hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
49,970 Commits 1,671 Branches 157 Tags
778826b5280290197d8474bf449645ff82f1abcf
Commit Graph

436 Commits

Author SHA1 Message Date
Owen Mansel-Chan
778826b528 Accept test changes 
Note that
go/ql/test/library-tests/semmle/go/Types/QualifiedNames.expected and
go/ql/test/library-tests/semmle/go/Types/Types.expected gain two lines.
In both cases this is because GenericArray and GenericSignature are
each instantiated twice, so they appear with two different locations.
 2023-02-10 22:09:20 +00:00
Owen Mansel-Chan
202c0be303 Add hasLocationInfo for Types 
It returns a dummy location except for named types with a type
declaration in the source.
 2023-02-10 22:09:20 +00:00
Michael B. Gale
ad4ae1c331 Merge pull request #12132 from github/mbg/fix/log-injection-precision 
Go: Downgrade `go/log-injection` precision to medium
 2023-02-09 10:29:24 +00:00
Michael B. Gale
70a6ff84af Add change note 2023-02-09 09:56:36 +00:00
Chris Smowton
f113eaa77d Merge pull request #12059 from pwntester/go_twirp_support 
[GoLang] Add support for Twirp framework
 2023-02-08 21:55:56 +00:00
Michael B. Gale
46d49cd66f Downgrade log injection precision to medium 
This is in line with the precision of this query for other languages
 2023-02-08 15:49:06 +00:00
Owen Mansel-Chan
18335854b6 Update go/ql/lib/semmle/go/frameworks/Twirp.qll 
Co-authored-by: Michael B. Gale <mbg@github.com>
 2023-02-08 15:33:35 +00:00
Chris Smowton
99bed0b089 Merge pull request #12127 from smowton/smowton/perf/golang-less-string-construction 
Go: Consolidate repeated calls to `matches` and `regexpMatch`
 2023-02-08 11:07:39 +00:00
Alvaro Muñoz
764155ce97 remove bracket 2023-02-08 11:57:03 +01:00
Michael B. Gale
3abf321071 Merge pull request #11496 from github/mbg/add/writable-file-closed-error-query 
Go: Add query to detect lack of error handling for `os.File.Close` on writable handles
 2023-02-08 10:53:44 +00:00
Owen Mansel-Chan
931c683146 Use regex for case-insensitive string comparisons 
This is slightly more efficient.
 2023-02-08 10:45:07 +00:00
Owen Mansel-Chan
c427f8fc95 Do not import file defining a Configuration 2023-02-08 06:31:25 +00:00
Chris Smowton
99d3f689dc Consolidate repeated calls to matches and regexpMatch 
This is especially useful if it avoids temporary string construction, such as toLowerCase().matches(...)
 2023-02-07 19:22:49 +00:00
Chris Smowton
cd2fc6566f Merge pull request #12101 from owen-mc/go/gofmt-remove-confusing-error-message 
Fix files that gofmt can't parse
 2023-02-06 10:58:54 +00:00
Mathias Vorreiter Pedersen
00fe448e3a Merge pull request #12072 from aschackmull/dataflow/stage3-perf 
Dataflow: Fix join in `fwdFlowRead` (take 2)
 2023-02-06 10:43:11 +00:00
Michael B. Gale
f7a2a8677a Rename change note file 2023-02-06 09:13:11 +00:00
Michael B. Gale
6c0d2bdee1 Add example without defer statement 2023-02-06 09:10:41 +00:00
Michael B. Gale
25f907867b Update expected test output 2023-02-06 08:51:46 +00:00
Michael B. Gale
abe38373da Inline precededBySync 2023-02-06 08:47:47 +00:00
Michael B. Gale
c252ec0414 Add test for deferred close that returns error 2023-02-06 08:47:47 +00:00
Michael B. Gale
e05bce9863 Update expected test results 2023-02-06 08:47:46 +00:00
Michael B. Gale
314ecab90a Use dominatesNode and improve variable naming 2023-02-06 08:47:46 +00:00
Michael B. Gale
85a339030b Make the query a path-problem 2023-02-06 08:47:46 +00:00
Michael B. Gale
199c8641ec Rename close to sink in query 2023-02-06 08:47:46 +00:00
Michael B. Gale
f648b021a9 Despecialise parameter names for precededBySync 2023-02-06 08:47:46 +00:00
Michael B. Gale
bd6c167be6 Fixup: more docs improvements 2023-02-06 08:47:46 +00:00
Michael B. Gale
f866e16679 Use any instead of exists for isCloseSink 2023-02-06 08:47:45 +00:00
Michael B. Gale
5ab6056b26 Fixup: docs comment 2023-02-06 08:47:45 +00:00
Michael B. Gale
3f446bc76e Use three-argument hasQualifiedName 2023-02-06 08:47:45 +00:00
Michael B. Gale
07041bb659 Use Method instead of Function where able 2023-02-06 08:47:45 +00:00
Michael B. Gale
416ed57583 Fix qldoc comments 2023-02-06 08:47:45 +00:00
Michael B. Gale
f321adf9f4 Fix typo 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2023-02-06 08:47:44 +00:00
Michael B. Gale
10109b4925 Fix class comments 2023-02-06 08:47:44 +00:00
Michael B. Gale
49ce91fd5b Update precision to high 2023-02-06 08:47:44 +00:00
Michael B. Gale
7e9617f3ce Detect lack of error handling for os.File.Close 2023-02-06 08:47:43 +00:00
Owen Mansel-Chan
9ed7836367 Fix files that gofmt can't parse 
We have some .go files that gofmt can't parse because they don't start
with "package". This was intentional, as they are fragments to be
included in .qhelp files. They don't affect the return code as gofmt
doesn't change their formatting, so this wasn't changing the result of
the check. However, it was confusing that when the check failed because
some other files weren't formatted correctly, the user would see the
stderr complaining about those files, so we capture stderr.

It would be an improvement to print which files are not formatted
correctly, but that was beyond my abilities with bash and makefiles.
 2023-02-06 07:16:58 +00:00
github-actions[bot]
57f40ccd48 Post-release preparation for codeql-cli-2.12.2 2023-02-03 21:12:22 +00:00
Alvaro Muñoz
23c7bc8143 import RequestForgery from tests.ql 2023-02-03 22:05:50 +01:00
Sarita Iyer
8edd378290 Merge pull request #12077 from github/codeql-cli-articles-migration-update 
Update CodeQL CLI docs articles and links to point to new location on GitHub Docs site
 2023-02-03 15:25:33 -05:00
Alvaro Muñoz
04d5b7e579 make RequestForgery import private 2023-02-03 18:19:35 +01:00
Alvaro Muñoz
4b198f9af8 apply code review feedback 2023-02-03 18:12:49 +01:00
Alvaro Muñoz
844193d065 use regexp to capture generated file names 2023-02-03 18:08:56 +01:00
Alvaro Muñoz
1d0e80c2f5 Apply suggestions from code review 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2023-02-03 17:59:29 +01:00
Alvaro Muñoz
3002230af9 remove duplicated import 2023-02-03 17:48:13 +01:00
Owen Mansel-Chan
2f637e2c8e Remove unused variable 2023-02-03 16:36:20 +00:00
Alvaro Muñoz
c517eb89b2 add more sinks 2023-02-03 17:33:08 +01:00
Alvaro Muñoz
20dc30d7e8 add RequestForgery test 2023-02-03 16:38:56 +01:00
Alvaro Muñoz
6b3d458865 Apply suggestions from code review 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2023-02-03 16:20:21 +01:00
Alvaro Muñoz
c7637a7e1f Apply suggestions from code review 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2023-02-03 16:19:48 +01:00
Alvaro Muñoz
a0cf8e786c fix SSRF sink 2023-02-03 16:16:00 +01:00