hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-29 22:32:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,708 Commits 1,684 Branches 159 Tags
769fddeb381eeaff7723704c5304dc536fbc3058
Commit Graph

1708 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Aditya Sharad
769fddeb38 Merge pull request #491 from adityasharad/actions/docs-review 
Actions: Add workflow to request docs review
 2021-03-03 07:40:26 -08:00
Aditya Sharad
348f8c16d1 Actions: Add workflow to request docs review 
When a PR is labelled with 'ready-for-docs-review',
this workflow comments on the PR to notify the GitHub CodeQL docs team.
Runs on `pull_request_target` events so it can write comments to the PR.
Since this runs in the context of the base repo, it must not check out the PR
or use untrusted data from the event payload.
 2021-03-02 18:05:02 -08:00
Chris Smowton
530b791529 Merge pull request #490 from sauyon/gomoduleauto 
Explicitly set GO111MODULE to auto
 2021-03-01 12:45:39 +00:00
Sauyon Lee
0684143291 Merge pull request #483 from owen-mc/sync-dataflow-libraries 
Sync dataflow libraries
 2021-02-25 11:40:50 -08:00
Sauyon Lee
be14df042d Explicitly set GO111MODULE to auto 2021-02-25 08:22:06 -08:00
Owen Mansel-Chan
f6ff3c009e Merge branch 'main' into sync-dataflow-libraries 2021-02-24 14:14:44 +00:00
Owen Mansel-Chan
e1402b3881 Merge pull request #486 from owen-mc/add-missing-licences-for-stubbed-libraries 
Add license files for stubbed dependencies
 2021-02-23 18:32:42 +00:00
Owen Mansel-Chan
6c0fe2ed45 Merge branch 'main' into add-missing-licences-for-stubbed-libraries 2021-02-23 17:14:28 +00:00
Owen Mansel-Chan
b7323bf9b6 Merge pull request #487 from sauyon/add-shati 
Add shati-patel to CODEOWNERS
 2021-02-23 17:11:28 +00:00
Sauyon Lee
f3969372a4 Add shati-patel to CODEOWNERS 2021-02-23 09:00:10 -08:00
Owen Mansel-Chan
4728b7a866 Add license files for stubbed dependencies 2021-02-23 16:29:17 +00:00
Sauyon Lee
a4b701d2c5 Merge pull request #480 from sauyon/go116 
Add preliminary support for go 1.16
 2021-02-23 08:16:12 -08:00
Owen Mansel-Chan
7e37c2b63a Merge pull request #485 from owen-mc/add-new-location-for-beego 
Add new module path for beego and xmlpath
 2021-02-23 11:06:47 +00:00
Owen Mansel-Chan
ff317e63de Remove http:// in package path 2021-02-22 15:11:59 +00:00
Owen Mansel-Chan
f32b4883bf Make use of URLs in comments more consistent 2021-02-22 15:08:20 +00:00
Owen Mansel-Chan
370afe3383 Fix incorrect calls to package() 2021-02-22 15:08:20 +00:00
Owen Mansel-Chan
083512acef Add extra module path for xmlpath package 2021-02-22 15:08:20 +00:00
Owen Mansel-Chan
2bcf73c9fb Add new module path for beego 
Beego moved from astaxie/beego to beego/beego on 13 Dec 2020. The
old location still works but is not being updated.
 2021-02-22 11:38:13 +00:00
Sauyon Lee
9e45b08178 Merge pull request #484 from sauyon/change-note-action 
Actions: Add change note checker
 2021-02-19 20:12:59 -08:00
Sauyon Lee
17cd04c6b2 Avoid attempting to build i386 darwin binaries 2021-02-19 10:20:29 -08:00
Sauyon Lee
65e6da9b0e Actions: Add change note checker 
Co-authored-by: Taus <tausbn@github.com>
 2021-02-19 09:40:50 -08:00
Sauyon Lee
23103fd8e0 Add support for 'path/filepath.WalkDir' 2021-02-19 07:59:13 -08:00
Sauyon Lee
82849fe91a Explicitly set GO111MODULE=off 2021-02-19 07:59:13 -08:00
Sauyon Lee
41cacd579f Model moved io/ioutil functions 2021-02-19 07:59:12 -08:00
Sauyon Lee
4056ac4ab5 os.FileInfo -> io/fs.FileInfo 2021-02-19 06:25:52 -08:00
Sauyon Lee
adc2f08b76 Add tests for go 1.16 libraries 2021-02-19 06:25:51 -08:00
Sauyon Lee
a327fb7e97 Add support for go 1.16 frameworks 2021-02-19 06:25:51 -08:00
Owen Mansel-Chan
fbbe4692d8 Re-add call to defaultTaintSanitizerGuard() 2021-02-19 14:16:19 +00:00
Owen Mansel-Chan
1c1ebf817f Rename default taint sanitizer predicate 
`defaultTaintSanitizer()` is referenced in one of the files that
gets synced, so it is better for us to not change its name. We should
also keep `defaultTaintSanitizerGuard()` consistent.
 2021-02-19 14:14:12 +00:00
Sauyon Lee
62ae3ec7c5 Add extractor test for go 1.16 2021-02-18 14:52:54 -08:00
Sauyon Lee
fc9bc68829 Add change note for go 1.16 2021-02-18 11:49:00 -08:00
Sauyon Lee
42939a70b8 Update go.mod to 1.16 2021-02-18 11:48:48 -08:00
Sauyon Lee
fee0355ea0 Update actions to use go 1.16 2021-02-18 11:48:36 -08:00
Owen Mansel-Chan
24d35c35a1 Add Unit class to DataFlowPrivate 2021-02-17 16:42:17 +00:00
Owen Mansel-Chan
4f55ecc995 Sync dataflow libraries 2021-02-17 16:32:16 +00:00
Sauyon Lee
e6d11fc99e Merge pull request #475 from sauyon/yaml 
Add models for gopkg.in/yaml
 2021-02-16 15:11:47 +00:00
Chris Smowton
2be66d1d74 Merge pull request #479 from smowton/smowton/admin/add-missing-change-notes 
Add missing change notes
 2021-02-16 09:58:29 +00:00
Owen Mansel-Chan
1c6a68ae93 Merge pull request #478 from owen-mc/update-logrus-model 
Simplify Logrus model
 2021-02-16 07:35:44 +00:00
Sauyon Lee
1acbfaafcc Add models for gopkg.in/yaml 2021-02-15 18:27:09 +00:00
Chris Smowton
95008d1ccb Update change-notes/2021-02-09-html-templates.md 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2021-02-15 14:39:24 +00:00
Chris Smowton
6f5f1c4829 Add missing change notes 2021-02-15 14:07:10 +00:00
Owen Mansel-Chan
46cc9e9fa4 Add change note 2021-02-15 13:51:01 +00:00
Owen Mansel-Chan
a2c0b6ade6 Merge pull request #464 from owen-mc/list-constants-sanitizers 
List of constants sanitizer guards (switch statement in function only)
 2021-02-15 11:39:40 +00:00
Owen Mansel-Chan
6d29a35ac9 Factor the duplicate code in LogCall 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-02-15 11:20:19 +00:00
Owen Mansel-Chan
68c54d43e6 Move code to TaintTrackingUtil.qll 2021-02-15 10:18:00 +00:00
Owen Mansel-Chan
ef94cde0b3 Simplify Logrus model 
Make methods which add data to entries sinks in their own right, rather
than trying to track the data flow of the entry to a later logging call.

This may cause some false positives, but only in the situation that
tainted data is added to an entry and that entry is never logged. It will
save us from false negatives when tainted data is added to an entry
which flows across a function boundary to a logging call.
 2021-02-15 09:18:34 +00:00
Owen Mansel-Chan
4a2a1871f7 Merge pull request #476 from owen-mc/model-zap 
Model zap
 2021-02-13 13:15:06 +00:00
Owen Mansel-Chan
1dc474650a Model zap 2021-02-11 14:35:36 +00:00
Chris Smowton
b9a1d9a17e Merge pull request #474 from sauyon/update-codeql 
Update actions codeql to 2.4.3
 2021-02-11 12:34:51 +00:00
Chris Smowton
2d08173631 Merge pull request #442 from monkey-junkie/main 
[CWE-369] Query for divide by zero detection
 2021-02-11 12:11:45 +00:00