hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 14:52:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
2,208 Commits 1,684 Branches 159 Tags
e41d6099216cd5ba33766fbfef04d809e6091e4e
Commit Graph

34 Commits

Author SHA1 Message Date
Sauyon Lee
e41d609921 Use newtype for SourceOrSinkElement 2021-12-07 07:39:20 -05:00
Sauyon Lee
9bfe1c94b3 autoformat 2021-12-07 07:39:20 -05:00
Sauyon Lee
16371ac488 Add support for summary elements 2021-12-07 07:39:19 -05:00
Sauyon Lee
96c58b58dd Add EmptyInterfaceType 2021-12-07 07:39:19 -05:00
Sauyon Lee
26d00f1d5b Move basicLocalFlowsStep to DataFlowPrivate 2021-12-07 07:39:19 -05:00
Sauyon Lee
3098a4ef16 Qualify uses and add imports in DataFlowNodes 2021-12-07 07:39:18 -05:00
Sauyon Lee
93f2569f1d Refactor data-flow nodes 2021-12-07 07:39:18 -05:00
Sauyon Lee
9ceda08d13 Sync dataflow libraries 2021-12-07 07:39:12 -05:00
Owen Mansel-Chan
e08007b287 Add missing qldocs for two isVariadic() predicates 2021-11-30 15:13:42 -05:00
Owen Mansel-Chan
acc5c4098a Fix Function.isVariadic to work on external packages 
Going via `getFuncDecl()` didn't work as we don't function declarations
from external packages. It works to use `getType()` instead.
 2021-11-30 15:11:34 -05:00
Erik Krogh Kristensen
1ade6c55d8 apply the implicit-this patch to the remaining go code 2021-11-29 13:10:04 +01:00
Tony Torralba
662f880ab8 Merge pull request #609 from github/atorralba/log-injection-query 
Go: Add Log Injection query (CWE-117)
 2021-11-24 15:41:43 +01:00
Chris Smowton
5ed4e3651b Merge pull request #611 from tunnelshade/main 
Add `Where` method of squirrel sql builders to query range
 2021-11-23 11:13:19 +00:00
tunnelshade
aeaa861fc6 Add Where method of squirrel sql builders to query range 2021-11-23 10:11:31 +05:30
Chris Smowton
271e239dee Introduce manual magic to TaintedPathSanitizerGuardAsBacktrackingSanitizerGuard 
This avoids computing the full `localTaint` relation when actually there are few `TaintedPath::SanitizerGuard` instances to start from.
 2021-11-22 17:41:56 +00:00
Chris Smowton
8bf78b07e5 Avoid recursively defining DataFlow::BarrierGuard 
In fact there never was true recursion, but the compiler thought there could be because it supposed that ZipSlip::SanitizerGuard growing may introduce instances that happen to also satisfy TaintedPath::SanitizerGuard. In fact this never happens, but here we make it clear by defining the shared sanitizer guards outside the DataFlow::BarrierGuard hierarchy and then introducing the sanitizers in each query that uses them.
 2021-11-22 17:36:06 +00:00
Tony Torralba
c9332cdccb Fix *Depth log levels in glog and klog 2021-11-22 09:15:01 +01:00
Tony Torralba
d4a20f1222 Autoformat 2021-11-19 18:04:51 +01:00
Tony Torralba
c886d10388 Add Log Injection query 2021-11-19 17:55:34 +01:00
Chris Smowton
6d90b81655 Merge pull request #597 from owen-mc/var-args 
Update dbscheme to add table for variadic signature types
 2021-11-03 11:29:45 +00:00
Owen Mansel-Chan
7c1b7b8810 Fix strictnessOffset in isBoundFor 2021-11-02 15:09:39 +00:00
Owen Mansel-Chan
7de6e17d86 Recognise math.MaxInt and math.MaxUint 
Treat them as if we were on a 32-bit architecture.
 2021-11-02 15:09:06 +00:00
Owen Mansel-Chan
a104a50940 Move max int value call into UpperBoundCheckGuard 2021-11-02 15:09:06 +00:00
Owen Mansel-Chan
5027d3fa44 Avoid using getIntValue() 
Because it does not have a result if the value is
too large to fit in a 32-bit signed integer type
 2021-11-02 15:09:05 +00:00
Owen Mansel-Chan
109e3660f8 Split Incorrect Integer Conversion into query and lib files 
This is in preparation for changing the tests to use inline
expectations
 2021-11-02 12:43:54 +00:00
Owen Mansel-Chan
e6a57b22a2 Add isVariadic() on FuncDecl and Function 2021-11-01 16:00:49 +00:00
Owen Mansel-Chan
245d85ae97 Update dbscheme to add table for variadic signature types 2021-11-01 16:00:49 +00:00
Chris Smowton
32d71e8247 Merge pull request #585 from github/jbj/getAPrimaryQlClass-file 
Fix getAPrimaryQlClass for File classes
 2021-10-19 11:17:07 +01:00
Erik Krogh Kristensen
d27f42d287 add explicit this qualifiers 2021-10-14 12:45:14 +02:00
Jonas Jensen
1c245ba636 Fix getAPrimaryQlClass for File classes 2021-10-14 11:37:05 +02:00
Andrew Eisenberg
0786af19fb Move tutorial directly into each qlpack 
See also https://github.com/github/codeql/pull/6862
 2021-10-12 14:39:15 -07:00
Dave Bartolomeo
eed0eab02c Merge remote-tracking branch 'upstream/main' into dbartol/refactor 2021-10-07 10:49:45 -04:00
Dave Bartolomeo
26fd45746c Move Go QL library files into separate pack 2021-08-24 10:31:02 -04:00
Dave Bartolomeo
6d829cfdf3 Modernize Go pack definitions 2021-08-24 10:31:01 -04:00