Owen Mansel-Chan
8415c4a4eb
Remove ArgumentNode assumption
2023-04-28 09:23:38 +01:00
Owen Mansel-Chan
c7c0a73b90
Accept review suggestions
2023-04-28 09:23:37 +01:00
Owen Mansel-Chan
52cc61198d
Use CallExpr.hasImplicitArgs()
2023-04-28 09:23:37 +01:00
Owen Mansel-Chan
b928f13d94
Add CallExpr.hasImplicitArgs()
2023-04-28 09:23:36 +01:00
Owen Mansel-Chan
f3c1c53b54
Add CallExpr.getCalleeType()
...
This avoids using `getTarget()`, so it works even when that doesn't
exist (for example when calling a variable with function type).
2023-04-28 09:23:36 +01:00
Owen Mansel-Chan
3f095db853
Formatted parameters always a variadic parameter
2023-04-28 06:09:11 +01:00
Owen Mansel-Chan
f2368a9441
Do not use variadic sink fn in tests
2023-04-28 06:09:11 +01:00
Owen Mansel-Chan
bc0f9030e3
use CallNode.getSyntacticArgument
2023-04-28 06:09:10 +01:00
Owen Mansel-Chan
2d3fed9c07
Accept intended test result changes
2023-04-28 06:09:10 +01:00
Owen Mansel-Chan
17077f3ec5
Update OutParameter.getExitNode for implicit varargs slices
2023-04-28 06:09:10 +01:00
Michael B. Gale
72b082806b
Go: Update html-template-escaping-passthrough
...
Modify this query to apply sanitizers only in the data flow
between untrusted inputs and passthrough conversion types.
2023-04-27 17:14:38 +01:00
Anders Schack-Mulligen
71ae0909d8
Dataflow: Enforce type pruning in all forward stages.
2023-04-27 14:55:26 +02:00
Anders Schack-Mulligen
9140cbefc0
Dataflow: Sync.
2023-04-27 14:55:23 +02:00
Michael B. Gale
1aa1153ed6
Go: Add html/template as XSS queries sanitizer
2023-04-26 21:21:52 +01:00
Owen Mansel-Chan
39da26e9b5
Update ParameterInput.getEntryNode for implicit varargs slices
2023-04-26 14:35:20 +01:00
Owen Mansel-Chan
1e3d81842e
Update CallNode.getArgument for implicit varargs
...
It now has one only result corresponding to a variadic parameter. If the
argument is followed by an ellipsis then it is just the argument itself.
Otherwise it is a ImplicitVarargsSlice node.
2023-04-26 14:35:19 +01:00
Anders Schack-Mulligen
d681671356
Dataflow: Sync.
2023-04-26 14:45:07 +02:00
Owen Mansel-Chan
3e73e02175
Update PostUpdateNodes for implicit varargs slices
...
We don't want a post update node for the implicit varargs slice, and we
do want one for each argument which is stored in the implicit varargs
slice.
2023-04-25 07:33:35 +01:00
Owen Mansel-Chan
73b712a8c9
Allow data flow through varargs parameters
2023-04-25 07:33:34 +01:00
Owen Mansel-Chan
1afe845ed3
Add missing "v" to semver version string
...
Because it was missing, that function always returned +1,
so we were doing the wrong thing when the Go version
installed was lower than 1.16.
2023-04-24 14:31:46 +01:00
Michael Nebel
656d8d2451
Sync files.
2023-04-20 11:29:51 +02:00
Owen Mansel-Chan
3ca04338ca
Use named initialization for struct
2023-04-19 13:06:51 +01:00
Owen Mansel-Chan
219c1686fd
Wrap return values of moveToTemporaryGopath in a struct
2023-04-19 12:40:23 +01:00
Owen Mansel-Chan
1bb006f43e
Move defer statements to the right place
...
It turns out that extracting defer statements into a separate function
changes behaviour.
2023-04-19 12:20:52 +01:00
Owen Mansel-Chan
641f16b0df
Factor out extract()
2023-04-19 12:20:52 +01:00
Owen Mansel-Chan
a611769b43
Factor out installDependencies()
2023-04-19 12:20:51 +01:00
Owen Mansel-Chan
d61d595b21
Factor out function buildWithCustomCommands
2023-04-19 12:20:51 +01:00
Owen Mansel-Chan
b45c0ff848
Factor out buildWithoutCustomCommands
2023-04-19 12:20:51 +01:00
Owen Mansel-Chan
b76e655735
Factor out moving code to temp dir in gopath
2023-04-19 12:20:50 +01:00
Owen Mansel-Chan
ba48eaa8a6
Factor out calculation of source dir
2023-04-19 12:20:50 +01:00
Owen Mansel-Chan
702c22b630
Refactor calculation of inLGTM
2023-04-19 12:20:49 +01:00
Owen Mansel-Chan
f0186957ca
Factor out tryUpdateGoModAndGoSum
2023-04-19 12:20:49 +01:00
Owen Mansel-Chan
0bfb242e63
Factor out logic for needGopath
2023-04-19 12:20:49 +01:00
Owen Mansel-Chan
b169f1bfdf
Factor out code to fix go vendor issues
2023-04-19 12:20:48 +01:00
Owen Mansel-Chan
f872a11b85
Factor out initial ModMode calculation
2023-04-19 12:20:48 +01:00
Owen Mansel-Chan
2d8d9773c4
Factor out depMode calculation
2023-04-19 12:20:47 +01:00
Owen Mansel-Chan
d613bc8a28
Update checks for files or dirs existing
...
The previous way is considered outdated now.
2023-04-19 12:20:47 +01:00
Owen Mansel-Chan
2914480ff6
Avoid platform-specific results
...
These were introduced in https://github.com/github/codeql/pull/12750 but
the relevant tests that should have caught it weren't run.
2023-04-19 11:18:19 +01:00
Alex Ford
924ce250dd
Merge pull request #12847 from github/post-release-prep/codeql-cli-2.13.0
...
Post-release preparation for codeql-cli-2.13.0
2023-04-18 14:40:40 +01:00
Tom Hvitved
f6d000eb20
Merge pull request #12805 from hvitved/remove-queries-xml
...
Remove all `queries.xml` files
2023-04-18 10:52:14 +02:00
github-actions[bot]
648f0e19ec
Post-release preparation for codeql-cli-2.13.0
2023-04-17 15:39:24 +00:00
github-actions[bot]
075d063370
Release preparation for version 2.13.0
2023-04-14 13:31:30 +00:00
Owen Mansel-Chan
8a4ca7fb84
Merge pull request #10026 from pwntester/patch-2
...
Go: Partial URLs should not sanitize against SSRF
2023-04-14 13:52:11 +01:00
Owen Mansel-Chan
352866b52d
Add change note
2023-04-14 12:00:38 +01:00
Owen Mansel-Chan
a42dbc5bab
Fix formatting again
2023-04-14 12:00:38 +01:00
Owen Mansel-Chan
d407a689fa
Fix formatting by deleting spaces no blank line
2023-04-14 12:00:38 +01:00
Owen Mansel-Chan
169bde8671
Fix formatting by deleting blank line
2023-04-14 12:00:38 +01:00
Alvaro Muñoz
8bf4b55309
Partial URLs should not sanitize against SSRF
...
As an example:
```go
urlPath := ctx.Req.URL.Path
hash := urlPath[strings.LastIndex(urlPath, "/")+1:]
req, _ := http.NewRequest("GET", source+hash, nil)
```
2023-04-14 12:00:38 +01:00
Alex Eyers-Taylor
c6a482819a
Bump all qlpacks major versions
2023-04-13 19:15:27 +01:00
Michael Nebel
52bc43b22b
Merge pull request #12595 from michaelnebel/enhanceprovenance
...
Java/C# : Enhance provenance.
2023-04-13 14:27:53 +02:00
