hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-29 14:23:03 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,366 Commits 1,684 Branches 159 Tags
88c740bbbcdafdc930d6feb8abc5215e7dde86ef
Commit Graph

1366 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Chris Smowton
88c740bbbc Merge pull request #353 from gagliardetto/remove-duplicate-models 
Remove duplicate models (the end)
 2020-09-24 13:31:18 +01:00
Slavomir
4f7edb85da Fix package count 2020-09-24 12:41:14 +02:00
Slavomir
1f5da54ac9 Update change-notes/2020-09-23-stdlib.md 
Co-authored-by: Chris Smowton <smowton@github.com>
 2020-09-24 12:40:39 +02:00
Arthur Baars
575c56c426 Merge pull request #354 from github/aibaars/lgtm-go-lines-of-comment 
LGTM: add Metrics/FLinesOfComment.ql to go-lgtm-full.qls
 2020-09-24 12:22:07 +02:00
Arthur Baars
240f3ed7dc LGTM: add Metrics/FLinesOfComment.ql to go-lgtm-full.qls 2020-09-24 11:04:15 +02:00
Max Schaefer
907ae20a16 Merge pull request #350 from smowton/smowton/feature/bad-regex-escape-query 
Add query spotting probably-bad escapes in regular expressions.
 2020-09-24 09:49:16 +01:00
Slavomir
8e007623ca Improve change note 2020-09-23 18:03:11 +02:00
Slavomir
ef20f75cbe Add change note 2020-09-23 17:52:52 +02:00
Slavomir
8b397c1eff Remove this. from the generated method and interface models 2020-09-23 17:28:44 +02:00
Slavomir
539127b1d1 Remove models for methods for which there already is a models for the interface they implement. 2020-09-23 17:16:01 +02:00
Chris Smowton
59138048bb Add query spotting probably-bad escapes in regular expressions. 
Inspired by js/useless-regexp-character-escape, but much much simpler because the Go source code parser forbids unrecognised escapes and its regex engine refuses to compile \\x where x is not a character class or other special token (e.g. start-of-word).
 2020-09-23 15:07:22 +01:00
Chris Smowton
a094ddb988 Merge pull request #349 from gagliardetto/stdlib-339-340-342-346-347 
Merge #339 #340 #342 #346 #347
 2020-09-23 14:38:04 +01:00
Chris Smowton
1a3589ac06 Merge pull request #352 from smowton/smowton/feature/http-newrequest 
Add model for net/http.NewRequest
 2020-09-23 09:56:17 +01:00
Max Schaefer
6130720e00 Merge pull request #348 from max-schaefer/functioninput_entrynode 
Ensure `FunctionInput`s corresponding to results have an entry node
 2020-09-23 09:15:18 +01:00
Chris Smowton
c1fbbfb05a Add model for net/http.NewRequest noting that if the URL is tainted then the response should be considered tainted also. 2020-09-23 08:46:36 +01:00
Slavomir
364b6810ce Sort stdlib imports 2020-09-22 18:50:12 +02:00
Slavomir
a7148638aa Merge branch 'standard-lib-pt-6' into stdlib-339-340-342-346-347 2020-09-22 18:44:14 +02:00
Slavomir
61a0cfa06a Merge branch 'standard-lib-pt-4' into stdlib-339-340-342-346-347 2020-09-22 18:43:30 +02:00
Slavomir
315514085f Merge branch 'standard-lib-pt-9' into stdlib-339-340-342-346-347 2020-09-22 18:43:14 +02:00
Slavomir
0510404112 Merge branch 'standard-lib-pt-12' into stdlib-339-340-342-346-347 2020-09-22 18:42:46 +02:00
Slavomir
1a5d582750 Remove Regexp 2020-09-22 13:37:39 +02:00
Slavomir
e742525be5 Fix (*Logger).Writer() model 2020-09-22 13:35:55 +02:00
Slavomir
bff19d5a37 Move and extend Log module for package log with taint-tracking 2020-09-22 13:35:55 +02:00
Slavomir
3a7406b14c Remove redundant Read and Write method models 2020-09-22 13:33:37 +02:00
Slavomir
3abf0e8d29 Add taint-tracking for crypto/x509 package 2020-09-22 13:33:37 +02:00
Slavomir
3acb7a5311 Add taint-tracking for crypto/tls package 2020-09-22 13:33:37 +02:00
Slavomir
5e0e3cc2cc Add taint-tracking for crypto/rsa package 2020-09-22 13:33:37 +02:00
Slavomir
742319c071 Move to stdlib and expand crypto/cypher package taint-tracking 2020-09-22 13:33:37 +02:00
Slavomir
434c4bca9c Add taint-tracking for crypto package 2020-09-22 13:33:37 +02:00
Max Schaefer
c61881acb3 Merge pull request #344 from smowton/smowton/feature/echo-models 
Add models for the Echo framework
 2020-09-22 10:45:02 +01:00
Max Schaefer
2d4f17c91c Ensure result inputs always have an entry node. 2020-09-22 09:08:17 +01:00
Max Schaefer
4b56581122 Fix input nodes for results that are not assigned to an SSA variable. 2020-09-22 09:06:16 +01:00
Max Schaefer
9c640fff4f Add a new test for FunctionInputsAndOutputs. 2020-09-22 09:04:49 +01:00
Max Schaefer
c905149579 Merge pull request #341 from gagliardetto/standard-lib-pt-10 
Move to stdlib and extend the models for `fmt` package
 2020-09-21 22:10:56 +01:00
Chris Smowton
7b917f9dd7 Add utility functions for getting FunctionInputs and FunctionOutputs. 2020-09-21 17:35:40 +01:00
Chris Smowton
397282f41a Add models for the Echo framework 2020-09-21 17:35:40 +01:00
Chris Smowton
bdb3e54299 Add tests for stdlib-http fields that aren't supposed to cause open-redirect alerts 2020-09-21 16:26:46 +01:00
Chris Smowton
b6b7bd2717 Generalise model of HTTP libraries 
* Allow for HTTP response methods that define a content-type without a corresponding header write
* Factor out stdlib-http-specific classification of fields that aren't vulnerable to an open-redirect exploit
 2020-09-21 16:26:39 +01:00
Slavomir
0005775e2b Apply suggestions from code review 
Co-authored-by: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-09-21 16:23:21 +02:00
Slavomir
dedeb7bbf1 Add taint-tracking for container/ring package 2020-09-21 12:34:00 +02:00
Slavomir
75e3ee6e77 Add taint-tracking for container/list package 2020-09-21 12:32:39 +02:00
Slavomir
4ecf9b0f6b Add taint-tracking for container/heap package 2020-09-21 12:30:47 +02:00
Chris Smowton
6770c74b7f Merge pull request #345 from gagliardetto/from-331-to-337 
Merge #331, #332, #333, #334, #335, #336, #337
 2020-09-21 09:34:41 +01:00
Slavomir
a7dba54001 Merge branch 'standard-lib-pt-15' into from-331-to-337 2020-09-20 18:25:29 +02:00
Slavomir
ad53583b5e Remove methods on IP 2020-09-20 18:23:56 +02:00
Slavomir
17868dd6b1 Merge branch 'standard-lib-pt-16' into from-331-to-337 2020-09-20 15:47:35 +02:00
Slavomir
ed965c7101 Merge branch 'standard-lib-pt-19' into from-331-to-337 2020-09-20 15:47:14 +02:00
Slavomir
53e0e3ffbf Merge branch 'standard-lib-pt-20' into from-331-to-337 2020-09-20 15:46:47 +02:00
Slavomir
9d1381349f Merge branch 'standard-lib-pt-23' into from-331-to-337 2020-09-20 15:46:26 +02:00
Slavomir
1d13ca58ff Merge branch 'standard-lib-pt-22' into from-331-to-337 2020-09-20 15:46:02 +02:00