codeql

mirror of https://github.com/github/codeql.git synced 2026-02-04 01:01:07 +01:00

Author	SHA1	Message	Date
Owen Mansel-Chan	3f645e9401	Merge pull request #13006 from kaspersv/kaspersv/go-explicit-this-receivers Go: Make implicit this receivers explicit	2023-05-03 13:47:10 +01:00
Ian Lynagh	b56b843d13	Merge pull request #12987 from github/post-release-prep/codeql-cli-2.13.1 Post-release preparation for codeql-cli-2.13.1	2023-05-03 13:12:10 +01:00
Kasper Svendsen	e969018f99	Go: Make implicit this receivers explicit	2023-05-03 12:45:42 +02:00
github-actions[bot]	18d4af994d	Post-release preparation for codeql-cli-2.13.1	2023-05-02 10:50:20 +00:00
Anders Schack-Mulligen	ca09649679	Dataflow: Forward hasLocationInfo.	2023-05-02 10:48:32 +02:00
Anders Schack-Mulligen	5927bb2030	Dataflow: Replace "extends Node" with "instanceof Node".	2023-05-02 09:48:34 +02:00
Anders Schack-Mulligen	6c8cb0dc5e	Merge pull request #12930 from aschackmull/dataflow/split-typedcontent Dataflow: Refactor access paths to split TypedContent into an explicit pair	2023-05-01 14:58:15 +02:00
github-actions[bot]	3bd29171fb	Release preparation for version 2.13.1	2023-04-28 12:14:35 +00:00
Michael B. Gale	edfe2d7ab7	Merge pull request #12944 from github/mbg/go/html-template-sanitizers Go: Add `html/template` functions as sanitisers for XSS queries	2023-04-28 12:15:57 +01:00
Michael B. Gale	5a44fae515	Go: add test for unrelated A->C data flow	2023-04-28 10:56:12 +01:00
Michael B. Gale	72b082806b	Go: Update `html-template-escaping-passthrough` Modify this query to apply sanitizers only in the data flow between untrusted inputs and passthrough conversion types.	2023-04-27 17:14:38 +01:00
Anders Schack-Mulligen	71ae0909d8	Dataflow: Enforce type pruning in all forward stages.	2023-04-27 14:55:26 +02:00
Anders Schack-Mulligen	9140cbefc0	Dataflow: Sync.	2023-04-27 14:55:23 +02:00
Michael B. Gale	1aa1153ed6	Go: Add `html/template` as XSS queries sanitizer	2023-04-26 21:21:52 +01:00
Anders Schack-Mulligen	d681671356	Dataflow: Sync.	2023-04-26 14:45:07 +02:00
Owen Mansel-Chan	1afe845ed3	Add missing "v" to semver version string Because it was missing, that function always returned +1, so we were doing the wrong thing when the Go version installed was lower than 1.16.	2023-04-24 14:31:46 +01:00
Michael Nebel	656d8d2451	Sync files.	2023-04-20 11:29:51 +02:00
Owen Mansel-Chan	3ca04338ca	Use named initialization for struct	2023-04-19 13:06:51 +01:00
Owen Mansel-Chan	219c1686fd	Wrap return values of moveToTemporaryGopath in a struct	2023-04-19 12:40:23 +01:00
Owen Mansel-Chan	1bb006f43e	Move defer statements to the right place It turns out that extracting defer statements into a separate function changes behaviour.	2023-04-19 12:20:52 +01:00
Owen Mansel-Chan	641f16b0df	Factor out extract()	2023-04-19 12:20:52 +01:00
Owen Mansel-Chan	a611769b43	Factor out installDependencies()	2023-04-19 12:20:51 +01:00
Owen Mansel-Chan	d61d595b21	Factor out function buildWithCustomCommands	2023-04-19 12:20:51 +01:00
Owen Mansel-Chan	b45c0ff848	Factor out buildWithoutCustomCommands	2023-04-19 12:20:51 +01:00
Owen Mansel-Chan	b76e655735	Factor out moving code to temp dir in gopath	2023-04-19 12:20:50 +01:00
Owen Mansel-Chan	ba48eaa8a6	Factor out calculation of source dir	2023-04-19 12:20:50 +01:00
Owen Mansel-Chan	702c22b630	Refactor calculation of inLGTM	2023-04-19 12:20:49 +01:00
Owen Mansel-Chan	f0186957ca	Factor out tryUpdateGoModAndGoSum	2023-04-19 12:20:49 +01:00
Owen Mansel-Chan	0bfb242e63	Factor out logic for needGopath	2023-04-19 12:20:49 +01:00
Owen Mansel-Chan	b169f1bfdf	Factor out code to fix go vendor issues	2023-04-19 12:20:48 +01:00
Owen Mansel-Chan	f872a11b85	Factor out initial ModMode calculation	2023-04-19 12:20:48 +01:00
Owen Mansel-Chan	2d8d9773c4	Factor out depMode calculation	2023-04-19 12:20:47 +01:00
Owen Mansel-Chan	d613bc8a28	Update checks for files or dirs existing The previous way is considered outdated now.	2023-04-19 12:20:47 +01:00
Owen Mansel-Chan	2914480ff6	Avoid platform-specific results These were introduced in https://github.com/github/codeql/pull/12750 but the relevant tests that should have caught it weren't run.	2023-04-19 11:18:19 +01:00
Alex Ford	924ce250dd	Merge pull request #12847 from github/post-release-prep/codeql-cli-2.13.0 Post-release preparation for codeql-cli-2.13.0	2023-04-18 14:40:40 +01:00
Tom Hvitved	f6d000eb20	Merge pull request #12805 from hvitved/remove-queries-xml Remove all `queries.xml` files	2023-04-18 10:52:14 +02:00
github-actions[bot]	648f0e19ec	Post-release preparation for codeql-cli-2.13.0	2023-04-17 15:39:24 +00:00
github-actions[bot]	075d063370	Release preparation for version 2.13.0	2023-04-14 13:31:30 +00:00
Owen Mansel-Chan	8a4ca7fb84	Merge pull request #10026 from pwntester/patch-2 Go: Partial URLs should not sanitize against SSRF	2023-04-14 13:52:11 +01:00
Owen Mansel-Chan	352866b52d	Add change note	2023-04-14 12:00:38 +01:00
Owen Mansel-Chan	a42dbc5bab	Fix formatting again	2023-04-14 12:00:38 +01:00
Owen Mansel-Chan	d407a689fa	Fix formatting by deleting spaces no blank line	2023-04-14 12:00:38 +01:00
Owen Mansel-Chan	169bde8671	Fix formatting by deleting blank line	2023-04-14 12:00:38 +01:00
Alvaro Muñoz	8bf4b55309	Partial URLs should not sanitize against SSRF As an example: ```go urlPath := ctx.Req.URL.Path hash := urlPath[strings.LastIndex(urlPath, "/")+1:] req, _ := http.NewRequest("GET", source+hash, nil) ```	2023-04-14 12:00:38 +01:00
Alex Eyers-Taylor	c6a482819a	Bump all qlpacks major versions	2023-04-13 19:15:27 +01:00
Michael Nebel	52bc43b22b	Merge pull request #12595 from michaelnebel/enhanceprovenance Java/C# : Enhance provenance.	2023-04-13 14:27:53 +02:00
Alex Ford	8c46bfd051	Merge pull request #12816 from github/rc/3.9 Merge `rc/3.9` into `main`	2023-04-13 12:35:41 +01:00
Tom Hvitved	3cc9dec9c8	Remove all `queries.xml` files	2023-04-13 11:18:58 +02:00
Michael Nebel	917cf7bfee	Go: Update provenance validation.	2023-04-13 09:21:05 +02:00
Michael Nebel	1d82b09ec1	Sync files.	2023-04-13 09:21:05 +02:00

1 2 3 4 5 ...

700 Commits