hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 23:02:56 +01:00
Code Issues Packages Projects Releases Wiki Activity
416 Commits 1,684 Branches 159 Tags
be21d49cf25f6a0ffa1625a89001973b6f11be8a
Commit Graph

416 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
intrigus
be21d49cf2 Add precision to query 2020-04-01 16:15:24 +02:00
intrigus
3a381b2fbf Add change note 2020-04-01 16:15:09 +02:00
intrigus
a524cc4716 Properly match methods defined in classes 2020-04-01 16:04:24 +02:00
intrigus
615fe09ed7 Format go test stubs 2020-04-01 15:52:55 +02:00
intrigus
4924be54a7 Fix one test method 2020-03-31 16:46:29 +02:00
intrigus
0586fe9235 Add missing stubs in vendor/ 2020-03-31 16:46:08 +02:00
intrigus
66451a776d Add test cases for all libraries 
Note: This is currently missing appropriate vendoring
so will probably fail for now.
 2020-03-30 23:44:25 +02:00
intrigus
e18d15070a Switch to jbowtie/gokogiri 2020-03-30 23:42:44 +02:00
intrigus
b097826dd8 Add missing class qualifiers 2020-03-30 23:42:13 +02:00
intrigus
051f17ce67 Fix class name 2020-03-30 23:37:37 +02:00
intrigus
26cfa93947 Ignore type incompatible sinks 2020-03-27 21:32:53 +01:00
intrigus
8278dd358e Try to fix test 2020-03-27 16:13:00 +01:00
intrigus
21feb9d996 Add byte slice type 2020-03-27 15:37:36 +01:00
intrigus
d609c0ca43 Shorten example code 2020-03-27 15:31:20 +01:00
intrigus
c5a1185939 Apply style suggestions 2020-03-27 15:29:21 +01:00
intrigus
b24c23389c Don't match unexported functions 2020-03-27 15:21:00 +01:00
intrigus-lgtm
5eaaa4264a Apply suggestions from code review 
Co-Authored-By: Sauyon Lee <sauyon@github.com>
 2020-03-27 13:42:30 +01:00
intrigus
be50db1cc7 Move XPath injection query to supported query 
The XPath injection query is moved to the supported queries.
Removed unnecessary code from the go test file
 2020-03-26 20:19:58 +01:00
intrigus
03023e8205 Add XPath model to default imports 2020-03-26 20:19:19 +01:00
intrigus
35a6fdb589 Add XPath framework models 2020-03-26 20:18:16 +01:00
Max Schaefer
8dda4bd97f Merge pull request #66 from intrigus-lgtm/CWE-643 
CWE-643 XPathInjection on Go
 2020-03-24 10:53:57 +00:00
Sauyon Lee
81e13473db Merge pull request #69 from max-schaefer/issue-72 
Track taint through element writes.
 2020-03-24 03:41:05 -07:00
intrigus
1f635806b3 Fix copy-paste errors, remove debugging code 2020-03-23 16:49:45 +01:00
intrigus-lgtm
9187bacd3c Apply suggestion from code review 
Use getUnderlyingType() to account for named aliases.

Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-03-23 16:45:56 +01:00
Sauyon Lee
4ff3177fae Merge pull request #67 from max-schaefer/more-qldoc 
Add missing Qldoc for modules.
 2020-03-23 05:29:40 -07:00
Max Schaefer
62b79721ea Track taint through element writes. 
This adds a taint step from `pred` to (the post-update node) of `succ` in `succ[idx] = pred` and its syntactic variants.

Unlike for structs, where partially tainted values are quite common, the theory is that arrays, maps, and slices are usually either completely tainted or completely clean.
 2020-03-23 09:15:01 +00:00
intrigus
d81c9b145e Update query help to use goxpath 2020-03-20 21:38:46 +01:00
intrigus
948b79df87 Update xpath example, use goxpath package 2020-03-20 21:38:46 +01:00
intrigus
c7ead88b91 Restructure query, add default sanitizer 2020-03-20 21:38:46 +01:00
intrigus-lgtm
ec40cf0379 Apply suggestions from review 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-03-20 21:38:02 +01:00
Max Schaefer
60fe6f4390 Add missing Qldoc for modules. 2020-03-20 17:36:08 +00:00
intrigus
d6ff6b74c5 CWE-643 XPathInjection on Go 2020-03-19 22:26:37 +01:00
Max Schaefer
37aaba10b7 Merge pull request #64 from sauyon/examples-in-json 
Add examples qlpack.yml to CodeQL manifest
 2020-03-19 07:54:39 +00:00
Sauyon Lee
f60f6ea7d0 Add examples qlpack.yml to CodeQL manifest 2020-03-18 09:30:45 -07:00
Max Schaefer
f53732ec5a Merge pull request #39 from sauyon/go1.14 
Go 1.14 support
 2020-03-18 10:08:50 +00:00
Max Schaefer
0a59470640 Fix tests. (#3) 2020-03-18 02:10:24 -07:00
Max Schaefer
60ce9c5acd Merge pull request #59 from max-schaefer/go-pg 
Add model of `go-pg/pg`.
 2020-03-18 07:35:23 +00:00
Max Schaefer
ad1324d2dd Add test. 2020-03-17 12:08:42 +00:00
Max Schaefer
49c5779112 Add model of go-pg/pg. 2020-03-17 12:08:42 +00:00
Sauyon Lee
e9b47298ed Merge pull request #61 from max-schaefer/better-method-sets 
Reformulate `Method.hasQualifiedName` in terms of method sets
 2020-03-17 07:46:19 -04:00
Max Schaefer
8cadc94f49 Clarify behaviour of getMethod on struct types. 2020-03-17 10:58:58 +00:00
Max Schaefer
74bcfdd01c Remove an unused and potentially confusing predicate. 2020-03-16 13:24:57 +00:00
Max Schaefer
0fc7febd1d Add another test. 2020-03-13 15:54:39 +00:00
Max Schaefer
f41151350a Merge pull request #60 from sauyon/bitwise-xor-fps 
MistypedExponentiation: Add a heuristic to reduce FPs
 2020-03-13 15:46:03 +00:00
Max Schaefer
8898858fff Add tests. 2020-03-13 14:19:27 +00:00
Max Schaefer
5175f1dcbe Take promoted methods into account when computing method sets. 2020-03-13 14:19:27 +00:00
Max Schaefer
d0c6206a6a Reformulate hasQualifiedName in terms of method sets. 2020-03-13 14:19:27 +00:00
Sauyon Lee
78ad006e68 Merge pull request #55 from max-schaefer/tainted-arithmetic 
Add new query `AllocationSizeOverflow`.
 2020-03-13 07:16:54 -07:00
Max Schaefer
39fa6052e6 Also treat second argument to make (slice capacity) as an allocation size. 2020-03-13 12:17:53 +00:00
Max Schaefer
864c85e886 Fix typo. 2020-03-13 10:27:58 +00:00