hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 06:42:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
458 Commits 1,684 Branches 159 Tags
bc59fa40d74de5878d6ccddb7cfc4676ad8003fa
Commit Graph

458 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Sauyon Lee
bc59fa40d7 Merge pull request #73 from intrigus-lgtm/make-CWE-643-supported 
Make cwe 643 supported
 2020-04-01 17:45:45 -07:00
Sauyon Lee
eba8dd0a36 Merge pull request #82 from github/max-schaefer-patch-1 
Improve autobuilder logging
 2020-04-01 09:07:55 -07:00
Sauyon Lee
c2eb3f5d6b Merge pull request #80 from max-schaefer/build-command-env-var 
Introduce `CODEQL_GO_EXTRACTOR_BUILD_COMMAND` as an alias for `LGTM_INDEX_BUILD_COMMAND`.
 2020-04-01 09:07:31 -07:00
Max Schaefer
611751a9c3 Improve autobuilder logging 2020-04-01 15:31:50 +01:00
intrigus
be21d49cf2 Add precision to query 2020-04-01 16:15:24 +02:00
intrigus
3a381b2fbf Add change note 2020-04-01 16:15:09 +02:00
intrigus
a524cc4716 Properly match methods defined in classes 2020-04-01 16:04:24 +02:00
intrigus
615fe09ed7 Format go test stubs 2020-04-01 15:52:55 +02:00
Max Schaefer
efc9ecefc8 Introduce CODEQL_GO_EXTRACTOR_BUILD_COMMAND as an alias for LGTM_INDEX_BUILD_COMMAND. 
We've occasionally had to tell people to set this variable manually, so we might as well have an alias that doesn't refer to a soon-to-be obsolete product.
 2020-04-01 09:35:57 +01:00
intrigus
4924be54a7 Fix one test method 2020-03-31 16:46:29 +02:00
intrigus
0586fe9235 Add missing stubs in vendor/ 2020-03-31 16:46:08 +02:00
Max Schaefer
1c40d6c1ce Merge pull request #78 from sauyon/1.14-change-note 
Add change notes for Go 1.14 support
 2020-03-31 07:34:26 +01:00
intrigus
66451a776d Add test cases for all libraries 
Note: This is currently missing appropriate vendoring
so will probably fail for now.
 2020-03-30 23:44:25 +02:00
intrigus
e18d15070a Switch to jbowtie/gokogiri 2020-03-30 23:42:44 +02:00
intrigus
b097826dd8 Add missing class qualifiers 2020-03-30 23:42:13 +02:00
intrigus
051f17ce67 Fix class name 2020-03-30 23:37:37 +02:00
Sauyon Lee
3d3f35cc48 Add change notes for Go 1.14 support 2020-03-30 13:45:37 -07:00
Max Schaefer
487b1e3f80 Merge pull request #76 from max-schaefer/even-more-qldoc 
Add Qldoc for the last few remaining predicates.
 2020-03-30 11:58:28 +01:00
Max Schaefer
28ed803fae Data flow: Add module doc comment for TaintTrackingImpl.qll 
cf https://github.com/Semmle/ql/pull/3155
 2020-03-30 11:21:53 +01:00
Max Schaefer
bb34c91b38 Add Qldoc for the last few remaining predicates. 
Apart from a missing module doc comment for `TaintTrackingImpl.qll` which we'll need to synchronize with the other languages (https://github.com/Semmle/ql/pull/3155), this gets us to 100% Qldoc coverage.
 2020-03-30 10:38:25 +01:00
intrigus
26cfa93947 Ignore type incompatible sinks 2020-03-27 21:32:53 +01:00
intrigus
8278dd358e Try to fix test 2020-03-27 16:13:00 +01:00
intrigus
21feb9d996 Add byte slice type 2020-03-27 15:37:36 +01:00
intrigus
d609c0ca43 Shorten example code 2020-03-27 15:31:20 +01:00
intrigus
c5a1185939 Apply style suggestions 2020-03-27 15:29:21 +01:00
intrigus
b24c23389c Don't match unexported functions 2020-03-27 15:21:00 +01:00
Max Schaefer
cf6e255a6d Merge pull request #74 from sauyon/http-formvalue 
HTTP Library Improvements
 2020-03-27 14:07:30 +00:00
intrigus-lgtm
5eaaa4264a Apply suggestions from code review 
Co-Authored-By: Sauyon Lee <sauyon@github.com>
 2020-03-27 13:42:30 +01:00
Sauyon Lee
080d14ea50 Add a test for the Read taint step 2020-03-27 04:22:13 -07:00
Sauyon Lee
4747524fee Address review comments 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-03-27 04:15:30 -07:00
Sauyon Lee
05761bc2cd Address review comments 2020-03-27 04:03:30 -07:00
Sauyon Lee
a4f1e2b527 Add a model for Read methods on io.Reader 2020-03-26 18:57:44 -07:00
intrigus
be50db1cc7 Move XPath injection query to supported query 
The XPath injection query is moved to the supported queries.
Removed unnecessary code from the go test file
 2020-03-26 20:19:58 +01:00
intrigus
03023e8205 Add XPath model to default imports 2020-03-26 20:19:19 +01:00
intrigus
35a6fdb589 Add XPath framework models 2020-03-26 20:18:16 +01:00
Sauyon Lee
1f4d67b77b OpenUrlRedirect: Whitelist some more fields and methods 2020-03-26 07:20:51 -07:00
Sauyon Lee
541c82a7f3 HTTP: Add some more untrusted fields and methods 
Also, fix up broken tests.
 2020-03-26 07:20:14 -07:00
Sauyon Lee
e1b0bed6b3 Merge pull request #72 from max-schaefer/improve-virtual-call-resolution 
Refine virtual call targets by local reasoning where possible
 2020-03-26 06:00:59 -07:00
Max Schaefer
46a1a4e010 Add a test. 2020-03-25 20:34:34 +00:00
Max Schaefer
e6bdc1809b Update ql/src/semmle/go/dataflow/internal/DataFlowDispatch.qll 
Co-Authored-By: Sauyon Lee <sauyon@github.com>
 2020-03-25 15:04:48 +00:00
Max Schaefer
13b61383e2 Merge pull request #65 from sauyon/openredirect-fps 
OpenUrlRedirect: Expand safe URL flow configuration
 2020-03-25 15:04:21 +00:00
Sauyon Lee
fbc2499118 OpenUrlRedirect: Add change note for fixed FPs 2020-03-25 04:01:17 -07:00
Sauyon Lee
f77d46f296 Address review comments. 2020-03-25 04:01:15 -07:00
Sauyon Lee
bd5f0b01cf Fix tests 2020-03-25 04:01:14 -07:00
Sauyon Lee
9321ff9110 OpenUrlRedirect: Add support for url.Host reassignments 2020-03-25 04:01:14 -07:00
Sauyon Lee
5f83dbd07b OpenUrlRedirect: Exclude header sources 2020-03-25 04:01:13 -07:00
Sauyon Lee
49aa43bd49 Make header Get and Values calls into taint steps 2020-03-25 04:01:12 -07:00
Sauyon Lee
83a417f52e OpenUrlRedirect: Use a taint-tracking safe URLs 2020-03-25 04:01:11 -07:00
Sauyon Lee
932840b0a3 Address review comments. 2020-03-25 04:01:10 -07:00
Sauyon Lee
fd88d913f7 Fix tests 2020-03-25 04:01:09 -07:00