hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 13:15:21 +02:00
Code Issues Packages Projects Releases Wiki Activity
53,700 Commits 1,742 Branches 166 Tags
6bfdbef697c20325bcdb7809d146414db30beb44
Commit Graph

159 Commits

Author SHA1 Message Date
Owen Mansel-Chan
2914480ff6 Avoid platform-specific results 
These were introduced in https://github.com/github/codeql/pull/12750 but
the relevant tests that should have caught it weren't run.
 2023-04-19 11:18:19 +01:00
Tom Hvitved
3cc9dec9c8 Remove all queries.xml files 2023-04-13 11:18:58 +02:00
Chris Smowton
d648b34037 Accept test changes 
These are caused by nodes being hidden by https://github.com/github/codeql/pull/12783
 2023-04-12 15:05:04 +01:00
Chris Smowton
9f4b77e851 Accept test changes 2023-04-12 14:19:06 +01:00
Chris Smowton
0129167cc4 Convert Beego's MapGet method to MaD 2023-04-12 14:19:06 +01:00
Chris Smowton
2abffccded Accept test changes 2023-04-12 14:19:05 +01:00
Chris Smowton
8c553ec0fc Autoformat go 2023-04-12 14:19:05 +01:00
Chris Smowton
ac4dcc6c4b Add ioutil usage to TaintSteps test 
It appears at present the Go standard library imports the deprecated io/ioutil package internally on some platforms but not others. Therefore I add a test explicitly using it to make the test behave more uniformly.
 2023-04-12 14:19:05 +01:00
Chris Smowton
3c48609635 Accept test changes 2023-04-12 14:19:05 +01:00
Chris Smowton
140505222f Update test expectations 2023-04-12 14:19:04 +01:00
Chris Smowton
1a7927d3a1 Fix x/net/html.EscapeString modelling 
This had never worked due to accidentally extending non-abstract class HtmlEscapeFunction; consequently it was neither a taint propagator in general, nor an HTML escape function. Added tests to ensure it is now behaving as intended.
 2023-04-12 14:19:04 +01:00
Chris Smowton
141d6b8d7b Accept paths test changes 2023-04-12 14:19:04 +01:00
Chris Smowton
477341dd3b Remove unnecessary variable 2023-04-12 14:19:04 +01:00
Chris Smowton
18d00c1116 Autoformat QL 2023-04-12 14:19:03 +01:00
Chris Smowton
54d08e11ca Autoformat Go 2023-04-12 14:19:03 +01:00
Chris Smowton
6b9b4c8da0 Remove binary file 2023-04-12 14:19:03 +01:00
Chris Smowton
12f35bc6ac Add missing tests for RevelHeader mutators 2023-04-12 14:19:02 +01:00
Chris Smowton
2024747827 Add missing tests for html.Node taint propagators 
The TaintTracking::FunctionModels for these appeared broken, so I suspect they had never worked.
 2023-04-12 14:19:02 +01:00
Chris Smowton
8f4567349d Add missing NewTokenizerFragment model and test 2023-04-12 14:19:02 +01:00
Chris Smowton
ed7f351be7 Add missing tests for mime/multipart.Part 2023-04-12 14:19:02 +01:00
Chris Smowton
405a56326c Add missing tests for CertStorage 2023-04-12 14:19:02 +01:00
Chris Smowton
803b9d38cc Add missing tests and models for json-patch 2023-04-12 14:19:02 +01:00
Chris Smowton
5e74930881 Add missing tests and models for go-pg/pg/orm.Formatter 2023-04-12 14:19:02 +01:00
Chris Smowton
0249669299 Accept test changes 2023-04-12 14:19:01 +01:00
Chris Smowton
c752777022 Accept test changes 2023-04-12 14:19:01 +01:00
Chris Smowton
a796ddb95b Accept paths-only test changes 2023-04-12 14:19:01 +01:00
Chris Smowton
77b8103cc1 Adapt tests not to depend on TaintTracking::FunctionModel 2023-04-12 14:19:01 +01:00
Chris Smowton
2e70fada8d Bump Go version on test referencing go 1.20 methods 
This turned out not to matter for the extractor, but it means we can check the build using `go build`.
 2023-04-12 14:19:01 +01:00
Chris Smowton
f36a2143f5 Accept more test changes; add some missing models 2023-04-12 14:19:00 +01:00
Chris Smowton
bfc8db90af Accept test changes 
This is 1x path changes without result changes, and 1x expected change since the Encode function is no longer modelled using TaintTracking::FunctionModel
 2023-04-12 14:19:00 +01:00
Chris Smowton
de0caf2445 Go: mass-convert taint-flow models to models-as-data format 2023-04-12 14:18:44 +01:00
Chris Smowton
51ebc0bef2 Amend test now that DataFlowCallable != Callable 2023-04-12 14:15:54 +01:00
Chris Smowton
939a025e11 Go: hide summary nodes from path explanations 
This mirrors behaviours in other languages with MaD summaries
 2023-04-06 16:41:44 +01:00
Owen Mansel-Chan
00fd23d7b9 Merge pull request #12396 from porcupineyhairs/GoJwtSignImprovements 
Go: Add more JWT sinks
 2023-04-04 13:28:38 +01:00
Porcupiney Hairs
e9615c57e9 Go: Add more JWT sinks 
This pull requests adds modelling for `katras/iris/v12/middleware/jwt`, `katras/jwt` and `gogf/gf-jwt` frameworks.
 2023-03-31 23:11:24 +05:30
Owen Mansel-Chan
8e8ffb20a3 Accept test changes caused by alert message change 2023-03-31 16:48:01 +01:00
Owen Mansel-Chan
4fa57bfb2d Use set literal instead of regex comparison 2023-03-31 16:48:00 +01:00
Owen Mansel-Chan
a9f297c031 Use set literal instead of a conjunction 2023-03-31 16:47:59 +01:00
Owen Mansel-Chan
5d93ed5f52 Remove redundant term 
It's hard to tell what the original intention was, but I don't think
the location of qs should be the same as the location of q, so this
term is redundant.
 2023-03-31 16:47:59 +01:00
Owen Mansel-Chan
34bca0612b Use _ for exists-variable that is only used once 2023-03-31 16:47:58 +01:00
Owen Mansel-Chan
513409e082 Fix formatting of QLDocs 2023-03-31 16:47:56 +01:00
Chris Smowton
a63a4c29e2 Go: fix incorrect-integer-conversion sanitizer 
This was amended as part of https://github.com/github/codeql/pull/12186, but the conversion was inadequate because the new implementation didn't work when a sink (type conversion) led directly to a non-`localTaintStep` step, such as a store step or an interprocedural step. Here I move the sink back one step to the argument of the type
conversion and sanitize the result of the conversion instead, to ensure there is always a unique local successor to a sink.

This should eliminate unexpected extra results that resulted from https://github.com/github/codeql/pull/12186. Independently there are also *lost* results that stem from needing a higher `fieldFlowBranchLimit` that are not addressed in this PR, but raising that limit is a performance risk and so I will address this separately.
 2023-03-08 09:48:35 +00:00
Anders Schack-Mulligen
5469a82efb Go,Java,Python: Fix some tests. 2023-02-28 14:31:00 +01:00
Tom Hvitved
879eff41ea Merge branch 'main' into util/inline-expect-test-use-end-line 2023-02-20 10:03:38 +01:00
Chris Smowton
c7da1c9e0d Use example that compiles on 32-bit arch 2023-02-17 19:35:04 +00:00
Chris Smowton
4e86edf4fe Add test case 2023-02-17 19:16:36 +00:00
Tom Hvitved
18c6b68232 Go: Update test expectations 2023-02-17 13:22:29 +01:00
Chris Smowton
3ce7fafb67 Fix unsafe test routine name 2023-02-15 19:05:01 +00:00
Chris Smowton
14655e1d8c Autoformat go 2023-02-15 18:41:14 +00:00
Chris Smowton
7e7850374e Implement standard library models for Go 1.20 2023-02-15 18:29:49 +00:00