hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,275 Commits 1,671 Branches 157 Tags
tausbn/python-refine-location-of-flask-request-sources
Commit Graph

1519 Commits

Author SHA1 Message Date
github-actions[bot]
e8a2600a0c Post-release preparation for codeql-cli-2.23.0 2025-09-02 11:46:23 +00:00
github-actions[bot]
0bfa93828b Release preparation for version 2.23.0 2025-09-02 11:09:32 +00:00
Michael Nebel
ea664e08d1 Go: Fix some Ql4Ql violations. 2025-09-01 15:00:34 +02:00
github-actions[bot]
42e3d31c49 Post-release preparation for codeql-cli-2.22.4 2025-08-18 14:42:42 +00:00
github-actions[bot]
90d29994c8 Release preparation for version 2.22.4 2025-08-18 14:06:09 +00:00
Nora Dimitrijević
0512940c0c Merge pull request #20075 from d10c/d10c/diff-informed-phase-3-go 
Go: Diff-informed queries: phase 3 (non-trivial locations)
 2025-08-15 12:23:53 +02:00
github-actions[bot]
fb4b0aac53 Post-release preparation for codeql-cli-2.22.3 2025-08-04 17:18:08 +00:00
github-actions[bot]
fd82aeb1f8 Release preparation for version 2.22.3 2025-08-04 15:47:57 +00:00
github-actions[bot]
37cc78255a Post-release preparation for codeql-cli-2.22.2 2025-07-22 14:22:20 +00:00
github-actions[bot]
997547b8ef Release preparation for version 2.22.2 2025-07-22 14:04:14 +00:00
Nick Rolfe
825c813095 Revert "Release preparation for version 2.22.2" 2025-07-22 14:33:45 +01:00
github-actions[bot]
c8632b70b7 Release preparation for version 2.22.2 2025-07-21 16:45:45 +00:00
Nick Rolfe
ad9b637bec Revert "Merge pull request #19994 from github/post-release-prep/codeql-cli-2.22.2" 
This reverts commit e5b4a15e35, reversing
changes made to 33e63109bb.
 2025-07-21 15:18:59 +01:00
Nora Dimitrijević
d6ef585110 [DIFF-INFORMED] Go: RequestForgery, SafeUrlFlow 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-918/RequestForgery.ql#L21
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-601/OpenUrlRedirect.ql#L24
 2025-07-17 11:46:42 +02:00
Nora Dimitrijević
8c8625d912 [DIFF-INFORMED] Go: ReflectedXss 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-079/ReflectedXss.ql#L23
 2025-07-17 11:46:40 +02:00
Nora Dimitrijević
4b473622bc [DIFF-INFORMED] Go: InsecureRandomness 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-338/InsecureRandomness.ql#L19
 2025-07-17 11:46:39 +02:00
Nora Dimitrijević
ce7eb9b16a [DIFF-INFORMED] Go: IncorrectIntegerConversion 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-681/IncorrectIntegerConversionQuery.ql#L23
 2025-07-17 11:46:37 +02:00
Nora Dimitrijević
f228818b1f [DIFF-INFORMED] Go: HardcodedCredentials 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-798/HardcodedCredentials.ql#L62
 2025-07-17 11:46:35 +02:00
Nora Dimitrijević
109f6ddc2d [DIFF-INFORMED] Go: ExternalAPIs 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql#L18
 2025-07-17 11:46:33 +02:00
Nora Dimitrijević
89f760460b [DIFF-INFORMED] Go: CommandInjection 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-078/CommandInjection.ql#L28
 2025-07-17 11:46:30 +02:00
Nora Dimitrijević
e0d16a863b [DIFF-INFORMED] Go: AllocationSizeOverflow 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-190/AllocationSizeOverflow.ql#L24
 2025-07-17 11:46:29 +02:00
Owen Mansel-Chan
53e1939b60 Merge pull request #20053 from owen-mc/go/fix-dataflowconsistency 
Go: Fix compilation of DataFlowImplConsistency.qll
 2025-07-17 09:22:12 +01:00
Chris Smowton
b71f9ae240 Fix function qname 2025-07-15 16:37:30 +01:00
Chris Smowton
c8eefb7c5c Golang: Mark filepath.IsLocal as a tainted-path sanitizer guard 2025-07-15 14:47:17 +01:00
Owen Mansel-Chan
9661ee407f Fix compilation of DataFlowImplConsistency.qll 2025-07-15 13:51:45 +01:00
Owen Mansel-Chan
391e9f7471 Merge pull request #20000 from owen-mc/go/request-forgery 
Go: Add `Head` and `Client.Head` from `net/http` as request forgery sinks
 2025-07-12 00:30:23 +01:00
Owen Mansel-Chan
a5333ae1a1 Add change note 2025-07-08 16:51:22 +01:00
Owen Mansel-Chan
990043ce86 Add net/http.Head and net/http.Client.Head as client requests 
They were previously deliberately excluded.
 2025-07-08 14:31:48 +01:00
Owen Mansel-Chan
71703aa497 Improve formatting of some QL 2025-07-08 14:29:11 +01:00
github-actions[bot]
24a0ac1223 Post-release preparation for codeql-cli-2.22.2 2025-07-07 18:15:04 +00:00
github-actions[bot]
f12daefabe Release preparation for version 2.22.2 2025-07-07 14:00:26 +00:00
Owen Mansel-Chan
9663ecad21 Avoid using deprecated class 2025-06-26 01:46:14 +01:00
Owen Mansel-Chan
0f07ab58cf Merge pull request #19654 from owen-mc/go/fix-definedtype-getbasetype 
Go: fix `DefinedType.getBaseType`
 2025-06-26 00:19:19 +01:00
Owen Mansel-Chan
d7b1d7bef4 Merge pull request #19677 from owen-mc/go/better-class-names-and-helpers 
Go: Improve two class names and add some helper predicates
 2025-06-26 00:17:32 +01:00
Chris Smowton
2291e10ce6 Fix typo 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-06-25 21:38:22 +02:00
github-actions[bot]
6972c7a872 Post-release preparation for codeql-cli-2.22.1 2025-06-24 12:55:14 +00:00
github-actions[bot]
3e074b2425 Release preparation for version 2.22.1 2025-06-24 08:55:31 +00:00
Nora Dimitrijević
e233501144 Go: mass enable diff-informed data flow 
An auto-generated patch that enables diff-informed data flow in the obvious cases.

Builds on https://github.com/github/codeql/pull/18345 and https://github.com/github/codeql-patch/pull/88
 2025-06-11 18:44:24 +02:00
github-actions[bot]
21463a9653 Post-release preparation for codeql-cli-2.22.0 2025-06-09 18:50:20 +00:00
github-actions[bot]
88ba02edf8 Release preparation for version 2.22.0 2025-06-09 18:14:51 +00:00
Chuan-kai Lin
631502e129 Merge branch 'main' into cklin/rc-3.18-mergeback 2025-06-09 07:19:40 -07:00
Owen Mansel-Chan
ecd0291b6a Add change note for deprecation 2025-06-05 11:00:00 +01:00
Owen Mansel-Chan
c4a8ac4980 Add helper predicates for TypeSpec 2025-06-05 10:51:39 +01:00
Owen Mansel-Chan
d9bc165c72 Add helper predicates for FieldDecl 2025-06-05 10:35:25 +01:00
Owen Mansel-Chan
82e8d3af8d Improve two class names 2025-06-05 10:34:53 +01:00
Owen Mansel-Chan
b2f310cda7 Add change note 2025-06-03 15:36:03 +01:00
Owen Mansel-Chan
40000840c1 Fix definition of DefinedType.getBaseType 2025-06-03 14:50:03 +01:00
github-actions[bot]
d2c6875eac Post-release preparation for codeql-cli-2.21.4 2025-05-27 18:16:21 +00:00
github-actions[bot]
bfb91e95e3 Release preparation for version 2.21.4 2025-05-27 17:22:05 +00:00
Owen Mansel-Chan
46a6b8ad07 Add change note 2025-05-22 15:21:51 +01:00