hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-06 15:49:08 +01:00
Code Issues Packages Projects Releases Wiki Activity
53,700 Commits 1,703 Branches 162 Tags
6bfdbef697c20325bcdb7809d146414db30beb44
Commit Graph

192 Commits

Author SHA1 Message Date
Alex Ford
924ce250dd Merge pull request #12847 from github/post-release-prep/codeql-cli-2.13.0 
Post-release preparation for codeql-cli-2.13.0
 2023-04-18 14:40:40 +01:00
Tom Hvitved
f6d000eb20 Merge pull request #12805 from hvitved/remove-queries-xml 
Remove all `queries.xml` files
 2023-04-18 10:52:14 +02:00
github-actions[bot]
648f0e19ec Post-release preparation for codeql-cli-2.13.0 2023-04-17 15:39:24 +00:00
github-actions[bot]
075d063370 Release preparation for version 2.13.0 2023-04-14 13:31:30 +00:00
Alex Eyers-Taylor
c6a482819a Bump all qlpacks major versions 2023-04-13 19:15:27 +01:00
Alex Ford
8c46bfd051 Merge pull request #12816 from github/rc/3.9 
Merge `rc/3.9` into `main`
 2023-04-13 12:35:41 +01:00
Tom Hvitved
3cc9dec9c8 Remove all queries.xml files 2023-04-13 11:18:58 +02:00
Chris Smowton
18d00c1116 Autoformat QL 2023-04-12 14:19:03 +01:00
Chris Smowton
a673610e18 Adapt query not to depend on TaintTracking::FunctionModel 2023-04-12 14:19:01 +01:00
github-actions[bot]
ac426b1302 Post-release preparation for codeql-cli-2.12.6 2023-04-04 16:49:26 +00:00
Owen Mansel-Chan
00fd23d7b9 Merge pull request #12396 from porcupineyhairs/GoJwtSignImprovements 
Go: Add more JWT sinks
 2023-04-04 13:28:38 +01:00
Porcupiney Hairs
e9615c57e9 Go: Add more JWT sinks 
This pull requests adds modelling for `katras/iris/v12/middleware/jwt`, `katras/jwt` and `gogf/gf-jwt` frameworks.
 2023-03-31 23:11:24 +05:30
Owen Mansel-Chan
9ac0c57a3e Fix alert message to match style guide 2023-03-31 16:47:57 +01:00
Owen Mansel-Chan
cf89b00f47 Fix variable names in QLDocs 2023-03-31 16:47:57 +01:00
Owen Mansel-Chan
513409e082 Fix formatting of QLDocs 2023-03-31 16:47:56 +01:00
Owen Mansel-Chan
7a25200962 Remove fields which are only used in char pred 2023-03-31 16:47:55 +01:00
Owen Mansel-Chan
a113b8e8a4 No need for singleton set 2023-03-31 16:47:55 +01:00
github-actions[bot]
0a3218676c Release preparation for version 2.12.6 2023-03-30 19:25:06 +00:00
github-actions[bot]
e87ce62f95 Post-release preparation for codeql-cli-2.12.5 2023-03-30 13:48:58 +00:00
Asger F
6d665da4dc Merge pull request #12570 from github/post-release-prep/codeql-cli-2.12.5 
Post-release preparation for codeql-cli-2.12.5
 2023-03-21 13:06:25 +01:00
github-actions[bot]
981e171525 Post-release preparation for codeql-cli-2.12.5 2023-03-17 13:27:00 +00:00
Chris Smowton
3e9924fcd2 Add change note 2023-03-16 15:35:00 +00:00
github-actions[bot]
fe4d27e8cc Release preparation for version 2.12.5 2023-03-16 12:58:50 +00:00
Asger F
6e744093e2 Merge pull request #12398 from github/post-release-prep/codeql-cli-2.12.4 
Post-release preparation for codeql-cli-2.12.4
 2023-03-09 15:38:21 +01:00
Chris Smowton
a63a4c29e2 Go: fix incorrect-integer-conversion sanitizer 
This was amended as part of https://github.com/github/codeql/pull/12186, but the conversion was inadequate because the new implementation didn't work when a sink (type conversion) led directly to a non-`localTaintStep` step, such as a store step or an interprocedural step. Here I move the sink back one step to the argument of the type
conversion and sanitize the result of the conversion instead, to ensure there is always a unique local successor to a sink.

This should eliminate unexpected extra results that resulted from https://github.com/github/codeql/pull/12186. Independently there are also *lost* results that stem from needing a higher `fieldFlowBranchLimit` that are not addressed in this PR, but raising that limit is a performance risk and so I will address this separately.
 2023-03-08 09:48:35 +00:00
github-actions[bot]
af61b45785 Post-release preparation for codeql-cli-2.12.4 2023-03-04 14:16:55 +00:00
Jeroen Ketema
549fb0324b Apply suggestions from code review 2023-03-03 15:26:38 +01:00
github-actions[bot]
462da63970 Release preparation for version 2.12.4 2023-03-03 14:11:51 +00:00
Chris Smowton
be468fe122 Change note 2023-02-17 19:21:15 +00:00
github-actions[bot]
8eb8daa4d4 Post-release preparation for codeql-cli-2.12.3 2023-02-16 17:23:25 +00:00
github-actions[bot]
b0315119c6 Release preparation for version 2.12.3 2023-02-16 11:49:06 +00:00
Owen Mansel-Chan
947a9f12a1 Make DiagnosticsReporting.qll a library 2023-02-13 11:59:36 +00:00
Michael B. Gale
70a6ff84af Add change note 2023-02-09 09:56:36 +00:00
Michael B. Gale
46d49cd66f Downgrade log injection precision to medium 
This is in line with the precision of this query for other languages
 2023-02-08 15:49:06 +00:00
Chris Smowton
99bed0b089 Merge pull request #12127 from smowton/smowton/perf/golang-less-string-construction 
Go: Consolidate repeated calls to `matches` and `regexpMatch`
 2023-02-08 11:07:39 +00:00
Michael B. Gale
3abf321071 Merge pull request #11496 from github/mbg/add/writable-file-closed-error-query 
Go: Add query to detect lack of error handling for `os.File.Close` on writable handles
 2023-02-08 10:53:44 +00:00
Chris Smowton
99d3f689dc Consolidate repeated calls to matches and regexpMatch 
This is especially useful if it avoids temporary string construction, such as toLowerCase().matches(...)
 2023-02-07 19:22:49 +00:00
Michael B. Gale
f7a2a8677a Rename change note file 2023-02-06 09:13:11 +00:00
Michael B. Gale
6c0d2bdee1 Add example without defer statement 2023-02-06 09:10:41 +00:00
Michael B. Gale
abe38373da Inline precededBySync 2023-02-06 08:47:47 +00:00
Michael B. Gale
314ecab90a Use dominatesNode and improve variable naming 2023-02-06 08:47:46 +00:00
Michael B. Gale
85a339030b Make the query a path-problem 2023-02-06 08:47:46 +00:00
Michael B. Gale
199c8641ec Rename close to sink in query 2023-02-06 08:47:46 +00:00
Michael B. Gale
f648b021a9 Despecialise parameter names for precededBySync 2023-02-06 08:47:46 +00:00
Michael B. Gale
bd6c167be6 Fixup: more docs improvements 2023-02-06 08:47:46 +00:00
Michael B. Gale
f866e16679 Use any instead of exists for isCloseSink 2023-02-06 08:47:45 +00:00
Michael B. Gale
5ab6056b26 Fixup: docs comment 2023-02-06 08:47:45 +00:00
Michael B. Gale
3f446bc76e Use three-argument hasQualifiedName 2023-02-06 08:47:45 +00:00
Michael B. Gale
07041bb659 Use Method instead of Function where able 2023-02-06 08:47:45 +00:00
Michael B. Gale
416ed57583 Fix qldoc comments 2023-02-06 08:47:45 +00:00