hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 09:15:12 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
a63a4c29e29f54d7b99cd1da2d858c06f74f22e4
codeql/go
History
Chris Smowton a63a4c29e2 Go: fix incorrect-integer-conversion sanitizer 
This was amended as part of https://github.com/github/codeql/pull/12186, but the conversion was inadequate because the new implementation didn't work when a sink (type conversion) led directly to a non-`localTaintStep` step, such as a store step or an interprocedural step. Here I move the sink back one step to the argument of the type
conversion and sanitize the result of the conversion instead, to ensure there is always a unique local successor to a sink.

This should eliminate unexpected extra results that resulted from https://github.com/github/codeql/pull/12186. Independently there are also *lost* results that stem from needing a higher `fieldFlowBranchLimit` that are not addressed in this PR, but raising that limit is a performance risk and so I will address this separately.
2023-03-08 09:48:35 +00:00
..
build
codeql-go merge prep: move into go/ directory
2022-05-20 10:07:19 -07:00
codeql-tools
Go: Remove the legacy tracer configuration files.
2022-09-09 11:13:01 +02:00
docs/language/learn-ql/go
Docs: Update references to github/codeql-go
2022-05-20 12:10:21 -07:00
downgrades
Remove @errorexpr from the dbscheme (use @badexpr)
2022-12-14 10:46:19 +00:00
external-packs/codeql/suite-helpers/0.0.2
codeql-go merge prep: move into go/ directory
2022-05-20 10:07:19 -07:00
extractor
Fix DepErrors test
2023-01-26 11:37:41 +00:00
extractor-smoke-test
Go: fix search and tool paths for 'make test'
2022-05-20 10:22:47 -07:00
old-change-notes
spelling: recognition
2022-10-20 08:21:02 -04:00
ql
Go: fix incorrect-integer-conversion sanitizer
2023-03-08 09:48:35 +00:00
scripts
Remove Go's install-deps.sh script
2023-01-03 10:45:06 +00:00
templates/project
codeql-go merge prep: move into go/ directory
2022-05-20 10:07:19 -07:00
tools
Go: fix search and tool paths for 'make test'
2022-05-20 10:22:47 -07:00
vendor
Upgrade Go extractor compiler and dependency versions
2023-02-14 17:34:47 +00:00
alert_weighting.properties
codeql-go merge prep: move into go/ directory
2022-05-20 10:07:19 -07:00
CODE_OF_CONDUCT.md
codeql-go merge prep: move into go/ directory
2022-05-20 10:07:19 -07:00
codeql-extractor.yml
Specify language names in extractor packs
2022-12-23 13:15:04 +00:00
CONTRIBUTING.md
Update CodeQL CLI articles with migration message
2023-02-02 14:11:02 -05:00
go.mod
Upgrade Go to 1.20
2023-02-14 17:59:18 +00:00
go.sum
Upgrade Go extractor compiler and dependency versions
2023-02-14 17:34:47 +00:00
LICENSE
codeql-go merge prep: move into go/ directory
2022-05-20 10:07:19 -07:00
Makefile
Remove unused variable
2023-02-03 16:36:20 +00:00
README.md
Update CodeQL CLI articles with migration message
2023-02-02 14:11:02 -05:00
SECURITY.md
codeql-go merge prep: move into go/ directory
2022-05-20 10:07:19 -07:00

README.md

Go analysis support for CodeQL

This sub-folder contains the extractor, CodeQL libraries, and queries that power Go support for CodeQL.

It contains two major components:

  • an extractor, itself written in Go, that parses Go source code and converts it into a database that can be queried using CodeQL.
  • static analysis libraries and queries written in CodeQL that can be used to analyze such a database to find coding mistakes or security vulnerabilities.

Usage

To analyze a Go codebase, either use the CodeQL command-line interface to create a database yourself, or download a pre-built database from GitHub.com. You can then run any of the queries contained in this repository either on the command line or using the VS Code extension.

Contributions

Contributions are welcome! Please see our contribution guidelines and our code of conduct for details on how to participate in our community.

Licensing

The code in this repository is licensed under the MIT license.

Resources