hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 03:06:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,894 Commits 1,672 Branches 157 Tags
tausbn/python-add-support-for-template-string-literals
Commit Graph

992 Commits

Author SHA1 Message Date
amammad
b7f874d1f1 fix tests, better afero support! 2023-09-26 05:04:25 +10:00
amammad
9f9c9e0e5e fix issues according to codereview 2023-09-26 02:06:57 +10:00
amammad
e239d763dc Merge branch 'main' into amammad-go-NewFileSystemAccess 2023-09-26 02:04:59 +10:00
amammad
a96b0011f0 clean tests 2023-09-19 22:12:10 +10:00
amammad
1e12a86781 Merge branch 'main' into amammad-go-JWT 2023-09-19 22:01:50 +10:00
amammad
2136929164 clean tests 2023-09-19 22:01:40 +10:00
Maiky
52007fb9a2 Change v3 to v2 2023-09-17 21:42:18 +02:00
Kevin Stubbings
7d213d5bb9 Add Integer/Boolean Sanitizer 2023-09-12 21:10:11 -07:00
Michael B. Gale
77369a09a4 Merge pull request #13872 from Kwstubbs/Kevin_error_sanitizer 
Go: Add sanitizer to remove paths passing through http.Error
 2023-09-04 13:25:55 +01:00
amammad
f3ea72c234 proper tests with depstubber, remove Duplicates :( 2023-09-03 04:51:05 +10:00
amammad
40ff16bdaf Merge branch 'main' into amammad-go-JWT 2023-08-29 20:02:57 +10:00
amammad
68392e7ae7 V1 2023-08-28 22:23:51 +10:00
amammad
25c60c455e v1 2023-08-27 23:53:45 +10:00
Jeroen Ketema
9d573e5544 Consolidate all InlineFlowTest libraries in the dataflow qlpack 2023-08-24 21:38:46 +02:00
Michael B. Gale
a1c9deea61 Merge pull request #13867 from github/mbg/go/1.21-support 
Go: Basic Go 1.21 support
 2023-08-18 14:37:11 +01:00
Michael B. Gale
9082fd218e Add taint flow tests for clear 2023-08-17 18:39:32 +01:00
Michael B. Gale
109b96f038 Add comment explaining TaintStep test 2023-08-17 17:50:41 +01:00
Michael B. Gale
e65269be69 Add DefaultTaintSanitizer for clear 2023-08-17 17:49:46 +01:00
Michael B. Gale
1bd536dd9e Rename getLocation to hasLocation 2023-08-16 11:21:35 +01:00
Michael B. Gale
c981fd714e Exclude String from TaintSteps 
For `os.dirEntry` and `os.unixDirent` which are only available
on unix and Windows respectively.
 2023-08-15 20:32:41 +01:00
Michael B. Gale
513da82510 Model data flow for min and max 2023-08-11 11:51:07 +01:00
Michael B. Gale
d189a15737 Exclude poly1305.mac.Write from TaintSteps 
Not available on arm64
 2023-08-11 11:33:52 +01:00
Michael B. Gale
a623733dfa Add location info to TaintSteps query 2023-08-11 11:10:39 +01:00
Michael B. Gale
ee0bfff9f4 Update expected test output for TaintStep 2023-08-11 10:57:11 +01:00
Michael B. Gale
bb56536bfa Update expected test output for LocalTaintStep 2023-08-11 10:57:10 +01:00
Michael B. Gale
4df4a0f51f Update expected test output for TypeParamType 2023-08-11 10:55:00 +01:00
Michael B. Gale
13d4bd9c0a Make CompareIdenticalValues test work on arm64 2023-08-11 10:51:52 +01:00
Owen Mansel-Chan
94c15f712a Remove unnecessary fieldFlowBranchLimit 2023-08-10 15:50:06 +01:00
Owen Mansel-Chan
046e517c3f Remove unnecessary import 2023-08-10 15:49:54 +01:00
Owen Mansel-Chan
b6b7e1589c Make taint tracking tests use new API 2023-08-10 15:49:51 +01:00
Owen Mansel-Chan
c11da5bf67 Make taint tracking tests use InlineFlowTest 2023-08-10 15:49:50 +01:00
Owen Mansel-Chan
663fb2cc06 Make taint tracking tests use config from InlineFlowTest 2023-08-10 15:49:48 +01:00
Owen Mansel-Chan
8db3e4a9b4 Make IncorrectIntegerConversion use new API 2023-08-10 15:49:47 +01:00
Owen Mansel-Chan
1b4fef9c21 Make HTMLTemplateEscapingPassthrough use new API 
Removed edges and nodes are mostly duplicates. They were only there
originally due to multiple configurations being in scope.
`DataFlow::PathNode` has union semantics for configurations. Nodes are
only generated if they are reachable from a source, but this includes
sources from other configurations.

No alerts are lost.
 2023-08-10 15:49:36 +01:00
Owen Mansel-Chan
ea1f39683d Make DivideByZero use new API 
The extra nodes in .expected files are due to the changes from
https://github.com/github/codeql/pull/13717, which are not applied to
configuration classes extending DataFlow::Configuration or
TaintTracking::Configuration.
 2023-08-10 15:49:35 +01:00
Owen Mansel-Chan
ac1670c0af Make SqlInjection use new API 
The extra nodes in .expected files are due to the changes from
https://github.com/github/codeql/pull/13717, which are not applied to
configuration classes extending DataFlow::Configuration or
TaintTracking::Configuration.
 2023-08-10 15:49:13 +01:00
Owen Mansel-Chan
646e158813 Make tests use config from InlineFlowTest 
For InterProceduralDataFlow, it's hard to get it to use InlineFlowTest
because you need to show both the source and the sink, and there are
problems with quoting when the source is already surrounded by quotes.
 2023-08-10 15:49:12 +01:00
Owen Mansel-Chan
81854279bd Make tests use InlineFlowTest 2023-08-10 15:49:11 +01:00
Owen Mansel-Chan
16ef11a3c3 Make ConstantOauth2State use new API 
Removed edges were only there originally due to multiple configurations
being in scope. `DataFlow::PathNode` has union semantics for
configurations. Nodes are only generated if they are reachable from a
source, but this includes sources from other configurations.

No alerts are lost.
 2023-08-10 15:49:08 +01:00
Owen Mansel-Chan
00cc78dfe6 Make CookieWithoutHttpOnly use new API 
The extra nodes in .expected files are due to the changes from
https://github.com/github/codeql/pull/13717, which are not applied to
configuration classes extending DataFlow::Configuration or
TaintTracking::Configuration.
 2023-08-10 15:49:00 +01:00
Owen Mansel-Chan
a7382e06c2 Make ClearTextLogging use new API 
The extra nodes in .expected files are due to the changes from
https://github.com/github/codeql/pull/13717, which are not applied to
configuration classes extending DataFlow::Configuration or
TaintTracking::Configuration.
 2023-08-10 15:48:59 +01:00
Owen Mansel-Chan
1f6cdc7eda Make OpenURLRedirect use new API 
The extra nodes in .expected files are due to the changes from
https://github.com/github/codeql/pull/13717, which are not applied to
configuration classes extending DataFlow::Configuration or
TaintTracking::Configuration.

Removed nodes and edges were only there originally due to multiple
configurations being in scope. `DataFlow::PathNode` has union semantics
for configurations. Nodes are only generated if they are reachable from
a source, but this includes sources from other configurations.
 2023-08-10 15:48:55 +01:00
Owen Mansel-Chan
97c32970a0 Make RequestForgery use new API 
The extra nodes in .expected files are due to the changes from
https://github.com/github/codeql/pull/13717, which are not applied to
configuration classes extending DataFlow::Configuration or
TaintTracking::Configuration.
 2023-08-10 15:48:53 +01:00
Michael B. Gale
87c089e0a8 Make CommandInjection.qll use new API 
The new `edges` and `nodes` sections in the .expected files are because
the PathGraph module was not imported in the tests before, and thus
these query predicates were not in scope.
 2023-08-10 15:48:48 +01:00
Michael B. Gale
82a1b15d11 Make AllocationSizeOverflow use new API 
The extra nodes in .expected files are due to the changes from
https://github.com/github/codeql/pull/13717, which are not applied to
configuration classes extending DataFlow::Configuration or
TaintTracking::Configuration.
 2023-08-10 15:48:44 +01:00
Chris Smowton
8702efda1e Merge pull request #13835 from github/smowton/fix/logrus-with-context 
Don't treat logrus' WithContext method as a logging function
 2023-08-03 09:57:30 +01:00
Kevin Stubbings
8960453662 Add sanitizer to remove http.Error sink 2023-08-02 16:56:14 -07:00
Porcupiney Hairs
74e5c15eaa Go : Improvements to Timing Attacks query 2023-07-31 06:30:47 +05:30
Chris Smowton
6fa2d2764d Don't treat logrus' WithContext method as a logging function 
This isn't output by the default formatters (though a custom formatter could potentially output things stored in it)
 2023-07-28 14:11:03 +01:00
Owen Mansel-Chan
778de6b5d2 Compiler error messages changed in Go 1.20.6 2023-07-26 16:55:26 +01:00