hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-29 22:32:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,452 Commits 1,684 Branches 159 Tags
a78c35b95ea39df22e8f62386e452602d3d8a03e
Commit Graph

1452 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Sauyon Lee
a78c35b95e Simplify net/http ResponseBody logic 2020-11-06 11:18:46 +00:00
Sauyon Lee
8a306af77b Make HTTP::ResponseWriter handle PostUpdateNodes in getANode 2020-11-06 11:18:46 +00:00
Chris Smowton
3817ae80e5 Add support for html.Render method. 
This entails generalising Http::ResponseBody to account for any modelled function writing to a ResponseWriter.
 2020-11-06 11:04:53 +00:00
Chris Smowton
02f353eabd Add models for the read side of golang.org/x/net/html 
This covers cases where an HTML document is retrieved and then parts of its structure are output without proper escaping.
 2020-11-06 11:04:53 +00:00
Chris Smowton
03bbef7286 Add models for the read side of golang.org/x/net/html 
This covers cases where an HTML document is retrieved and then parts of its structure are output without proper escaping.
 2020-11-06 11:04:53 +00:00
Chris Smowton
e4aa252d6b Merge pull request #381 from sauyon/gomodfix 
Update dependencies and clean go.mod
 2020-11-06 10:14:22 +00:00
Chris Smowton
582f8e444b Merge pull request #393 from smowton/smowton/fix/cfg-assignment-underscores 
CFG: fix lastNode relating to assignments with underscores on the LHS
 2020-11-03 14:32:57 +00:00
Chris Smowton
3b927f3b6b CFG: fix lastNode relating to assignments with underscores on the LHS 
For example, "x, _ := a, b" would produce an incorrect CSV that branched to the next statement after evaluating "b", skipping the assignment to 'x'. We already had test coverage for function returns, so I'm reasonably confident this only affects parallel assigns, not destructuring ones like "x, y := f()".
 2020-11-03 12:00:54 +00:00
Sauyon Lee
3c84f11d5b Merge pull request #385 from github/sauyon-patch-1 
Enable code scanning
 2020-10-29 11:00:08 -07:00
Chris Smowton
cbc2443236 Merge pull request #390 from smowton/smowton/admin/links-master-to-main 
Docs: replace master with main and QL4E with VSCode
 2020-10-29 11:06:33 +00:00
Chris Smowton
1c75c9d1e9 Docs: Master -> main and Semmle/ql -> github/codeql everywhere 
Also fix a reference to QL for Eclipse, and remove some incidental trailing whitespace
 2020-10-29 11:04:49 +00:00
Chris Smowton
0f637c5887 Merge pull request #379 from smowton/model-revel 
Model Revel
 2020-10-28 09:56:25 +00:00
Chris Smowton
7ddb289910 Merge pull request #389 from github/aibaars/fix-broken-links 
Update links in ql/docs/experimental.md
 2020-10-28 09:55:21 +00:00
Arthur Baars
31cd26fded Update links in ql/docs/experimental.md 2020-10-28 10:12:52 +01:00
Chris Smowton
0bf80641e8 Revel: mark header reads as user-controlled data 2020-10-26 12:26:37 +00:00
Chris Smowton
f0c0a890a5 Move OpenUrlRedirect customisation into the query's qll file 2020-10-26 12:25:56 +00:00
Chris Smowton
4a2c4bf1b8 Merge pull request #387 from sauyon/testing-framework 
Add a testing framework
 2020-10-26 10:32:22 +00:00
Sauyon Lee
64ac49a618 Merge pull request #380 from sauyon/funtionmodel-shortcuts 
Add utility predicates to FunctionModel
 2020-10-23 02:26:51 -07:00
Chris Smowton
e9278b5477 Merge pull request #386 from smowton/smowton/admin/improve-error-messages 
Improve error messages
 2020-10-23 08:27:03 +01:00
Sauyon Lee
47f40d5f3e Add tests for log frameworks 2020-10-22 09:18:53 -07:00
Sauyon Lee
671b427e1e Add shared testing framework 
It has been modified to use `hasLocation` instead of `Location`
 2020-10-22 09:18:52 -07:00
Sauyon Lee
1e034a1dd5 Add logrus to go.qll 2020-10-22 09:18:52 -07:00
Chris Smowton
82de513764 Merge pull request #384 from sauyon/gobuild 
extractor: Extract the working directory if no packages are passed
 2020-10-22 15:43:48 +01:00
Chris Smowton
3716f6d7e9 Improve error messages 2020-10-22 14:42:23 +01:00
Chris Smowton
6122223b37 Merge pull request #383 from smowton/smowton/feature/work-around-broken-os-executable 
Autobuilder: fall back when os.Executable fails
 2020-10-22 14:41:37 +01:00
Sauyon Lee
ec52bdd536 Enable code scanning 2020-10-22 06:07:15 -07:00
Sauyon Lee
e22bf96ba3 extractor: Extract the working directory if no packages are passed 2020-10-22 05:22:33 -07:00
Chris Smowton
5cc695f1d5 Autobuilder: fall back when os.Executable fails 
This can happen under tracing, perhaps because of https://github.com/github/codeql-tracer/issues/29
 2020-10-22 13:19:55 +01:00
Sauyon Lee
4356f38b8f Update dependencies and clean go.mod 2020-10-22 04:57:21 -07:00
Chris Smowton
62c6b0dc37 Add support for more Revel untrusted sources 2020-10-21 17:28:28 +01:00
Chris Smowton
2818da4df9 Advance to latest codeql-cli release 2020-10-21 17:27:18 +01:00
Sauyon Lee
e823712adf Add utility predicates to FunctionModel 
Co-authored-by: Chris Smowton <smowton@github.com>
 2020-10-21 09:16:04 -07:00
Chris Smowton
9aceae8bd6 Revel: add support and tests for Render and Redirect sinks. 2020-10-20 10:00:05 +01:00
Owen Mansel-Chan
b2b8f10418 Fix stub for Revel 
Embedded fields aren't stubbed correctly
 2020-10-19 15:47:08 +01:00
Owen Mansel-Chan
4dfa9d58c0 Model Revel 2020-10-19 15:47:07 +01:00
Owen Mansel-Chan
f4f29be8ac Add ability to specify default taint sanitizers 
This allows library models to specify taint sanitizers.
 2020-10-19 15:46:33 +01:00
Owen Mansel-Chan
01ad7acb6f Remove unnecessary import 2020-10-19 15:46:33 +01:00
Owen Mansel-Chan
f49ff279b8 Merge pull request #375 from owen-mc/spew 
Model Spew logging framework
 2020-10-16 13:20:13 +01:00
Owen Mansel-Chan
b89775ac65 Update change-notes/2020-10-14-spew.md 
Co-authored-by: Chris Smowton <smowton@github.com>
 2020-10-16 10:56:27 +01:00
Chris Smowton
2b07e6a0f4 Merge pull request #324 from sauyon/tracing 
Build tracing
 2020-10-15 11:27:34 +01:00
Chris Smowton
4746789fe8 Merge pull request #224 from sauyon/no-vendor 
Skip vendor directories for go.mod extraction
 2020-10-15 11:03:26 +01:00
Sauyon Lee
e5afd1dcb6 go-extractor: clarify --mimic error message 
Co-authored-by: Chris Smowton <smowton@github.com>
 2020-10-14 09:43:10 -07:00
Sauyon Lee
25eebe95e4 autobuilder: Clarify error message 2020-10-14 09:42:12 -07:00
Sauyon Lee
3c6626c604 Don't trace through problem binaries on OS X 
See https://github.com/github/semmle-code/pull/37764
 2020-10-14 09:42:12 -07:00
Sauyon Lee
3addb962a9 Add change note for build tracing 2020-10-14 09:42:12 -07:00
Sauyon Lee
2e73f3efd1 Add change note for go.mod extraction change 
Co-authored-by: Chris Smowton <smowton@github.com>
 2020-10-14 09:25:39 -07:00
Sauyon Lee
1ba1029a13 Use comment-based tests for GoModExpr 2020-10-14 09:25:38 -07:00
Sauyon Lee
34837c10ce Fix tests for go.mod files 2020-10-14 09:25:38 -07:00
Sauyon Lee
3242df4177 Use package root directory to find go.mod files 2020-10-14 09:13:57 -07:00
Owen Mansel-Chan
8811758e44 Add change note 2020-10-14 14:49:50 +01:00