hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-14 03:09:26 +02:00
Code Issues Packages Projects Releases Wiki Activity
47,491 Commits 1,759 Branches 167 Tags
c19ab7bc85f9c8de243bb29dbb897e08dd3f4e28
Commit Graph

211 Commits

Author SHA1 Message Date
Owen Mansel-Chan
c19ab7bc85 Update shared library files for go to PR #10744 
Merge commit: 60fe370
 2022-11-29 16:14:57 +00:00
Owen Mansel-Chan
8957437a4c Update shared library files for go to PR #10691 
Merge commit: 0e6735b
 2022-11-29 16:14:57 +00:00
Owen Mansel-Chan
d63f161f06 Update shared library files for go to PR #10577 
Merge commit: df2b586
 2022-11-29 16:14:57 +00:00
Owen Mansel-Chan
c9aef4ac9f Update shared library files for go to PR #10575 
Merge commit: 9f1bbf2
 2022-11-29 16:14:56 +00:00
Owen Mansel-Chan
6ccfb4b4ba Update shared library files for go to PR #10505 
Merge commit: 8b424d1
 2022-11-29 16:14:56 +00:00
Owen Mansel-Chan
628230f14c Update shared library files for go to PR #10360 
Merge commit: 569fad6
 2022-11-29 16:14:55 +00:00
Owen Mansel-Chan
569da2da60 Update shared library files for go to PR #10127 
Merge commit: e265b07
 2022-11-29 16:14:55 +00:00
Owen Mansel-Chan
c2b64d4545 Update shared library files for go to PR #9867 
Merge commit: c514c88
 2022-11-29 16:14:54 +00:00
Owen Mansel-Chan
f05da69392 Update shared library files for go to PR #10007 
Merge commit: a3fb54c
 2022-11-29 16:14:54 +00:00
Owen Mansel-Chan
ae408290dd Update shared library files for go to PR #9823 
Merge commit: aa36556
 2022-11-29 16:14:54 +00:00
Arthur Baars
cf7ebe2fa8 Merge pull request #11471 from github/rc/3.8 
Merge rc/3.8 into main
 2022-11-29 12:57:34 +01:00
Felicity Chapman
a76d47681d Replace references in Qhelp files 2022-11-28 15:25:37 +01:00
Erik Krogh Kristensen
b2267c0e49 Merge pull request #11343 from erik-krogh/redundantAssignment 
QL: add redundant-assignment query
 2022-11-22 13:03:14 +01:00
Edoardo Pirovano
6c33ddcd47 Merge pull request #11349 from github/edoardo/2.11.4-mergeback 
Merge `rc/3.8` into `main`
 2022-11-21 18:08:27 +00:00
erik-krogh
64707f4f7b remove redundant assignments 2022-11-21 17:45:05 +01:00
github-actions[bot]
5b14ebf22a Post-release preparation for codeql-cli-2.11.4 2022-11-18 11:26:00 +00:00
erik-krogh
23dc977d48 add a severity to incompleteswitchoverenum.ql to fix a compiler warning 2022-11-18 10:29:42 +01:00
github-actions[bot]
e105c13e77 Release preparation for version 2.11.4 2022-11-17 16:40:45 +00:00
Owen Mansel-Chan
4073d77635 Add change notes 2022-11-17 14:27:07 +00:00
Owen Mansel-Chan
ab15a19028 Address review comments 2022-11-17 14:27:07 +00:00
Owen Mansel-Chan
166a3688f8 Use standard variable names for hasLocationInfo 
This makes them match the QLDoc and also other implementations of
`hasLocationInfo`.
 2022-11-17 14:27:07 +00:00
Owen Mansel-Chan
1a65a27fde Update test expectations 
In https://github.com/github/codeql/pull/8641, `localFlowExit` was
changed to use `Stage2::readStepCand` instead of `read`, which means
that the big-step relation is broken up less. This causes test result
changes. Nothing is lost from the `select` clause, but some results may
have fewer paths, and fewer nodes and edges are output in the test
results.
 2022-11-17 14:27:06 +00:00
Owen Mansel-Chan
71aeeee7c8 Accept trivial change to test output 
In the `subpaths` section, the last node is now printed without its type
if it is the sink of the path.

This comes from the commit "Dataflow: Bugfix: include subpaths ending at
a sink. " in https://github.com/github/codeql/pull/7526
 2022-11-17 14:27:06 +00:00
Owen Mansel-Chan
f2e2c02db6 Rename predicates to avoid clashes 2022-11-17 14:27:06 +00:00
Owen Mansel-Chan
1718ef88be Data flow: Inline local(Expr)?(Flow|Taint) 
See https://github.com/github/codeql/pull/7791
 2022-11-17 14:27:05 +00:00
Owen Mansel-Chan
736435adda Go: Add stub expectsContent 
Corresponds to https://github.com/github/codeql/pull/8870
 2022-11-17 14:27:05 +00:00
Owen Mansel-Chan
50210a9d24 Go: ParameterPosition and ArgumentPosition 
Corresponds to https://github.com/github/codeql/pull/7260, though some
of those changes had already been made.
 2022-11-17 14:27:05 +00:00
Owen Mansel-Chan
83a3af2fff Go: Summarized Callable 
Corresponds to https://github.com/github/codeql/pull/9270
 2022-11-17 14:27:04 +00:00
Owen Mansel-Chan
10ed4ad3df Go: Split summaryThroughStep into two predicates 
Cf. https://github.com/github/codeql/pull/9195
 2022-11-17 14:27:04 +00:00
Owen Mansel-Chan
1ee5d3e80e Move ParameterPosition etc to DataflowDispatch.qll 2022-11-17 14:27:04 +00:00
Owen Mansel-Chan
e5829201e1 Go: Implement ContentSet 2022-11-17 14:27:03 +00:00
Owen Mansel-Chan
282699e5b5 Go: Refactor SummarizedCallable. 
Equivalent of https://github.com/github/codeql/pull/9210
 2022-11-17 14:27:03 +00:00
Owen Mansel-Chan
c768f04e32 Go: Introduce generated flag as a part of the kind column for flow summaries 
Equivalent of https://github.com/github/codeql/pull/8628
 2022-11-17 14:27:03 +00:00
Owen Mansel-Chan
dae60c9deb Update data flow libraries to 55e052af26 2022-11-17 14:27:02 +00:00
github-actions[bot]
fca754bddd Post-release preparation for codeql-cli-2.11.3 2022-11-05 14:30:48 +00:00
github-actions[bot]
508327235a Release preparation for version 2.11.3 2022-11-04 20:16:23 +00:00
erik-krogh
f9195d194b go: make sure the source/sink have the same type as the edges relation 2022-11-03 11:20:15 +01:00
erik-krogh
c9fcef2608 go: add a precision tag to go/examples/deferinloop 2022-11-03 11:20:15 +01:00
erik-krogh
1ec204987d go: remove precision from metric queries 2022-11-03 11:20:15 +01:00
Dave Bartolomeo
9d5e5e3ee7 ${workspace} all the things 2022-11-01 13:29:05 -04:00
Arthur Baars
aba87a139d Merge pull request #10668 from aibaars/ruby-deps 
Ruby: update dependencies
 2022-11-01 13:55:42 +01:00
erik-krogh
84a7fddd95 remove explicit versions in lock files, as the dependencies are all installed locally 2022-11-01 09:09:26 +01:00
Chris Smowton
3573e211cc Correct test expectations 2022-10-29 11:40:58 +01:00
Chris Smowton
b6e4f472d1 Remove unnecessary import 2022-10-29 11:40:57 +01:00
Chris Smowton
6d321e0151 Add change note 2022-10-29 11:40:57 +01:00
Chris Smowton
5c66d87ed6 gofmt 2022-10-29 11:40:57 +01:00
Chris Smowton
0c6c135967 Go: exclude protobuf read steps from cleartext-logging query 
This query already treats structs differently to usual: it includes field -> whole struct taint steps, but explicitly excludes struct -> field steps. This means that a logging framework sinking an entire struct with a tainted field yields an alert, but we don't get FPs caused by writing field `x` but then reading field `y`.

However, protobuf messages have a special treatment, with taint usually associated with the whole struct and getter methods propagating that taint out. Suppressing these getter method steps specifically for the cleartext-logging query mirrors its treatment of structs in general and avoids this sort of field-mismatch FP.

On the downside we will miss same-field propagation like `m.field = password; Log(m.GetField())` if we don't have source code for the implementation of `m`. However this is hopefully unusual since the typical use of protobufs is to serialize and deserialize, rather than using the struct as a general-purpose datastructure.
 2022-10-29 11:40:57 +01:00
Chris Smowton
f9e811bddf Legacy support qlpacks: continue using libraryPathDependencies; add a comment noting this is obsolete. 2022-10-28 16:47:30 +01:00
Chris Smowton
ee63e60bb7 qlpacks: libraryPathDependencies -> dependencies 2022-10-28 16:07:36 +01:00
Rasmus Wriedt Larsen
8628ff5e52 Merge pull request #10999 from RasmusWL/inline-fail-tag 
InlineExpectationsTest: Fail if missing `getARelevantTag`
 2022-10-28 10:35:49 +02:00