hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 06:42:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
2,386 Commits 1,684 Branches 159 Tags
98c60f31a6c9ce5bd5d6a61baeeaccc1bc5af46f
Commit Graph

1728 Commits

Author SHA1 Message Date
Owen Mansel-Chan
98c60f31a6 Simplify comparison of DataFlow::Node and IR::Instruction 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-02-10 13:25:19 +00:00
Owen Mansel-Chan
9b61ed9578 Add query "Wrapped error always nil" 2022-02-10 13:25:19 +00:00
github-actions[bot]
b3d63aca33 Post-release preparation for codeql-cli-2.8.0 2022-02-09 16:41:28 +01:00
github-actions[bot]
9c12f1a5fa Release preparation for version 2.8.0 2022-02-09 16:40:48 +01:00
Luke Young
324f8f7eba codeql query format 2022-02-07 11:24:02 -08:00
Luke Young
3b32425567 remove .v1 from gopkg.in 2022-02-03 23:36:11 -08:00
Luke Young
dea1959e21 Match gopkg.in import of squirrel for SQLi query 2022-02-03 13:29:38 -08:00
Robin Neatherway
4a4b9c30d7 Add an example query for inexhaustive switches 2022-02-02 11:38:15 +00:00
Owen Mansel-Chan
613a85bcfb Add ErrorExpr to dbscheme 2022-02-01 11:52:51 +00:00
Chris Smowton
de2ed83b55 Note that filepath.Clean("/" + e) is a sanitizer against path traversal attacks. 2022-01-28 19:32:58 +00:00
Andrew Eisenberg
9e0580da32 Add new groups for examples packs 
Will make it easier to avoid publishing them.
 2022-01-26 14:47:46 -08:00
Edoardo Pirovano
cc7b72af41 Merge branch rc/3.4 into main 2022-01-25 16:16:44 +00:00
Owen Mansel-Chan
daabd3a045 Merge pull request #673 from owen-mc/refactor-returnvalue-n 
Refactor `ReturnValue[n]` in data flow libraries
 2022-01-24 10:47:22 +00:00
Erik Krogh Kristensen
504e7a161d simplify an redundant any() expression 2022-01-20 22:34:26 +01:00
Erik Krogh Kristensen
99994eeeb1 use set literals instead of big disjunctions 2022-01-20 22:33:40 +01:00
Chris Smowton
38048399d3 Merge pull request #671 from owen-mc/misc-clean-ups 
Correct module name in file comment
 2022-01-20 14:00:46 +00:00
Owen Mansel-Chan
44641de91b Represent ReturnValue[n] correctly in test output 2022-01-20 13:06:35 +00:00
Owen Mansel-Chan
691bb97fdc Move ReturnValue[]-specific code to non-shared file 2022-01-20 13:06:35 +00:00
github-actions[bot]
c52caa6322 Post-release preparation for codeql-cli-2.7.6 2022-01-20 12:59:04 +00:00
Owen Mansel-Chan
54855113c4 Correct module name in file comment 2022-01-20 12:30:52 +00:00
Chris Smowton
8111fbb69b Delete m 2022-01-20 10:57:11 +00:00
github-actions[bot]
1e5721b9b9 Release preparation for version 2.7.6 2022-01-20 08:21:09 +00:00
Owen Mansel-Chan
bfae3fdf97 Merge pull request #665 from owen-mc/update-function-get-a-call 
Update `Function.getACall()`
 2022-01-19 23:36:20 +00:00
Owen Mansel-Chan
4d1dcb3260 Remove first disjunct as it is a subset of second disjunct 2022-01-19 16:21:06 +00:00
Owen Mansel-Chan
85319b2dbf Add tests for tainted path sanitizers and sanitizer guards 2022-01-19 09:49:15 +00:00
Owen Mansel-Chan
84f9b74f50 t Improve documentation of Function.getACall 2022-01-18 23:44:34 +00:00
Owen Mansel-Chan
3c02403701 Do not use getACall() when we only want direct calls 
In both of these locations we do not want calls through interface methods.
 2022-01-18 23:36:14 +00:00
Owen Mansel-Chan
1aebf4ccac Merge pull request #664 from owen-mc/add-change-note-function-getacall 
Add change note for change to `Function.getACall`
 2022-01-18 18:12:29 +00:00
Owen Mansel-Chan
84116e1681 Update ql/lib/change-notes/2022-01-18-function-get-a-call.md 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-01-18 16:51:07 +00:00
Owen Mansel-Chan
fd1136a777 Add change note for change to Function.getACall 2022-01-18 16:42:57 +00:00
Tom Hvitved
429a9658e1 Merge pull request #657 from github/post-release-prep/codeql-cli-2.7.5 
Post-release preparation for codeql-cli-2.7.5
 2022-01-17 12:40:24 +01:00
Andrew Eisenberg
156588a6a7 Update change note 
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
 2022-01-14 10:32:47 -08:00
Andrew Eisenberg
c86e96bcc2 Merge branch 'main' into post-release-prep/codeql-cli-2.7.5 2022-01-14 08:19:47 -08:00
Andrew Eisenberg
8a4120a08d Changenotes: Add changenotes for upgrades refactoring 2022-01-12 11:38:43 -08:00
github-actions[bot]
970e8e1f91 Post-release preparation for codeql-cli-2.7.5 2022-01-12 13:28:33 +00:00
Andrew Eisenberg
6ceebc7d1e Merge branch 'main' into aeisenberg/upgrades/work 2022-01-11 11:27:35 -08:00
Chris Smowton
6f598a6972 Fix formatting regex comment 2022-01-10 10:49:12 +00:00
Chris Smowton
ae5eadef28 Update ql/lib/semmle/go/frameworks/stdlib/Log.qll 
Rename class

Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2022-01-10 10:24:30 +00:00
Chris Smowton
749698759a Note that the %q format directive escapes newlines, and therefore prevents log injection 2022-01-05 16:04:20 +00:00
Chris Smowton
5760841812 Merge pull request #647 from smowton/smowton/admin/not-all-you-fmt-is-log 
Declassify fmt.Fprintf as a log sink
 2022-01-05 14:09:55 +00:00
Andrew Eisenberg
49d239f4bf Push upgrades pack into lib pack 
PR Related to https://github.com/github/semmle-code/pull/40918
Removes the upgrades pack and uses ql/lib/upgrades instead.

Also, fix malformed parameter in instruction.

Co-authored-by: Chris Smowton <smowton@github.com>
 2022-01-04 11:32:52 -08:00
github-actions[bot]
980c162fe3 Release preparation for version 2.7.5 2022-01-04 14:44:48 +00:00
Owen Mansel-Chan
daa55eaae2 Merge pull request #651 from erik-krogh/patches 
various automatic patches applied to codeql-go
 2022-01-04 11:46:20 +00:00
Dave Bartolomeo
171aa8bd62 Move change notes to proper location 2022-01-03 17:38:09 -05:00
Dave Bartolomeo
091906d380 Merge pull request #644 from github/post-release-prep/codeql-cli-2.7.4 
Post-release preparation for codeql-cli-2.7.4
 2022-01-03 17:09:54 -05:00
github-actions[bot]
00aae7cba5 Post-release version bumps 2022-01-03 20:10:43 +00:00
Erik Krogh Kristensen
afe7ee17a0 run the use-set-literals patch 2021-12-20 17:55:19 +01:00
Erik Krogh Kristensen
d339f13629 run the non-us-language patch 2021-12-20 17:54:18 +01:00
Erik Krogh Kristensen
4459c8e7c6 run the redundant-cast patch 2021-12-20 17:53:09 +01:00
Chris Smowton
92d3da5e56 Declassify fmt.Fprintf as a log sink 
In future we could try harder to find out whether you're Fprintf'ing to stdout, a file named xyz.log etc, but for now this causes Fprintf'ing to an HTTP writer to be mistaken for log-injection rather than just XSS.
 2021-12-17 17:07:58 +00:00