hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-31 07:12:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
2,386 Commits 1,684 Branches 159 Tags
98c60f31a6c9ce5bd5d6a61baeeaccc1bc5af46f
Commit Graph

138 Commits

Author SHA1 Message Date
github-actions[bot]
b3d63aca33 Post-release preparation for codeql-cli-2.8.0 2022-02-09 16:41:28 +01:00
github-actions[bot]
9c12f1a5fa Release preparation for version 2.8.0 2022-02-09 16:40:48 +01:00
Luke Young
324f8f7eba codeql query format 2022-02-07 11:24:02 -08:00
Luke Young
3b32425567 remove .v1 from gopkg.in 2022-02-03 23:36:11 -08:00
Luke Young
dea1959e21 Match gopkg.in import of squirrel for SQLi query 2022-02-03 13:29:38 -08:00
Owen Mansel-Chan
613a85bcfb Add ErrorExpr to dbscheme 2022-02-01 11:52:51 +00:00
Chris Smowton
de2ed83b55 Note that filepath.Clean("/" + e) is a sanitizer against path traversal attacks. 2022-01-28 19:32:58 +00:00
Edoardo Pirovano
cc7b72af41 Merge branch rc/3.4 into main 2022-01-25 16:16:44 +00:00
Owen Mansel-Chan
daabd3a045 Merge pull request #673 from owen-mc/refactor-returnvalue-n 
Refactor `ReturnValue[n]` in data flow libraries
 2022-01-24 10:47:22 +00:00
Erik Krogh Kristensen
99994eeeb1 use set literals instead of big disjunctions 2022-01-20 22:33:40 +01:00
Owen Mansel-Chan
44641de91b Represent ReturnValue[n] correctly in test output 2022-01-20 13:06:35 +00:00
Owen Mansel-Chan
691bb97fdc Move ReturnValue[]-specific code to non-shared file 2022-01-20 13:06:35 +00:00
github-actions[bot]
c52caa6322 Post-release preparation for codeql-cli-2.7.6 2022-01-20 12:59:04 +00:00
Owen Mansel-Chan
54855113c4 Correct module name in file comment 2022-01-20 12:30:52 +00:00
github-actions[bot]
1e5721b9b9 Release preparation for version 2.7.6 2022-01-20 08:21:09 +00:00
Owen Mansel-Chan
4d1dcb3260 Remove first disjunct as it is a subset of second disjunct 2022-01-19 16:21:06 +00:00
Owen Mansel-Chan
84f9b74f50 t Improve documentation of Function.getACall 2022-01-18 23:44:34 +00:00
Owen Mansel-Chan
3c02403701 Do not use getACall() when we only want direct calls 
In both of these locations we do not want calls through interface methods.
 2022-01-18 23:36:14 +00:00
Owen Mansel-Chan
1aebf4ccac Merge pull request #664 from owen-mc/add-change-note-function-getacall 
Add change note for change to `Function.getACall`
 2022-01-18 18:12:29 +00:00
Owen Mansel-Chan
84116e1681 Update ql/lib/change-notes/2022-01-18-function-get-a-call.md 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-01-18 16:51:07 +00:00
Owen Mansel-Chan
fd1136a777 Add change note for change to Function.getACall 2022-01-18 16:42:57 +00:00
Tom Hvitved
429a9658e1 Merge pull request #657 from github/post-release-prep/codeql-cli-2.7.5 
Post-release preparation for codeql-cli-2.7.5
 2022-01-17 12:40:24 +01:00
Andrew Eisenberg
156588a6a7 Update change note 
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
 2022-01-14 10:32:47 -08:00
Andrew Eisenberg
c86e96bcc2 Merge branch 'main' into post-release-prep/codeql-cli-2.7.5 2022-01-14 08:19:47 -08:00
Andrew Eisenberg
8a4120a08d Changenotes: Add changenotes for upgrades refactoring 2022-01-12 11:38:43 -08:00
github-actions[bot]
970e8e1f91 Post-release preparation for codeql-cli-2.7.5 2022-01-12 13:28:33 +00:00
Andrew Eisenberg
6ceebc7d1e Merge branch 'main' into aeisenberg/upgrades/work 2022-01-11 11:27:35 -08:00
Chris Smowton
6f598a6972 Fix formatting regex comment 2022-01-10 10:49:12 +00:00
Chris Smowton
ae5eadef28 Update ql/lib/semmle/go/frameworks/stdlib/Log.qll 
Rename class

Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2022-01-10 10:24:30 +00:00
Chris Smowton
749698759a Note that the %q format directive escapes newlines, and therefore prevents log injection 2022-01-05 16:04:20 +00:00
Chris Smowton
5760841812 Merge pull request #647 from smowton/smowton/admin/not-all-you-fmt-is-log 
Declassify fmt.Fprintf as a log sink
 2022-01-05 14:09:55 +00:00
Andrew Eisenberg
49d239f4bf Push upgrades pack into lib pack 
PR Related to https://github.com/github/semmle-code/pull/40918
Removes the upgrades pack and uses ql/lib/upgrades instead.

Also, fix malformed parameter in instruction.

Co-authored-by: Chris Smowton <smowton@github.com>
 2022-01-04 11:32:52 -08:00
github-actions[bot]
980c162fe3 Release preparation for version 2.7.5 2022-01-04 14:44:48 +00:00
Owen Mansel-Chan
daa55eaae2 Merge pull request #651 from erik-krogh/patches 
various automatic patches applied to codeql-go
 2022-01-04 11:46:20 +00:00
Dave Bartolomeo
091906d380 Merge pull request #644 from github/post-release-prep/codeql-cli-2.7.4 
Post-release preparation for codeql-cli-2.7.4
 2022-01-03 17:09:54 -05:00
github-actions[bot]
00aae7cba5 Post-release version bumps 2022-01-03 20:10:43 +00:00
Erik Krogh Kristensen
afe7ee17a0 run the use-set-literals patch 2021-12-20 17:55:19 +01:00
Erik Krogh Kristensen
d339f13629 run the non-us-language patch 2021-12-20 17:54:18 +01:00
Erik Krogh Kristensen
4459c8e7c6 run the redundant-cast patch 2021-12-20 17:53:09 +01:00
Chris Smowton
92d3da5e56 Declassify fmt.Fprintf as a log sink 
In future we could try harder to find out whether you're Fprintf'ing to stdout, a file named xyz.log etc, but for now this causes Fprintf'ing to an HTTP writer to be mistaken for log-injection rather than just XSS.
 2021-12-17 17:07:58 +00:00
Owen Mansel-Chan
da8f8e2eef Refactor to use SummarizedCallable, sourceElement and sinkElement 2021-12-16 19:35:54 +00:00
Owen Mansel-Chan
9b2f29bbcd Allow data flow through receiver for modelled methods 2021-12-16 19:35:54 +00:00
github-actions[bot]
ee6ea0f8cb Release preparation for version 2.7.4 2021-12-14 21:34:55 +00:00
Chris Smowton
f86510ee20 Update comment 2021-12-14 12:39:31 +00:00
Chris Smowton
c2b42ce091 Fix sanitization by strings.Replace[All] in go/unsafe-quoting and go/log-injection 2021-12-14 12:37:18 +00:00
Chris Smowton
9309abf8cd Merge pull request #574 from sauyon/dataflow-update 
Update dataflow libraries and add support for CSV summary flow
 2021-12-13 11:28:28 +00:00
Chris Smowton
89b2a2f9b0 Merge pull request #633 from owen-mc/database-sql-model-incorrect 
Fix incorrect type name in database/sql model
 2021-12-13 11:01:38 +00:00
Chris Smowton
559aec1d64 Merge pull request #632 from owen-mc/refactor-variadic-helper-functions-for-builtin-functions 
Refactor isVariadic helper functions
 2021-12-13 10:59:42 +00:00
Chris Smowton
08c10bf97b Merge pull request #625 from smowton/smowton/fix/minor-perf-improvements 
Improve performance: join-order AllocationSizeOverflow's source and use `matches` not `regexpFind`
 2021-12-13 10:36:02 +00:00
Owen Mansel-Chan
ce27b0da52 Fix incorrect type name in database/sql model 
This error seems to have been introduced in
36bbf1eeb9
 2021-12-12 17:47:52 -05:00