hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-06 07:36:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
65,890 Commits 1,703 Branches 162 Tags
feeaef14be7ebf66df2d25cba67aa7439faa99a0
Commit Graph

1536 Commits

Author SHA1 Message Date
Alexander Eyers-Taylor
43572fe9ae Go: Fix broken changenote metadata 2024-04-15 16:55:23 +01:00
Michael B. Gale
7a0aad87a4 Go: Use shared library for integration tests 2024-04-15 14:46:53 +01:00
Anders Schack-Mulligen
20e91f9cac Go: Update expected output (uninteresting). 2024-04-12 09:20:23 +02:00
Anders Schack-Mulligen
ba6039946b Go: Add alert provenance plumbing. 2024-04-12 09:19:59 +02:00
Anders Schack-Mulligen
eafc0075fd Legacy dataflow: Sync. 2024-04-12 09:19:54 +02:00
Owen Mansel-Chan
d4bb4d4faa Merge pull request #16120 from owen-mc/go/fix/type-switch-control-flow 
Go: Fix data flow through variable defined in type switch guard
 2024-04-11 11:39:40 +01:00
Owen Mansel-Chan
1e8315d797 Merge pull request #16180 from owen-mc/go/tweak-go-tainted-path-additions 
Go: Tweak go tainted path additions
 2024-04-11 11:17:30 +01:00
Owen Mansel-Chan
a7c5e849f4 Expand ReplaceAll in sanitizer 2024-04-11 07:35:56 +01:00
Owen Mansel-Chan
c3fefa8f69 Add extra sanitizer Part.FileName() 2024-04-11 07:35:45 +01:00
Owen Mansel-Chan
21189af294 Improve QLDoc and refactor QL 2024-04-11 07:34:58 +01:00
Owen Mansel-Chan
1c0ef90e96 Merge pull request #15865 from owen-mc/go/extractor/no-intermediate-string-values 
Go: extractor: do not store intermediate values in long string concatenations
 2024-04-10 15:31:51 +01:00
Owen Mansel-Chan
dc3ea6c418 Merge pull request #11703 from Kwstubbs/go-taintedpath-additions 
Go: Add and Modify Sanitizers For TaintedPath
 2024-04-10 15:13:13 +01:00
Owen Mansel-Chan
5ec3934ac8 Merge branch 'main' into go/extractor/no-intermediate-string-values 2024-04-10 14:51:22 +01:00
Owen Mansel-Chan
a18a4fb62e Avoid magic in TSynthLocation definition 
This improves performance, because in this case magic is not beneficial.
 2024-04-10 11:47:13 +01:00
Owen Mansel-Chan
322d9fe105 Update change note wording 
Co-authored-by: Chris Smowton <smowton@github.com>
 2024-04-09 12:46:26 +01:00
Owen Mansel-Chan
a65b02eb28 Update test expectations 2024-04-09 10:59:06 +01:00
Owen Mansel-Chan
f89fb8eb57 Add change note 2024-04-09 10:59:00 +01:00
Owen Mansel-Chan
6ae07a2c43 Add location for implicitly declared variables 2024-04-09 10:58:55 +01:00
Owen Mansel-Chan
ffdb610d93 Add new IR::Instruction MkTypeSwitchImplicitVariable 
It represents the implicit declaration of a variable at the beginning of a case clause
 2024-04-09 10:58:49 +01:00
Owen Mansel-Chan
4ffc4f5c62 Add test for dataflow through switches 2024-04-09 10:58:42 +01:00
Owen Mansel-Chan
0ed330056d Add extra CFG test for type switch 2024-04-09 10:55:52 +01:00
Owen Mansel-Chan
8df23522f0 Delete redundant test 2024-04-09 10:55:40 +01:00
Owen Mansel-Chan
32ea94e625 Merge pull request #16123 from owen-mc/go/misc-trivial-fixes 
Go: miscellaneous trivial fixes
 2024-04-04 21:09:15 +01:00
Owen Mansel-Chan
720961787b Improve QLDoc for CaseClause 2024-04-04 10:37:25 +01:00
Owen Mansel-Chan
fe24710c96 Improve QLDoc of Entity.getDeclaration 2024-04-03 14:09:37 +01:00
Owen Mansel-Chan
c7f2e991ed Improve QLDoc for TypeAssertExpr 
Include information about the type assert `x.(type)` used in type switches.
 2024-04-03 13:59:04 +01:00
Geoffrey White
11acb499bb Merge pull request #16042 from geoffw0/maddoc 
Remove [potentially] untrue claims about models-as-data
 2024-04-02 16:01:31 +01:00
github-actions[bot]
8e61c6625b Post-release preparation for codeql-cli-2.17.0 2024-04-01 15:27:42 +00:00
github-actions[bot]
ec97d9a304 Release preparation for version 2.17.0 2024-04-01 13:46:57 +00:00
Michael B. Gale
73f71d8ace Merge pull request #15979 from github/mbg/go/deal-with-incorrect-versions 2024-03-28 14:16:14 +00:00
Michael B. Gale
6b1d1d427c Go: Add integration test for incorrect version format logic 2024-03-27 15:16:32 +00:00
Michael B. Gale
86bf4fbbc0 Go: Make diagnostic names static 2024-03-27 14:22:58 +00:00
Max Schaefer
5b07e14fb3 Merge pull request #16055 from github/max-schaefer/go-open-redirect-qhelp 
Go: Improve QHelp for `go/unvalidated-url-redirection`.
 2024-03-27 13:56:48 +00:00
Henry Mercer
0646744928 Merge branch 'main' into henrymercer/merge-back-rc-3.13 2024-03-26 12:59:12 +00:00
Max Schaefer
d7258f76d3 Go: Improve QHelp for go/unvalidated-url-redirection. 
The example showed a different (and better) fix from what the help claimed, but the suggestion also had a subtle bug that I fixed at the same time.
 2024-03-26 10:57:36 +00:00
Michael B. Gale
f84609dbc4 Go: Add changenote for CODEQL_EXTRACTOR_GO_FAST_PACKAGE_INFO change 2024-03-26 10:51:57 +00:00
Max Schaefer
ff23f572d0 Merge pull request #16038 from github/max-schaefer/string-break-qhelp 
Go: Improve QHelp for `go/unsafe-quoting`.
 2024-03-25 20:10:02 +00:00
Max Schaefer
5bc710b406 Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2024-03-25 19:48:56 +00:00
github-actions[bot]
f67b5f9158 Post-release preparation for codeql-cli-2.16.6 2024-03-25 18:17:15 +00:00
github-actions[bot]
71ab804274 Release preparation for version 2.16.6 2024-03-25 16:58:08 +00:00
Geoffrey White
4a4c77e81d Remove claims about models-as-data that require you to select a parameter from non-Java languages. We believe this is only possible in Java. 2024-03-25 15:41:00 +00:00
Max Schaefer
120fb93c23 Go: Improve QHelp for go/unsafe-quoting. 2024-03-25 13:32:51 +00:00
Max Schaefer
ffbe3e6ed4 Merge pull request #16020 from github/max-schaefer/go-path-injection-qhelp 
Go: Update query help for `go/path-injection` to include example fixes.
 2024-03-25 10:25:36 +00:00
Max Schaefer
034ed17227 Apply suggestions from code review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2024-03-22 15:24:29 +00:00
Max Schaefer
bc9396e0e6 Address suggestions from review. 2024-03-22 13:19:36 +00:00
Max Schaefer
4e4cd52f63 Go: Update query help for go/path-injection to include example fixes. 2024-03-22 11:45:59 +00:00
Arthur Baars
c219b1a3c7 Merge pull request #16013 from github/rc/3.13 
Merge rc/3.13 into main
 2024-03-21 16:04:58 +01:00
Henry Mercer
4e3a6e2140 Merge pull request #15874 from github/henrymercer/mark-loc-as-telemetry 
Show lines of code data in debug mode only
 2024-03-21 12:20:09 +00:00
Michael Nebel
6619be3137 Merge pull request #15940 from michaelnebel/csharp/sourcesinktests 
C#: Source- and sink tests.
 2024-03-21 08:12:16 +01:00
Henry Mercer
a76832f4e0 Mark LOC queries as debug instead 2024-03-20 21:18:55 +00:00