hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-29 14:23:03 +01:00
Code Issues Packages Projects Releases Wiki Activity
331 Commits 1,684 Branches 159 Tags
0aa46becf95e27fcc4556d43fa7e58c092bb0cfc
Commit Graph

331 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Sauyon Lee
0aa46becf9 extractor: Use -mod=vendor when a vendor directory exists 2020-03-10 16:44:03 -07:00
Sauyon Lee
cdf3bc4fa0 Merge pull request #52 from max-schaefer/issue-48 
Improve taint-tracking through pointers and other fixes
 2020-03-09 06:36:43 -07:00
Max Schaefer
4dca00e99c Merge pull request #45 from sauyon/go-mod-libs 
Go.mod extraction libraries and tests
 2020-03-09 09:40:41 +00:00
Sauyon Lee
2d879458ba Merge pull request #49 from max-schaefer/more-function-outputs 
Make `FunctionOutput` more useful
 2020-03-06 09:41:40 -08:00
Max Schaefer
1be0cc57a8 Add test case from https://github.com/github/codeql-go/issues/48. 2020-03-06 17:35:50 +00:00
Max Schaefer
bcb9ce2498 Add another test for StringBreak. 2020-03-06 17:35:50 +00:00
Max Schaefer
bf6865b96a Add model of ioutil.ReadAll 2020-03-06 17:35:50 +00:00
Max Schaefer
f599243a34 Conflate references and referents more thoroughly in taint tracking. 2020-03-06 17:35:50 +00:00
Max Schaefer
aa8bc972d9 Address review comments. 2020-03-06 15:03:45 +00:00
Sauyon Lee
3d88032f81 Address review comments. 
Co-authored-by: Max Schaefer <max-schaefer@github.com>
 2020-03-06 06:51:30 -08:00
Sauyon Lee
43fbf47da3 Add a change note about go.mod extraction 2020-03-06 06:51:28 -08:00
Sauyon Lee
555b0a9527 Add a GoModFile class 2020-03-06 06:51:27 -08:00
Sauyon Lee
38596dddc0 Address review comments. 
Co-authored-by: Max Schaefer <max-schaefer@github.com>
 2020-03-06 06:51:26 -08:00
Sauyon Lee
34f34e2241 GoModExpr.qll: Rename getOffsetToken to GoModLine.getToken 
Also add getRawToken to do what getToken did before, and fix up
documentation.
 2020-03-06 06:51:25 -08:00
Sauyon Lee
4b9cc87c2e Add test for replace line with versions 2020-03-06 06:51:24 -08:00
Sauyon Lee
25577a8108 Remove DependencyCustomizations 2020-03-06 06:51:24 -08:00
Sauyon Lee
78239accd5 Dependencies: Make getAnImport() more precise 
In particular, ensure that the go file importing the dependency is under
the directory of the file where the dependency is declared.

Co-authored-by: Max Schaefer <max-schaefer@github.com>
 2020-03-06 06:51:23 -08:00
Sauyon Lee
b27e63ba83 Address review comments 
Co-authored-by: Max Schaefer <max-schaefer@github.com>
 2020-03-06 06:51:22 -08:00
Sauyon Lee
dd3f98c549 extractor: Don't log directory being walked for go.mod files 2020-03-06 06:51:21 -08:00
Sauyon Lee
5911b7005a Add tests for dependencies library 2020-03-06 06:51:20 -08:00
Sauyon Lee
dddc8cecd4 Add go.mod expression tests 2020-03-06 06:51:19 -08:00
Sauyon Lee
6c78490bbe Add libraries modeling dependencies 2020-03-06 06:51:18 -08:00
Sauyon Lee
d92e49fb17 Add libraries for go.mod expressions 2020-03-06 06:51:17 -08:00
Max Schaefer
f875afca53 Merge pull request #47 from sauyon/use-bufio 
Use bufio and don't sync FS
 2020-03-06 10:59:30 +00:00
Max Schaefer
3a7910da5a Introduce (un-)marshaling functions as a concept and instantiate it with the functions in encoding/json. 2020-03-06 10:07:54 +00:00
Max Schaefer
9bcbfb2911 Fix flow step from global functions to their use. 
How does anything work.
 2020-03-06 09:41:35 +00:00
Max Schaefer
a7ecb50a34 Add taint-tracking model for append. 2020-03-06 09:41:35 +00:00
Max Schaefer
4f061005cb Add a taint-tracking model for copy. 2020-03-06 09:41:35 +00:00
Max Schaefer
3f8d2117d8 Introduce post-update nodes for arguments with a mutable type. 2020-03-06 09:41:35 +00:00
Max Schaefer
b99c63d180 Factor out an auxiliary predicate. 2020-03-06 09:41:35 +00:00
Max Schaefer
af2c7aae5d Don't rely on flow through function models in definition of PostUpdateNode. 2020-03-06 09:41:35 +00:00
Max Schaefer
185d0910c3 Sharpen stringConcatStep to exclude addition. 2020-03-06 09:41:35 +00:00
Sauyon Lee
c027bbaadf Use buffered writers 2020-03-05 21:12:15 -08:00
Max Schaefer
b8338896be Merge pull request #33 from sauyon/extract-go-mod 
Add extraction for go.mod files
 2020-03-05 09:38:21 +00:00
Sauyon Lee
f2358a0a86 Find all go.mod files before extraction 2020-03-04 16:08:55 -08:00
Sauyon Lee
cca762dbc0 gomodextractor.go: Emit pseudo comment groups to table 2020-03-04 06:26:44 -08:00
Sauyon Lee
e75497ed3b update stats sha and stats 2020-03-04 06:26:43 -08:00
Sauyon Lee
db4efd6124 Add support for extracting go.mod files 2020-03-04 06:26:42 -08:00
Sauyon Lee
89caafb0e1 labels.go: Make label generation slightly more uniform 2020-03-04 06:21:20 -08:00
Sauyon Lee
70e916376c labels.go: Make LocalID more generic 2020-03-04 06:21:19 -08:00
Sauyon Lee
a403d60acc Add go mod dependency 
Also update tools dependency to latest master
 2020-03-04 06:21:18 -08:00
Sauyon Lee
66a3d40348 Fix typos in tables.go 2020-03-04 06:21:17 -08:00
Sauyon Lee
d694d59757 Merge pull request #44 from max-schaefer/remove-uniqueness 
Remove a mistaken uniqueness annotation.
 2020-03-04 06:20:58 -08:00
Max Schaefer
1ae0dd46ec Clarify method identity. 2020-03-04 12:53:37 +00:00
Max Schaefer
6a3730ead2 Merge pull request #43 from sauyon/phony-testdb 
Makefile: make testdb target phony
 2020-03-04 12:08:09 +00:00
Sauyon Lee
c3b57e4e74 Makefile: make testdb target phony 2020-03-04 03:27:11 -08:00
Max Schaefer
264478f4b8 Remove a mistaken uniqueness annotation. 2020-03-04 10:34:55 +00:00
Sauyon Lee
5e71a04fdf Merge pull request #42 from max-schaefer/experimental-guidelines 
Add guidelines for experimental CodeQL queries and libraries.
 2020-03-02 10:22:41 -08:00
Sauyon Lee
2dc42b8814 Merge pull request #41 from max-schaefer/interface-embedding 
Fix `NamedType.getMethod` to take interface embedding into account.
 2020-03-02 10:21:24 -08:00
Max Schaefer
56e07356fc Update ql/test/experimental/README.md 
Co-Authored-By: Felicity Chapman <felicitymay@github.com>
 2020-03-02 10:20:07 +00:00