hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-14 03:09:26 +02:00
Code Issues Packages Projects Releases Wiki Activity
46,997 Commits 1,759 Branches 167 Tags
8a27660615eaf3da3b6865405fe04d4e26a33db6
Commit Graph

196 Commits

Author SHA1 Message Date
Alvaro Muñoz
8a27660615 change handler function name 2022-11-18 09:43:17 +01:00
Alvaro Muñoz
69ecbda133 add change note 2022-11-18 09:43:17 +01:00
Alvaro Muñoz
7496b61b8d Add rsync since both --rsh and --rsync-path admit commands 2022-11-18 09:43:17 +01:00
Owen Mansel-Chan
4073d77635 Add change notes 2022-11-17 14:27:07 +00:00
Owen Mansel-Chan
ab15a19028 Address review comments 2022-11-17 14:27:07 +00:00
Owen Mansel-Chan
166a3688f8 Use standard variable names for hasLocationInfo 
This makes them match the QLDoc and also other implementations of
`hasLocationInfo`.
 2022-11-17 14:27:07 +00:00
Owen Mansel-Chan
1a65a27fde Update test expectations 
In https://github.com/github/codeql/pull/8641, `localFlowExit` was
changed to use `Stage2::readStepCand` instead of `read`, which means
that the big-step relation is broken up less. This causes test result
changes. Nothing is lost from the `select` clause, but some results may
have fewer paths, and fewer nodes and edges are output in the test
results.
 2022-11-17 14:27:06 +00:00
Owen Mansel-Chan
71aeeee7c8 Accept trivial change to test output 
In the `subpaths` section, the last node is now printed without its type
if it is the sink of the path.

This comes from the commit "Dataflow: Bugfix: include subpaths ending at
a sink. " in https://github.com/github/codeql/pull/7526
 2022-11-17 14:27:06 +00:00
Owen Mansel-Chan
f2e2c02db6 Rename predicates to avoid clashes 2022-11-17 14:27:06 +00:00
Owen Mansel-Chan
1718ef88be Data flow: Inline local(Expr)?(Flow|Taint) 
See https://github.com/github/codeql/pull/7791
 2022-11-17 14:27:05 +00:00
Owen Mansel-Chan
736435adda Go: Add stub expectsContent 
Corresponds to https://github.com/github/codeql/pull/8870
 2022-11-17 14:27:05 +00:00
Owen Mansel-Chan
50210a9d24 Go: ParameterPosition and ArgumentPosition 
Corresponds to https://github.com/github/codeql/pull/7260, though some
of those changes had already been made.
 2022-11-17 14:27:05 +00:00
Owen Mansel-Chan
83a3af2fff Go: Summarized Callable 
Corresponds to https://github.com/github/codeql/pull/9270
 2022-11-17 14:27:04 +00:00
Owen Mansel-Chan
10ed4ad3df Go: Split summaryThroughStep into two predicates 
Cf. https://github.com/github/codeql/pull/9195
 2022-11-17 14:27:04 +00:00
Owen Mansel-Chan
1ee5d3e80e Move ParameterPosition etc to DataflowDispatch.qll 2022-11-17 14:27:04 +00:00
Owen Mansel-Chan
e5829201e1 Go: Implement ContentSet 2022-11-17 14:27:03 +00:00
Owen Mansel-Chan
282699e5b5 Go: Refactor SummarizedCallable. 
Equivalent of https://github.com/github/codeql/pull/9210
 2022-11-17 14:27:03 +00:00
Owen Mansel-Chan
c768f04e32 Go: Introduce generated flag as a part of the kind column for flow summaries 
Equivalent of https://github.com/github/codeql/pull/8628
 2022-11-17 14:27:03 +00:00
Owen Mansel-Chan
dae60c9deb Update data flow libraries to 55e052af26 2022-11-17 14:27:02 +00:00
github-actions[bot]
fca754bddd Post-release preparation for codeql-cli-2.11.3 2022-11-05 14:30:48 +00:00
github-actions[bot]
508327235a Release preparation for version 2.11.3 2022-11-04 20:16:23 +00:00
erik-krogh
f9195d194b go: make sure the source/sink have the same type as the edges relation 2022-11-03 11:20:15 +01:00
erik-krogh
c9fcef2608 go: add a precision tag to go/examples/deferinloop 2022-11-03 11:20:15 +01:00
erik-krogh
1ec204987d go: remove precision from metric queries 2022-11-03 11:20:15 +01:00
Dave Bartolomeo
9d5e5e3ee7 ${workspace} all the things 2022-11-01 13:29:05 -04:00
Arthur Baars
aba87a139d Merge pull request #10668 from aibaars/ruby-deps 
Ruby: update dependencies
 2022-11-01 13:55:42 +01:00
erik-krogh
84a7fddd95 remove explicit versions in lock files, as the dependencies are all installed locally 2022-11-01 09:09:26 +01:00
Chris Smowton
3573e211cc Correct test expectations 2022-10-29 11:40:58 +01:00
Chris Smowton
b6e4f472d1 Remove unnecessary import 2022-10-29 11:40:57 +01:00
Chris Smowton
6d321e0151 Add change note 2022-10-29 11:40:57 +01:00
Chris Smowton
5c66d87ed6 gofmt 2022-10-29 11:40:57 +01:00
Chris Smowton
0c6c135967 Go: exclude protobuf read steps from cleartext-logging query 
This query already treats structs differently to usual: it includes field -> whole struct taint steps, but explicitly excludes struct -> field steps. This means that a logging framework sinking an entire struct with a tainted field yields an alert, but we don't get FPs caused by writing field `x` but then reading field `y`.

However, protobuf messages have a special treatment, with taint usually associated with the whole struct and getter methods propagating that taint out. Suppressing these getter method steps specifically for the cleartext-logging query mirrors its treatment of structs in general and avoids this sort of field-mismatch FP.

On the downside we will miss same-field propagation like `m.field = password; Log(m.GetField())` if we don't have source code for the implementation of `m`. However this is hopefully unusual since the typical use of protobufs is to serialize and deserialize, rather than using the struct as a general-purpose datastructure.
 2022-10-29 11:40:57 +01:00
Chris Smowton
f9e811bddf Legacy support qlpacks: continue using libraryPathDependencies; add a comment noting this is obsolete. 2022-10-28 16:47:30 +01:00
Chris Smowton
ee63e60bb7 qlpacks: libraryPathDependencies -> dependencies 2022-10-28 16:07:36 +01:00
Rasmus Wriedt Larsen
8628ff5e52 Merge pull request #10999 from RasmusWL/inline-fail-tag 
InlineExpectationsTest: Fail if missing `getARelevantTag`
 2022-10-28 10:35:49 +02:00
Rasmus Wriedt Larsen
fc7eb5b4fc InlineExpectationsTest: sync 2022-10-27 09:02:28 +02:00
Henry Mercer
c1984ea35f Go: Update expected output 2022-10-26 19:11:21 +01:00
Rasmus Wriedt Larsen
5e9897d150 InlineExpectationsTest: sync 2022-10-26 18:21:13 +02:00
Henry Mercer
b0b321a16f Go: Standardise formatting 2022-10-26 16:31:08 +01:00
Henry Mercer
4bc8529490 Go: Extract locations of successfully extracted files 
Switch the successfully extracted files query to the `location, message` results format so that we get rich location information when exporting the results of this query to SARIF.  Previously the query used the `message` results format, which meant the interpreted results lacked a location.
 2022-10-26 16:28:02 +01:00
github-actions[bot]
be7693283b Post-release preparation for codeql-cli-2.11.2 2022-10-21 08:07:17 +00:00
Arthur Baars
c59c6f6eb6 Update go/ql/src/CHANGELOG.md 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2022-10-20 15:22:54 +02:00
Arthur Baars
45c9a0d0b1 Apply suggestions from code review 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2022-10-20 15:22:29 +02:00
github-actions[bot]
9a0848bbc4 Release preparation for version 2.11.2 2022-10-20 11:05:19 +00:00
Josh Soref
0a4c724b69 spelling: implementation 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:36 -04:00
Josh Soref
e6998d40c3 spelling: cryptographically 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:36 -04:00
Josh Soref
9b372f3db4 spelling: characters 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:36 -04:00
Josh Soref
b1052992fe spelling: against 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:35 -04:00
Dave Bartolomeo
5ee7986649 Merge pull request #10736 from github/post-release-prep/codeql-cli-2.11.1 
Post-release preparation for codeql-cli-2.11.1
 2022-10-07 14:23:31 -04:00
github-actions[bot]
b8ef9e0ddc Post-release preparation for codeql-cli-2.11.1 2022-10-07 15:59:45 +00:00