codeql

mirror of https://github.com/github/codeql.git synced 2026-01-30 14:52:57 +01:00

Author	SHA1	Message	Date
Sauyon Lee	cdf3bc4fa0	Merge pull request #52 from max-schaefer/issue-48 Improve taint-tracking through pointers and other fixes	2020-03-09 06:36:43 -07:00
Max Schaefer	4dca00e99c	Merge pull request #45 from sauyon/go-mod-libs Go.mod extraction libraries and tests	2020-03-09 09:40:41 +00:00
Max Schaefer	1be0cc57a8	Add test case from https://github.com/github/codeql-go/issues/48 .	2020-03-06 17:35:50 +00:00
Max Schaefer	bcb9ce2498	Add another test for StringBreak.	2020-03-06 17:35:50 +00:00
Sauyon Lee	4b9cc87c2e	Add test for replace line with versions	2020-03-06 06:51:24 -08:00
Sauyon Lee	b27e63ba83	Address review comments Co-authored-by: Max Schaefer <max-schaefer@github.com>	2020-03-06 06:51:22 -08:00
Sauyon Lee	5911b7005a	Add tests for dependencies library	2020-03-06 06:51:20 -08:00
Sauyon Lee	dddc8cecd4	Add go.mod expression tests	2020-03-06 06:51:19 -08:00
Max Schaefer	9bcbfb2911	Fix flow step from global functions to their use. How does anything work.	2020-03-06 09:41:35 +00:00
Max Schaefer	a7ecb50a34	Add taint-tracking model for `append`.	2020-03-06 09:41:35 +00:00
Max Schaefer	4f061005cb	Add a taint-tracking model for `copy`.	2020-03-06 09:41:35 +00:00
Max Schaefer	185d0910c3	Sharpen `stringConcatStep` to exclude addition.	2020-03-06 09:41:35 +00:00
Sauyon Lee	5e71a04fdf	Merge pull request #42 from max-schaefer/experimental-guidelines Add guidelines for experimental CodeQL queries and libraries.	2020-03-02 10:22:41 -08:00
Max Schaefer	56e07356fc	Update ql/test/experimental/README.md Co-Authored-By: Felicity Chapman <felicitymay@github.com>	2020-03-02 10:20:07 +00:00
Max Schaefer	cef017071f	Move guidelines into `ql` folder.	2020-03-02 09:23:06 +00:00
Max Schaefer	2629f55d95	Add guidelines for experimental CodeQL queries and libraries.	2020-02-28 14:43:00 +00:00
Max Schaefer	90f1a7da75	Fix `NamedType.getMethod` to take interface embedding into account.	2020-02-28 10:37:14 +00:00
Max Schaefer	6dfd5fd934	Extend `Types` tests to cover interfaces.	2020-02-28 10:22:59 +00:00
Sauyon Lee	7a918efbf8	Merge pull request #34 from max-schaefer/receiver-flow Propagate data flow through receivers	2020-02-24 23:58:28 -08:00
Max Schaefer	0f99842f34	Make `Field.getPackage()` behave sensibly. Previously it was never defined, now it gives you the package of the type the field is declared in. This means we have to override `Field.hasQualifiedName/2` to avoid a field `f` in a package `pkg` being considered to have qualified name `pkg.f`.	2020-02-24 12:14:51 +00:00
Max Schaefer	77613a38c5	Add test, which does not work yet.	2020-02-24 09:55:42 +00:00
Sauyon Lee	4d58ebbae6	Merge pull request #32 from max-schaefer/update-data-flow Port recent data-flow improvements	2020-02-21 09:45:14 -08:00
Max Schaefer	6251f1141c	Simplify `getACallee()`.	2020-02-21 11:14:35 +00:00
Max Schaefer	285f392a12	Sharpen the sources for `StringBreak`. `json.Marshal` returns two results, we only want to consider the first one as a source.	2020-02-21 10:19:09 +00:00
Sauyon Lee	3e6a96d21b	IncompleteHostnameRegexp: Use a reluctant regexp This should help make results more comprehensible by including the maximal string after an unescaped dot.	2020-02-19 13:04:16 -08:00
Max Schaefer	69eae987d1	Merge pull request #240 from sauyon/rune-literal-string-value Make rune literal string value its value	2020-02-13 08:47:56 +00:00
Sauyon Lee	74bb4f707d	Make rune literal string value its value	2020-02-12 15:14:58 -08:00
Sauyon Lee	1365da2224	examples/variable: Select declaration as well as the variable This makes the test platform-independent	2020-02-12 10:41:58 -08:00
Sauyon Lee	ae96bd88bc	Merge pull request #239 from max/virtual-dispatch Call-graph API cleanup	2020-02-10 15:05:13 -08:00
Max Schaefer	acd27cdee6	Merge pull request #238 from sauyon/semmle-to-github Rename the go module to github.com/github/codeql-go	2020-02-10 21:02:05 +00:00
Sauyon Lee	677ed6ebf4	Fix tests to use codeql-go repository name	2020-02-10 11:00:01 -08:00
Max Schaefer	d6f3005e0e	Merge branch '235-head'	2020-02-07 20:12:47 +00:00
Sauyon Lee	e4d228fa0f	Fix CleartextStorage tests	2020-02-07 03:13:13 -08:00
Sauyon Lee	6300fdf85e	Remove accidentally added CleartextStorage tests	2020-02-07 03:13:12 -08:00
Sauyon Lee	559ac8f0d2	Fix squirrel test build	2020-02-07 03:12:19 -08:00
Max Schaefer	9400442bea	Add call graph test. This test uses annotations to encode the expected output directly into the source, hence the `.expected` files are trivial.	2020-02-07 11:05:41 +00:00
Sauyon Lee	5dbebe44f5	Package tests: also select raw database path	2020-02-07 02:25:26 -08:00
Sauyon Lee	2cb61911c3	Package tests: Limit to specific packages	2020-02-07 02:23:28 -08:00
Sauyon Lee	9a9561bb12	Remove vendored path prefix of vendored packages	2020-02-07 02:17:54 -08:00
Sauyon Lee	87865afa42	ReflectedXss: Remove FPs from constant prefix Fprintfs	2020-02-03 16:00:33 -08:00
Sauyon Lee	3c88eab84c	Merge pull request #229 from max/string-break Add query to find unsafe quoting	2020-02-03 09:47:36 -08:00
Max Schaefer	af3d91ffd3	Add query StringBreak.	2020-02-03 09:01:40 +00:00
Max Schaefer	63ca382a0c	Reorganise modelling of string concatenation.	2020-02-03 09:01:40 +00:00
Sauyon Lee	d2e5322b94	Apply review comments	2020-01-28 13:01:35 -08:00
Sauyon Lee	a2b5bb85ab	OpenUrlRedirect: Fix test compilation	2020-01-28 13:01:19 -08:00
Sauyon Lee	abfdd7ee1e	OpenUrlRedirect: make functions like isValidRedirect barrier guards	2020-01-28 12:59:44 -08:00
Sauyon Lee	82635a46ad	OpenUrlRedirect: only make some parts of the URL untrusted	2020-01-28 12:59:43 -08:00
Max Schaefer	2b92cd5ba5	Merge pull request #209 from sauyon/bad-redirect-sanitiser Bad redirect sanitiser	2020-01-28 20:11:46 +00:00
Sauyon Lee	497bfeee83	BadRedirectSanitizer: Use SsaWithFields instead of ValueEntity	2020-01-27 17:33:54 -08:00
Sauyon Lee	f897f68ead	SsaWithFilds: Add a getQualifiedName predicate	2020-01-27 17:33:53 -08:00

1 2 3

105 Commits