hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-29 14:23:03 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,916 Commits 1,684 Branches 159 Tags
bc807720757efe5f72d6d3b7b60317b4e513f5dc
Commit Graph

1916 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Chris Smowton
bc80772075 Tag lines of code query 2021-05-14 18:27:55 +01:00
Chris Smowton
6dcfbe8135 Merge pull request #540 from owen-mc/test-dataflow-pr-5773 
Sync data-flow libraries
 2021-05-12 10:49:33 +01:00
Owen Mansel-Chan
f0fd501a23 No need to cache isUnreachableInCall any more 2021-05-12 08:54:58 +01:00
Owen Mansel-Chan
a86390d850 Sync data-flow libraries 
As of 2021-05-12
 2021-05-12 08:54:11 +01:00
Chris Smowton
879666682d Merge pull request #537 from gagliardetto/fix-clevergo 
CleverGo: Update generated naming
 2021-05-10 12:32:08 +01:00
Chris Smowton
1f9097430e Merge pull request #535 from owen-mc/update-dataflow-libraries-2021-05-05 
Update dataflow libraries 2021-05-05
 2021-05-10 09:53:32 +01:00
Slavomir
7810461651 Update generated naming 2021-05-09 22:52:07 +02:00
Owen Mansel-Chan
fcbedee4c5 Keep call to defaultTaintSanitizerGuard 2021-05-06 15:06:29 +01:00
Owen Mansel-Chan
349df54905 Ignore lambda data flow for now 2021-05-06 13:57:49 +01:00
Owen Mansel-Chan
daf73553f6 Sync shared dataflow libraries 2021-05-05 16:58:30 +01:00
Chris Smowton
774717d2b8 Merge pull request #522 from gagliardetto/fix-clevergo 
Improve CleverGo models
 2021-04-30 17:11:56 +01:00
Slavomir
ea2909a362 HTTP::HeaderWrite: Don't override string getHeaderValue() with none() 2021-04-30 15:39:09 +01:00
Slavomir
110a3983c1 Regenerate codeql: Refactor HTTP::HeaderWrite 2021-04-30 15:39:09 +01:00
Slavomir
5578afa189 Regenerate using latest codemill generator. 2021-04-30 15:39:09 +01:00
Chris Smowton
0beaa7fdc9 Model content-type setters as HeaderWrites. 2021-04-30 15:39:09 +01:00
Chris Smowton
9ea8b34e47 HTTP ResponseBody: support HeaderWrites with hard-coded header values. 2021-04-30 15:39:09 +01:00
Chris Smowton
3fd2c7d4bb Note response writers for existing HeaderWrite and HttpRedirect instances 2021-04-30 15:39:09 +01:00
Slavomir
36396df271 HttpResponseBody: Move .getAPredecessor*() to the test query. 2021-04-30 15:39:09 +01:00
Slavomir
989bfa2b1d Improve naming and comments. 2021-04-30 15:39:09 +01:00
Slavomir
78b403f42e Stub alternative HTTP::ResponseBody model implementation 2021-04-30 15:39:09 +01:00
Slavomir
ff848a502a ResponseBody: Use .getAPredecessor*().getStringValue() instead of just .getStringValue() 2021-04-30 15:39:09 +01:00
Chris Smowton
3a0b36cdb8 Merge pull request #531 from sauyon/non-alert-queries 
Non-alert queries
 2021-04-27 17:49:49 +01:00
Sauyon Lee
bfe6e7510d Evaluate symlinks for the dummy file 2021-04-27 08:32:21 -07:00
Sauyon Lee
d09cb7f228 Remove badpkg.go to make tests location-independent 2021-04-27 01:18:22 -07:00
Sauyon Lee
03c3b15caa Improve autoformatting check 2021-04-27 01:18:21 -07:00
Sauyon Lee
27b72b53e5 Add diagnostic queries 2021-04-27 01:18:21 -07:00
Sauyon Lee
9f85846980 Add lines of code summary query 2021-04-27 01:18:20 -07:00
Sauyon Lee
fa5cb652d8 Fix lines of code counting 2021-04-27 01:18:20 -07:00
Sauyon Lee
ed978e439f Add GoFile and move HtmlFile to Files.qll 2021-04-27 01:18:19 -07:00
Sauyon Lee
2a80a60468 Add GeneratedFile concept 2021-04-27 01:18:19 -07:00
Sauyon Lee
3393588353 Move concepts imports to Concepts.qll 2021-04-27 01:18:18 -07:00
Sauyon Lee
7a790340ed Merge pull request #526 from sauyon/fix-bad-error-locs 
Extract dummy files for errors without locations
 2021-04-27 01:07:22 -07:00
Sauyon Lee
b808c187cf Add test with curly braces in filename 2021-04-21 21:14:41 -07:00
Sauyon Lee
f15b65d07e Extract dummy files for errors with no location 2021-04-21 21:14:40 -07:00
Sauyon Lee
488f7f5b9b Use pre-transformed path for extractor fileinfo 2021-04-21 21:14:40 -07:00
Chris Smowton
90c4b5d63f Switch to using HTML entities for escaping 2021-04-21 21:14:39 -07:00
Chris Smowton
06c958e61f Extractor: tolerate curly braces in struct field tags, directory names 
These previously produced malformed TRAP. I have checked the other uses of GlobalID and don't see any others that should require escaping.
 2021-04-21 21:14:39 -07:00
Sauyon Lee
466d87684d Merge pull request #528 from sauyon/tuple-map-read 2021-04-21 08:50:40 -07:00
Chris Smowton
9ab1a8d144 Reword change note 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2021-04-21 15:28:28 +01:00
Chris Smowton
e50ad90856 Elaborate comment and change-note a little 2021-04-21 12:36:43 +01:00
Chris Smowton
a152eec9f2 Add test for ExtractTupleElementInstruction.getResultType() 2021-04-21 12:33:51 +01:00
Chris Smowton
4fb714f445 Simplify implementation of ExtractTupleElementInstruction.getResultType 2021-04-21 12:33:00 +01:00
Sauyon Lee
7efbcec50d Add change note 2021-04-20 23:27:03 -07:00
Sauyon Lee
50bb6187b8 Revert ReflectedXss.go to example 2021-04-20 23:27:03 -07:00
Sauyon Lee
d1daca541e Add types for more tuple extractions 
Specifically, extractions where the RHS is a map element read or a channel receive
will now have types.
 2021-04-20 14:23:31 -07:00
Sauyon Lee
ba2da6d9a9 Add test exercising channel data flow 2021-04-20 14:23:31 -07:00
Chris Smowton
0cef5fb5d0 Add test case for map extraction 2021-04-20 14:23:29 -07:00
Chris Smowton
f40211bd20 Merge pull request #527 from smowton/smowton/fix/http-request-taint-tracking 
Improve net/http taint-tracking fidelity
 2021-04-20 12:40:19 +01:00
Chris Smowton
b2e92fa084 Remove needless model of Part.Read 
Read already gets a model as an implementation of the `Reader` interface.
 2021-04-20 11:05:36 +01:00
Chris Smowton
948e064440 Fix mis-modelling Part.Read 2021-04-20 11:03:17 +01:00