hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-27 22:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
62,359 Commits 1,673 Branches 157 Tags
def957e8145cbaacd8b2a6e57bd1486094de417d
Commit Graph

718 Commits

Author SHA1 Message Date
Owen Mansel-Chan
14cffc3170 Merge pull request #15128 from owen-mc/go/fix-fp-incorrect-integer-conversion-signedness 
Go: fix FP in incorrect integer conversion query relating to strict comparisons with MaxInt and MaxUint
 2024-01-03 14:57:34 +00:00
Owen Mansel-Chan
19c5d1fd1d Merge pull request #15181 from felickz/go-xxe-libxml2 
GO - Add sink for libxml2 in go/xml/xpath-injection via XPath.qll
 2023-12-24 22:04:46 +00:00
Chad Bentz
730f6ed5b0 Merge branch 'main' into go-xxe-libxml2 2023-12-22 11:57:43 -05:00
Chad Bentz
86c258df7e mention sinks in changelog 2023-12-22 16:56:54 +00:00
Chad Bentz
cf25cc9531 Add docs 2023-12-22 16:53:21 +00:00
Aditya Sharad
b1803d0ac2 Merge rc/3.12 into main 2023-12-21 16:40:51 -08:00
Chad Bentz
4c46be1ed0 Use 3 arg overload on Method for hasQualifiedName for Package/Name/Type 2023-12-21 00:23:01 +00:00
github-actions[bot]
8f72b0e4f7 Post-release preparation for codeql-cli-2.15.5 2023-12-19 10:32:57 +00:00
github-actions[bot]
19af35b29a Release preparation for version 2.15.5 2023-12-18 21:22:44 +00:00
Owen Mansel-Chan
e45e92eaa7 Fix MaxIntOrMaxUint.isBoundFor 
It was wrong for strictnessOffset = 1 before.
 2023-12-17 06:16:33 +00:00
Anders Schack-Mulligen
a1068ce2f9 Dataflow: deprecate references 2023-12-14 15:05:33 +01:00
Tom Hvitved
c8b4a215bc Merge pull request #14573 from hvitved/flow-summary-impl-param 
Move `FlowSummaryImpl.qll` to `dataflow` pack
 2023-12-14 12:24:15 +01:00
Tom Hvitved
098afb935b Address more review comments 2023-12-14 09:48:45 +01:00
Jeroen Ketema
99e65df6ce Merge remote-tracking branch 'upstream/rc/3.12' into mb12 2023-12-13 15:43:39 +01:00
Owen Mansel-Chan
5675df842e Merge pull request #15054 from owen-mc/go/find-more-callees-for-captured-variables 
Go: Also follow jump steps when looking for a callee source
 2023-12-12 15:49:15 +00:00
Chad Bentz
2d33f86d41 Initial Push 
- Sample test  (test not compiling)
- Stubs not generating
 2023-12-12 15:00:00 +00:00
Owen Mansel-Chan
0fb58caa8c Update go/ql/lib/change-notes/2023-12-08-find-more-callees-for-captured-functions.md 
Co-authored-by: Chris Smowton <smowton@github.com>
 2023-12-11 20:42:48 +00:00
Tom Hvitved
35c654aa76 Go: Use FlowSummaryImpl from dataflow pack 2023-12-10 11:25:44 +01:00
Owen Mansel-Chan
2e2a82c237 Add change note 2023-12-08 23:33:58 +00:00
Owen Mansel-Chan
40b3598fd0 Also follow jump steps when looking for a callee source 
This is needed because capturing a variable is a jump step
and we want to find a callee source for captured functions.
 2023-12-08 18:44:14 +00:00
github-actions[bot]
92af5f5386 Post-release preparation for codeql-cli-2.15.4 2023-12-06 22:59:22 +00:00
github-actions[bot]
c04457e9e7 Release preparation for version 2.15.4 2023-12-06 21:11:50 +00:00
Anders Schack-Mulligen
67f0529cda Dataflow: Sync. 2023-12-04 12:36:57 +01:00
Owen Mansel-Chan
6f9a70475d Merge pull request #14882 from owen-mc/go/minor-fixes 
Go: improve CallNode documentation
 2023-11-24 10:36:07 +00:00
Owen Mansel-Chan
25a2aef623 Update library name in change note 2023-11-23 13:42:21 +00:00
Owen Mansel-Chan
25d5104468 Change how we refer to a query in a change note 2023-11-23 13:22:05 +00:00
Owen Mansel-Chan
dd8fb29a65 Improve QLDocs of CallNode and MethodCallNode 
When a function is assigned to a variable and called through that
variable then we can't always tell it was a method.
 2023-11-22 16:32:10 +00:00
Owen Mansel-Chan
d26dc68baa Merge pull request #14798 from owen-mc/go/improve-value-flow-through-slice-exprs 
Go: model value flow with array content through slice expressions
 2023-11-21 11:50:08 +00:00
github-actions[bot]
bad499e360 Post-release preparation for codeql-cli-2.15.3 2023-11-17 14:35:41 +00:00
github-actions[bot]
6ec9b95072 Release preparation for version 2.15.3 2023-11-16 13:07:16 +00:00
Owen Mansel-Chan
1ac3a9e8d3 Add change note 2023-11-15 15:12:58 +00:00
Owen Mansel-Chan
aaa8f9c41f Add read and store steps for SliceElementNode 2023-11-15 14:58:23 +00:00
Owen Mansel-Chan
2b897a9825 Add synthetic SliceElementNode 2023-11-15 14:58:21 +00:00
Owen Mansel-Chan
83d1fc33e1 Add change note 2023-11-14 23:16:32 +00:00
Owen Mansel-Chan
45faed057c Improve SliceExpr documentation 2023-11-14 11:25:16 +00:00
Owen Mansel-Chan
ed349f7d6b Improve value flow through arrays 2023-11-13 23:26:16 +00:00
Owen Mansel-Chan
359dcf37e9 Merge pull request #14649 from Kwstubbs/go-cors 
Go: Add Cors Gin Support
 2023-11-13 15:46:59 +00:00
Tom Hvitved
af7b295c59 Address review comments 2023-11-07 13:01:19 +01:00
Kevin Stubbings
57c645bd24 Added support for same struct and added new test 2023-11-05 22:34:35 -08:00
Kevin Stubbings
1f2e8d898d Address Feedback 2023-11-05 14:28:34 -08:00
Kevin Stubbings
3697ef72c4 Small changes 2023-10-31 12:23:18 -07:00
Kevin Stubbings
5cab25662c Address issues 2023-10-31 11:50:51 -07:00
Kevin Stubbings
020b4becfd Finish up 2023-10-31 11:00:00 -07:00
github-actions[bot]
2b939fdf08 Post-release preparation for codeql-cli-2.15.2 2023-10-30 16:06:51 +00:00
github-actions[bot]
4641990021 Release preparation for version 2.15.2 2023-10-30 11:05:53 +00:00
Kevin Stubbings
e0782683eb Added gin cors framework 2023-10-27 17:50:43 -07:00
Owen Mansel-Chan
c1ecd5a0da Merge pull request #14608 from Kwstubbs/golang-cookie-reflectedxss-sanitizer 
Go: GoAdd Cookie Sanitizer to Reflected XSS
 2023-10-27 21:47:39 +01:00
Kevin Stubbings
ce0104799a Fix minor issues 2023-10-27 11:42:22 -07:00
Owen Mansel-Chan
d534c93ff1 Merge pull request #14606 from owen-mc/go/incorrect-integer-conversion-fixes 
Go: Two fixes to upper bound checks in "incorrect integer conversion" query
 2023-10-27 14:50:11 +01:00
Owen Mansel-Chan
581305b234 Improve QLDoc for UpperBoundCheckGuard 2023-10-27 10:59:20 +01:00