hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-29 22:32:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,887 Commits 1,684 Branches 159 Tags
2a80a60468b11742db146f2cf933ae6d1ca2feaa
Commit Graph

1887 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Sauyon Lee
2a80a60468 Add GeneratedFile concept 2021-04-27 01:18:19 -07:00
Sauyon Lee
3393588353 Move concepts imports to Concepts.qll 2021-04-27 01:18:18 -07:00
Sauyon Lee
7a790340ed Merge pull request #526 from sauyon/fix-bad-error-locs 
Extract dummy files for errors without locations
 2021-04-27 01:07:22 -07:00
Sauyon Lee
b808c187cf Add test with curly braces in filename 2021-04-21 21:14:41 -07:00
Sauyon Lee
f15b65d07e Extract dummy files for errors with no location 2021-04-21 21:14:40 -07:00
Sauyon Lee
488f7f5b9b Use pre-transformed path for extractor fileinfo 2021-04-21 21:14:40 -07:00
Chris Smowton
90c4b5d63f Switch to using HTML entities for escaping 2021-04-21 21:14:39 -07:00
Chris Smowton
06c958e61f Extractor: tolerate curly braces in struct field tags, directory names 
These previously produced malformed TRAP. I have checked the other uses of GlobalID and don't see any others that should require escaping.
 2021-04-21 21:14:39 -07:00
Sauyon Lee
466d87684d Merge pull request #528 from sauyon/tuple-map-read 2021-04-21 08:50:40 -07:00
Chris Smowton
9ab1a8d144 Reword change note 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2021-04-21 15:28:28 +01:00
Chris Smowton
e50ad90856 Elaborate comment and change-note a little 2021-04-21 12:36:43 +01:00
Chris Smowton
a152eec9f2 Add test for ExtractTupleElementInstruction.getResultType() 2021-04-21 12:33:51 +01:00
Chris Smowton
4fb714f445 Simplify implementation of ExtractTupleElementInstruction.getResultType 2021-04-21 12:33:00 +01:00
Sauyon Lee
7efbcec50d Add change note 2021-04-20 23:27:03 -07:00
Sauyon Lee
50bb6187b8 Revert ReflectedXss.go to example 2021-04-20 23:27:03 -07:00
Sauyon Lee
d1daca541e Add types for more tuple extractions 
Specifically, extractions where the RHS is a map element read or a channel receive
will now have types.
 2021-04-20 14:23:31 -07:00
Sauyon Lee
ba2da6d9a9 Add test exercising channel data flow 2021-04-20 14:23:31 -07:00
Chris Smowton
0cef5fb5d0 Add test case for map extraction 2021-04-20 14:23:29 -07:00
Chris Smowton
f40211bd20 Merge pull request #527 from smowton/smowton/fix/http-request-taint-tracking 
Improve net/http taint-tracking fidelity
 2021-04-20 12:40:19 +01:00
Chris Smowton
b2e92fa084 Remove needless model of Part.Read 
Read already gets a model as an implementation of the `Reader` interface.
 2021-04-20 11:05:36 +01:00
Chris Smowton
948e064440 Fix mis-modelling Part.Read 2021-04-20 11:03:17 +01:00
Chris Smowton
027a540c67 Update test expectations now that tuple-extracts not method calls are sources 2021-04-19 17:05:50 +01:00
Chris Smowton
a367950014 Restore OpenRedirect's exclusion of POST-only request components 2021-04-19 17:05:23 +01:00
Chris Smowton
685f4fa2a6 Add change note 2021-04-19 16:13:16 +01:00
Chris Smowton
7d258ae722 Improve net/http taint-tracking fidelity 
* Don't taint error returns from http.Request methods
* Track taint across mime/multipart.Part methods
 2021-04-19 16:05:23 +01:00
Chris Smowton
dbcf1e1cfa Merge pull request #520 from sauyon/add-diagnosticfile 
Add a new diagnostics file class and use it for errors
 2021-04-09 15:48:57 +01:00
Sauyon Lee
80fe7384cd Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2021-04-09 14:30:23 +01:00
Sauyon Lee
4462948cfc Add a new diagnostics file class and use it for errors 2021-04-09 14:30:23 +01:00
Chris Smowton
46b5f11457 Merge pull request #438 from gagliardetto/clevergo 
Pilot #0: Add web framework `clevergo`
 2021-04-09 09:48:58 +01:00
Slavomir
8e839f376e Put all tests file in to the CleverGo folder instead of having dedicated folders for each test. 2021-04-09 08:38:37 +01:00
Slavomir
4ae5bdbbec Improve naming of files and elements. 2021-04-09 08:38:37 +01:00
Slavomir
7ea0434514 Move clevergo framework to experimental 2021-04-09 08:38:37 +01:00
Slavomir
3915305361 Refactor and improve HTTP:ResponseBody models and tests 2021-04-09 08:38:37 +01:00
Slavomir
8c18aa6cbd Simplify HTTP::HeaderWrite 2021-04-09 08:38:37 +01:00
Slavomir
7edf739602 Model HTTP::HeaderWrite; regenerate stubs 2021-04-09 08:38:37 +01:00
Slavomir
93ff2459d1 Use docs instead of comments for classes. 2021-04-09 08:38:36 +01:00
Slavomir
0fe7050e7e Add models for HTTP::ResponseBody 2021-04-09 08:38:36 +01:00
Slavomir
98b3cc2dc4 Fix autoformatting 2021-04-09 08:38:36 +01:00
Slavomir
c53d8d3e56 Add http redirect model 2021-04-09 08:38:36 +01:00
Slavomir
55c8d9b22c Make naming more consistent 2021-04-09 08:38:36 +01:00
Slavomir
1de7196060 Regenerate dep stubs 2021-04-09 08:38:36 +01:00
Slavomir
0c1ae62ce9 Use //go:generate depstubber --vendor --auto 2021-04-09 08:38:36 +01:00
Slavomir
f95f35387f Cleanup comments 2021-04-09 08:38:36 +01:00
Slavomir
bdc5f90c97 Cleanup comments 2021-04-09 08:38:36 +01:00
Slavomir
d3d7d2d103 Simplify UntrustedSources struct fields 2021-04-09 08:38:36 +01:00
Slavomir
c01259ec2c Simplify UntrustedSources interface methods 2021-04-09 08:38:36 +01:00
Slavomir
54abdf1a95 Regenerate tests 2021-04-09 08:38:36 +01:00
Slavomir
a6c1acfaba Fix imports 2021-04-09 08:38:36 +01:00
Slavomir
a90f609c53 Manually add packagePath() predicate 2021-04-09 08:38:36 +01:00
Slavomir
928c12da57 Simplify UntrustedSources methods 2021-04-09 08:38:36 +01:00