hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
63,235 Commits 1,671 Branches 157 Tags
75b13da4e422c6f00519b51a3d29017cebf40aab
Commit Graph

1485 Commits

Author SHA1 Message Date
Owen Mansel-Chan
90f07d2116 Add pragma[nomagic] to member 'succ0' 2024-01-03 16:54:58 +00:00
Owen Mansel-Chan
697aa609f4 Merge pull request #15211 from owen-mc/go/redefine-successfully-extracted-files 
Go: report any extracted file as successfully extracted
 2024-01-03 16:07:09 +00:00
Owen Mansel-Chan
14cffc3170 Merge pull request #15128 from owen-mc/go/fix-fp-incorrect-integer-conversion-signedness 
Go: fix FP in incorrect integer conversion query relating to strict comparisons with MaxInt and MaxUint
 2024-01-03 14:57:34 +00:00
Owen Mansel-Chan
bb44141390 Add QLDoc for succ0 2024-01-03 14:55:56 +00:00
Owen Mansel-Chan
032574f3d1 Make succ0 private 2024-01-03 14:55:42 +00:00
Owen Mansel-Chan
6ecf6ea3ac Rename succSimple to succ0 2024-01-03 14:51:57 +00:00
Owen Mansel-Chan
0279e4903f Mention query in change note 2024-01-03 13:02:49 +00:00
Owen Mansel-Chan
13b00bae17 Update test expectation 2024-01-02 22:38:30 +00:00
Owen Mansel-Chan
9f8b5bccc2 Go: report any extracted file as successfully extracted 2024-01-02 21:39:28 +00:00
Owen Mansel-Chan
19c5d1fd1d Merge pull request #15181 from felickz/go-xxe-libxml2 
GO - Add sink for libxml2 in go/xml/xpath-injection via XPath.qll
 2023-12-24 22:04:46 +00:00
Chad Bentz
730f6ed5b0 Merge branch 'main' into go-xxe-libxml2 2023-12-22 11:57:43 -05:00
Chad Bentz
86c258df7e mention sinks in changelog 2023-12-22 16:56:54 +00:00
Chad Bentz
cf25cc9531 Add docs 2023-12-22 16:53:21 +00:00
Aditya Sharad
b1803d0ac2 Merge rc/3.12 into main 2023-12-21 16:40:51 -08:00
Chad Bentz
7c93a2c825 Add const XMLParseNoEnt to stub 2023-12-21 00:49:14 +00:00
Chad Bentz
667861f575 depstubber with latest change 
- still failing with ./tst.go:195:25: undefined: parser.XMLParseNoEnt
 2023-12-21 00:42:37 +00:00
Chad Bentz
6f3867d804 stub the type Parser + the function New 
(it will automatically make stubs for all the methods on that type)

Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2023-12-20 19:25:48 -05:00
Chad Bentz
4c46be1ed0 Use 3 arg overload on Method for hasQualifiedName for Package/Name/Type 2023-12-21 00:23:01 +00:00
Owen Mansel-Chan
9697d76c2d Stratify CFG::succ to avoid recursion 
The first level doesn't deal with defer statements properly.
The second level usees the first level to deal with them properly.
 2023-12-19 21:33:13 +00:00
github-actions[bot]
8f72b0e4f7 Post-release preparation for codeql-cli-2.15.5 2023-12-19 10:32:57 +00:00
github-actions[bot]
19af35b29a Release preparation for version 2.15.5 2023-12-18 21:22:44 +00:00
Owen Mansel-Chan
5a2c48f37f Add change note 2023-12-17 06:28:35 +00:00
Owen Mansel-Chan
e45e92eaa7 Fix MaxIntOrMaxUint.isBoundFor 
It was wrong for strictnessOffset = 1 before.
 2023-12-17 06:16:33 +00:00
Owen Mansel-Chan
36c4f5d1b2 Add failing test 
The cause of the test failure is confusion about
whether the architecture is 32 bit or 64 bit.
 2023-12-17 04:43:14 +00:00
Chad Bentz
b02bac5190 Test run 2023-12-15 22:55:10 +00:00
amammad
4d9aad92a1 remove a duplicate test 2023-12-14 17:08:18 +01:00
amammad
d84333dad8 added *ReadBody* Methods as UntrustedFlowSource 2023-12-14 15:31:09 +01:00
Anders Schack-Mulligen
a1068ce2f9 Dataflow: deprecate references 2023-12-14 15:05:33 +01:00
Tom Hvitved
c8b4a215bc Merge pull request #14573 from hvitved/flow-summary-impl-param 
Move `FlowSummaryImpl.qll` to `dataflow` pack
 2023-12-14 12:24:15 +01:00
Tom Hvitved
098afb935b Address more review comments 2023-12-14 09:48:45 +01:00
Jeroen Ketema
99e65df6ce Merge remote-tracking branch 'upstream/rc/3.12' into mb12 2023-12-13 15:43:39 +01:00
dependabot[bot]
dae1a5c70e Bump the extractor-dependencies group in /go/extractor with 1 update 
Bumps the extractor-dependencies group in /go/extractor with 1 update: [golang.org/x/tools](https://github.com/golang/tools).

- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.16.0...v0.16.1)

---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-12-13 04:02:50 +00:00
Owen Mansel-Chan
5675df842e Merge pull request #15054 from owen-mc/go/find-more-callees-for-captured-variables 
Go: Also follow jump steps when looking for a callee source
 2023-12-12 15:49:15 +00:00
Mathew Payne
7a48152ea9 Add Go Stubs for LibXML2 2023-12-12 15:10:08 +00:00
Chad Bentz
2d33f86d41 Initial Push 
- Sample test  (test not compiling)
- Stubs not generating
 2023-12-12 15:00:00 +00:00
Owen Mansel-Chan
0fb58caa8c Update go/ql/lib/change-notes/2023-12-08-find-more-callees-for-captured-functions.md 
Co-authored-by: Chris Smowton <smowton@github.com>
 2023-12-11 20:42:48 +00:00
amammad
bfa0fb6d74 remove a duplicate test 2023-12-10 22:08:12 +01:00
amammad
cc5416406f added more sinks related to io.Writer of BodyWriter 2023-12-10 22:06:27 +01:00
amammad
b6aaff2e64 use SimpleGlobal with source and sink to find BodyWriter successors globally 2023-12-10 15:45:42 +01:00
Tom Hvitved
35c654aa76 Go: Use FlowSummaryImpl from dataflow pack 2023-12-10 11:25:44 +01:00
Owen Mansel-Chan
2e2a82c237 Add change note 2023-12-08 23:33:58 +00:00
Owen Mansel-Chan
ab68c4e341 Update test 2023-12-08 23:29:44 +00:00
Owen Mansel-Chan
40b3598fd0 Also follow jump steps when looking for a callee source 
This is needed because capturing a variable is a jump step
and we want to find a callee source for captured functions.
 2023-12-08 18:44:14 +00:00
Anders Schack-Mulligen
64eb4ff753 Merge pull request #14983 from aschackmull/dataflow/deprecate-old-api 
Data Flow: Deprecate old data flow api.
 2023-12-08 14:27:25 +01:00
amammad
a3fbc3c20c fix ResponseBody Class issues 2023-12-07 19:36:27 +01:00
amammad
dbf01a9284 fix an issue in ResponseBody, change isHTMLEscape to isHtmlEscape 2023-12-07 08:52:55 +01:00
github-actions[bot]
92af5f5386 Post-release preparation for codeql-cli-2.15.4 2023-12-06 22:59:22 +00:00
github-actions[bot]
c04457e9e7 Release preparation for version 2.15.4 2023-12-06 21:11:50 +00:00
amammad
20a3211d06 move sanitizers from sharedxss::sanitizer to EscapeFunction::Range, added proper inline tests 2023-12-06 16:19:34 +01:00
amammad
3e0ed0090f added BodyWriter Sink, added proper content-type header in tests to comply new changed xss strategy 2023-12-06 16:00:36 +01:00