hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-24 02:43:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
65,188 Commits 1,693 Branches 161 Tags
be245dd4b296ccfae51155cbfec791b1bca00a60
Commit Graph

1481 Commits

Author SHA1 Message Date
Henry Mercer
4e3a6e2140 Merge pull request #15874 from github/henrymercer/mark-loc-as-telemetry 
Show lines of code data in debug mode only
 2024-03-21 12:20:09 +00:00
Michael Nebel
6619be3137 Merge pull request #15940 from michaelnebel/csharp/sourcesinktests 
C#: Source- and sink tests.
 2024-03-21 08:12:16 +01:00
Henry Mercer
a76832f4e0 Mark LOC queries as debug instead 2024-03-20 21:18:55 +00:00
Dave Bartolomeo
311ba8ea1b Merge from main to resolve conflicts 2024-03-19 10:41:31 -04:00
Michael Nebel
70c6744944 Java/Go/Swift: Sync changes. 2024-03-19 14:20:43 +01:00
Tom Hvitved
fc55567d90 Merge pull request #15853 from hvitved/dataflow/get-location 
Data flow: Replace `hasLocationInfo` with `getLocation`
 2024-03-18 20:21:46 +01:00
github-actions[bot]
0a6243d07b Release preparation for version 2.16.5 2024-03-18 10:14:07 +00:00
Max Schaefer
d3e0a90ae5 Go: Mention raw string iterals in QHelp for go/incomplete-hostname-regexp. 2024-03-15 11:22:40 +00:00
Tony Torralba
20691e409c Add change note 2024-03-14 11:56:43 +01:00
Tony Torralba
87b2dcc892 Adjust test expectations 2024-03-14 10:25:04 +01:00
Tony Torralba
d8c0ab8e1f Go: Consider more strings as hardcoded credentials 2024-03-14 10:11:39 +01:00
Tom Hvitved
e4a4c18166 Go: Implement new data flow interface 2024-03-13 14:41:57 +01:00
Tom Hvitved
dddba3228b Merge pull request #15867 from hvitved/dataflow/ap-limit 
Data flow: Add `ConfigSig::accessPathLimit`
 2024-03-12 14:57:51 +01:00
Henry Mercer
c325ff8a23 Mark lines of code queries as telemetry queries 
The new file coverage metrics are available in all supported GHES
versions. This PR tags lines of code queries as telemetry queries. Lines
of code information will still be available in the SARIF file, but it
will no longer be displayed in the logging output of the CLI.

The one exception is the metric queries for Java/Kotlin that provides
separate lines of code information for Java and Kotlin. I've kept these
since separate file coverage information for languages like Java and
Kotlin is only available for GHES 3.12 and later.
 2024-03-11 16:40:31 +00:00
Tony Torralba
04436208ab Merge pull request #15843 from atorralba/atorralba/go/uncontrolled-allocation-size 
Go: Promote `go/uncontrolled-allocation-size` from experimental
 2024-03-11 16:12:27 +01:00
Tony Torralba
ff2d78d2c8 Update go/ql/src/Security/CWE-770/UncontrolledAllocationSize.ql 2024-03-11 15:53:40 +01:00
Tom Hvitved
da66281fef Sync files 2024-03-11 13:02:04 +01:00
Tony Torralba
a09eb9f4c5 Update go/ql/src/Security/CWE-770/UncontrolledAllocationSize.ql 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2024-03-11 08:58:59 +01:00
Owen Mansel-Chan
820c14577a Merge pull request #13553 from am0o0/amammad-go-bombs 
Go: Decompression Bombs
 2024-03-10 13:48:04 +00:00
am0o0
43df6a2c07 add comments for already implemented io.Read and io.WriteTo Sinks. 
remove some sinks about `"decompressor"` which was added wrongly.
change `GeneralReadIoSink` type from module to class.
separate `KlauspostGzipAndPgzip` `KlauspostPgzip` and `KlauspostGzip`.
 2024-03-08 20:05:46 +04:00
am0o0
66130d208e convert abstract predicate isAdditionalFlowStep to non-abstract 2024-03-08 19:30:41 +04:00
Tony Torralba
138ce42cf6 Fix qhelp 2024-03-07 15:22:46 +01:00
Tony Torralba
7d74125508 Go: Promote go/uncontrolled-allocation-size 2024-03-07 15:17:49 +01:00
github-actions[bot]
dc9092c9ec Post-release preparation for codeql-cli-2.16.4 2024-03-06 22:19:33 +00:00
github-actions[bot]
2f058ffb4d Release preparation for version 2.16.4 2024-03-06 20:56:51 +00:00
Angela P Wen
ce31f8641a Revert "Release preparation for version 2.16.4" 2024-03-06 12:07:33 -08:00
Owen Mansel-Chan
f1115af146 Merge pull request #15130 from Malayke/main 
Go: new query for detect DOS vulnerability
 2024-03-06 11:32:57 +00:00
Tony Torralba
f4c2e65614 Merge pull request #15812 from atorralba/atorralba/go/squirrel-sinks 
Go: Add SQLi sinks for Squirrel
 2024-03-06 12:09:19 +01:00
Malayke
02bab4c15a Update go/ql/src/experimental/CWE-770/DenialOfService.ql 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2024-03-06 17:57:20 +08:00
github-actions[bot]
661e68dab5 Release preparation for version 2.16.4 2024-03-05 18:13:58 +00:00
Angela P Wen
967963a653 Revert "Release preparation for version 2.16.4" 2024-03-05 08:53:33 -08:00
Tony Torralba
e78e71c875 List Squirrel builders explicitly 2024-03-05 16:05:22 +01:00
Michael B. Gale
40ff75db07 Go: Update list of expected files for single-go-mod-and-go-files-not-under-it test 2024-03-05 14:56:51 +00:00
Tony Torralba
a264ea23c6 Go: Add SQLi sinks for Squirrel 2024-03-05 15:35:34 +01:00
Michael B. Gale
a8d240dd72 Go: Add integration test for mixed layout project 2024-03-05 14:08:16 +00:00
Owen Mansel-Chan
8e43c5c683 Merge pull request #15811 from owen-mc/go/limit-password-heuristics 
Go: Only check strings of length <= 100 for dummy password with <= 2 unique characters
 2024-03-05 13:42:26 +00:00
Owen Mansel-Chan
4dde1fb117 Only check strings of length <= 100 for dummy password with <= 2 unique characters 2024-03-05 11:45:17 +00:00
Tony Torralba
a78e04eb34 Merge pull request #15795 from atorralba/atorralba/go/macaron-sources 
Go: Add Macaron sources
 2024-03-05 09:08:58 +01:00
github-actions[bot]
a67218a027 Release preparation for version 2.16.4 2024-03-04 17:42:08 +00:00
Tony Torralba
7286f56718 Change tests to inline expectations 2024-03-04 17:29:12 +01:00
Owen Mansel-Chan
dcc2b2c50d Merge pull request #15057 from aydinnyunus/main 
Web Cache Deception Vulnerability on Go Frameworks
 2024-03-04 14:36:39 +00:00
Owen Mansel-Chan
c0974934bc Fix test expectations again 2024-03-04 14:05:04 +00:00
Owen Mansel-Chan
39a802fb98 Add new columns to test expectations 2024-03-04 13:45:54 +00:00
Owen Mansel-Chan
6a1bb9bfb0 Merge branch 'main' into main 2024-03-04 13:42:53 +00:00
Owen Mansel-Chan
0bf0c069c6 Fix formatting 2024-03-04 13:39:44 +00:00
Tony Torralba
fc12537699 Go: Add Macaron sources 2024-03-04 14:29:56 +01:00
Owen Mansel-Chan
910725939f Update QLDoc 2024-03-04 13:06:23 +00:00
Michael B. Gale
a8ae2e2525 Go: Add changenote for autobuilder refactor 2024-03-04 12:02:51 +00:00
Michael B. Gale
0c93641b54 Merge pull request #15361 from github/mbg/go/legacy-gopath-mode-deprecated 
Go: Update autobuilder to deal with the upcoming deprecation of the legacy GOPATH mode
 2024-03-04 10:23:37 +00:00
Merdan Aziz
72e6853792 address the review comments 2024-03-03 20:36:43 +08:00