hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-22 23:35:14 +02:00
Code Issues Packages Projects Releases Wiki Activity
77,106 Commits 1,738 Branches 165 Tags
30ff68dc715f5b13b04f0561245ede080d2beb36
Commit Graph

638 Commits

Author SHA1 Message Date
Owen Mansel-Chan
f828f8ea65 Merge pull request #16250 from owen-mc/go/rename-untrusted-flow-source 
Go: Rename `UntrustedFlowSource` to `RemoteFlowSource` to match other language libraries
 2024-04-24 11:37:00 +01:00
Owen Mansel-Chan
b6f6bdc6f4 Make RemoteFlowAsSource private 
`UntrustedFlowAsSource` should have been private. Since we are deprecating them anyway
we may as well make the replacement private (and make it use `instanceof`). The deprecation
comments have been updated.
 2024-04-18 12:31:38 +01:00
Owen Mansel-Chan
a49b43fdf6 Add deprecated version of renamed public classes 2024-04-18 11:49:54 +01:00
Owen Mansel-Chan
db06c08141 Rename UntrustedSource to RemoteSource 
Including renaming some files (in the experimental folder).
 2024-04-18 11:49:30 +01:00
Owen Mansel-Chan
f39301f533 Fix "an remote" and similar 
Preserve case, allow for "a `Remote" etc.
 2024-04-18 11:49:18 +01:00
Owen Mansel-Chan
a6646021d0 Rename Untrusted Flow to Remote Flow 
Not matching case but preserving original case.
 2024-04-18 11:49:05 +01:00
Owen Mansel-Chan
d967b2baa3 Rename UntrustedFlowAsSource to RemoteFlowAsSource 2024-04-18 11:48:04 +01:00
Owen Mansel-Chan
81eaa6e327 Rename UntrustedFlowSource to RemoteFlowSource 
Relaxed whole word requirement. Again skipped one instance in an old
change note.
 2024-04-17 21:35:50 +01:00
Owen Mansel-Chan
5fba9895c6 Rename UntrustedFlowSource to RemoteFlowSource 
Only the whole word. Skipped one instance in an old change note.
 2024-04-17 21:27:32 +01:00
Owen Mansel-Chan
212a0f27ff Add change note 2024-04-17 16:32:53 +01:00
github-actions[bot]
622e176a16 Post-release preparation for codeql-cli-2.17.1 2024-04-16 14:21:32 +00:00
github-actions[bot]
9bfe4ea90a Release preparation for version 2.17.1 2024-04-15 17:34:47 +00:00
github-actions[bot]
8e61c6625b Post-release preparation for codeql-cli-2.17.0 2024-04-01 15:27:42 +00:00
github-actions[bot]
ec97d9a304 Release preparation for version 2.17.0 2024-04-01 13:46:57 +00:00
Max Schaefer
5b07e14fb3 Merge pull request #16055 from github/max-schaefer/go-open-redirect-qhelp 
Go: Improve QHelp for `go/unvalidated-url-redirection`.
 2024-03-27 13:56:48 +00:00
Henry Mercer
0646744928 Merge branch 'main' into henrymercer/merge-back-rc-3.13 2024-03-26 12:59:12 +00:00
Max Schaefer
d7258f76d3 Go: Improve QHelp for go/unvalidated-url-redirection. 
The example showed a different (and better) fix from what the help claimed, but the suggestion also had a subtle bug that I fixed at the same time.
 2024-03-26 10:57:36 +00:00
Max Schaefer
ff23f572d0 Merge pull request #16038 from github/max-schaefer/string-break-qhelp 
Go: Improve QHelp for `go/unsafe-quoting`.
 2024-03-25 20:10:02 +00:00
Max Schaefer
5bc710b406 Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2024-03-25 19:48:56 +00:00
github-actions[bot]
f67b5f9158 Post-release preparation for codeql-cli-2.16.6 2024-03-25 18:17:15 +00:00
github-actions[bot]
71ab804274 Release preparation for version 2.16.6 2024-03-25 16:58:08 +00:00
Max Schaefer
120fb93c23 Go: Improve QHelp for go/unsafe-quoting. 2024-03-25 13:32:51 +00:00
Max Schaefer
ffbe3e6ed4 Merge pull request #16020 from github/max-schaefer/go-path-injection-qhelp 
Go: Update query help for `go/path-injection` to include example fixes.
 2024-03-25 10:25:36 +00:00
Max Schaefer
034ed17227 Apply suggestions from code review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2024-03-22 15:24:29 +00:00
Max Schaefer
bc9396e0e6 Address suggestions from review. 2024-03-22 13:19:36 +00:00
Max Schaefer
4e4cd52f63 Go: Update query help for go/path-injection to include example fixes. 2024-03-22 11:45:59 +00:00
Arthur Baars
c219b1a3c7 Merge pull request #16013 from github/rc/3.13 
Merge rc/3.13 into main
 2024-03-21 16:04:58 +01:00
Henry Mercer
4e3a6e2140 Merge pull request #15874 from github/henrymercer/mark-loc-as-telemetry 
Show lines of code data in debug mode only
 2024-03-21 12:20:09 +00:00
Henry Mercer
a76832f4e0 Mark LOC queries as debug instead 2024-03-20 21:18:55 +00:00
Dave Bartolomeo
311ba8ea1b Merge from main to resolve conflicts 2024-03-19 10:41:31 -04:00
Tom Hvitved
fc55567d90 Merge pull request #15853 from hvitved/dataflow/get-location 
Data flow: Replace `hasLocationInfo` with `getLocation`
 2024-03-18 20:21:46 +01:00
github-actions[bot]
aebe9f6992 Post-release preparation for codeql-cli-2.16.5 2024-03-18 12:16:26 +00:00
github-actions[bot]
0a6243d07b Release preparation for version 2.16.5 2024-03-18 10:14:07 +00:00
Max Schaefer
d3e0a90ae5 Go: Mention raw string iterals in QHelp for go/incomplete-hostname-regexp. 2024-03-15 11:22:40 +00:00
Tony Torralba
20691e409c Add change note 2024-03-14 11:56:43 +01:00
Tony Torralba
d8c0ab8e1f Go: Consider more strings as hardcoded credentials 2024-03-14 10:11:39 +01:00
Tom Hvitved
e4a4c18166 Go: Implement new data flow interface 2024-03-13 14:41:57 +01:00
Henry Mercer
c325ff8a23 Mark lines of code queries as telemetry queries 
The new file coverage metrics are available in all supported GHES
versions. This PR tags lines of code queries as telemetry queries. Lines
of code information will still be available in the SARIF file, but it
will no longer be displayed in the logging output of the CLI.

The one exception is the metric queries for Java/Kotlin that provides
separate lines of code information for Java and Kotlin. I've kept these
since separate file coverage information for languages like Java and
Kotlin is only available for GHES 3.12 and later.
 2024-03-11 16:40:31 +00:00
Tony Torralba
04436208ab Merge pull request #15843 from atorralba/atorralba/go/uncontrolled-allocation-size 
Go: Promote `go/uncontrolled-allocation-size` from experimental
 2024-03-11 16:12:27 +01:00
Tony Torralba
ff2d78d2c8 Update go/ql/src/Security/CWE-770/UncontrolledAllocationSize.ql 2024-03-11 15:53:40 +01:00
Tony Torralba
a09eb9f4c5 Update go/ql/src/Security/CWE-770/UncontrolledAllocationSize.ql 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2024-03-11 08:58:59 +01:00
Owen Mansel-Chan
820c14577a Merge pull request #13553 from am0o0/amammad-go-bombs 
Go: Decompression Bombs
 2024-03-10 13:48:04 +00:00
am0o0
43df6a2c07 add comments for already implemented io.Read and io.WriteTo Sinks. 
remove some sinks about `"decompressor"` which was added wrongly.
change `GeneralReadIoSink` type from module to class.
separate `KlauspostGzipAndPgzip` `KlauspostPgzip` and `KlauspostGzip`.
 2024-03-08 20:05:46 +04:00
am0o0
66130d208e convert abstract predicate isAdditionalFlowStep to non-abstract 2024-03-08 19:30:41 +04:00
Tony Torralba
138ce42cf6 Fix qhelp 2024-03-07 15:22:46 +01:00
Tony Torralba
7d74125508 Go: Promote go/uncontrolled-allocation-size 2024-03-07 15:17:49 +01:00
github-actions[bot]
dc9092c9ec Post-release preparation for codeql-cli-2.16.4 2024-03-06 22:19:33 +00:00
github-actions[bot]
2f058ffb4d Release preparation for version 2.16.4 2024-03-06 20:56:51 +00:00
Angela P Wen
ce31f8641a Revert "Release preparation for version 2.16.4" 2024-03-06 12:07:33 -08:00
Owen Mansel-Chan
f1115af146 Merge pull request #15130 from Malayke/main 
Go: new query for detect DOS vulnerability
 2024-03-06 11:32:57 +00:00