hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-21 06:55:31 +02:00
Code Issues Packages Projects Releases Wiki Activity
70,661 Commits 1,741 Branches 165 Tags
31324fc7785e07524e6bc80b0032b347cb92e30d
Commit Graph

2073 Commits

Author SHA1 Message Date
Owen Mansel-Chan
fdff209938 Merge pull request #17505 from owen-mc/go/inheritance-tests 
Go: Add tests for model inheritance and fix bug in promoted methods
 2024-09-26 16:42:25 +01:00
Rasmus Wriedt Larsen
381ea93ec3 Merge pull request #17424 from RasmusWL/active-threat-model-source 
Go/Java/C#: Rename `ThreatModelFlowSource` to `ActiveThreatModelSource`
 2024-09-26 13:08:17 +02:00
Josh Soref
a9e07a88af Downgrade IncorrectIntegerConversionQuery precision to high 
`very-high` implies near 0 false positives and we have run into a number and an entire class

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2024-09-24 22:08:00 -04:00
Owen Mansel-Chan
ea4f9cad3c Mark some test results as SPURIOUS 2024-09-24 22:04:50 +01:00
Owen Mansel-Chan
bcb718ac77 Add change note 2024-09-24 21:39:49 +01:00
Chris Smowton
d673d24ca6 Revise notation to more closely resemble real Go 2024-09-24 17:22:26 +01:00
Chris Smowton
11755482e4 Update test expectation (now signature types pretty-print indicating if they are variadic) 2024-09-24 17:18:10 +01:00
Chris Smowton
40035a0b62 Improve pretty-printer 2024-09-24 17:18:09 +01:00
Chris Smowton
4d3a140dd7 Expose whether functions are variadic in their pp() output 2024-09-24 17:18:08 +01:00
Owen Mansel-Chan
73209638e3 Improve comments in test library 2024-09-24 16:41:10 +01:00
Owen Mansel-Chan
b0caabac86 Also update QL tests 2024-09-24 16:25:55 +01:00
Owen Mansel-Chan
6e428d5083 Fix bug where some methods were inappropriately promoted 2024-09-24 16:25:53 +01:00
Owen Mansel-Chan
0255edf524 Remove tests for sources and sinks 
This is redundant given that we test for paths, and for a path
we need the source, step and sink methods to be modeled.
 2024-09-24 16:25:49 +01:00
Owen Mansel-Chan
afa4b6dd4a Make paths test an inline expectations test 2024-09-24 16:23:33 +01:00
Owen Mansel-Chan
5490f3a957 Add tests for interface embedding interface 2024-09-24 16:23:31 +01:00
Owen Mansel-Chan
279800ea62 Use shorter naming scheme for types 2024-09-24 16:23:26 +01:00
Tom Hvitved
300fdc344d Go: Update expected test output 2024-09-24 14:21:42 +02:00
Owen Mansel-Chan
6a67bd52a9 Add tests for MaD inheritance 2024-09-24 13:21:05 +01:00
Chris Smowton
7e8da94d9a Merge pull request #17216 from smowton/smowton/feature/golang-test-extraction 
Go: support extracting test code
 2024-09-23 16:43:42 +01:00
Chuan-kai Lin
1cd8af54f2 Merge pull request #17190 from github/cklin/diff-informed-java-queries 
Java: add support for alert location restrictions
 2024-09-23 08:39:24 -07:00
Rasmus Wriedt Larsen
63c3a71d95 Merge branch 'main' into active-threat-model-source 2024-09-23 11:18:14 +02:00
Chris Smowton
e528a08794 Autoformat 2024-09-21 22:12:24 +01:00
Anders Schack-Mulligen
3a1e50dcf9 Dataflow: Simplify diff-informed implementation and tweak flag name. 2024-09-20 07:07:10 -07:00
Chris Smowton
f5ff822681 Convert extract-tests option to an official extractor option 2024-09-20 10:03:54 +01:00
Chris Smowton
94cb99e51d Adjust test expectations 2024-09-20 10:03:53 +01:00
Chris Smowton
9d79feb4d3 Autoformat go 2024-09-20 10:03:52 +01:00
Chris Smowton
eb6918f88f Autoformat 2024-09-20 10:03:51 +01:00
Chris Smowton
fd592fa18f Add tests 2024-09-20 10:03:46 +01:00
Owen Mansel-Chan
ded52ccb8e Fix test expectations including double space 2024-09-19 11:01:38 +01:00
Chris Smowton
0d0c94375d Adjust test expectations 2024-09-17 17:27:04 +01:00
Chris Smowton
2d5cbfd4c9 Elaborate comments 2024-09-17 17:18:48 +01:00
Chris Smowton
41726924e0 Update expectations 2024-09-17 17:02:47 +01:00
Chris Smowton
a803d3fb26 Add comments explaining tests 2024-09-17 17:02:46 +01:00
Chris Smowton
09015df8a4 Format 2024-09-17 17:02:45 +01:00
Chris Smowton
992b3c74fc Add data-flow tests for aliasing 2024-09-17 17:02:43 +01:00
github-actions[bot]
79be301984 Post-release preparation for codeql-cli-2.19.0 2024-09-16 14:09:32 +00:00
Chris Smowton
be02864281 Copyedit 2024-09-16 12:25:49 +01:00
github-actions[bot]
acdafd9646 Release preparation for version 2.19.0 2024-09-16 10:56:10 +00:00
Dave Bartolomeo
d6a7c87696 Update test expectations after merge 2024-09-15 13:42:46 +00:00
Dave Bartolomeo
485fc04029 Initial merge from main 2024-09-15 08:55:31 -04:00
Rasmus Wriedt Larsen
13a4df9b68 Go: autoformat 2024-09-13 16:07:27 +02:00
Rasmus Wriedt Larsen
66b61ee25a Go/Java/C#: Add change-note 2024-09-12 10:16:55 +02:00
Rasmus Wriedt Larsen
8c10155eb7 mass rename to ActiveThreatModelSource 2024-09-12 10:16:55 +02:00
Chuan-kai Lin
ff78bebf19 Shared support for alert filtering 2024-09-11 13:18:26 -07:00
Owen Mansel-Chan
13f8488148 Undo spurious test changes 
The go libraries on my local computer seem to have
slightly different go libraries for some reason.
 2024-09-10 23:50:33 +01:00
Owen Mansel-Chan
270fa8d507 Add change note 2024-09-10 16:58:24 +01:00
Owen Mansel-Chan
84c41744c1 Include type parameter's index in its label 2024-09-10 16:52:44 +01:00
Owen Mansel-Chan
9aafcbc1e3 Add test for multiple anonymous type parameters 2024-09-10 16:40:53 +01:00
Rasmus Wriedt Larsen
038bc832a7 Go/Java/C#: Rename to ActiveThreatModelSource 
As part of adding support for threat-models to Python/JS (see
https://github.com/github/codeql/pull/17203), we ran into some trouble
with name clashes.

Naming in existing languages supporting threat-models:
- `SourceNode` (for QL only modeling)
- `ThreatModelFlowSource` (for active sources from QL or data-extensions)

However, since we use `LocalSourceNode` in Python, and `SourceNode` in
JS (for local source nodes), it seems a bit confusing to follow the same
naming convention as other languages, and we had to come up with new names.

Initially I used `ThreatModelSource` for the "QL only modeling", but
that meant that we needed a new name to represent the active sources
coming from either QL or data-extensions... for this I came up with
`ActiveThreatModelSource`, and I really liked it. To me, it's much
clearer that this class only contains the currently active threat
model sources.

So to align languages, I got approval from @michaelnebel to rename the
existing classes.
 2024-09-10 14:46:15 +02:00
github-actions[bot]
97edff3f70 Post-release preparation for codeql-cli-2.18.4 2024-09-09 18:45:46 +00:00