hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 21:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
72,357 Commits 1,747 Branches 166 Tags
3c0af498db588c2fd3974fd64f58687b33360581
Commit Graph

754 Commits

Author SHA1 Message Date
Owen Mansel-Chan
196634ecdb Model slices package 
Skipping functions that involve iterators for now.
 2024-11-26 12:01:09 +00:00
Owen Mansel-Chan
47eb407be9 Update Go version in stdlib tests 2024-11-26 12:00:10 +00:00
Owen Mansel-Chan
9aede5f433 Merge pull request #17494 from owen-mc/go/reinstate-mad-with-fixes 
Go: reinstate models-as-data sink conversions with fixes
 2024-11-20 14:50:47 +00:00
Owen Mansel-Chan
bf824cac0a Allow package-level variables in MaD 2024-11-19 16:59:42 +00:00
Owen Mansel-Chan
307fdc0864 Add tests for heuristic logger calls 2024-11-19 11:41:53 +00:00
Owen Mansel-Chan
874dc83f3f Update test expectations 2024-11-19 11:28:43 +00:00
Owen Mansel-Chan
bc784268fd Make Logrus log injection tests more comprehensive 2024-11-19 11:18:28 +00:00
Owen Mansel-Chan
791313fbdf Add tests for logrus.FieldLogger 2024-11-19 11:18:26 +00:00
Owen Mansel-Chan
cc62db796c Add tests for Xorm first argument of varargs slice 2024-11-19 11:18:24 +00:00
Owen Mansel-Chan
5a0cd2e7d6 Add tests for squirrel.Eq 2024-11-19 11:18:22 +00:00
Owen Mansel-Chan
fbaad09179 Convert mongodb nosql-injection sinks to MaD 2024-11-19 11:18:02 +00:00
Owen Mansel-Chan
e4eef6791a Convert database/sql sql-injection sinks to MaD 2024-11-19 11:15:42 +00:00
Owen Mansel-Chan
4cca6cff59 Convert Beego orm sql-injection sinks to MaD 2024-11-19 11:13:32 +00:00
Owen Mansel-Chan
2282a8184b Convert Bun sql-injection sinks to MaD 2024-11-19 11:13:30 +00:00
Owen Mansel-Chan
1ab50fc62c Convert Gorm sql-injection sinks to MaD 2024-11-19 11:13:26 +00:00
Owen Mansel-Chan
fb050e8b43 Convert sqlx sql-injection sinks to MaD 2024-11-19 11:13:23 +00:00
Owen Mansel-Chan
d9d3e74e8c Convert gogf/gf sql-injection sinks to MaD 2024-11-19 11:13:17 +00:00
Owen Mansel-Chan
1315a1e9ae Upgrade and convert gorqlite sql-injection sinks to MaD 2024-11-19 11:13:13 +00:00
Owen Mansel-Chan
924467bebe Convert squirrel sql-injection sinks to MaD (non-existent methods removed) 
Various non-existent methods were modeled, and I couldn't find any
evidence that they used to exist. They aren't in the stubs or tests. I
have removed them.
 2024-11-19 11:13:10 +00:00
Owen Mansel-Chan
06b72e5782 Update models in test expectation files 2024-11-16 19:44:32 +00:00
Owen Mansel-Chan
5745969462 Set subtypes=false when it has no meaning 2024-11-16 19:34:23 +00:00
Owen Mansel-Chan
d31700cf92 Accept changes in models in .expected files 2024-11-12 11:34:29 +00:00
Owen Mansel-Chan
dfd8e7d397 Set subtypes column to True in models 
This is almost always what we want.
 2024-11-12 11:21:52 +00:00
Owen Mansel-Chan
57192e8154 Add even more tests 2024-11-11 23:49:58 +00:00
Owen Mansel-Chan
e813fa346b Fix case in some test-related file names 2024-11-11 23:48:34 +00:00
Owen Mansel-Chan
4a1fce9168 Test non-promoted fields and methods 2024-11-11 23:46:10 +00:00
Owen Mansel-Chan
e46ec5a171 Fix MaD inheritance 2024-11-11 23:41:11 +00:00
Owen Mansel-Chan
0b24235de4 Update test results 2024-11-09 07:56:44 +00:00
Owen Mansel-Chan
9afdee4697 Accept changed test results and improve test 2024-11-09 07:55:02 +00:00
Owen Mansel-Chan
38ee2d418a Fix bug by extracting more pointer types 2024-11-08 13:57:36 +00:00
Owen Mansel-Chan
5094cb851b Add test showing bug (SEmbedP.PMethod not showing) 2024-11-08 13:57:34 +00:00
Tom Hvitved
95e9d013cc Update expected test output 2024-11-04 12:07:06 +01:00
Tom Hvitved
2b37c6cd32 Merge pull request #17548 from hvitved/shared/inline-test-post-process 
Shared: Post-processing query for inline test expectations
 2024-10-31 11:40:11 +01:00
Tom Hvitved
540b433f5a Go: Post-processing query for inline test expectations 2024-10-29 13:35:35 +01:00
Tom Hvitved
b111194fbc Shared: Simplify PrettyPrintModels.ql 2024-10-29 13:35:28 +01:00
Tom Hvitved
7a2105b1d5 Go: Update expected test output 2024-10-23 10:41:13 +02:00
Owen Mansel-Chan
7ed82068ef Add type param decls to AST viewer hierarchy 2024-10-17 15:39:16 +01:00
Owen Mansel-Chan
b8ea8400d1 Add type param decls to PrintAST tests 2024-10-17 15:37:31 +01:00
Edward Minnix III
ade5686e52 Merge pull request #17335 from egregius313/egregius313/go/dataflow/models/stdin 
Go: Implement `stdin` models
 2024-10-14 10:38:27 -04:00
Edward Minnix III
0abc0d1a67 Fix: ActiveThreatModelSource 2024-10-09 11:35:07 -04:00
Chris Smowton
58fd1a2241 Merge pull request #17357 from smowton/smowton/feature/go-indistinguishable-types 
Go: extract and expose struct tags, interface method IDs
 2024-10-09 11:06:02 +01:00
Chris Smowton
ab99509a11 Rework interface for querying private interface method ids 2024-10-08 19:23:22 +01:00
Chris Smowton
e1963a5fcd autoformat 2024-10-08 19:23:12 +01:00
Chris Smowton
7a7ff4a91e Apply review comments 2024-10-08 19:23:11 +01:00
Chris Smowton
5d14070cd4 Fix test file 2024-10-08 19:23:10 +01:00
Chris Smowton
22ed2f9ae3 Autoformat CodeQL 2024-10-08 19:23:09 +01:00
Chris Smowton
dcbb66d366 Go: extract and expose struct tags, interface method IDs 
This enables us to distinguish all database types in QL. Previously structs with the same field names and types but differing tags, and interface types with matching method names and at least one non-exported method but declared in differing packages, were impossible or only sometimes possible to distinguish in QL. With this change these types can be distinguished, as well as permitting queries to examine struct field tags, e.g. to read JSON field name associations.
 2024-10-08 19:23:06 +01:00
Tom Hvitved
16feaf15e2 Go: Update expected test output 2024-10-07 09:23:39 +02:00
Ed Minnix
26b49dd0df Fix test expectation 2024-10-01 15:56:40 -04:00
Ed Minnix
e18389718c Implement stdin models 
Unfortunately due to how variable and varargs work, these are better
done in QL
 2024-10-01 15:56:31 -04:00