hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-20 08:53:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
64,290 Commits 1,693 Branches 160 Tags
d182eae868aada28abe51ba5a29da13210f0fa16
Commit Graph

1537 Commits

Author SHA1 Message Date
Chris Smowton
9f84653283 Merge pull request #15613 from smowton/smowton/fix/golang-map-range-read-dataflow 
Golang: fix flow from a map value via a range statement
 2024-02-27 15:42:43 +00:00
Chris Smowton
a6480a4ca1 Autoformat again / tabify 2024-02-27 13:55:26 +00:00
Chris Smowton
74448c092a Autoformat / uglify 2024-02-27 13:49:12 +00:00
Chris Smowton
e62a0805db Add test for map literal 2024-02-27 13:44:52 +00:00
Tom Hvitved
2683e40038 Merge pull request #15708 from hvitved/share-ide-contextual 
Share `getFileBySourceArchiveName` implementation
 2024-02-23 19:56:33 +01:00
Chris Smowton
12213a0a08 Add test 2024-02-23 18:39:16 +00:00
Chris Smowton
d57160db5c Direct map stores via a post-update node 2024-02-23 16:37:26 +00:00
Tom Hvitved
62b16c0fa3 Share getFileBySourceArchiveName implementation 2024-02-23 11:25:49 +01:00
github-actions[bot]
b2b5aa18b2 Add changed framework coverage reports 2024-02-23 00:16:49 +00:00
github-actions[bot]
37f8fa3413 Post-release preparation for codeql-cli-2.16.3 2024-02-20 16:50:47 +00:00
github-actions[bot]
6d061fbc35 Release preparation for version 2.16.3 2024-02-20 14:26:23 +00:00
Michael B. Gale
ea676469bb Merge pull request #15202 from github/mbg/go/1.22 
Go: Update workflows and expected test results for Go 1.22
 2024-02-20 12:32:57 +00:00
Tony Torralba
1704bfe2bf Merge pull request #15585 from atorralba/atorralba/go/promote-jwt-unsafe-verification 
Go: Promote `go/missing-jwt-signature-check` from experimental
 2024-02-19 15:35:44 +01:00
Tony Torralba
8b8cebd599 Apply suggestions from code review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2024-02-19 08:59:03 +01:00
Michael B. Gale
25f0692e2c Go: Update expected results for TypeParamType 2024-02-16 17:33:30 +00:00
Owen Mansel-Chan
6cb4773188 Add new libraries we cover to frameworks.csv 2024-02-15 12:19:49 +00:00
Tony Torralba
582f341d9e Add references to qhelp 2024-02-14 17:25:09 +01:00
Tony Torralba
f9638760ff Fix MaD rows 2024-02-14 17:25:08 +01:00
Tony Torralba
769ec16803 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2024-02-14 17:25:08 +01:00
Tony Torralba
5a82d2188a Fix double quotes in MaD row 2024-02-14 17:25:08 +01:00
Tony Torralba
85b22a2b98 Fix QHelp 2024-02-14 17:25:08 +01:00
Tony Torralba
ad7d40f0af Add missing QLDoc 2024-02-14 17:25:08 +01:00
Tony Torralba
2a30898af6 Go: Promote go/missing-jwt-signature-check from experimental 2024-02-14 17:25:03 +01:00
Tony Torralba
1202b5b429 Go: Use less confusing name for hardcoded credentials tests 
We don't want name-based heuristics to pick these variable names, but also using something like 'safeName' may mislead readers into believing the test cases are intended to be GOOD cases (i.e. safe)
 2024-02-14 17:06:05 +01:00
Chris Smowton
7ed73bc4ed change note 2024-02-14 15:45:03 +00:00
Chris Smowton
9016997b51 Golang: fix flow from a map value via a range statement 2024-02-14 14:56:24 +00:00
Tony Torralba
5ce35e47b9 Adjust a test case so that the key isn't considered dummy 
(len < 4)
 2024-02-14 13:06:31 +01:00
Tony Torralba
458bbb3581 Rename fwk module 2024-02-14 12:23:27 +01:00
Tony Torralba
16284fdd20 Discard sources that are obvious dummy values 2024-02-14 12:21:52 +01:00
Tony Torralba
a76de495e0 Simplify sanitizers 
Use DataFlow::returnedWithError instead
 2024-02-14 12:21:51 +01:00
Tony Torralba
6b74cb7e75 Remove unneeded $ANYVERSION 2024-02-14 12:21:51 +01:00
Tony Torralba
3fb422ca25 Split Jwt.qll into framework libraries, which makes more sense 2024-02-14 12:21:38 +01:00
Tony Torralba
8afaa231ee Update go/ql/lib/semmle/go/security/Jwt.qll 2024-02-14 12:15:20 +01:00
Tony Torralba
304998d50e Update go/ql/src/Security/CWE-798/HardcodedCredentials.ql 2024-02-14 12:15:20 +01:00
Tony Torralba
84d1d72497 Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2024-02-14 12:15:19 +01:00
Tony Torralba
750c8085cb Remove duplicated main from tests 2024-02-14 12:15:19 +01:00
Tony Torralba
ba1faea630 Go: Promote go/hardcoded-key from experimental 2024-02-14 12:15:14 +01:00
Michael B. Gale
f7955db841 Merge pull request #15603 from github/mbg/go/fix-file-info-extraction 2024-02-13 20:02:13 +00:00
Michael B. Gale
205847df64 Go: Add DummyFile class 2024-02-13 17:49:31 +00:00
Michael B. Gale
c6f4495ada Go: Exclude dummy files from File 2024-02-13 17:46:41 +00:00
Michael B. Gale
be521508c2 Go: Do not add dummy files to CompilationCompilingFilesTable 2024-02-13 14:21:07 +00:00
Michael B. Gale
5e08bf0dbf Go: Add missing call to extractFileInfo 2024-02-13 14:20:45 +00:00
dependabot[bot]
a3008083ea Bump the extractor-dependencies group in /go/extractor with 1 update 
Bumps the extractor-dependencies group in /go/extractor with 1 update: [golang.org/x/tools](https://github.com/golang/tools).


Updates `golang.org/x/tools` from 0.17.0 to 0.18.0
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.17.0...v0.18.0)

---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-02-13 03:58:21 +00:00
Anders Schack-Mulligen
3b8af1e52a Go: Add empty provenance column to expected files. 2024-02-09 11:32:07 +01:00
Dave Bartolomeo
92bd550c55 Merge pull request #15531 from github/post-release-prep/codeql-cli-2.16.2 
Post-release preparation for codeql-cli-2.16.2
 2024-02-08 05:58:17 -08:00
Henry Mercer
23921afd8d Merge pull request #15532 from github/henrymercer/add-build-modes 
Add supported build modes to extractor metadata
 2024-02-07 15:54:44 +00:00
dependabot[bot]
565426940c Bump the extractor-dependencies group in /go/extractor with 1 update 
Bumps the extractor-dependencies group in /go/extractor with 1 update: [golang.org/x/mod](https://github.com/golang/mod).


Updates `golang.org/x/mod` from 0.14.0 to 0.15.0
- [Commits](https://github.com/golang/mod/compare/v0.14.0...v0.15.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-02-07 03:32:07 +00:00
Henry Mercer
e71f0fc1ba Add supported build modes to extractor metadata 2024-02-06 19:51:13 +00:00
github-actions[bot]
b5139078d0 Post-release preparation for codeql-cli-2.16.2 2024-02-06 19:22:35 +00:00
github-actions[bot]
c1b35fbf47 Release preparation for version 2.16.2 2024-02-05 17:58:57 +00:00