hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
16a11b48ad0e5c742e5a55c77bdf1810a4519662
codeql/go
History
Owen Mansel-Chan 16a11b48ad Switch to use-use dataflow. This will make post-update nodes easy to implement. 
Queries / tests that required changes:
* The CleartextLogging and MissingErrorCheck queries are updated because they assumed def-use flow
* The CommandInjection query works around the shortcomings of use-use flow by essentially reintroducing def-use flow when it applies a sanitizer
* The OpenUrlRedirect query currently just accepts its fate; the tests are updated to avoid excess sanitization while the query comments on the problem. We should choose this approach or the CommandInjection one.
2025-10-01 16:12:07 +01:00
..
actions/test
Go: Update Go version in tests to 1.25.0
2025-08-13 13:39:32 +02:00
build
codeql-tools
Remove unnecessary batch script flag
2024-08-20 15:56:24 +01:00
docs/language/learn-ql/go
Delete old docs for data flow in Go
2025-01-16 12:03:14 +00:00
documentation/library-coverage
Add changed framework coverage reports
2025-06-05 00:24:03 +00:00
downgrades
Address review comments
2025-02-13 21:59:14 +00:00
external-packs/codeql/suite-helpers/0.0.2
extractor
Configure git to use the certificate, if needed
2025-09-24 15:52:04 +01:00
extractor-smoke-test
Fix search paths.
2024-06-03 16:33:17 +02:00
old-change-notes
Remove non-breaking spaces from code
2025-09-05 09:41:15 +02:00
ql
Switch to use-use dataflow. This will make post-update nodes easy to implement.
2025-10-01 16:12:07 +01:00
scripts
templates/project
tools
.gitignore
Add .gitignore for artifacts of make test
2025-02-27 16:34:38 +00:00
alert_weighting.properties
BUILD.bazel
Format
2025-02-06 11:36:45 +00:00
CODE_OF_CONDUCT.md
codeql-extractor.yml
Specify default queries in codeql-extractor.yml
2025-08-29 17:34:45 +01:00
CONTRIBUTING.md
Deprecate the CodeQL for VS Code docs in favour of docs.github.com version
2024-04-25 07:59:33 +00:00
gen.py
Go/Bazel: fix gazelle invocation to use bundled bazel go
2024-08-05 10:13:14 +02:00
Makefile
Merge branch 'main' into cklin/check-diff-informed
2025-05-28 10:47:47 -07:00
README.md
rules.bzl
Bazel/Go: use native cross compilation for fat binaries
2024-05-02 09:21:43 +02:00
SECURITY.md

README.md

Go analysis support for CodeQL

This sub-folder contains the extractor, CodeQL libraries, and queries that power Go support for CodeQL.

It contains two major components:

  • an extractor, itself written in Go, that parses Go source code and converts it into a database that can be queried using CodeQL.
  • static analysis libraries and queries written in CodeQL that can be used to analyze such a database to find coding mistakes or security vulnerabilities.

Usage

To analyze a Go codebase, either use the CodeQL command-line interface to create a database yourself, or download a pre-built database from GitHub.com. You can then run any of the queries contained in this repository either on the command line or using the VS Code extension.

Contributions

Contributions are welcome! Please see our contribution guidelines and our code of conduct for details on how to participate in our community.

Licensing

The code in this repository is licensed under the MIT license.

Resources