hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,894 Commits 1,672 Branches 157 Tags
tausbn/python-add-support-for-template-string-literals
Commit Graph

992 Commits

Author SHA1 Message Date
Chris Smowton
2024747827 Add missing tests for html.Node taint propagators 
The TaintTracking::FunctionModels for these appeared broken, so I suspect they had never worked.
 2023-04-12 14:19:02 +01:00
Chris Smowton
8f4567349d Add missing NewTokenizerFragment model and test 2023-04-12 14:19:02 +01:00
Chris Smowton
ed7f351be7 Add missing tests for mime/multipart.Part 2023-04-12 14:19:02 +01:00
Chris Smowton
405a56326c Add missing tests for CertStorage 2023-04-12 14:19:02 +01:00
Chris Smowton
803b9d38cc Add missing tests and models for json-patch 2023-04-12 14:19:02 +01:00
Chris Smowton
5e74930881 Add missing tests and models for go-pg/pg/orm.Formatter 2023-04-12 14:19:02 +01:00
Chris Smowton
0249669299 Accept test changes 2023-04-12 14:19:01 +01:00
Chris Smowton
c752777022 Accept test changes 2023-04-12 14:19:01 +01:00
Chris Smowton
a796ddb95b Accept paths-only test changes 2023-04-12 14:19:01 +01:00
Chris Smowton
77b8103cc1 Adapt tests not to depend on TaintTracking::FunctionModel 2023-04-12 14:19:01 +01:00
Chris Smowton
2e70fada8d Bump Go version on test referencing go 1.20 methods 
This turned out not to matter for the extractor, but it means we can check the build using `go build`.
 2023-04-12 14:19:01 +01:00
Chris Smowton
f36a2143f5 Accept more test changes; add some missing models 2023-04-12 14:19:00 +01:00
Chris Smowton
bfc8db90af Accept test changes 
This is 1x path changes without result changes, and 1x expected change since the Encode function is no longer modelled using TaintTracking::FunctionModel
 2023-04-12 14:19:00 +01:00
Chris Smowton
de0caf2445 Go: mass-convert taint-flow models to models-as-data format 2023-04-12 14:18:44 +01:00
Chris Smowton
51ebc0bef2 Amend test now that DataFlowCallable != Callable 2023-04-12 14:15:54 +01:00
Chris Smowton
939a025e11 Go: hide summary nodes from path explanations 
This mirrors behaviours in other languages with MaD summaries
 2023-04-06 16:41:44 +01:00
Owen Mansel-Chan
00fd23d7b9 Merge pull request #12396 from porcupineyhairs/GoJwtSignImprovements 
Go: Add more JWT sinks
 2023-04-04 13:28:38 +01:00
Porcupiney Hairs
e9615c57e9 Go: Add more JWT sinks 
This pull requests adds modelling for `katras/iris/v12/middleware/jwt`, `katras/jwt` and `gogf/gf-jwt` frameworks.
 2023-03-31 23:11:24 +05:30
Owen Mansel-Chan
8e8ffb20a3 Accept test changes caused by alert message change 2023-03-31 16:48:01 +01:00
Owen Mansel-Chan
4fa57bfb2d Use set literal instead of regex comparison 2023-03-31 16:48:00 +01:00
Owen Mansel-Chan
a9f297c031 Use set literal instead of a conjunction 2023-03-31 16:47:59 +01:00
Owen Mansel-Chan
5d93ed5f52 Remove redundant term 
It's hard to tell what the original intention was, but I don't think
the location of qs should be the same as the location of q, so this
term is redundant.
 2023-03-31 16:47:59 +01:00
Owen Mansel-Chan
34bca0612b Use _ for exists-variable that is only used once 2023-03-31 16:47:58 +01:00
Owen Mansel-Chan
513409e082 Fix formatting of QLDocs 2023-03-31 16:47:56 +01:00
Chris Smowton
a63a4c29e2 Go: fix incorrect-integer-conversion sanitizer 
This was amended as part of https://github.com/github/codeql/pull/12186, but the conversion was inadequate because the new implementation didn't work when a sink (type conversion) led directly to a non-`localTaintStep` step, such as a store step or an interprocedural step. Here I move the sink back one step to the argument of the type
conversion and sanitize the result of the conversion instead, to ensure there is always a unique local successor to a sink.

This should eliminate unexpected extra results that resulted from https://github.com/github/codeql/pull/12186. Independently there are also *lost* results that stem from needing a higher `fieldFlowBranchLimit` that are not addressed in this PR, but raising that limit is a performance risk and so I will address this separately.
 2023-03-08 09:48:35 +00:00
Anders Schack-Mulligen
5469a82efb Go,Java,Python: Fix some tests. 2023-02-28 14:31:00 +01:00
Tom Hvitved
879eff41ea Merge branch 'main' into util/inline-expect-test-use-end-line 2023-02-20 10:03:38 +01:00
Chris Smowton
c7da1c9e0d Use example that compiles on 32-bit arch 2023-02-17 19:35:04 +00:00
Chris Smowton
4e86edf4fe Add test case 2023-02-17 19:16:36 +00:00
Tom Hvitved
18c6b68232 Go: Update test expectations 2023-02-17 13:22:29 +01:00
Chris Smowton
3ce7fafb67 Fix unsafe test routine name 2023-02-15 19:05:01 +00:00
Chris Smowton
14655e1d8c Autoformat go 2023-02-15 18:41:14 +00:00
Chris Smowton
7e7850374e Implement standard library models for Go 1.20 2023-02-15 18:29:49 +00:00
Chris Smowton
7d2b78b463 Note that all interface types are considered comparable as of Go 1.20 2023-02-15 17:15:00 +00:00
Chris Smowton
368ca6cb30 Add test exercising Go 1.20 array conversions 2023-02-15 12:31:09 +00:00
Chris Smowton
194316d1c0 Accept test changes 
Some diagnostics have been reworded for Go 1.20, and a standard library type parameter is visible to the TypeParamType test.
 2023-02-14 18:33:53 +00:00
Owen Mansel-Chan
685b8b4abd Tests are no longer fooled by type aliases 2023-02-10 22:09:21 +00:00
Owen Mansel-Chan
778826b528 Accept test changes 
Note that
go/ql/test/library-tests/semmle/go/Types/QualifiedNames.expected and
go/ql/test/library-tests/semmle/go/Types/Types.expected gain two lines.
In both cases this is because GenericArray and GenericSignature are
each instantiated twice, so they appear with two different locations.
 2023-02-10 22:09:20 +00:00
Chris Smowton
f113eaa77d Merge pull request #12059 from pwntester/go_twirp_support 
[GoLang] Add support for Twirp framework
 2023-02-08 21:55:56 +00:00
Michael B. Gale
25f907867b Update expected test output 2023-02-06 08:51:46 +00:00
Michael B. Gale
abe38373da Inline precededBySync 2023-02-06 08:47:47 +00:00
Michael B. Gale
c252ec0414 Add test for deferred close that returns error 2023-02-06 08:47:47 +00:00
Michael B. Gale
e05bce9863 Update expected test results 2023-02-06 08:47:46 +00:00
Michael B. Gale
7e9617f3ce Detect lack of error handling for os.File.Close 2023-02-06 08:47:43 +00:00
Alvaro Muñoz
23c7bc8143 import RequestForgery from tests.ql 2023-02-03 22:05:50 +01:00
Alvaro Muñoz
4b198f9af8 apply code review feedback 2023-02-03 18:12:49 +01:00
Alvaro Muñoz
1d0e80c2f5 Apply suggestions from code review 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2023-02-03 17:59:29 +01:00
Alvaro Muñoz
3002230af9 remove duplicated import 2023-02-03 17:48:13 +01:00
Alvaro Muñoz
c517eb89b2 add more sinks 2023-02-03 17:33:08 +01:00
Alvaro Muñoz
20dc30d7e8 add RequestForgery test 2023-02-03 16:38:56 +01:00