hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 06:42:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
2,299 Commits 1,684 Branches 159 Tags
00aae7cba52f17819c7e701478faa0966d445bbd
Commit Graph

791 Commits

Author SHA1 Message Date
Chris Smowton
9309abf8cd Merge pull request #574 from sauyon/dataflow-update 
Update dataflow libraries and add support for CSV summary flow
 2021-12-13 11:28:28 +00:00
Andrew Eisenberg
3cc48fea6a Merge pull request #622 from github/post-release/v2.7.3 
Post release/v2.7.3
 2021-12-10 10:00:11 -08:00
Owen Mansel-Chan
06f889fce6 Update tests for no flow through receivers when no function body 
This branch originally included a commit to enable flow through receivers
when there is no function body. This was dropped, to be pursued later.
 2021-12-08 16:03:18 -05:00
Owen Mansel-Chan
88e7c44a6d Update expected test results with extra nodes 2021-12-08 15:28:28 -05:00
Owen Mansel-Chan
16fdb9aa11 Do not test ReturnValue as input for sink 
The documentation in ExternalFlow.qll does not specify
that "ReturnValue" can be used as the input column.
 2021-12-08 11:20:34 -05:00
Chris Smowton
3cf1459c4f Revert getACallee type change 2021-12-08 11:20:33 -05:00
Owen Mansel-Chan
5ec0b09160 Diasble clearing content and add test for it 2021-12-08 11:20:32 -05:00
Owen Mansel-Chan
e940a53cc6 Test models of flow through fields 2021-12-08 11:20:32 -05:00
Owen Mansel-Chan
d717734820 Do not allow "Argument" on its own 2021-12-08 11:20:30 -05:00
Owen Mansel-Chan
12058a2621 Fix containerStoreStep and containerReadStep 2021-12-08 11:20:29 -05:00
Owen Mansel-Chan
ab8096b717 Add tests for more content types (Element, MapKey, MapValue) 2021-12-08 11:20:28 -05:00
Owen Mansel-Chan
f375553933 Add variadic functions test for function models 2021-12-08 11:20:27 -05:00
Owen Mansel-Chan
b75def62fe Add variadic functions test for external flow 2021-12-08 11:20:27 -05:00
Owen Mansel-Chan
d9848fe515 Add more tests for variadic functions 2021-12-08 11:20:27 -05:00
Owen Mansel-Chan
8044fb2519 Add more flow tests for external flow 2021-12-08 11:20:26 -05:00
Owen Mansel-Chan
63d997f820 (Unimportant) Fix module name for vendored stubs 
This doesn't affect the test, but does mean that you can run
`go build` to check the test would build.
 2021-12-08 11:20:26 -05:00
Owen Mansel-Chan
1929a1f7a7 Fix unrelated test in experimental 2021-12-08 11:20:25 -05:00
Owen Mansel-Chan
5e38f48b74 Autoformat 2021-12-08 11:20:25 -05:00
Owen Mansel-Chan
a3df3614a5 Convert completetest to an inline flow test 2021-12-08 11:20:24 -05:00
Owen Mansel-Chan
8f7a34f9cb Fix external flow tests 2021-12-08 11:20:24 -05:00
Sauyon Lee
3379790686 add flow test involving CSV 2021-12-08 11:20:22 -05:00
Owen Mansel-Chan
038f951e9f Fix containerStoreStep 
Update some comments as well, and change a variable name
 2021-12-08 11:20:20 -05:00
Owen Mansel-Chan
be6501d8e4 Add tests for data and taint flow through arrays and var args 2021-12-08 11:20:20 -05:00
Sauyon Lee
2060731077 Add tests for external flow 2021-12-08 11:20:20 -05:00
Sauyon Lee
afe7edc093 Fix test output 
Includes a bunch of new edges, but no new results
 2021-12-07 07:39:28 -05:00
Sauyon Lee
30ab22f5a6 Fix compilation errors with new DataFlowCallable 2021-12-07 07:39:26 -05:00
Sauyon Lee
3ac2a50497 Update test output 2021-12-07 07:39:21 -05:00
Owen Mansel-Chan
d0c9aacd54 Distinguish variadic and non-variadic signature types in extractor 2021-12-01 09:33:44 -05:00
Owen Mansel-Chan
628835d3b3 Add failing tests for isVariadic 
`nonvariadicDeclaredFunction` has the same signature as
`variadicDeclaredFunction`, so it is being erroneously reported as
variadic.
 2021-12-01 09:32:12 -05:00
Owen Mansel-Chan
acc5c4098a Fix Function.isVariadic to work on external packages 
Going via `getFuncDecl()` didn't work as we don't function declarations
from external packages. It works to use `getType()` instead.
 2021-11-30 15:11:34 -05:00
Owen Mansel-Chan
a6d8deae3e Add Fmt.Fprint to isVariadic tests 
We didn't have any tests involving a function in an imported package.
 2021-11-30 15:07:57 -05:00
Dave Bartolomeo
52b68963d2 Prepare for automatic release prep 2021-11-29 16:47:30 -05:00
Owen Mansel-Chan
f9a3832aa2 Add extractor test that empty interface type exists 2021-11-26 15:16:09 -05:00
Tony Torralba
662f880ab8 Merge pull request #609 from github/atorralba/log-injection-query 
Go: Add Log Injection query (CWE-117)
 2021-11-24 15:41:43 +01:00
tunnelshade
aeaa861fc6 Add Where method of squirrel sql builders to query range 2021-11-23 10:11:31 +05:30
Tony Torralba
f2017b626e Fix stubs 2021-11-22 09:15:12 +01:00
Tony Torralba
c9332cdccb Fix *Depth log levels in glog and klog 2021-11-22 09:15:01 +01:00
Tony Torralba
c886d10388 Add Log Injection query 2021-11-19 17:55:34 +01:00
Chris Smowton
792bc4bce0 Merge pull request #596 from pupiles/feature/cwe-090 
CWE-090: Ldap Injection
 2021-11-10 11:31:36 +00:00
Chris Smowton
f3ba40e29d Update test expectations 2021-11-10 09:42:19 +00:00
Chris Smowton
1ebb47feb3 Fix filename spelling error 2021-11-10 09:29:50 +00:00
pupiles
4d9ce49816 use stubs libs && add heuristic sanitizers 2021-11-10 14:12:45 +08:00
pupiles
97d4359881 add test code 2021-11-09 21:31:35 +08:00
Valeria
9f52a6654e Merge branch 'main' into feature/SSRF 2021-11-04 09:56:10 -03:00
Chris Smowton
6d90b81655 Merge pull request #597 from owen-mc/var-args 
Update dbscheme to add table for variadic signature types
 2021-11-03 11:29:45 +00:00
Owen Mansel-Chan
7c1b7b8810 Fix strictnessOffset in isBoundFor 2021-11-02 15:09:39 +00:00
Owen Mansel-Chan
7de6e17d86 Recognise math.MaxInt and math.MaxUint 
Treat them as if we were on a 32-bit architecture.
 2021-11-02 15:09:06 +00:00
Owen Mansel-Chan
2cc0c80188 Add extra tests 2021-11-02 15:09:05 +00:00
Owen Mansel-Chan
be22373f3e Move Incorrect Integer Conversion tests to InlineFlowTest 2021-11-02 15:09:00 +00:00
Owen Mansel-Chan
109e3660f8 Split Incorrect Integer Conversion into query and lib files 
This is in preparation for changing the tests to use inline
expectations
 2021-11-02 12:43:54 +00:00