hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-23 12:16:33 +01:00
Code Issues Packages Projects Releases Wiki Activity
63,284 Commits 1,672 Branches 157 Tags
792f302bd4dee4c7558e2ce5bbea7edb51f9896f
Commit Graph

85 Commits

Author SHA1 Message Date
Tony Torralba
05b487e3a6 Go: Recognize unsafe candidate selection in go/insecure-randomness 2024-01-11 11:58:12 +01:00
Tony Torralba
5e8c63c3aa Use arg position instead of arg as class field to reduce number of instances 2024-01-10 14:12:29 +01:00
Tony Torralba
78c0cdfa2c Apply suggestions from code review 
co-authored-by: Owen Mansel-Chan <owen-mc@github.com>
 2024-01-10 13:33:41 +01:00
Tony Torralba
3534f692dc Fix test expectations 
Barrier-in addition removes an overlapping path
 2024-01-10 13:33:41 +01:00
Tony Torralba
a0f6b5ea10 Update test expectations 2024-01-09 17:00:20 +01:00
Owen Mansel-Chan
697aa609f4 Merge pull request #15211 from owen-mc/go/redefine-successfully-extracted-files 
Go: report any extracted file as successfully extracted
 2024-01-03 16:07:09 +00:00
Owen Mansel-Chan
14cffc3170 Merge pull request #15128 from owen-mc/go/fix-fp-incorrect-integer-conversion-signedness 
Go: fix FP in incorrect integer conversion query relating to strict comparisons with MaxInt and MaxUint
 2024-01-03 14:57:34 +00:00
Owen Mansel-Chan
13b00bae17 Update test expectation 2024-01-02 22:38:30 +00:00
Chad Bentz
7c93a2c825 Add const XMLParseNoEnt to stub 2023-12-21 00:49:14 +00:00
Chad Bentz
667861f575 depstubber with latest change 
- still failing with ./tst.go:195:25: undefined: parser.XMLParseNoEnt
 2023-12-21 00:42:37 +00:00
Chad Bentz
6f3867d804 stub the type Parser + the function New 
(it will automatically make stubs for all the methods on that type)

Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2023-12-20 19:25:48 -05:00
Owen Mansel-Chan
e45e92eaa7 Fix MaxIntOrMaxUint.isBoundFor 
It was wrong for strictnessOffset = 1 before.
 2023-12-17 06:16:33 +00:00
Owen Mansel-Chan
36c4f5d1b2 Add failing test 
The cause of the test failure is confusion about
whether the architecture is 32 bit or 64 bit.
 2023-12-17 04:43:14 +00:00
Chad Bentz
b02bac5190 Test run 2023-12-15 22:55:10 +00:00
Mathew Payne
7a48152ea9 Add Go Stubs for LibXML2 2023-12-12 15:10:08 +00:00
Chad Bentz
2d33f86d41 Initial Push 
- Sample test  (test not compiling)
- Stubs not generating
 2023-12-12 15:00:00 +00:00
Owen Mansel-Chan
aad847497b Merge pull request #14962 from owen-mc/go/improve-tests-incorrect-integer-conversion 
Go: Improve tests for Incorrect Integer Conversion
 2023-12-06 07:40:00 +00:00
Owen Mansel-Chan
d52b23db8e Improve tests for Incorrect Integer Conversion 
We changed the test query when the query was changed so that the
comments in the test file would stay the same.
I've reverted the test query and updated the comments in the test file.
This avoids problems in the branch switching to use-use flow.
 2023-11-30 11:58:10 +00:00
Owen Mansel-Chan
e958a75223 Add comments indicating whether results are expected at new calls 2023-11-30 11:48:10 +00:00
Owen Mansel-Chan
de87dd5dee Test no result if deferred function returns error 2023-11-28 14:23:37 +00:00
Owen Mansel-Chan
57dafd3732 Improve test for UnhandledCloseWritableHandle 
Now the different paths won't have the same two sources.
 2023-11-28 14:21:43 +00:00
Owen Mansel-Chan
64bf6cc62b Update existing test (extra nodes, no extra alerts) 2023-11-15 15:33:09 +00:00
Owen Mansel-Chan
c1ecd5a0da Merge pull request #14608 from Kwstubbs/golang-cookie-reflectedxss-sanitizer 
Go: GoAdd Cookie Sanitizer to Reflected XSS
 2023-10-27 21:47:39 +01:00
Owen Mansel-Chan
773f46d3b4 Add failing test for upper bound checks 2023-10-26 16:58:36 +01:00
Owen Mansel-Chan
39eeed9238 Add failing test showcasing problem 2023-10-26 10:20:27 +01:00
Kevin Stubbings
21e4a5b2d5 Add Cookie Sanitizer 2023-10-25 22:07:08 -07:00
Michael B. Gale
7d7d90e7e0 Update expected test output 2023-10-11 13:18:27 +01:00
Michael B. Gale
94b0bc1e35 Move go.mod into extractor directory 2023-10-11 13:10:20 +01:00
Owen Mansel-Chan
c0b579c49f Improve tests 2023-09-28 11:00:41 +01:00
Owen Mansel-Chan
7d34ce4dea Rewrite with different flow state 2023-09-28 11:00:34 +01:00
Kevin Stubbings
7d213d5bb9 Add Integer/Boolean Sanitizer 2023-09-12 21:10:11 -07:00
Michael B. Gale
77369a09a4 Merge pull request #13872 from Kwstubbs/Kevin_error_sanitizer 
Go: Add sanitizer to remove paths passing through http.Error
 2023-09-04 13:25:55 +01:00
Jeroen Ketema
9d573e5544 Consolidate all InlineFlowTest libraries in the dataflow qlpack 2023-08-24 21:38:46 +02:00
Michael B. Gale
13d4bd9c0a Make CompareIdenticalValues test work on arm64 2023-08-11 10:51:52 +01:00
Owen Mansel-Chan
8db3e4a9b4 Make IncorrectIntegerConversion use new API 2023-08-10 15:49:47 +01:00
Owen Mansel-Chan
ac1670c0af Make SqlInjection use new API 
The extra nodes in .expected files are due to the changes from
https://github.com/github/codeql/pull/13717, which are not applied to
configuration classes extending DataFlow::Configuration or
TaintTracking::Configuration.
 2023-08-10 15:49:13 +01:00
Owen Mansel-Chan
16ef11a3c3 Make ConstantOauth2State use new API 
Removed edges were only there originally due to multiple configurations
being in scope. `DataFlow::PathNode` has union semantics for
configurations. Nodes are only generated if they are reachable from a
source, but this includes sources from other configurations.

No alerts are lost.
 2023-08-10 15:49:08 +01:00
Owen Mansel-Chan
a7382e06c2 Make ClearTextLogging use new API 
The extra nodes in .expected files are due to the changes from
https://github.com/github/codeql/pull/13717, which are not applied to
configuration classes extending DataFlow::Configuration or
TaintTracking::Configuration.
 2023-08-10 15:48:59 +01:00
Owen Mansel-Chan
1f6cdc7eda Make OpenURLRedirect use new API 
The extra nodes in .expected files are due to the changes from
https://github.com/github/codeql/pull/13717, which are not applied to
configuration classes extending DataFlow::Configuration or
TaintTracking::Configuration.

Removed nodes and edges were only there originally due to multiple
configurations being in scope. `DataFlow::PathNode` has union semantics
for configurations. Nodes are only generated if they are reachable from
a source, but this includes sources from other configurations.
 2023-08-10 15:48:55 +01:00
Owen Mansel-Chan
97c32970a0 Make RequestForgery use new API 
The extra nodes in .expected files are due to the changes from
https://github.com/github/codeql/pull/13717, which are not applied to
configuration classes extending DataFlow::Configuration or
TaintTracking::Configuration.
 2023-08-10 15:48:53 +01:00
Michael B. Gale
82a1b15d11 Make AllocationSizeOverflow use new API 
The extra nodes in .expected files are due to the changes from
https://github.com/github/codeql/pull/13717, which are not applied to
configuration classes extending DataFlow::Configuration or
TaintTracking::Configuration.
 2023-08-10 15:48:44 +01:00
Kevin Stubbings
8960453662 Add sanitizer to remove http.Error sink 2023-08-02 16:56:14 -07:00
Owen Mansel-Chan
778de6b5d2 Compiler error messages changed in Go 1.20.6 2023-07-26 16:55:26 +01:00
Owen Mansel-Chan
c0fea85380 Accept test changes 2023-06-20 13:25:49 +01:00
Jeroen Ketema
eb62df6ece Go: Rewrite InlineFlowTest as a parameterized module 2023-06-15 10:51:29 +02:00
Jeroen Ketema
97c4f497bc Go: Rewrite inline expectation tests to use parameterized module 2023-06-09 10:41:21 +02:00
Michael B. Gale
1aa1153ed6 Go: Add html/template as XSS queries sanitizer 2023-04-26 21:21:52 +01:00
Chris Smowton
d648b34037 Accept test changes 
These are caused by nodes being hidden by https://github.com/github/codeql/pull/12783
 2023-04-12 15:05:04 +01:00
Chris Smowton
3c48609635 Accept test changes 2023-04-12 14:19:05 +01:00
Chris Smowton
141d6b8d7b Accept paths test changes 2023-04-12 14:19:04 +01:00