hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-29 22:32:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,063 Commits 1,684 Branches 159 Tags
e386346a255ef86fc95654eda353062cd49d1229
Commit Graph

1063 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Chris Smowton
e386346a25 Extractor: tolerate ast.File structures without a package declaration 
In earlier versions of golang/x/tools these would be omitted entirely; now they can result in ast.File structures whose ast.Package field is zero (NoPos), and in my experience these contain no information in their other fields either.
 2020-09-03 14:32:23 +01:00
Chris Smowton
af1be2f465 Bump to latest version of golang.org/x/tools 2020-08-27 11:57:21 +01:00
Chris Smowton
4d084372b5 Fix autobuilder Go version comparison 
The semver package requires versions of the form v1.2.3, and unhelpfully evaluates any malformed versions as equal.
 2020-08-27 11:02:23 +01:00
Chris Smowton
c6dbb9fcb2 Tidy up -mod argument stringification 2020-08-27 10:46:36 +01:00
Chris Smowton
b13b54f7d7 Don't try to use -mod=... when go.mod doesn't exist 
Also don't pass a blank argument to `go` when using an old version.
 2020-08-26 13:56:36 +01:00
Chris Smowton
9ad2d6c119 Factor default and custom install paths 
These now follow the same route:

* Run a default or custom build script
* If needed, check if vendor/ is usable
* If it isn't, or if their build failed, install dependencies using go get etc

This commit shouldn't cause any behavioural change.
 2020-08-26 12:02:54 +01:00
Chris Smowton
859b427881 Check if the vendor/ directory is usable, even after a successful build 2020-08-26 11:53:50 +01:00
Sauyon Lee
8f6b25e0ac autobuilder: Use -mod=mod for vendor directories wihtout modules.txt 2020-08-26 11:25:30 +01:00
Sauyon Lee
70d425d317 autobuilder: move vendor check before dependency installation check 
This means dependency installation is still attempted when a vendor
directory is inconsistent.
 2020-08-26 11:25:30 +01:00
Sauyon Lee
852ae9397b autobuilder: Test for vendor inconsistency 2020-08-26 11:25:30 +01:00
Sauyon Lee
28c69743a4 Add workaround for go 1.14 explicit vendoring requirement 
This only applies for module files for which no Go version has
been specified; Go will assume these should be parsed with the
latest Go version, which will cause them to fail if the vendor
directory has been generated with an old version of Go, as
the vendor/modules.txt will not meet the new requirements for
consistency.
 2020-08-26 11:25:30 +01:00
Max Schaefer
34d5e970ff Merge pull request #311 from owen-mc/add-missing-change-notes 
Add missing change notes
 2020-08-26 11:21:00 +01:00
Owen Mansel-Chan
7fd5e7e978 Add change note for https://github.com/github/codeql-go/pull/277 2020-08-26 10:54:18 +01:00
Owen Mansel-Chan
ad6c94e8f9 Add change note for https://github.com/github/codeql-go/pull/251 2020-08-26 07:58:19 +01:00
Owen Mansel-Chan
210208b003 Add change note for https://github.com/github/codeql-go/pull/226 2020-08-26 07:46:56 +01:00
Owen Mansel-Chan
d4a377b7cc Add change note for https://github.com/github/codeql-go/pull/107 
The model for websocket was included in another change note
 2020-08-26 07:21:05 +01:00
Owen Mansel-Chan
944b69066e Add change note for github/codeql-go#125 2020-08-26 07:20:24 +01:00
Max Schaefer
76f3bd63ac Merge pull request #306 from max-schaefer/fix-stringops-magic 
Prevent misoptimisation in `StringOps`.
 2020-08-25 08:45:54 +01:00
Max Schaefer
4c82ad6064 Apply suggestions from code review 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2020-08-25 07:37:11 +01:00
Max Schaefer
bdcb1f233c Prevent misoptimisation in StringOps. 2020-08-24 20:11:23 +01:00
Max Schaefer
ab19d40f4b Merge pull request #304 from max-schaefer/fix-frontend-errors 
Fix frontend errors in tests
 2020-08-24 18:44:32 +01:00
Max Schaefer
c06531d9c0 Fix tests for InsecureHostKeyCallback. 2020-08-24 17:18:28 +01:00
Max Schaefer
4d4129313a Fix tests for Gorestful. 2020-08-24 17:18:06 +01:00
Owen Mansel-Chan
caf77e2a44 Merge pull request #298 from smowton/smowton/admin/changenote-blank-lines 
Remove blank lines from changenote
 2020-08-20 16:05:29 +01:00
Chris Smowton
cc2a153c57 Remove blank lines from changenote 2020-08-20 11:45:29 +01:00
Chris Smowton
ce93a449fa Merge pull request #295 from owen-mc/remove-gin-change-note 
Remove gin change note
 2020-08-20 10:39:13 +01:00
Owen Mansel-Chan
41e98d6afc Remove change note so it isn't accidentally put into this release 2020-08-20 10:27:51 +01:00
Owen Mansel-Chan
53cc3621ad Change date on Gin change note 
The Gin model wasn't added to the default imports
till 2020-08-19
 2020-08-20 10:27:41 +01:00
Chris Smowton
33d35112e1 Merge pull request #292 from smowton/smowton/admin/document-public-predicates 
Document undocumented public symbols
 2020-08-19 15:52:06 +01:00
Chris Smowton
60d3de1911 Document undocumented public symbols 2020-08-19 14:29:12 +01:00
Max Schaefer
61f4d8ddfc Merge pull request #278 from max-schaefer/fix-upgrade-performance 
Improve performance of upgrade script
 2020-08-10 17:01:49 +01:00
Max Schaefer
6d35c60acb Add pragma to prevent accidental inlining. 2020-08-10 14:51:28 +01:00
Max Schaefer
75795d80c4 Improve performance of upgrade script. 2020-08-06 09:51:36 +01:00
Max Schaefer
90bab34e88 Merge pull request #277 from sauyon/file-url-fix 
autobuilder: Don't try to determine import paths for file URLs
 2020-08-06 09:46:10 +01:00
Sauyon Lee
8e6c1835dd autobuilder: Don't try to determine import paths for file URLs 
Also improve logging
 2020-08-05 23:21:34 -07:00
Max Schaefer
b057cbee7b Merge pull request #256 from smowton/smowton/admin/cwe-327-cleanup 
Polish CWE-327 (weak TLS config) query
 2020-08-03 10:28:53 +01:00
Sauyon Lee
5de55d02d7 Merge pull request #273 from max-schaefer/unresolved-reference 
Speed up `unresolvedReference`.
 2020-08-02 22:31:13 -07:00
Max Schaefer
f6da34b546 Speed up unresolvedReference. 2020-07-31 14:13:05 +01:00
Chris Smowton
7e65575e95 Merge pull request #272 from smowton/smowton/admin/fix-makefile-escaping 
Escape go-fmt file filter
 2020-07-30 20:05:04 +01:00
Chris Smowton
2a7754af59 Factor ErrorType out of two duplicate tests 2020-07-30 17:25:53 +01:00
Chris Smowton
4b6810eefc InsecureFeatureFlag: make getAFlag a member of FlagKind 2020-07-30 17:23:01 +01:00
Chris Smowton
7dd20107fe Insecure-TLS query: trivial style and typo fixes 2020-07-30 17:18:54 +01:00
Chris Smowton
3c1daf08f8 Escape go-fmt file filter 
This should have been looking for \.go$, but I forgot to escape the dollar sign in a Makefile
 2020-07-30 17:06:01 +01:00
Max Schaefer
2134757ebf Merge pull request #261 from smowton/smowton/admin/cleanup-cwe-322 
Polish CWE-322: detect and exclude cases where host-checking is optional
 2020-07-30 10:38:57 +01:00
Chris Smowton
cce3a70412 Insecure-TLS: restrict sources to potentially interesting integers. 2020-07-29 16:46:36 +01:00
Chris Smowton
d7c0671ea1 Add test using SSH host-key checker factory knownhosts.New 
This produces a secure host-key checker; we assume by default that an opaque function not otherwise specified returns an acceptable checker, but we need to particularly cope with its multiple return values to handle this factory function.
 2020-07-29 16:30:51 +01:00
Chris Smowton
d0e86f787d SSH host checking: Expand definition of a host-key checking function to include calls with multiple return types 
For example, https://godoc.org/golang.org/x/crypto/ssh/knownhosts#New returns a host-key checker and an error value, and we previously didn't consider the first return value a candidate checker function.
 2020-07-29 16:06:38 +01:00
Chris Smowton
e89cd16cb1 Move query-specific flag definitions into their respective .ql files 2020-07-29 15:21:49 +01:00
Chris Smowton
f31ed52943 Clean up InsecureFeatureFlag 
Move the flag regexes inline, use `any` instead of a constructor function to select a particular flag kind, and remove explicit limitation on the common superclass FlagKind.
 2020-07-29 15:15:50 +01:00
Chris Smowton
f162a5be94 Promote CWE-322 out of experimental status 2020-07-29 14:43:47 +01:00