hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 14:52:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,471 Commits 1,684 Branches 159 Tags
d3154d0aa730350aaed55dd430ea6ae576d023e8
Commit Graph

1471 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Owen Mansel-Chan
d3154d0aa7 Sync dataflow libraries 
`make sync-dataflow-libraries`
 2020-11-17 15:48:50 +00:00
Owen Mansel-Chan
4bfe088c0f Update dataflow branch from master to main 2020-11-17 15:48:50 +00:00
Chris Smowton
43f9351094 Merge pull request #405 from igfoo/igfoo/portability 
Use more portable syntax in codeql-tools/autobuild.sh
 2020-11-13 14:59:54 +00:00
Ian Lynagh
f5223bae4c Use more portable syntax in codeql-tools/autobuild.sh 2020-11-13 14:30:04 +00:00
Chris Smowton
82a5b5f264 Merge pull request #369 from sauyon/checkdeps 
Check dependencies before skipping dependency installation
 2020-11-11 09:54:33 +00:00
Chris Smowton
04cec8b542 Merge pull request #400 from sauyon/autoformat 
Autoformat tests
 2020-11-11 09:51:50 +00:00
Nick Rolfe
c7e03cbd98 Merge pull request #398 from github/nickrolfe/getFileBySourceArchiveName 
Replace getEncodedFile with getFileBySourceArchiveName predicate
 2020-11-10 18:19:00 +00:00
Sauyon Lee
5a9b8a5465 Autoformat 2020-11-10 09:35:29 -08:00
Sauyon Lee
80c2fcdbb8 Autoformat tests 2020-11-10 09:35:16 -08:00
Nick Rolfe
17b6401c22 Replace getEncodedFile with getFileBySourceArchiveName predicate 
While also making it work with paths for databases created on Windows.
 2020-11-10 16:43:21 +00:00
Chris Smowton
235b7c0bc5 Merge pull request #395 from sauyon/regexp 
SuspiciousCharacterInRegexp: Add fix for raw string literals
 2020-11-10 12:18:38 +00:00
Sauyon Lee
0950baf4b7 Add additional tests for suspicious character in regexp regexp 2020-11-09 10:36:27 -08:00
Sauyon Lee
eb26b0abd1 SuspiciousCharacterInRegexp: Add fix for raw string literals 2020-11-09 10:10:47 -08:00
Sauyon Lee
52d253a95b Add isRaw to StringLit 2020-11-09 10:08:51 -08:00
Chris Smowton
33f43626b3 Merge pull request #396 from sauyon/remove-code-scanning 
Remove code scanning temporarily
 2020-11-09 10:58:55 +00:00
Sauyon Lee
920f7153c8 autobuilder: Add dependency check 
Sometimes build scripts succeed without installing dependencies, for
example if they are unrelated to Go or if they simply always exit
successfully. Therefore, added a check that dependencies at least
resolve before skipping dependency installation.
 2020-11-09 02:13:48 -08:00
Sauyon Lee
4a53bfdebf autobuilder: Only set mod mode when go.mod exists 2020-11-09 02:13:47 -08:00
Sauyon Lee
cc0a40e712 Remove code scanning until build tracing is implemented. 2020-11-09 02:11:05 -08:00
Chris Smowton
0938437d13 Merge pull request #373 from smowton/smowton/feature/golang-x-net-html 
Add models for the read side of golang.org/x/net/html
 2020-11-06 16:20:45 +00:00
Sauyon Lee
a78c35b95e Simplify net/http ResponseBody logic 2020-11-06 11:18:46 +00:00
Sauyon Lee
8a306af77b Make HTTP::ResponseWriter handle PostUpdateNodes in getANode 2020-11-06 11:18:46 +00:00
Chris Smowton
3817ae80e5 Add support for html.Render method. 
This entails generalising Http::ResponseBody to account for any modelled function writing to a ResponseWriter.
 2020-11-06 11:04:53 +00:00
Chris Smowton
02f353eabd Add models for the read side of golang.org/x/net/html 
This covers cases where an HTML document is retrieved and then parts of its structure are output without proper escaping.
 2020-11-06 11:04:53 +00:00
Chris Smowton
03bbef7286 Add models for the read side of golang.org/x/net/html 
This covers cases where an HTML document is retrieved and then parts of its structure are output without proper escaping.
 2020-11-06 11:04:53 +00:00
Chris Smowton
e4aa252d6b Merge pull request #381 from sauyon/gomodfix 
Update dependencies and clean go.mod
 2020-11-06 10:14:22 +00:00
Chris Smowton
582f8e444b Merge pull request #393 from smowton/smowton/fix/cfg-assignment-underscores 
CFG: fix lastNode relating to assignments with underscores on the LHS
 2020-11-03 14:32:57 +00:00
Chris Smowton
3b927f3b6b CFG: fix lastNode relating to assignments with underscores on the LHS 
For example, "x, _ := a, b" would produce an incorrect CSV that branched to the next statement after evaluating "b", skipping the assignment to 'x'. We already had test coverage for function returns, so I'm reasonably confident this only affects parallel assigns, not destructuring ones like "x, y := f()".
 2020-11-03 12:00:54 +00:00
Sauyon Lee
3c84f11d5b Merge pull request #385 from github/sauyon-patch-1 
Enable code scanning
 2020-10-29 11:00:08 -07:00
Chris Smowton
cbc2443236 Merge pull request #390 from smowton/smowton/admin/links-master-to-main 
Docs: replace master with main and QL4E with VSCode
 2020-10-29 11:06:33 +00:00
Chris Smowton
1c75c9d1e9 Docs: Master -> main and Semmle/ql -> github/codeql everywhere 
Also fix a reference to QL for Eclipse, and remove some incidental trailing whitespace
 2020-10-29 11:04:49 +00:00
Chris Smowton
0f637c5887 Merge pull request #379 from smowton/model-revel 
Model Revel
 2020-10-28 09:56:25 +00:00
Chris Smowton
7ddb289910 Merge pull request #389 from github/aibaars/fix-broken-links 
Update links in ql/docs/experimental.md
 2020-10-28 09:55:21 +00:00
Arthur Baars
31cd26fded Update links in ql/docs/experimental.md 2020-10-28 10:12:52 +01:00
Chris Smowton
0bf80641e8 Revel: mark header reads as user-controlled data 2020-10-26 12:26:37 +00:00
Chris Smowton
f0c0a890a5 Move OpenUrlRedirect customisation into the query's qll file 2020-10-26 12:25:56 +00:00
Chris Smowton
4a2c4bf1b8 Merge pull request #387 from sauyon/testing-framework 
Add a testing framework
 2020-10-26 10:32:22 +00:00
Sauyon Lee
64ac49a618 Merge pull request #380 from sauyon/funtionmodel-shortcuts 
Add utility predicates to FunctionModel
 2020-10-23 02:26:51 -07:00
Chris Smowton
e9278b5477 Merge pull request #386 from smowton/smowton/admin/improve-error-messages 
Improve error messages
 2020-10-23 08:27:03 +01:00
Sauyon Lee
47f40d5f3e Add tests for log frameworks 2020-10-22 09:18:53 -07:00
Sauyon Lee
671b427e1e Add shared testing framework 
It has been modified to use `hasLocation` instead of `Location`
 2020-10-22 09:18:52 -07:00
Sauyon Lee
1e034a1dd5 Add logrus to go.qll 2020-10-22 09:18:52 -07:00
Chris Smowton
82de513764 Merge pull request #384 from sauyon/gobuild 
extractor: Extract the working directory if no packages are passed
 2020-10-22 15:43:48 +01:00
Chris Smowton
3716f6d7e9 Improve error messages 2020-10-22 14:42:23 +01:00
Chris Smowton
6122223b37 Merge pull request #383 from smowton/smowton/feature/work-around-broken-os-executable 
Autobuilder: fall back when os.Executable fails
 2020-10-22 14:41:37 +01:00
Sauyon Lee
ec52bdd536 Enable code scanning 2020-10-22 06:07:15 -07:00
Sauyon Lee
e22bf96ba3 extractor: Extract the working directory if no packages are passed 2020-10-22 05:22:33 -07:00
Chris Smowton
5cc695f1d5 Autobuilder: fall back when os.Executable fails 
This can happen under tracing, perhaps because of https://github.com/github/codeql-tracer/issues/29
 2020-10-22 13:19:55 +01:00
Sauyon Lee
4356f38b8f Update dependencies and clean go.mod 2020-10-22 04:57:21 -07:00
Chris Smowton
62c6b0dc37 Add support for more Revel untrusted sources 2020-10-21 17:28:28 +01:00
Chris Smowton
2818da4df9 Advance to latest codeql-cli release 2020-10-21 17:27:18 +01:00