hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,658 Commits 1,672 Branches 157 Tags
rust-ti-implementing-type-method
Commit Graph

3054 Commits

Author SHA1 Message Date
amammad
b6aaff2e64 use SimpleGlobal with source and sink to find BodyWriter successors globally 2023-12-10 15:45:42 +01:00
Tom Hvitved
35c654aa76 Go: Use FlowSummaryImpl from dataflow pack 2023-12-10 11:25:44 +01:00
Yunus AYDIN
0813199c7f Update vendor directory and go files 2023-12-10 01:24:29 +03:00
Yunus AYDIN
a925c23d14 Add go.mod and modules.txt 2023-12-09 23:36:50 +03:00
Yunus AYDIN
6bd3c8c07b Format Document 2023-12-09 23:36:13 +03:00
Yunus AYDIN
6378c5e22f Update Fiber Rule for checking files 2023-12-09 23:35:42 +03:00
Yunus AYDIN
63123f3984 Add GoChi Rule 2023-12-09 23:34:48 +03:00
Yunus AYDIN
ba4f8612eb Add GoChi Test Cases 2023-12-09 23:33:18 +03:00
Yunus AYDIN
ad1284853b remove unnecessary file 2023-12-09 19:49:21 +03:00
Yunus AYDIN
eb25d0df66 Add test cases 2023-12-09 19:44:58 +03:00
Yunus AYDIN
85636ccab7 Add Web Cache Deception QHelp and Example Code Snippet for Vulnerable Go Fiber usage 2023-12-09 19:12:20 +03:00
Owen Mansel-Chan
2e2a82c237 Add change note 2023-12-08 23:33:58 +00:00
Owen Mansel-Chan
ab68c4e341 Update test 2023-12-08 23:29:44 +00:00
Owen Mansel-Chan
40b3598fd0 Also follow jump steps when looking for a callee source 
This is needed because capturing a variable is a jump step
and we want to find a callee source for captured functions.
 2023-12-08 18:44:14 +00:00
Anders Schack-Mulligen
64eb4ff753 Merge pull request #14983 from aschackmull/dataflow/deprecate-old-api 
Data Flow: Deprecate old data flow api.
 2023-12-08 14:27:25 +01:00
amammad
2cb0afee73 fix some qldocs and some spells 2023-12-08 11:12:57 +01:00
amammad
a3fbc3c20c fix ResponseBody Class issues 2023-12-07 19:36:27 +01:00
amammad
dbf01a9284 fix an issue in ResponseBody, change isHTMLEscape to isHtmlEscape 2023-12-07 08:52:55 +01:00
github-actions[bot]
92af5f5386 Post-release preparation for codeql-cli-2.15.4 2023-12-06 22:59:22 +00:00
github-actions[bot]
c04457e9e7 Release preparation for version 2.15.4 2023-12-06 21:11:50 +00:00
amammad
20a3211d06 move sanitizers from sharedxss::sanitizer to EscapeFunction::Range, added proper inline tests 2023-12-06 16:19:34 +01:00
amammad
3e0ed0090f added BodyWriter Sink, added proper content-type header in tests to comply new changed xss strategy 2023-12-06 16:00:36 +01:00
amammad
d3099ff482 fix tests, move from SharedXss::Sink to Http::* classes 2023-12-06 15:52:50 +01:00
Owen Mansel-Chan
aad847497b Merge pull request #14962 from owen-mc/go/improve-tests-incorrect-integer-conversion 
Go: Improve tests for Incorrect Integer Conversion
 2023-12-06 07:40:00 +00:00
Owen Mansel-Chan
570538b4ec Merge pull request #14938 from owen-mc/go/improve-test-unhandled-close-writable-handle 
Go: improve test unhandled close writable handle
 2023-12-04 16:56:09 +00:00
Anders Schack-Mulligen
67f0529cda Dataflow: Sync. 2023-12-04 12:36:57 +01:00
Owen Mansel-Chan
d52b23db8e Improve tests for Incorrect Integer Conversion 
We changed the test query when the query was changed so that the
comments in the test file would stay the same.
I've reverted the test query and updated the comments in the test file.
This avoids problems in the branch switching to use-use flow.
 2023-11-30 11:58:10 +00:00
Owen Mansel-Chan
e958a75223 Add comments indicating whether results are expected at new calls 2023-11-30 11:48:10 +00:00
Owen Mansel-Chan
de87dd5dee Test no result if deferred function returns error 2023-11-28 14:23:37 +00:00
Owen Mansel-Chan
57dafd3732 Improve test for UnhandledCloseWritableHandle 
Now the different paths won't have the same two sources.
 2023-11-28 14:21:43 +00:00
dependabot[bot]
d2cad03e28 Bump the extractor-dependencies group in /go/extractor with 1 update 
Bumps the extractor-dependencies group in /go/extractor with 1 update: [golang.org/x/tools](https://github.com/golang/tools).

- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.15.0...v0.16.0)

---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-11-28 03:58:15 +00:00
amammad
ffe2e398c9 fix tests, add support for Response.BodyWriter() Thanks to @owen-mc 2023-11-25 15:36:37 +01:00
amammad
accc09fd8c Lists of strings should be in alphabetical order. In a QLDoc, there should be a full stop at the end of each sentence. shorter model summary. change target from getACall() to getACall().getResult(.). better tests 2023-11-25 13:36:06 +01:00
Owen Mansel-Chan
6f9a70475d Merge pull request #14882 from owen-mc/go/minor-fixes 
Go: improve CallNode documentation
 2023-11-24 10:36:07 +00:00
amammad
1aa4494dbc stash 2023-11-24 10:09:21 +01:00
Owen Mansel-Chan
2c99e70e2b Merge pull request #14890 from owen-mc/go/fix-change-note-query-reference 
Go: Change how we refer to a query in a change note
 2023-11-23 14:15:05 +00:00
Owen Mansel-Chan
25a2aef623 Update library name in change note 2023-11-23 13:42:21 +00:00
Owen Mansel-Chan
25d5104468 Change how we refer to a query in a change note 2023-11-23 13:22:05 +00:00
Owen Mansel-Chan
a130c0f6b3 Merge branch 'main' into main 2023-11-22 16:50:41 +00:00
Owen Mansel-Chan
dd8fb29a65 Improve QLDocs of CallNode and MethodCallNode 
When a function is assigned to a variable and called through that
variable then we can't always tell it was a method.
 2023-11-22 16:32:10 +00:00
Kevin Stubbings
8277c602ac depstubber 2023-11-21 14:31:52 -08:00
Kevin Stubbings
d7e2fbc11d Finish 2023-11-21 14:27:17 -08:00
Owen Mansel-Chan
b147bacd48 Merge branch 'main' into amammad-go-fastHttp 2023-11-21 21:36:11 +00:00
amammad
fabde6e0ff fix tests and remove tarfile tar.Reader as sink 2023-11-21 20:54:38 +01:00
amammad
75e01d3648 Thanks to @owen-mc that provided a good solution of that I couldn't solve that myself 2023-11-21 20:15:27 +01:00
amammad
2ad59a5403 fix SSRF sinks 2023-11-21 18:46:35 +01:00
Owen Mansel-Chan
d26dc68baa Merge pull request #14798 from owen-mc/go/improve-value-flow-through-slice-exprs 
Go: model value flow with array content through slice expressions
 2023-11-21 11:50:08 +00:00
Kevin Stubbings
9958ad904c thesame 2023-11-20 23:40:55 -08:00
Kevin Stubbings
28288e0d23 basic2 2023-11-20 23:40:55 -08:00
Kevin Stubbings
3b78477406 Basics 2023-11-20 23:40:55 -08:00