hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,644 Commits 1,671 Branches 157 Tags
ce9c8e6e9fd41ef0967b13849bb6ae2183caf9ad
Commit Graph

3229 Commits

Author SHA1 Message Date
github-actions[bot]
02a1b1efcb Release preparation for version 2.23.1 2025-09-16 14:14:42 +00:00
Jeroen Ketema
0f5bd3799e Merge branch 'main' into go-log 2025-09-12 11:12:01 +02:00
Jeroen Ketema
3de9356141 Go: Retrofit the change log to mention Go 1.25 
This can only be a minor change (or something similar) to stay within the
semantic versioning contraints. This is because only the patch version of
the Go ql library pack was bumped during the release. Since there were no new
language features in Go 1.25, this might also be the most accurate choice here.
 2025-09-12 11:08:42 +02:00
Michael B. Gale
f4575d9d03 Merge pull request #20406 from github/dependabot/go_modules/go/extractor/extractor-dependencies-93606d20ee 
Bump golang.org/x/tools from 0.36.0 to 0.37.0 in /go/extractor in the extractor-dependencies group
 2025-09-11 13:11:28 +01:00
Owen Mansel-Chan
d9e7c89af0 Add indirect method calls 2025-09-11 11:31:28 +01:00
Owen Mansel-Chan
84e70e166e Add direct method calls 2025-09-11 11:27:56 +01:00
Owen Mansel-Chan
fa18fd2782 Add method defs 2025-09-11 11:24:53 +01:00
Owen Mansel-Chan
cbbf7c2578 Include pre-update node in output 2025-09-11 11:22:17 +01:00
dependabot[bot]
b996dc3b62 Bump golang.org/x/tools 
Bumps the extractor-dependencies group in /go/extractor with 1 update: [golang.org/x/tools](https://github.com/golang/tools).


Updates `golang.org/x/tools` from 0.36.0 to 0.37.0
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.36.0...v0.37.0)

---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-version: 0.37.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-11 03:08:27 +00:00
dependabot[bot]
f104205538 Bump golang.org/x/mod 
Bumps the extractor-dependencies group in /go/extractor with 1 update: [golang.org/x/mod](https://github.com/golang/mod).


Updates `golang.org/x/mod` from 0.27.0 to 0.28.0
- [Commits](https://github.com/golang/mod/compare/v0.27.0...v0.28.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-version: 0.28.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-09 03:08:18 +00:00
Michael B. Gale
8c13faf3d8 Go: Set log level based on CODEQL_VERBOSITY 2025-09-05 14:18:31 +01:00
Arthur Baars
5d3ec35e29 Remove non-breaking spaces from code 2025-09-05 09:41:15 +02:00
Owen Mansel-Chan
2a45b28e5f Merge pull request #20064 from Kwstubbs/go-path-separator 
Update Go Path Injection Sanitizer and Sink
 2025-09-03 16:45:15 +01:00
github-actions[bot]
e8a2600a0c Post-release preparation for codeql-cli-2.23.0 2025-09-02 11:46:23 +00:00
github-actions[bot]
0bfa93828b Release preparation for version 2.23.0 2025-09-02 11:09:32 +00:00
Michael Nebel
9a88e38d6f Merge pull request #20327 from michaelnebel/go/ql4ql 
Go: Fix some Ql4Ql violations.
 2025-09-02 11:45:26 +02:00
Michael Nebel
55e5281429 Go: Fix a couple more spelling errors. 2025-09-02 10:47:36 +02:00
Michael Nebel
d0323a6425 Fix one more violation. 2025-09-02 09:42:05 +02:00
Michael Nebel
ea664e08d1 Go: Fix some Ql4Ql violations. 2025-09-01 15:00:34 +02:00
Henry Mercer
55869f28c3 Specify default queries in codeql-extractor.yml 2025-08-29 17:34:45 +01:00
Chris Smowton
1829060fab Merge remote-tracking branch 'origin/main' into smowton/admin/merge-rc319-into-main 2025-08-21 16:33:37 +01:00
dependabot[bot]
e99b423e28 Bump the extractor-dependencies group in /go/extractor with 2 updates 
Bumps the extractor-dependencies group in /go/extractor with 2 updates: [golang.org/x/mod](https://github.com/golang/mod) and [golang.org/x/tools](https://github.com/golang/tools).


Updates `golang.org/x/mod` from 0.26.0 to 0.27.0
- [Commits](https://github.com/golang/mod/compare/v0.26.0...v0.27.0)

Updates `golang.org/x/tools` from 0.35.0 to 0.36.0
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.35.0...v0.36.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-version: 0.27.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
- dependency-name: golang.org/x/tools
  dependency-version: 0.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-21 03:46:43 +00:00
github-actions[bot]
42e3d31c49 Post-release preparation for codeql-cli-2.22.4 2025-08-18 14:42:42 +00:00
github-actions[bot]
90d29994c8 Release preparation for version 2.22.4 2025-08-18 14:06:09 +00:00
Nora Dimitrijević
0512940c0c Merge pull request #20075 from d10c/d10c/diff-informed-phase-3-go 
Go: Diff-informed queries: phase 3 (non-trivial locations)
 2025-08-15 12:23:53 +02:00
Jeroen Ketema
4b215d50e2 Go: Update maxGoVersion in the autobuilder 2025-08-13 14:09:53 +02:00
Jeroen Ketema
976ef99d60 Go: Request go1.25.0 toolchain 2025-08-13 13:39:35 +02:00
Jeroen Ketema
d5f8289bcd Go: Update Go version in tests to 1.25.0 2025-08-13 13:39:32 +02:00
github-actions[bot]
fb4b0aac53 Post-release preparation for codeql-cli-2.22.3 2025-08-04 17:18:08 +00:00
github-actions[bot]
fd82aeb1f8 Release preparation for version 2.22.3 2025-08-04 15:47:57 +00:00
github-actions[bot]
37cc78255a Post-release preparation for codeql-cli-2.22.2 2025-07-22 14:22:20 +00:00
Nick Rolfe
43d14c28c2 Tweak changenotes 2025-07-22 15:06:09 +01:00
github-actions[bot]
997547b8ef Release preparation for version 2.22.2 2025-07-22 14:04:14 +00:00
Nick Rolfe
825c813095 Revert "Release preparation for version 2.22.2" 2025-07-22 14:33:45 +01:00
Nick Rolfe
74cd982aca Tweak changenotes 2025-07-22 09:51:52 +01:00
Owen Mansel-Chan
e2f3c9d1b6 Reword change note 2025-07-22 00:09:37 +01:00
Kevin Stubbings
b4b848a25c Fix tests and simplify sanitizer 2025-07-21 21:53:35 +00:00
github-actions[bot]
c8632b70b7 Release preparation for version 2.22.2 2025-07-21 16:45:45 +00:00
Nick Rolfe
ad9b637bec Revert "Merge pull request #19994 from github/post-release-prep/codeql-cli-2.22.2" 
This reverts commit e5b4a15e35, reversing
changes made to 33e63109bb.
 2025-07-21 15:18:59 +01:00
Nora Dimitrijević
8824677e87 [DIFF-INFORMED] Go: BadRedirectCheck 2025-07-17 11:46:54 +02:00
Nora Dimitrijević
b4010ac2b4 [DIFF-INFORMED] Go: InsecureHostKeyCallback 2025-07-17 11:46:53 +02:00
Nora Dimitrijević
188fc0d933 [DIFF-INFORMED] Go: UnhandledCloseWritableHandle 2025-07-17 11:46:51 +02:00
Nora Dimitrijević
7b759f44f8 [DIFF-INFORMED] Go: AuthCookie 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/experimental/CWE-1004/CookieWithoutHttpOnly.ql#L97
 2025-07-17 11:46:49 +02:00
Nora Dimitrijević
a1fe72c423 [DIFF-INFORMED] Go: SSRF 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/experimental/CWE-918/SSRF.ql#L23
 2025-07-17 11:46:47 +02:00
Nora Dimitrijević
7bd6703f19 [DIFF-INFORMED] Go: ConditionalBypass 2025-07-17 11:46:46 +02:00
Nora Dimitrijević
19b373aa90 [DIFF-INFORMED] Go: SensitiveConditionBypass 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/experimental/CWE-807/SensitiveConditionBypass.ql#L33
 2025-07-17 11:46:44 +02:00
Nora Dimitrijević
d6ef585110 [DIFF-INFORMED] Go: RequestForgery, SafeUrlFlow 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-918/RequestForgery.ql#L21
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-601/OpenUrlRedirect.ql#L24
 2025-07-17 11:46:42 +02:00
Nora Dimitrijević
8c8625d912 [DIFF-INFORMED] Go: ReflectedXss 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-079/ReflectedXss.ql#L23
 2025-07-17 11:46:40 +02:00
Nora Dimitrijević
4b473622bc [DIFF-INFORMED] Go: InsecureRandomness 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-338/InsecureRandomness.ql#L19
 2025-07-17 11:46:39 +02:00
Nora Dimitrijević
ce7eb9b16a [DIFF-INFORMED] Go: IncorrectIntegerConversion 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-681/IncorrectIntegerConversionQuery.ql#L23
 2025-07-17 11:46:37 +02:00