan
6cb69535a5 Add missing qldocs 2025-10-01 16:13:03 +01:00
Owen Mansel-Chan
5efc8ac1a4 Fix backwards flow through TaintTracking::FunctionModel 
We only do this for taint models as there isn't any backwards flow
through data flow function models.
 2025-10-01 16:13:01 +01:00
Owen Mansel-Chan
3906f2560d Adjust Stack Exposure test so it passes 
A minor bug in our CFG means that we evaluate the base of a
SliceExpr before the bounds. Since the bounds may have side
effects, as in this case, it would be better to evaluate them first.
But in the short term I am just adjusting the test to make it work.
 2025-10-01 16:12:59 +01:00