hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-04 06:36:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,447 Commits 1,699 Branches 161 Tags
ed6804859a677934d3c43b641f67df4682ffd3f8
Commit Graph

1447 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Chris Smowton
ed6804859a Merge pull request #409 from smowton/smowton/admin/missing-change-notes-rc126 
Add change notes for PRs that omitted them
 2020-11-23 11:11:56 +00:00
Chris Smowton
62c51f9125 Merge pull request #408 from smowton/smowton/admin/add-missing-doc-strings 
Add docstrings to all public elements
 2020-11-20 17:37:47 +00:00
Chris Smowton
e241f8469b Add change notes for PRs that omitted them 2020-11-20 16:15:12 +00:00
Chris Smowton
af432c71ff Add docstrings to all public elements. 2020-11-20 15:35:42 +00:00
Sauyon Lee
3c84f11d5b Merge pull request #385 from github/sauyon-patch-1 
Enable code scanning
 2020-10-29 11:00:08 -07:00
Chris Smowton
cbc2443236 Merge pull request #390 from smowton/smowton/admin/links-master-to-main 
Docs: replace master with main and QL4E with VSCode
 2020-10-29 11:06:33 +00:00
Chris Smowton
1c75c9d1e9 Docs: Master -> main and Semmle/ql -> github/codeql everywhere 
Also fix a reference to QL for Eclipse, and remove some incidental trailing whitespace
 2020-10-29 11:04:49 +00:00
Chris Smowton
0f637c5887 Merge pull request #379 from smowton/model-revel 
Model Revel
 2020-10-28 09:56:25 +00:00
Chris Smowton
7ddb289910 Merge pull request #389 from github/aibaars/fix-broken-links 
Update links in ql/docs/experimental.md
 2020-10-28 09:55:21 +00:00
Arthur Baars
31cd26fded Update links in ql/docs/experimental.md 2020-10-28 10:12:52 +01:00
Chris Smowton
0bf80641e8 Revel: mark header reads as user-controlled data 2020-10-26 12:26:37 +00:00
Chris Smowton
f0c0a890a5 Move OpenUrlRedirect customisation into the query's qll file 2020-10-26 12:25:56 +00:00
Chris Smowton
4a2c4bf1b8 Merge pull request #387 from sauyon/testing-framework 
Add a testing framework
 2020-10-26 10:32:22 +00:00
Sauyon Lee
64ac49a618 Merge pull request #380 from sauyon/funtionmodel-shortcuts 
Add utility predicates to FunctionModel
 2020-10-23 02:26:51 -07:00
Chris Smowton
e9278b5477 Merge pull request #386 from smowton/smowton/admin/improve-error-messages 
Improve error messages
 2020-10-23 08:27:03 +01:00
Sauyon Lee
47f40d5f3e Add tests for log frameworks 2020-10-22 09:18:53 -07:00
Sauyon Lee
671b427e1e Add shared testing framework 
It has been modified to use `hasLocation` instead of `Location`
 2020-10-22 09:18:52 -07:00
Sauyon Lee
1e034a1dd5 Add logrus to go.qll 2020-10-22 09:18:52 -07:00
Chris Smowton
82de513764 Merge pull request #384 from sauyon/gobuild 
extractor: Extract the working directory if no packages are passed
 2020-10-22 15:43:48 +01:00
Chris Smowton
3716f6d7e9 Improve error messages 2020-10-22 14:42:23 +01:00
Chris Smowton
6122223b37 Merge pull request #383 from smowton/smowton/feature/work-around-broken-os-executable 
Autobuilder: fall back when os.Executable fails
 2020-10-22 14:41:37 +01:00
Sauyon Lee
ec52bdd536 Enable code scanning 2020-10-22 06:07:15 -07:00
Sauyon Lee
e22bf96ba3 extractor: Extract the working directory if no packages are passed 2020-10-22 05:22:33 -07:00
Chris Smowton
5cc695f1d5 Autobuilder: fall back when os.Executable fails 
This can happen under tracing, perhaps because of https://github.com/github/codeql-tracer/issues/29
 2020-10-22 13:19:55 +01:00
Chris Smowton
62c6b0dc37 Add support for more Revel untrusted sources 2020-10-21 17:28:28 +01:00
Chris Smowton
2818da4df9 Advance to latest codeql-cli release 2020-10-21 17:27:18 +01:00
Sauyon Lee
e823712adf Add utility predicates to FunctionModel 
Co-authored-by: Chris Smowton <smowton@github.com>
 2020-10-21 09:16:04 -07:00
Chris Smowton
9aceae8bd6 Revel: add support and tests for Render and Redirect sinks. 2020-10-20 10:00:05 +01:00
Owen Mansel-Chan
b2b8f10418 Fix stub for Revel 
Embedded fields aren't stubbed correctly
 2020-10-19 15:47:08 +01:00
Owen Mansel-Chan
4dfa9d58c0 Model Revel 2020-10-19 15:47:07 +01:00
Owen Mansel-Chan
f4f29be8ac Add ability to specify default taint sanitizers 
This allows library models to specify taint sanitizers.
 2020-10-19 15:46:33 +01:00
Owen Mansel-Chan
01ad7acb6f Remove unnecessary import 2020-10-19 15:46:33 +01:00
Owen Mansel-Chan
f49ff279b8 Merge pull request #375 from owen-mc/spew 
Model Spew logging framework
 2020-10-16 13:20:13 +01:00
Owen Mansel-Chan
b89775ac65 Update change-notes/2020-10-14-spew.md 
Co-authored-by: Chris Smowton <smowton@github.com>
 2020-10-16 10:56:27 +01:00
Chris Smowton
2b07e6a0f4 Merge pull request #324 from sauyon/tracing 
Build tracing
 2020-10-15 11:27:34 +01:00
Chris Smowton
4746789fe8 Merge pull request #224 from sauyon/no-vendor 
Skip vendor directories for go.mod extraction
 2020-10-15 11:03:26 +01:00
Sauyon Lee
e5afd1dcb6 go-extractor: clarify --mimic error message 
Co-authored-by: Chris Smowton <smowton@github.com>
 2020-10-14 09:43:10 -07:00
Sauyon Lee
25eebe95e4 autobuilder: Clarify error message 2020-10-14 09:42:12 -07:00
Sauyon Lee
3c6626c604 Don't trace through problem binaries on OS X 
See https://github.com/github/semmle-code/pull/37764
 2020-10-14 09:42:12 -07:00
Sauyon Lee
3addb962a9 Add change note for build tracing 2020-10-14 09:42:12 -07:00
Sauyon Lee
2e73f3efd1 Add change note for go.mod extraction change 
Co-authored-by: Chris Smowton <smowton@github.com>
 2020-10-14 09:25:39 -07:00
Sauyon Lee
1ba1029a13 Use comment-based tests for GoModExpr 2020-10-14 09:25:38 -07:00
Sauyon Lee
34837c10ce Fix tests for go.mod files 2020-10-14 09:25:38 -07:00
Sauyon Lee
3242df4177 Use package root directory to find go.mod files 2020-10-14 09:13:57 -07:00
Owen Mansel-Chan
8811758e44 Add change note 2020-10-14 14:49:50 +01:00
Owen Mansel-Chan
4b76966a49 Model Spew logging framework 2020-10-14 14:47:22 +01:00
Chris Smowton
b2fef01d28 Merge pull request #378 from smowton/smowton/admin/change-note-typo 
Fix changenote typo
 2020-10-14 13:33:21 +01:00
Chris Smowton
72ee460a64 Fix changenote typo 2020-10-14 13:32:26 +01:00
Chris Smowton
0afa0e75c4 Merge pull request #374 from smowton/smowton/feature/more-accurate-allocation-overflow 
Improve accuracy of allocation-size-overflow by excluding len(...) calls that never see a large operand
 2020-10-14 13:25:45 +01:00
Chris Smowton
83a7411a05 Improve accuracy of allocation-size-overflow by excluding len(...) calls that never see a large operand 
This is achieved by splitting the query into two pieces: (1) trace flow from indefinitely large object creation to len(...) calls, then (2) considering those particular len(...) calls as taint propagators, trace taint from the same sources all the way to an allocation call. This is more accurate than the previous solution, which considered any len(...) call to propagate taint, potentially confusing an array that stored a large value in one of its cells for an array which is itself of large size.
 2020-10-14 10:16:08 +01:00