hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-29 14:23:03 +01:00
Code Issues Packages Projects Releases Wiki Activity
2,093 Commits 1,684 Branches 159 Tags
f4d9f2f2fa86cf5dbb08ddff69b0e2bde8fe284b
Commit Graph

1230 Commits

Author SHA1 Message Date
Andrew Eisenberg
198acac383 Suites: Switch to the queries directive 
The addition of the `defaultSuite` directive means that using
the `qlpack` directive in a query suite will only return the
queries in the default suite, not _all_ the queries in the
pack as was the prior behaviour. This change ensures that
all query suites resolve to the same queries as before.
 2021-10-18 10:00:59 -07:00
Andrew Eisenberg
de79eac0bb Fix recursive reference in query suite 
The line `- qlpack: codeql-go` references the pack's
default suite, which is this suite. Therefore this
reference is recursive and not allowed.

The change here aligns the query pack with other
languages.
 2021-10-14 08:24:49 -07:00
Erik Krogh Kristensen
d27f42d287 add explicit this qualifiers 2021-10-14 12:45:14 +02:00
Andrew Eisenberg
705093d709 Fix property name 2021-10-12 13:04:28 -07:00
Andrew Eisenberg
da708c9743 Add a defaultSuite property 2021-10-12 12:48:01 -07:00
Rasmus Wriedt Larsen
c7196916aa Packaging: Normalize src/qlpack.yml 
Port of 4) from https://github.com/github/codeql/pull/6605

> Dependencies from query packs to other packs are always "*" since
these dependencies are always from source and we should get the
latest.

Compare with [C++ change](https://github.com/github/codeql/pull/6605/files#diff-0236560ca1b9c19eb7c74d8bfecd1c78005e762122f8bcdaee9eb9b20460bf9c).
 2021-10-11 14:36:12 +02:00
Dave Bartolomeo
eed0eab02c Merge remote-tracking branch 'upstream/main' into dbartol/refactor 2021-10-07 10:49:45 -04:00
Rasmus Wriedt Larsen
8deaeb4ea1 Fix hasLocationInfo URL reference 
Port of https://github.com/github/codeql/pull/6775
 2021-09-29 13:53:55 +02:00
intrigus-lgtm
d26841da57 Update query description 
A wildcard origin does not allow Access-Control-Allow-Credentials: true.
This change had been made in 824b5a4b52
but I has been forgotten to update the query description.
 2021-09-27 13:34:30 +02:00
Chris Smowton
88645cf0f1 Use unique aggregate to optimize guardingFunction 2021-08-31 18:38:44 +01:00
Tom Hvitved
a9a0cffb01 Drop redundant columns from files and folders relations 2021-08-26 13:41:44 +02:00
Dave Bartolomeo
26fd45746c Move Go QL library files into separate pack 2021-08-24 10:31:02 -04:00
Dave Bartolomeo
6d829cfdf3 Modernize Go pack definitions 2021-08-24 10:31:01 -04:00
Ian Lynagh
6a86f1a91b Add getPrimaryQlClasses() 
This is a non-overridable predicate that concatenates all the
getAPrimaryQlClass() results into a comma-separated string.
 2021-08-24 13:03:24 +01:00
sn00py
474287dc9f Update SQL.qll 
remove package
 2021-08-23 08:15:57 -07:00
snoopywu
4975dccd34 Format SQL.qll 2021-08-23 08:15:57 -07:00
snoopywu
8c608bad21 Add Xorm support 2021-08-23 08:15:56 -07:00
Sauyon Lee
4a1daf173c fixup model changes 2021-08-19 14:04:38 -07:00
Sauyon Lee
b1e91e578b Add models for library changes 2021-08-19 14:02:26 -07:00
Sauyon Lee
189070cf2c Add support for go:build style constraints 
This doesn't account for the new syntax, but there was no syntax
parsing in the old version anyway, and the only user doesn't currently
care about semantics
 2021-08-19 14:00:03 -07:00
Sauyon Lee
f39e43e5d0 Allow conversions to an array to panic 2021-08-19 14:00:03 -07:00
Sauyon Lee
ff1eb8ef43 Remove non-goific dot in method signatures 2021-08-19 12:36:59 -07:00
Owen Mansel-Chan
b96efc655e Improve grammar and punctuation 2021-08-18 11:54:06 +01:00
Owen Mansel-Chan
6f2040da51 Add security severity score 2021-08-18 11:54:06 +01:00
Owen Mansel-Chan
3bf2cf0ed8 Add precision metadata 2021-08-18 11:54:05 +01:00
Owen Mansel-Chan
ca01d55297 Promote insufficient key size query 
Files were just moved - changes made in next commit
 2021-08-18 11:54:04 +01:00
Sam Partington
78a4823bde Ensure all 3 IDs are considered 
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
 2021-08-17 09:53:11 +01:00
Sam Partington
4e36d1f52f Add a query suite for new experimental "developer happiness" queries 
These are the queries added in https://github.com/github/codeql-go/pull/558.
 2021-08-16 18:05:31 +01:00
Sauyon Lee
4c5d3ff344 Move defer in loop query to experimental 2021-08-12 10:13:30 -07:00
Sauyon Lee
02396dbd04 Add database query in loop query 
co-authored-by: Robert <robertbrignull@github.com>
co-authored-by: Sam Partington <sampart@github.com>
 2021-08-11 18:15:23 -07:00
Sauyon Lee
1ffeb26a61 Add query for a GORM error not checked 
co-authored-by: Sam Partington <sampart@github.com>
co-authored-by: Robin Neatherway <rneatherway@github.com>
 2021-08-11 18:15:23 -07:00
Chris Smowton
b03513bcd2 Merge pull request #542 from gagliardetto/cors-misconfig 
Add query to detect CORS misconfiguration
 2021-07-16 16:12:15 +01:00
Chris Smowton
87afdae1c7 use hasFlowTo where possible 2021-07-16 14:38:05 +01:00
Slavomir
52b650a1be Add AllowOriginHeaderWrite and AllowCredentialsHeaderWrite classes 2021-07-16 00:01:55 +02:00
Slavomir
e92738a93f Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-07-16 00:42:36 +03:00
Chris Smowton
73227f12df Merge pull request #539 from gagliardetto/fiber 
Add web framework: github.com/gofiber/fiber
 2021-07-15 17:53:45 +01:00
Slavomir
d252d6003f Remove Protocol as UntrustedFlowSource 2021-07-15 16:20:33 +02:00
Slavomir
498332c186 Mention Fiber.json in Fiber.qll 2021-07-15 15:15:10 +02:00
Slavomir
7d1a632b61 Move fiber spec in the same folder as source 2021-07-15 15:12:02 +02:00
Slavomir
92e0f02d2a Remove special cases inside if 2021-07-15 15:06:28 +02:00
Slavomir
66bd56f444 Don't use any() as sink 2021-07-05 13:14:56 +02:00
Edoardo Pirovano
65a34b4aa6 Performance: Remove pragma[noopt] 2021-06-22 10:05:53 +01:00
Chris Smowton
52028cf363 Merge pull request #547 from edoardopirovano/fix-join-order 
Performance: Fix bad join ordering
 2021-06-21 20:11:22 +01:00
Edoardo Pirovano
a7c656db8b Performance: Fix bad join ordering 2021-06-21 18:58:35 +01:00
Slavomir
c0f195ba16 Reduce false positives 2021-06-19 22:25:51 +02:00
edvraa
ac777d237d autoformat 2021-06-17 09:23:26 +01:00
edvraa
0456d4793a Fix path tracking 2021-06-17 09:23:26 +01:00
edvraa
4576b16f30 Use dataflow gettype 2021-06-17 09:23:26 +01:00
edvraa
062acedd49 Unify and make getValueForFieldWrite private 2021-06-17 09:23:26 +01:00
edvraa
236b623f60 Get rid of NetHttpCookieTrackingConfiguration 2021-06-17 09:23:26 +01:00