hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-29 14:23:03 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,055 Commits 1,684 Branches 159 Tags
951d59752afebd1adca3dbf762fa74d3361c99fa
Commit Graph

1055 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Owen Mansel-Chan
951d59752a Address review comments 7 2020-08-13 18:22:58 +01:00
Owen Mansel-Chan
2e60d40ccd Address review comments 6 2020-08-12 17:07:29 +01:00
Owen Mansel-Chan
69212b9ad9 Deal with build constraints 
Note that build constraints can be explicit (comments at the top of the
file) or implicit (part of the file name)
 2020-08-12 17:07:29 +01:00
Owen Mansel-Chan
1e0b9cc6a3 Address review comments 5 2020-08-11 10:57:02 +01:00
Owen Mansel-Chan
c7a8730c40 Improve tests of paths with more than one sink 2020-08-11 07:24:58 +01:00
Owen Mansel-Chan
4907f6529e Address review comments 4 2020-08-11 07:24:58 +01:00
Owen Mansel-Chan
ed469a355e Fix mistake in test 2020-08-10 17:32:49 +01:00
Owen Mansel-Chan
30f176246a Address review comments 3 2020-08-10 15:21:20 +01:00
Owen Mansel-Chan
89eae10d96 Address review comments 2 2020-08-10 11:07:44 +01:00
Owen Mansel-Chan
4bfb2b4138 Address review comments 1 2020-08-10 11:04:25 +01:00
Owen Mansel-Chan
681ca9065a Add change note 2020-08-10 11:04:25 +01:00
Owen Mansel-Chan
06d1eb9bdb Add tests for incorrect integer conversion 2020-08-10 11:04:25 +01:00
Owen Mansel-Chan
329888e62c Add query for incorrect integer conversion 2020-08-10 11:04:25 +01:00
Owen Mansel-Chan
34fa07267b Add modeling to Stdlib.qll 
Adds classes for some integer-parsing functions and a constant from
strconv, plus a class for calls to integer-parsing functions.
 2020-08-10 11:04:25 +01:00
Owen Mansel-Chan
ac49aa2527 Delete experimental query and tests for it 2020-08-10 11:04:25 +01:00
Owen Mansel-Chan
3a6aa58e48 Fix typo in QLDoc 2020-08-10 11:04:25 +01:00
Max Schaefer
97291e4c41 Merge pull request #279 from github/rc/1.25 
Merge rc/1.25 into master
 2020-08-06 11:18:11 +01:00
Max Schaefer
90bab34e88 Merge pull request #277 from sauyon/file-url-fix 
autobuilder: Don't try to determine import paths for file URLs
 2020-08-06 09:46:10 +01:00
Sauyon Lee
8e6c1835dd autobuilder: Don't try to determine import paths for file URLs 
Also improve logging
 2020-08-05 23:21:34 -07:00
Max Schaefer
4e409aa9fa Merge pull request #274 from gagliardetto/standard-lib-pt-2 
Add taint tracking for bufio and bytes packages
 2020-08-05 17:10:08 +01:00
Slavomir
df71f0bf8b Remove ReadByte, WriteByte, ReadRune, WriteRune 2020-08-04 17:53:50 +03:00
Slavomir
ff81ad622f Fix back ql/test/library-tests/semmle/go/frameworks/TaintSteps/TaintStep.expected 2020-08-04 17:22:40 +03:00
Slavomir
c1f2e77488 Fix generated codeql 2020-08-04 17:11:55 +03:00
Slavomir
6b1bbf16aa Remove taint-tracking for objects that implement io.Reader 2020-08-04 16:01:30 +03:00
Slavomir
72254b7682 Fix ql/test/library-tests/semmle/go/frameworks/TaintSteps/TaintStep.expected 2020-08-04 15:36:34 +03:00
Slavomir
3fd6062b3d Add taint-tracking for package "bytes" 2020-08-04 14:15:26 +03:00
Slavomir
dd8e1243a2 Add bufio taint-tracking 2020-08-04 14:11:00 +03:00
Max Schaefer
b057cbee7b Merge pull request #256 from smowton/smowton/admin/cwe-327-cleanup 
Polish CWE-327 (weak TLS config) query
 2020-08-03 10:28:53 +01:00
Sauyon Lee
5de55d02d7 Merge pull request #273 from max-schaefer/unresolved-reference 
Speed up `unresolvedReference`.
 2020-08-02 22:31:13 -07:00
Max Schaefer
f6da34b546 Speed up unresolvedReference. 2020-07-31 14:13:05 +01:00
Chris Smowton
7e65575e95 Merge pull request #272 from smowton/smowton/admin/fix-makefile-escaping 
Escape go-fmt file filter
 2020-07-30 20:05:04 +01:00
Chris Smowton
2a7754af59 Factor ErrorType out of two duplicate tests 2020-07-30 17:25:53 +01:00
Chris Smowton
4b6810eefc InsecureFeatureFlag: make getAFlag a member of FlagKind 2020-07-30 17:23:01 +01:00
Chris Smowton
7dd20107fe Insecure-TLS query: trivial style and typo fixes 2020-07-30 17:18:54 +01:00
Chris Smowton
3c1daf08f8 Escape go-fmt file filter 
This should have been looking for \.go$, but I forgot to escape the dollar sign in a Makefile
 2020-07-30 17:06:01 +01:00
Max Schaefer
2134757ebf Merge pull request #261 from smowton/smowton/admin/cleanup-cwe-322 
Polish CWE-322: detect and exclude cases where host-checking is optional
 2020-07-30 10:38:57 +01:00
Chris Smowton
cce3a70412 Insecure-TLS: restrict sources to potentially interesting integers. 2020-07-29 16:46:36 +01:00
Chris Smowton
d7c0671ea1 Add test using SSH host-key checker factory knownhosts.New 
This produces a secure host-key checker; we assume by default that an opaque function not otherwise specified returns an acceptable checker, but we need to particularly cope with its multiple return values to handle this factory function.
 2020-07-29 16:30:51 +01:00
Chris Smowton
d0e86f787d SSH host checking: Expand definition of a host-key checking function to include calls with multiple return types 
For example, https://godoc.org/golang.org/x/crypto/ssh/knownhosts#New returns a host-key checker and an error value, and we previously didn't consider the first return value a candidate checker function.
 2020-07-29 16:06:38 +01:00
Chris Smowton
e89cd16cb1 Move query-specific flag definitions into their respective .ql files 2020-07-29 15:21:49 +01:00
Chris Smowton
f31ed52943 Clean up InsecureFeatureFlag 
Move the flag regexes inline, use `any` instead of a constructor function to select a particular flag kind, and remove explicit limitation on the common superclass FlagKind.
 2020-07-29 15:15:50 +01:00
Chris Smowton
f162a5be94 Promote CWE-322 out of experimental status 2020-07-29 14:43:47 +01:00
Chris Smowton
99f08750f3 Polish CWE-322: detect and exclude cases where host-checking is optional 2020-07-29 14:43:47 +01:00
Max Schaefer
2831ffdad0 Merge pull request #270 from smowton/smowton/cleanup/ricterz-libraries 
Add support for Gorm, Gorestful, Sqlx and Json-iterator
 2020-07-29 14:21:41 +01:00
Max Schaefer
f8b8af5ac5 Merge pull request #269 from aibaars/lgtm-suites 
CodeQL: complete LGTM suites
 2020-07-29 07:19:41 +01:00
Arthur Baars
0db8ba881b CodeQL: complete LGTM suites 2020-07-28 20:36:53 +02:00
Chris Smowton
abfae4365f Move CWE-327 out of experimental 2020-07-28 15:47:44 +01:00
Chris Smowton
026dc5c97f Add changelog notes regarding added library support 2020-07-28 14:57:14 +01:00
Chris Smowton
0e6feb923c Add test for json-iterator package, and support more of its API 
Specifically the top-level functions Unmarshal and UnmarshalFromString are just convenience wrappers around the type API, which is the usual documented way to use the library.
 2020-07-28 14:52:10 +01:00
Chris Smowton
e19f476341 Add test for Sqlx 2020-07-28 14:52:10 +01:00