hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 06:42:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,164 Commits 1,684 Branches 159 Tags
0ee7bbbaa7ff76efd06c82681e11f95c83babbbd
Commit Graph

1164 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Chris Smowton
0ee7bbbaa7 Extend oauth2 tests 2020-09-02 15:05:21 +01:00
Chris Smowton
f61c62d2d8 Generalise isReturnedWithError 
It now recognises any function returning an Error alongside other return values
 2020-09-02 15:05:21 +01:00
Chris Smowton
9e4ee0accf OAuth2 constant state query: trace local URLs across reference operations and Sprintf calls 2020-09-02 15:05:21 +01:00
Chris Smowton
050a823397 OAuth2 exclusion: hide cases that clearly target an out-of-band process or private HTTP server 2020-09-02 15:05:21 +01:00
Chris Smowton
bcb65157e6 Oauth2-state query: treat log calls the same as stdout printers 
These presumably get to the user somehow, and in conjunction with stdin use are enough to identify use of oauth at the terminal.
 2020-09-02 15:05:21 +01:00
Chris Smowton
3d877fc67d Oauth2 state: note bufio.NewScanner is also a sign of probable terminal-interactive use 2020-09-02 15:05:21 +01:00
Chris Smowton
6fee4f382f Constant-oauth2-state: exclude strings returned alongside an error value 
For example, getState() { ... return "", someError } is commonly seen in the wild.
 2020-09-02 15:05:21 +01:00
Chris Smowton
aac303c0a2 Merge pull request #287 from smowton/smowton/feature/restore-repo-after-build 
Restore repo layout post-autobuild
 2020-09-02 13:38:36 +01:00
Chris Smowton
246e8b1b27 Make failure to restore a file to its original location non-fatal 2020-09-02 11:44:43 +01:00
Chris Smowton
8de188a6ca Restore repo layout post-autobuild 2020-09-02 11:44:43 +01:00
Max Schaefer
be64f3ed22 Merge pull request #316 from gagliardetto/standard-lib-pt-17 
Move `path` and `path/filepath` packages to stdlib
 2020-09-02 08:26:11 +01:00
Slavomir
386005d361 Add path and path/filepath packages to stdlib 2020-09-01 13:09:41 +02:00
Sauyon Lee
976151c08f Merge pull request #315 from max-schaefer/fix-frontend-errors 
Fix frontend errors in test.
 2020-08-28 12:40:11 -07:00
Max Schaefer
2fe8fb9d83 Fix frontend errors in test. 2020-08-28 12:01:33 +01:00
Max Schaefer
031a48ecd3 Merge pull request #296 from owen-mc/allocation-size-overflow-improve-sanitizers-easy 
Add new sanitizer guard to Allocation size overflow query
 2020-08-28 07:44:45 +01:00
Max Schaefer
b4550f244b Merge pull request #313 from github/rc/1.25 
Merge rc/1.25 into main
 2020-08-27 14:27:26 +01:00
Sauyon Lee
1743dae7b0 Merge pull request #312 from smowton/smowton/autobuilder-fixes-fixed-further 
Autobuilder: always check the vendor directory works and if go.mod exists
 2020-08-27 04:16:04 -07:00
Chris Smowton
4d084372b5 Fix autobuilder Go version comparison 
The semver package requires versions of the form v1.2.3, and unhelpfully evaluates any malformed versions as equal.
 2020-08-27 11:02:23 +01:00
Chris Smowton
c6dbb9fcb2 Tidy up -mod argument stringification 2020-08-27 10:46:36 +01:00
Chris Smowton
b13b54f7d7 Don't try to use -mod=... when go.mod doesn't exist 
Also don't pass a blank argument to `go` when using an old version.
 2020-08-26 13:56:36 +01:00
Chris Smowton
9ad2d6c119 Factor default and custom install paths 
These now follow the same route:

* Run a default or custom build script
* If needed, check if vendor/ is usable
* If it isn't, or if their build failed, install dependencies using go get etc

This commit shouldn't cause any behavioural change.
 2020-08-26 12:02:54 +01:00
Chris Smowton
859b427881 Check if the vendor/ directory is usable, even after a successful build 2020-08-26 11:53:50 +01:00
Sauyon Lee
8f6b25e0ac autobuilder: Use -mod=mod for vendor directories wihtout modules.txt 2020-08-26 11:25:30 +01:00
Sauyon Lee
70d425d317 autobuilder: move vendor check before dependency installation check 
This means dependency installation is still attempted when a vendor
directory is inconsistent.
 2020-08-26 11:25:30 +01:00
Sauyon Lee
852ae9397b autobuilder: Test for vendor inconsistency 2020-08-26 11:25:30 +01:00
Sauyon Lee
28c69743a4 Add workaround for go 1.14 explicit vendoring requirement 
This only applies for module files for which no Go version has
been specified; Go will assume these should be parsed with the
latest Go version, which will cause them to fail if the vendor
directory has been generated with an old version of Go, as
the vendor/modules.txt will not meet the new requirements for
consistency.
 2020-08-26 11:25:30 +01:00
Max Schaefer
34d5e970ff Merge pull request #311 from owen-mc/add-missing-change-notes 
Add missing change notes
 2020-08-26 11:21:00 +01:00
Owen Mansel-Chan
7fd5e7e978 Add change note for https://github.com/github/codeql-go/pull/277 2020-08-26 10:54:18 +01:00
Owen Mansel-Chan
ad6c94e8f9 Add change note for https://github.com/github/codeql-go/pull/251 2020-08-26 07:58:19 +01:00
Owen Mansel-Chan
210208b003 Add change note for https://github.com/github/codeql-go/pull/226 2020-08-26 07:46:56 +01:00
Owen Mansel-Chan
d4a377b7cc Add change note for https://github.com/github/codeql-go/pull/107 
The model for websocket was included in another change note
 2020-08-26 07:21:05 +01:00
Owen Mansel-Chan
944b69066e Add change note for github/codeql-go#125 2020-08-26 07:20:24 +01:00
Max Schaefer
3376e45508 Merge pull request #309 from owen-mc/restore-gin-change-note 
Add change note for Gin framework
 2020-08-25 10:42:57 +01:00
Owen Mansel-Chan
dc99a62dca Add change note for Gin framework 
This was originally put in too early because the Gin framework was
accidentally not added to the default includes.

This reverts commit 41e98d6afc.
 2020-08-25 10:29:42 +01:00
Sauyon Lee
0de8ac3b87 Merge pull request #305 from max-schaefer/consistency-queries 
Enable consistency queries in tests
 2020-08-25 01:01:11 -07:00
Max Schaefer
76f3bd63ac Merge pull request #306 from max-schaefer/fix-stringops-magic 
Prevent misoptimisation in `StringOps`.
 2020-08-25 08:45:54 +01:00
Max Schaefer
b72c4f958c Fix tests for ExprHasNoEffect on non-Linux systems. 2020-08-25 08:05:19 +01:00
Max Schaefer
4c82ad6064 Apply suggestions from code review 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2020-08-25 07:37:11 +01:00
Max Schaefer
bdcb1f233c Prevent misoptimisation in StringOps. 2020-08-24 20:11:23 +01:00
Max Schaefer
ab19d40f4b Merge pull request #304 from max-schaefer/fix-frontend-errors 
Fix frontend errors in tests
 2020-08-24 18:44:32 +01:00
Max Schaefer
57180c24c7 Simplify consistency query. 
Unlike the old ODASA consistency queries, new consistency queries can have expected results, so there is no need to have special handling of files with expected errors.
 2020-08-24 17:39:28 +01:00
Max Schaefer
d7cfcf46a5 Run tests with consistency queries. 2020-08-24 17:39:28 +01:00
Max Schaefer
181438b827 Bump CodeQL version for CI to 2.2.5. 2020-08-24 17:39:28 +01:00
Max Schaefer
42c1116ac7 Merge pull request #303 from github/rc/1.25 
Merge rc/1.25 into main
 2020-08-24 17:22:56 +01:00
Max Schaefer
c06531d9c0 Fix tests for InsecureHostKeyCallback. 2020-08-24 17:18:28 +01:00
Max Schaefer
4d4129313a Fix tests for Gorestful. 2020-08-24 17:18:06 +01:00
Max Schaefer
aad9ce0c97 Fix tests for OpenUrlRedirect. 2020-08-24 17:06:26 +01:00
Max Schaefer
4e202666dc Fix tests for InsecureHostKeyCallback. 2020-08-24 17:06:01 +01:00
Max Schaefer
368227fff5 Fix tests for NegativeLengthCheck. 2020-08-24 17:04:55 +01:00
Max Schaefer
149ceda636 Fix tests for Gorestful. 2020-08-24 17:04:31 +01:00