hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-18 21:44:02 +02:00
Code Issues Packages Projects Releases Wiki Activity
63,804 Commits 1,740 Branches 165 Tags
24a63ae94de387bd61d0f07d67d81d9833f47511
Commit Graph

79 Commits

Author SHA1 Message Date
Tony Torralba
ba1faea630 Go: Promote go/hardcoded-key from experimental 2024-02-14 12:15:14 +01:00
Anders Schack-Mulligen
3b8af1e52a Go: Add empty provenance column to expected files. 2024-02-09 11:32:07 +01:00
Tony Torralba
a0f6b5ea10 Update test expectations 2024-01-09 17:00:20 +01:00
Yunus AYDIN
9e5a80ac59 update select clause and expected file 2023-11-17 13:37:17 +03:00
Yunus AYDIN
7bf7e59017 update expected file 2023-11-17 13:06:46 +03:00
Yunus AYDIN
8ff38321a3 update rule and expected file 2023-11-17 00:08:01 +03:00
Yunus AYDIN
8a24daf293 modify tests and rule 2023-11-15 19:38:16 +03:00
Yunus AYDIN
7877082869 fix tests code issues and expected file 2023-11-15 16:08:20 +03:00
Yunus AYDIN
9178cec0e6 fix test errors 2023-11-15 09:33:52 +03:00
Yunus AYDIN
dbdf9e1a4f remove change-notes and fix build error 2023-11-14 20:19:28 +03:00
Yunus AYDIN
e576650293 remove qhelp file and add qlref 2023-11-14 17:23:42 +03:00
Yunus AYDIN
47ef123601 Fix Pull Requests Problems 2023-11-14 09:26:37 +03:00
Owen Mansel-Chan
359dcf37e9 Merge pull request #14649 from Kwstubbs/go-cors 
Go: Add Cors Gin Support
 2023-11-13 15:46:59 +00:00
Maiky
39ed7876c3 Merge branch 'github:main' into maikypedia/go-ldap-improper-auth 2023-11-12 18:14:05 +01:00
Maiky
2d387a98ce Add go.mod 2023-11-10 01:00:01 +01:00
Kevin Stubbings
57c645bd24 Added support for same struct and added new test 2023-11-05 22:34:35 -08:00
Kevin Stubbings
1f2e8d898d Address Feedback 2023-11-05 14:28:34 -08:00
Kevin Stubbings
3697ef72c4 Small changes 2023-10-31 12:23:18 -07:00
Kevin Stubbings
8ed10317bd Test comment changes 2023-10-31 11:07:41 -07:00
Kevin Stubbings
e0782683eb Added gin cors framework 2023-10-27 17:50:43 -07:00
Maiky
a1e38c3444 Remove unnecessary imports and add returns 2023-10-26 01:16:43 +02:00
Maiky
eccde3f4f1 Add Tests 2023-10-25 18:31:51 +02:00
Maiky
20bf3c7f67 Apply suggestions from code review 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2023-10-15 15:47:19 +02:00
amammad
db9f74bc78 fix tests 2023-10-10 23:15:07 +02:00
amammad
82483a206e fix tests 2023-10-10 23:14:11 +02:00
amammad
38b0ed8176 fix issues according to codereview 2023-10-10 23:12:30 +02:00
amammad
7d73808d60 fix a test mistake, add comments for JWT extension points 2023-10-06 13:31:09 +02:00
amammad
c78f390128 add go generate support, upgrade JWT.qll 2023-09-27 20:17:31 +10:00
amammad
a96b0011f0 clean tests 2023-09-19 22:12:10 +10:00
amammad
2136929164 clean tests 2023-09-19 22:01:40 +10:00
Maiky
52007fb9a2 Change v3 to v2 2023-09-17 21:42:18 +02:00
amammad
40ff16bdaf Merge branch 'main' into amammad-go-JWT 2023-08-29 20:02:57 +10:00
amammad
68392e7ae7 V1 2023-08-28 22:23:51 +10:00
Jeroen Ketema
9d573e5544 Consolidate all InlineFlowTest libraries in the dataflow qlpack 2023-08-24 21:38:46 +02:00
Owen Mansel-Chan
c11da5bf67 Make taint tracking tests use InlineFlowTest 2023-08-10 15:49:50 +01:00
Owen Mansel-Chan
1b4fef9c21 Make HTMLTemplateEscapingPassthrough use new API 
Removed edges and nodes are mostly duplicates. They were only there
originally due to multiple configurations being in scope.
`DataFlow::PathNode` has union semantics for configurations. Nodes are
only generated if they are reachable from a source, but this includes
sources from other configurations.

No alerts are lost.
 2023-08-10 15:49:36 +01:00
Owen Mansel-Chan
ea1f39683d Make DivideByZero use new API 
The extra nodes in .expected files are due to the changes from
https://github.com/github/codeql/pull/13717, which are not applied to
configuration classes extending DataFlow::Configuration or
TaintTracking::Configuration.
 2023-08-10 15:49:35 +01:00
Owen Mansel-Chan
00cc78dfe6 Make CookieWithoutHttpOnly use new API 
The extra nodes in .expected files are due to the changes from
https://github.com/github/codeql/pull/13717, which are not applied to
configuration classes extending DataFlow::Configuration or
TaintTracking::Configuration.
 2023-08-10 15:49:00 +01:00
Porcupiney Hairs
74e5c15eaa Go : Improvements to Timing Attacks query 2023-07-31 06:30:47 +05:30
Porcupiney Hairs
dc0deb5e49 Go : Improvements to DSN Injection query 2023-07-02 17:38:01 +05:30
Owen Mansel-Chan
c0fea85380 Accept test changes 2023-06-20 13:25:49 +01:00
Maiky
d654e98650 Add empty string as source 2023-06-18 22:21:12 +02:00
Jeroen Ketema
97c4f497bc Go: Rewrite inline expectation tests to use parameterized module 2023-06-09 10:41:21 +02:00
Maiky
bf9d0b93d7 Add Improper LDAP Auth Query (CWE-287) 2023-06-03 23:20:11 +02:00
Chris Smowton
ee64ea59e1 Merge pull request #12901 from porcupineyhairs/goDsn 
Go: Add query to detect DSN Injection.
 2023-05-11 22:45:43 +01:00
Porcupiney Hairs
2c518c1fa6 Include changes from review 2023-05-12 01:59:42 +05:30
Porcupiney Hairs
d536157c1a Go : Add query to detect potential timing attacks 2023-05-11 09:57:50 +05:30
Owen Mansel-Chan
270ba09ffb Merge pull request #11732 from owen-mc/go/fix/model-data-flow-through-varargs 
Go: Allow data flow through varargs parameters
 2023-05-11 05:26:40 +01:00
Porcupiney Hairs
ec424d7e51 Go: Add query to detect DSN Injection. 2023-05-11 03:45:29 +05:30
Michael B. Gale
5a44fae515 Go: add test for unrelated A->C data flow 2023-04-28 10:56:12 +01:00