hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-20 08:53:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
64,787 Commits 1,693 Branches 160 Tags
bc745dfd5eea4e87a3d29bc745bea7cb815ba6b2
Commit Graph

1458 Commits

Author SHA1 Message Date
Tony Torralba
04436208ab Merge pull request #15843 from atorralba/atorralba/go/uncontrolled-allocation-size 
Go: Promote `go/uncontrolled-allocation-size` from experimental
 2024-03-11 16:12:27 +01:00
Tony Torralba
ff2d78d2c8 Update go/ql/src/Security/CWE-770/UncontrolledAllocationSize.ql 2024-03-11 15:53:40 +01:00
Tony Torralba
a09eb9f4c5 Update go/ql/src/Security/CWE-770/UncontrolledAllocationSize.ql 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2024-03-11 08:58:59 +01:00
Owen Mansel-Chan
820c14577a Merge pull request #13553 from am0o0/amammad-go-bombs 
Go: Decompression Bombs
 2024-03-10 13:48:04 +00:00
am0o0
43df6a2c07 add comments for already implemented io.Read and io.WriteTo Sinks. 
remove some sinks about `"decompressor"` which was added wrongly.
change `GeneralReadIoSink` type from module to class.
separate `KlauspostGzipAndPgzip` `KlauspostPgzip` and `KlauspostGzip`.
 2024-03-08 20:05:46 +04:00
am0o0
66130d208e convert abstract predicate isAdditionalFlowStep to non-abstract 2024-03-08 19:30:41 +04:00
Tony Torralba
138ce42cf6 Fix qhelp 2024-03-07 15:22:46 +01:00
Tony Torralba
7d74125508 Go: Promote go/uncontrolled-allocation-size 2024-03-07 15:17:49 +01:00
Owen Mansel-Chan
f1115af146 Merge pull request #15130 from Malayke/main 
Go: new query for detect DOS vulnerability
 2024-03-06 11:32:57 +00:00
Tony Torralba
f4c2e65614 Merge pull request #15812 from atorralba/atorralba/go/squirrel-sinks 
Go: Add SQLi sinks for Squirrel
 2024-03-06 12:09:19 +01:00
Malayke
02bab4c15a Update go/ql/src/experimental/CWE-770/DenialOfService.ql 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2024-03-06 17:57:20 +08:00
Tony Torralba
e78e71c875 List Squirrel builders explicitly 2024-03-05 16:05:22 +01:00
Tony Torralba
a264ea23c6 Go: Add SQLi sinks for Squirrel 2024-03-05 15:35:34 +01:00
Owen Mansel-Chan
8e43c5c683 Merge pull request #15811 from owen-mc/go/limit-password-heuristics 
Go: Only check strings of length <= 100 for dummy password with <= 2 unique characters
 2024-03-05 13:42:26 +00:00
Owen Mansel-Chan
4dde1fb117 Only check strings of length <= 100 for dummy password with <= 2 unique characters 2024-03-05 11:45:17 +00:00
Tony Torralba
a78e04eb34 Merge pull request #15795 from atorralba/atorralba/go/macaron-sources 
Go: Add Macaron sources
 2024-03-05 09:08:58 +01:00
Tony Torralba
7286f56718 Change tests to inline expectations 2024-03-04 17:29:12 +01:00
Owen Mansel-Chan
dcc2b2c50d Merge pull request #15057 from aydinnyunus/main 
Web Cache Deception Vulnerability on Go Frameworks
 2024-03-04 14:36:39 +00:00
Owen Mansel-Chan
c0974934bc Fix test expectations again 2024-03-04 14:05:04 +00:00
Owen Mansel-Chan
39a802fb98 Add new columns to test expectations 2024-03-04 13:45:54 +00:00
Owen Mansel-Chan
6a1bb9bfb0 Merge branch 'main' into main 2024-03-04 13:42:53 +00:00
Owen Mansel-Chan
0bf0c069c6 Fix formatting 2024-03-04 13:39:44 +00:00
Tony Torralba
fc12537699 Go: Add Macaron sources 2024-03-04 14:29:56 +01:00
Owen Mansel-Chan
910725939f Update QLDoc 2024-03-04 13:06:23 +00:00
Michael B. Gale
a8ae2e2525 Go: Add changenote for autobuilder refactor 2024-03-04 12:02:51 +00:00
Michael B. Gale
0c93641b54 Merge pull request #15361 from github/mbg/go/legacy-gopath-mode-deprecated 
Go: Update autobuilder to deal with the upcoming deprecation of the legacy GOPATH mode
 2024-03-04 10:23:37 +00:00
Merdan Aziz
72e6853792 address the review comments 2024-03-03 20:36:43 +08:00
Malayke
7072ab9364 Update go/ql/src/experimental/CWE-770/DenialOfServiceGood.go 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2024-03-03 18:09:33 +08:00
Chris Smowton
9f84653283 Merge pull request #15613 from smowton/smowton/fix/golang-map-range-read-dataflow 
Golang: fix flow from a map value via a range statement
 2024-02-27 15:42:43 +00:00
Chris Smowton
a6480a4ca1 Autoformat again / tabify 2024-02-27 13:55:26 +00:00
Chris Smowton
74448c092a Autoformat / uglify 2024-02-27 13:49:12 +00:00
Chris Smowton
e62a0805db Add test for map literal 2024-02-27 13:44:52 +00:00
Chris Smowton
12213a0a08 Add test 2024-02-23 18:39:16 +00:00
Chris Smowton
d57160db5c Direct map stores via a post-update node 2024-02-23 16:37:26 +00:00
Tom Hvitved
62b16c0fa3 Share getFileBySourceArchiveName implementation 2024-02-23 11:25:49 +01:00
amammad
1927530517 update tests after branch update 2024-02-21 22:15:23 +04:00
Am
376c6ea09a Merge branch 'main' into amammad-go-bombs 2024-02-21 21:42:25 +03:30
amammad
4c769f2b09 update tests 2024-02-21 01:10:35 +04:00
amammad
3307457deb use implements predicate for io interfaces, 
so we can reduce many repetitive parts of query
 2024-02-21 01:07:31 +04:00
amammad
13b0a9a842 New testcase 's2Reader.ReadByte()' 2024-02-21 01:05:57 +04:00
amammad
905420143b call functions in the same order as the function declarations 2024-02-21 00:19:51 +04:00
github-actions[bot]
37f8fa3413 Post-release preparation for codeql-cli-2.16.3 2024-02-20 16:50:47 +00:00
github-actions[bot]
6d061fbc35 Release preparation for version 2.16.3 2024-02-20 14:26:23 +00:00
Michael B. Gale
ea676469bb Merge pull request #15202 from github/mbg/go/1.22 
Go: Update workflows and expected test results for Go 1.22
 2024-02-20 12:32:57 +00:00
Tony Torralba
1704bfe2bf Merge pull request #15585 from atorralba/atorralba/go/promote-jwt-unsafe-verification 
Go: Promote `go/missing-jwt-signature-check` from experimental
 2024-02-19 15:35:44 +01:00
Tony Torralba
8b8cebd599 Apply suggestions from code review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2024-02-19 08:59:03 +01:00
Michael B. Gale
25f0692e2c Go: Update expected results for TypeParamType 2024-02-16 17:33:30 +00:00
Michael B. Gale
a9d8643f5a Go: check for extracted files in go-files-found-not-processed test 2024-02-14 19:12:34 +00:00
Michael B. Gale
a26d11bcea Go: Revert expected diagnostics for go-files-found-not-processed 2024-02-14 19:12:34 +00:00
Michael B. Gale
20836c7088 Go: Add test for multiple modules, where one cannot be extracted 2024-02-14 19:12:31 +00:00