hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
62,503 Commits 1,671 Branches 157 Tags
6f5bce046ca94122e15748766bb1831e40c1575a
Commit Graph

1392 Commits

Author SHA1 Message Date
Owen Mansel-Chan
6f9242b1cb Merge pull request #15162 from owen-mc/go/stratify-cfg-succ 
Go: Stratify `CFG::succ` to avoid recursion
 2024-01-04 14:11:25 +00:00
Owen Mansel-Chan
e2e91ebe1c Fix capitalization in predicate name 
This was introduced by a copy-paste error
 2024-01-04 07:08:37 +00:00
Owen Mansel-Chan
dfd25f705d Add pragma[nomagic] to top-level succ0 and remove cached 2024-01-04 07:06:55 +00:00
Owen Mansel-Chan
90f07d2116 Add pragma[nomagic] to member 'succ0' 2024-01-03 16:54:58 +00:00
Owen Mansel-Chan
697aa609f4 Merge pull request #15211 from owen-mc/go/redefine-successfully-extracted-files 
Go: report any extracted file as successfully extracted
 2024-01-03 16:07:09 +00:00
Owen Mansel-Chan
14cffc3170 Merge pull request #15128 from owen-mc/go/fix-fp-incorrect-integer-conversion-signedness 
Go: fix FP in incorrect integer conversion query relating to strict comparisons with MaxInt and MaxUint
 2024-01-03 14:57:34 +00:00
Owen Mansel-Chan
bb44141390 Add QLDoc for succ0 2024-01-03 14:55:56 +00:00
Owen Mansel-Chan
032574f3d1 Make succ0 private 2024-01-03 14:55:42 +00:00
Owen Mansel-Chan
6ecf6ea3ac Rename succSimple to succ0 2024-01-03 14:51:57 +00:00
Owen Mansel-Chan
0279e4903f Mention query in change note 2024-01-03 13:02:49 +00:00
Owen Mansel-Chan
13b00bae17 Update test expectation 2024-01-02 22:38:30 +00:00
Owen Mansel-Chan
9f8b5bccc2 Go: report any extracted file as successfully extracted 2024-01-02 21:39:28 +00:00
Owen Mansel-Chan
19c5d1fd1d Merge pull request #15181 from felickz/go-xxe-libxml2 
GO - Add sink for libxml2 in go/xml/xpath-injection via XPath.qll
 2023-12-24 22:04:46 +00:00
Chad Bentz
730f6ed5b0 Merge branch 'main' into go-xxe-libxml2 2023-12-22 11:57:43 -05:00
Chad Bentz
86c258df7e mention sinks in changelog 2023-12-22 16:56:54 +00:00
Chad Bentz
cf25cc9531 Add docs 2023-12-22 16:53:21 +00:00
Aditya Sharad
b1803d0ac2 Merge rc/3.12 into main 2023-12-21 16:40:51 -08:00
Chad Bentz
7c93a2c825 Add const XMLParseNoEnt to stub 2023-12-21 00:49:14 +00:00
Chad Bentz
667861f575 depstubber with latest change 
- still failing with ./tst.go:195:25: undefined: parser.XMLParseNoEnt
 2023-12-21 00:42:37 +00:00
Chad Bentz
6f3867d804 stub the type Parser + the function New 
(it will automatically make stubs for all the methods on that type)

Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2023-12-20 19:25:48 -05:00
Chad Bentz
4c46be1ed0 Use 3 arg overload on Method for hasQualifiedName for Package/Name/Type 2023-12-21 00:23:01 +00:00
Owen Mansel-Chan
9697d76c2d Stratify CFG::succ to avoid recursion 
The first level doesn't deal with defer statements properly.
The second level usees the first level to deal with them properly.
 2023-12-19 21:33:13 +00:00
github-actions[bot]
8f72b0e4f7 Post-release preparation for codeql-cli-2.15.5 2023-12-19 10:32:57 +00:00
github-actions[bot]
19af35b29a Release preparation for version 2.15.5 2023-12-18 21:22:44 +00:00
Owen Mansel-Chan
5a2c48f37f Add change note 2023-12-17 06:28:35 +00:00
Owen Mansel-Chan
e45e92eaa7 Fix MaxIntOrMaxUint.isBoundFor 
It was wrong for strictnessOffset = 1 before.
 2023-12-17 06:16:33 +00:00
Owen Mansel-Chan
36c4f5d1b2 Add failing test 
The cause of the test failure is confusion about
whether the architecture is 32 bit or 64 bit.
 2023-12-17 04:43:14 +00:00
Chad Bentz
b02bac5190 Test run 2023-12-15 22:55:10 +00:00
Anders Schack-Mulligen
a1068ce2f9 Dataflow: deprecate references 2023-12-14 15:05:33 +01:00
Tom Hvitved
c8b4a215bc Merge pull request #14573 from hvitved/flow-summary-impl-param 
Move `FlowSummaryImpl.qll` to `dataflow` pack
 2023-12-14 12:24:15 +01:00
Tom Hvitved
098afb935b Address more review comments 2023-12-14 09:48:45 +01:00
Jeroen Ketema
99e65df6ce Merge remote-tracking branch 'upstream/rc/3.12' into mb12 2023-12-13 15:43:39 +01:00
dependabot[bot]
dae1a5c70e Bump the extractor-dependencies group in /go/extractor with 1 update 
Bumps the extractor-dependencies group in /go/extractor with 1 update: [golang.org/x/tools](https://github.com/golang/tools).

- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.16.0...v0.16.1)

---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-12-13 04:02:50 +00:00
Owen Mansel-Chan
5675df842e Merge pull request #15054 from owen-mc/go/find-more-callees-for-captured-variables 
Go: Also follow jump steps when looking for a callee source
 2023-12-12 15:49:15 +00:00
Mathew Payne
7a48152ea9 Add Go Stubs for LibXML2 2023-12-12 15:10:08 +00:00
Chad Bentz
2d33f86d41 Initial Push 
- Sample test  (test not compiling)
- Stubs not generating
 2023-12-12 15:00:00 +00:00
Owen Mansel-Chan
0fb58caa8c Update go/ql/lib/change-notes/2023-12-08-find-more-callees-for-captured-functions.md 
Co-authored-by: Chris Smowton <smowton@github.com>
 2023-12-11 20:42:48 +00:00
Tom Hvitved
35c654aa76 Go: Use FlowSummaryImpl from dataflow pack 2023-12-10 11:25:44 +01:00
Owen Mansel-Chan
2e2a82c237 Add change note 2023-12-08 23:33:58 +00:00
Owen Mansel-Chan
ab68c4e341 Update test 2023-12-08 23:29:44 +00:00
Owen Mansel-Chan
40b3598fd0 Also follow jump steps when looking for a callee source 
This is needed because capturing a variable is a jump step
and we want to find a callee source for captured functions.
 2023-12-08 18:44:14 +00:00
Anders Schack-Mulligen
64eb4ff753 Merge pull request #14983 from aschackmull/dataflow/deprecate-old-api 
Data Flow: Deprecate old data flow api.
 2023-12-08 14:27:25 +01:00
github-actions[bot]
92af5f5386 Post-release preparation for codeql-cli-2.15.4 2023-12-06 22:59:22 +00:00
github-actions[bot]
c04457e9e7 Release preparation for version 2.15.4 2023-12-06 21:11:50 +00:00
Owen Mansel-Chan
aad847497b Merge pull request #14962 from owen-mc/go/improve-tests-incorrect-integer-conversion 
Go: Improve tests for Incorrect Integer Conversion
 2023-12-06 07:40:00 +00:00
Owen Mansel-Chan
570538b4ec Merge pull request #14938 from owen-mc/go/improve-test-unhandled-close-writable-handle 
Go: improve test unhandled close writable handle
 2023-12-04 16:56:09 +00:00
Anders Schack-Mulligen
67f0529cda Dataflow: Sync. 2023-12-04 12:36:57 +01:00
Owen Mansel-Chan
d52b23db8e Improve tests for Incorrect Integer Conversion 
We changed the test query when the query was changed so that the
comments in the test file would stay the same.
I've reverted the test query and updated the comments in the test file.
This avoids problems in the branch switching to use-use flow.
 2023-11-30 11:58:10 +00:00
Owen Mansel-Chan
e958a75223 Add comments indicating whether results are expected at new calls 2023-11-30 11:48:10 +00:00
Owen Mansel-Chan
de87dd5dee Test no result if deferred function returns error 2023-11-28 14:23:37 +00:00