hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 06:42:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
2,210 Commits 1,684 Branches 159 Tags
b57d3296f117dfd26c141d3994b7428bfb94c98b
Commit Graph

2210 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dave Bartolomeo
b57d3296f1 Merge pull request #620 from github/aeisenberg/version-policies 
Add version policies
 2021-12-10 17:39:15 -05:00
Andrew Eisenberg
3cc48fea6a Merge pull request #622 from github/post-release/v2.7.3 
Post release/v2.7.3
 2021-12-10 10:00:11 -08:00
Andrew Eisenberg
cedf55c46e Update pack dependency 2021-12-09 07:58:14 -08:00
Rasmus Wriedt Larsen
a650c56c0c Tag queries with CWE-328 
CWE-328: Use of Weak Hash, see https://cwe.mitre.org/data/definitions/328.html
 2021-12-07 20:54:31 +00:00
Andrew Eisenberg
b714988d7c Post release 2.7.3 2021-12-01 14:34:07 -08:00
Andrew Eisenberg
e9864c5506 Add version policies 
This controls how the qlpacks' versions will change
after a release.
 2021-12-01 09:37:11 -08:00
Dave Bartolomeo
b2ca04ce1b Temporarily vendor codeql/suite-helpers 2021-12-01 11:40:10 -05:00
Chris Smowton
894102defd Merge pull request #621 from owen-mc/extractor-add-variadic-to-type-label 
Update extractor to distinguish variadic and non-variadic signature types
 2021-12-01 15:44:09 +00:00
Owen Mansel-Chan
d0c9aacd54 Distinguish variadic and non-variadic signature types in extractor 2021-12-01 09:33:44 -05:00
Owen Mansel-Chan
628835d3b3 Add failing tests for isVariadic 
`nonvariadicDeclaredFunction` has the same signature as
`variadicDeclaredFunction`, so it is being erroneously reported as
variadic.
 2021-12-01 09:32:12 -05:00
Chris Smowton
e07958d64c Merge pull request #619 from owen-mc/update-is-variadic 
Update `isVariadic`
 2021-12-01 08:48:16 +00:00
Dave Bartolomeo
02495e16d1 Merge pull request #618 from github/release-prep/2.7.3 
Release preparation for version 2.7.3
 2021-11-30 17:29:49 -05:00
github-actions[bot]
e4b5dceb14 Release preparation for version 2.7.3 2021-11-30 20:39:28 +00:00
Owen Mansel-Chan
e08007b287 Add missing qldocs for two isVariadic() predicates 2021-11-30 15:13:42 -05:00
Owen Mansel-Chan
acc5c4098a Fix Function.isVariadic to work on external packages 
Going via `getFuncDecl()` didn't work as we don't function declarations
from external packages. It works to use `getType()` instead.
 2021-11-30 15:11:34 -05:00
Owen Mansel-Chan
a6d8deae3e Add Fmt.Fprint to isVariadic tests 
We didn't have any tests involving a function in an imported package.
 2021-11-30 15:07:57 -05:00
Dave Bartolomeo
9373bdc206 Fix suite-helpers dependency 2021-11-30 11:35:26 -05:00
Dave Bartolomeo
8367fdbec4 Change notes 2021-11-29 16:47:56 -05:00
Dave Bartolomeo
52b68963d2 Prepare for automatic release prep 2021-11-29 16:47:30 -05:00
Erik Krogh Kristensen
adbe19878f Merge pull request #615 from erik-krogh/explicit-this 
apply the implicit-this patch to the remaining go code
 2021-11-29 17:16:43 +01:00
Chris Smowton
b37fa9c447 Merge pull request #614 from owen-mc/always-extract-empty-interface-type 
Always extract empty interface type
 2021-11-29 12:15:52 +00:00
Erik Krogh Kristensen
1ade6c55d8 apply the implicit-this patch to the remaining go code 2021-11-29 13:10:04 +01:00
Owen Mansel-Chan
f9a3832aa2 Add extractor test that empty interface type exists 2021-11-26 15:16:09 -05:00
Owen Mansel-Chan
d35a46e2f3 Always extract an empty interface type 2021-11-26 15:04:05 -05:00
Tony Torralba
662f880ab8 Merge pull request #609 from github/atorralba/log-injection-query 
Go: Add Log Injection query (CWE-117)
 2021-11-24 15:41:43 +01:00
Tony Torralba
cc8d9bdc7f Update ql/src/Security/CWE-117/LogInjection.qhelp 
Co-authored-by: Matt Pollard <mattpollard@users.noreply.github.com>
 2021-11-24 13:57:34 +01:00
Chris Smowton
5ed4e3651b Merge pull request #611 from tunnelshade/main 
Add `Where` method of squirrel sql builders to query range
 2021-11-23 11:13:19 +00:00
Chris Smowton
ab9ab106e5 Merge pull request #612 from smowton/smowton/fix/zipslip-sanitizer-guard-efficiency 
Improve ZipSlip sanitizer guard efficiency
 2021-11-23 09:35:54 +00:00
tunnelshade
aeaa861fc6 Add Where method of squirrel sql builders to query range 2021-11-23 10:11:31 +05:30
Chris Smowton
271e239dee Introduce manual magic to TaintedPathSanitizerGuardAsBacktrackingSanitizerGuard 
This avoids computing the full `localTaint` relation when actually there are few `TaintedPath::SanitizerGuard` instances to start from.
 2021-11-22 17:41:56 +00:00
Chris Smowton
8bf78b07e5 Avoid recursively defining DataFlow::BarrierGuard 
In fact there never was true recursion, but the compiler thought there could be because it supposed that ZipSlip::SanitizerGuard growing may introduce instances that happen to also satisfy TaintedPath::SanitizerGuard. In fact this never happens, but here we make it clear by defining the shared sanitizer guards outside the DataFlow::BarrierGuard hierarchy and then introducing the sanitizers in each query that uses them.
 2021-11-22 17:36:06 +00:00
Tony Torralba
f2017b626e Fix stubs 2021-11-22 09:15:12 +01:00
Tony Torralba
c9332cdccb Fix *Depth log levels in glog and klog 2021-11-22 09:15:01 +01:00
Tony Torralba
d4a20f1222 Autoformat 2021-11-19 18:04:51 +01:00
Tony Torralba
c886d10388 Add Log Injection query 2021-11-19 17:55:34 +01:00
Chris Smowton
4cae4b23fc Merge pull request #606 from github/criemen/update-tracing-config 
Update tracing-config.lua to newest API.
 2021-11-17 10:49:20 +00:00
Chris Smowton
b190c4ed4a Merge pull request #608 from smowton/smowton/fix/missing-id 
Add missing @id tag
 2021-11-16 20:06:06 +00:00
Chris Smowton
33fd1aaf2a Add missing @id tag 2021-11-16 18:52:41 +00:00
Cornelius Riemenschneider
b3e2a83298 Update tracing-config.lua to newest API. 2021-11-15 12:35:53 +01:00
Chris Smowton
792bc4bce0 Merge pull request #596 from pupiles/feature/cwe-090 
CWE-090: Ldap Injection
 2021-11-10 11:31:36 +00:00
Chris Smowton
f3ba40e29d Update test expectations 2021-11-10 09:42:19 +00:00
Chris Smowton
1ebb47feb3 Fix filename spelling error 2021-11-10 09:29:50 +00:00
Chris Smowton
2953a44b36 Revert changes to go.sum 2021-11-10 09:25:40 +00:00
pupiles
4d9ce49816 use stubs libs && add heuristic sanitizers 2021-11-10 14:12:45 +08:00
pupiles
70a268dc6d remove redundant reference lib 2021-11-09 21:35:46 +08:00
pupiles
97d4359881 add test code 2021-11-09 21:31:35 +08:00
Chris Smowton
f7e6b0ad5d Merge pull request #603 from github/criemen/lua-tracing-config 
Add port of the existing compiler-tracing.spec files to the new Lua tracing infrastructure.
 2021-11-09 11:36:03 +00:00
Chris Smowton
2c5fe1dedc File names should be camel-case 2021-11-09 10:45:09 +00:00
Chris Smowton
bc9300ebf5 Copyedit examples 
Fragments suffice for illustration, and the two bad and good examples can be easily combined
 2021-11-09 10:42:58 +00:00
Chris Smowton
c18b11a470 Copy-edit query: 
* Regular comments to qldoc
* Improve naming
* Update out-of-date documentation from earlier versions of the query
 2021-11-09 10:31:30 +00:00