hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,894 Commits 1,672 Branches 157 Tags
tausbn/python-add-support-for-template-string-literals
Commit Graph

992 Commits

Author SHA1 Message Date
Alvaro Muñoz
f3d979be7a Improve go-pg support 2023-06-28 14:49:25 +02:00
amammad
fbfc959f82 V1 Bombs 2023-06-25 01:21:09 +10:00
Owen Mansel-Chan
b3a19ef7b2 Merge pull request #13461 from owen-mc/go/show-functionmodel-steps-to-path-summaries 
Go: show FunctionModel steps in path summaries
 2023-06-22 10:46:12 +01:00
Jeroen Ketema
277dbdf410 Merge pull request #13498 from jketema/inline-4 
Rework more inline expectation tests to use the parameterized module
 2023-06-22 10:01:07 +02:00
Owen Mansel-Chan
c0fea85380 Accept test changes 2023-06-20 13:25:49 +01:00
Owen Mansel-Chan
a01169eec2 add "Dereference" content for PointerContent 2023-06-20 10:49:37 +01:00
Owen Mansel-Chan
d28c4203db Merge pull request #13453 from owen-mc/go/test-mad-pointer-content 
Go: Add failing tests for MaD with pointer content
 2023-06-20 09:55:06 +01:00
Jeroen Ketema
d6d21e3928 Go: Update remaining inline expectation tests to use the paramterized module 2023-06-20 10:15:46 +02:00
Jeroen Ketema
6a84e6cbfd Add the merged PathGraph to all copies of the InlineFlowTest library 2023-06-19 10:28:10 +02:00
Maiky
d654e98650 Add empty string as source 2023-06-18 22:21:12 +02:00
Jeroen Ketema
eb62df6ece Go: Rewrite InlineFlowTest as a parameterized module 2023-06-15 10:51:29 +02:00
Owen Mansel-Chan
74b39b42a1 Accept test changes 2023-06-14 15:47:25 +01:00
Owen Mansel-Chan
d071b463a3 Add failing tests for MaD with pointer content 2023-06-14 14:14:37 +01:00
Anders Schack-Mulligen
1a4fca334f Merge pull request #13273 from aschackmull/dataflow/summarynode-refactor 
Dataflow: Refactor FlowSummaryImpl to synthesize nodes independently from DataFlow::Node.
 2023-06-14 09:38:36 +02:00
Jeroen Ketema
d035491c6f Go: Remove commented out code from test 2023-06-13 10:13:42 +02:00
Anders Schack-Mulligen
5eb278095c Go: Fix tests. 2023-06-09 15:39:28 +02:00
Jeroen Ketema
97c4f497bc Go: Rewrite inline expectation tests to use parameterized module 2023-06-09 10:41:21 +02:00
Maiky
bf9d0b93d7 Add Improper LDAP Auth Query (CWE-287) 2023-06-03 23:20:11 +02:00
Jeroen Ketema
7b17b92aca Fix typo in spelling of expectation 2023-06-02 10:36:11 +02:00
Kasper Svendsen
7c5625a4dc Go: Make implicit this receivers explicit 2023-05-12 12:14:13 +02:00
Chris Smowton
ee64ea59e1 Merge pull request #12901 from porcupineyhairs/goDsn 
Go: Add query to detect DSN Injection.
 2023-05-11 22:45:43 +01:00
Porcupiney Hairs
2c518c1fa6 Include changes from review 2023-05-12 01:59:42 +05:30
Porcupiney Hairs
d536157c1a Go : Add query to detect potential timing attacks 2023-05-11 09:57:50 +05:30
Owen Mansel-Chan
270ba09ffb Merge pull request #11732 from owen-mc/go/fix/model-data-flow-through-varargs 
Go: Allow data flow through varargs parameters
 2023-05-11 05:26:40 +01:00
Porcupiney Hairs
ec424d7e51 Go: Add query to detect DSN Injection. 2023-05-11 03:45:29 +05:30
Kasper Svendsen
46727af948 Go: Enable warnings for implicit this receivers 2023-05-03 15:41:55 +02:00
Kasper Svendsen
e969018f99 Go: Make implicit this receivers explicit 2023-05-03 12:45:42 +02:00
Michael B. Gale
5a44fae515 Go: add test for unrelated A->C data flow 2023-04-28 10:56:12 +01:00
Owen Mansel-Chan
f2368a9441 Do not use variadic sink fn in tests 2023-04-28 06:09:11 +01:00
Owen Mansel-Chan
bc0f9030e3 use CallNode.getSyntacticArgument 2023-04-28 06:09:10 +01:00
Owen Mansel-Chan
2d3fed9c07 Accept intended test result changes 2023-04-28 06:09:10 +01:00
Michael B. Gale
72b082806b Go: Update html-template-escaping-passthrough 
Modify this query to apply sanitizers only in the data flow
between untrusted inputs and passthrough conversion types.
 2023-04-27 17:14:38 +01:00
Michael B. Gale
1aa1153ed6 Go: Add html/template as XSS queries sanitizer 2023-04-26 21:21:52 +01:00
Owen Mansel-Chan
2914480ff6 Avoid platform-specific results 
These were introduced in https://github.com/github/codeql/pull/12750 but
the relevant tests that should have caught it weren't run.
 2023-04-19 11:18:19 +01:00
Tom Hvitved
3cc9dec9c8 Remove all queries.xml files 2023-04-13 11:18:58 +02:00
Chris Smowton
d648b34037 Accept test changes 
These are caused by nodes being hidden by https://github.com/github/codeql/pull/12783
 2023-04-12 15:05:04 +01:00
Chris Smowton
9f4b77e851 Accept test changes 2023-04-12 14:19:06 +01:00
Chris Smowton
0129167cc4 Convert Beego's MapGet method to MaD 2023-04-12 14:19:06 +01:00
Chris Smowton
2abffccded Accept test changes 2023-04-12 14:19:05 +01:00
Chris Smowton
8c553ec0fc Autoformat go 2023-04-12 14:19:05 +01:00
Chris Smowton
ac4dcc6c4b Add ioutil usage to TaintSteps test 
It appears at present the Go standard library imports the deprecated io/ioutil package internally on some platforms but not others. Therefore I add a test explicitly using it to make the test behave more uniformly.
 2023-04-12 14:19:05 +01:00
Chris Smowton
3c48609635 Accept test changes 2023-04-12 14:19:05 +01:00
Chris Smowton
140505222f Update test expectations 2023-04-12 14:19:04 +01:00
Chris Smowton
1a7927d3a1 Fix x/net/html.EscapeString modelling 
This had never worked due to accidentally extending non-abstract class HtmlEscapeFunction; consequently it was neither a taint propagator in general, nor an HTML escape function. Added tests to ensure it is now behaving as intended.
 2023-04-12 14:19:04 +01:00
Chris Smowton
141d6b8d7b Accept paths test changes 2023-04-12 14:19:04 +01:00
Chris Smowton
477341dd3b Remove unnecessary variable 2023-04-12 14:19:04 +01:00
Chris Smowton
18d00c1116 Autoformat QL 2023-04-12 14:19:03 +01:00
Chris Smowton
54d08e11ca Autoformat Go 2023-04-12 14:19:03 +01:00
Chris Smowton
6b9b4c8da0 Remove binary file 2023-04-12 14:19:03 +01:00
Chris Smowton
12f35bc6ac Add missing tests for RevelHeader mutators 2023-04-12 14:19:02 +01:00