github
/
codeql-go
зеркало из https://github.com/github/codeql-go.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
2 546 коммитов 92 Ветки 49 Теги 23 MiB
Граф коммитов

2546 Коммитов

Автор SHA1 Сообщение Дата
Owen Mansel-Chan bfae3fdf97
Merge pull request #665 from owen-mc/update-function-get-a-call 
Update `Function.getACall()`
 2022-01-19 23:36:20 +00:00
Chris Smowton 5a2a15c9da
Merge pull request #668 from github/smowton/fix/no-pack-install-verify 
Don't use codeql pack install --verify
 2022-01-19 20:01:42 +00:00
Chris Smowton 7f39b1e12c
Don't use codeql pack install --verify 
This shouldn't fail, but currently does due to a bug and is unnecessary in any case.
 2022-01-19 18:40:05 +00:00
Owen Mansel-Chan 4d1dcb3260
Remove first disjunct as it is a subset of second disjunct 2022-01-19 16:21:06 +00:00
Owen Mansel-Chan 7fd2fff1ba
Merge pull request #666 from owen-mc/tainted-path-add-more-tests 
Add tests for tainted path query checking the sanitizers and sanitizer guards work
 2022-01-19 13:00:57 +00:00
Owen Mansel-Chan 85319b2dbf
Add tests for tainted path sanitizers and sanitizer guards 2022-01-19 09:49:15 +00:00
Owen Mansel-Chan 84f9b74f50
t Improve documentation of `Function.getACall` 2022-01-18 23:44:34 +00:00
Owen Mansel-Chan 3c02403701
Do not use getACall() when we only want direct calls 
In both of these locations we do not want calls through interface methods.
 2022-01-18 23:36:14 +00:00
Owen Mansel-Chan 1aebf4ccac
Merge pull request #664 from owen-mc/add-change-note-function-getacall 
Add change note for change to `Function.getACall`
 2022-01-18 18:12:29 +00:00
Owen Mansel-Chan 84116e1681
Update ql/lib/change-notes/2022-01-18-function-get-a-call.md 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-01-18 16:51:07 +00:00
Owen Mansel-Chan fd1136a777
Add change note for change to `Function.getACall` 2022-01-18 16:42:57 +00:00
Tom Hvitved 429a9658e1
Merge pull request #657 from github/post-release-prep/codeql-cli-2.7.5 
Post-release preparation for codeql-cli-2.7.5
 2022-01-17 12:40:24 +01:00
Andrew Eisenberg a83af5e14c
Merge pull request #661 from github/aeisenberg/changenote-upgrades-removal 
Changenotes: Add changenotes for upgrades refactoring
 2022-01-14 12:12:57 -08:00
Andrew Eisenberg 156588a6a7
Update change note 
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
 2022-01-14 10:32:47 -08:00
Andrew Eisenberg c86e96bcc2 Merge branch 'main' into post-release-prep/codeql-cli-2.7.5 2022-01-14 08:19:47 -08:00
Andrew Eisenberg 8a4120a08d Changenotes: Add changenotes for upgrades refactoring 2022-01-12 11:38:43 -08:00
github-actions[bot] 970e8e1f91 Post-release preparation for codeql-cli-2.7.5 2022-01-12 13:28:33 +00:00
Andrew Eisenberg 2b8e4b2ffa
Merge pull request #628 from github/aeisenberg/upgrades/work 
Push upgrades pack into lib pack
 2022-01-11 14:09:06 -08:00
Andrew Eisenberg 6ceebc7d1e Merge branch 'main' into aeisenberg/upgrades/work 2022-01-11 11:27:35 -08:00
Chris Smowton 6afd570c4c
Merge pull request #658 from smowton/smowton/feature/q-format-directive-is-safe 
Note that the %q format directive escapes newlines, and therefore prevents log injection
 2022-01-11 14:45:40 +00:00
Chris Smowton 6f598a6972
Fix formatting regex comment 2022-01-10 10:49:12 +00:00
Chris Smowton ae5eadef28
Update ql/lib/semmle/go/frameworks/stdlib/Log.qll 
Rename class

Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2022-01-10 10:24:30 +00:00
Chris Smowton 6b4a50567a
Merge pull request #659 from smowton/smowton/fix/path-transformer-use-realpath 
Path transformer: use fully resolved path
 2022-01-06 19:11:16 +00:00
Chris Smowton e0a3ec85f3 Path transformer: use fully resolved path 
This makes source locations consistent between databases that do and don't use the `SEMMLE_PATH_TRANSFORMER` option in the case where the original source location isn't its own realpath (i.e, some parent directory is a symbolic link).
 2022-01-05 16:31:31 +00:00
Chris Smowton 749698759a Note that the %q format directive escapes newlines, and therefore prevents log injection 2022-01-05 16:04:20 +00:00
Chris Smowton 5760841812
Merge pull request #647 from smowton/smowton/admin/not-all-you-fmt-is-log 
Declassify fmt.Fprintf as a log sink
 2022-01-05 14:09:55 +00:00
Andrew Eisenberg 49d239f4bf Push upgrades pack into lib pack 
PR Related to https://github.com/github/semmle-code/pull/40918
Removes the upgrades pack and uses ql/lib/upgrades instead.

Also, fix malformed parameter in instruction.

Co-authored-by: Chris Smowton <smowton@github.com>
 2022-01-04 11:32:52 -08:00
Tom Hvitved a0766e08a1
Merge pull request #656 from github/release-prep/2.7.5 
Release preparation for version 2.7.5
 2022-01-04 18:57:50 +01:00
github-actions[bot] 980c162fe3 Release preparation for version 2.7.5 2022-01-04 14:44:48 +00:00
Owen Mansel-Chan daa55eaae2
Merge pull request #651 from erik-krogh/patches 
various automatic patches applied to codeql-go
 2022-01-04 11:46:20 +00:00
Tom Hvitved 50457d1579
Merge pull request #653 from dbartol/dbartol/move-change-notes 
Move change notes to proper location
 2022-01-04 09:35:29 +01:00
Dave Bartolomeo 171aa8bd62 Move change notes to proper location 2022-01-03 17:38:09 -05:00
Dave Bartolomeo 091906d380
Merge pull request #644 from github/post-release-prep/codeql-cli-2.7.4 
Post-release preparation for codeql-cli-2.7.4
 2022-01-03 17:09:54 -05:00
github-actions[bot] 00aae7cba5 Post-release version bumps 2022-01-03 20:10:43 +00:00
Erik Krogh Kristensen afe7ee17a0 run the use-set-literals patch 2021-12-20 17:55:19 +01:00
Erik Krogh Kristensen d339f13629 run the non-us-language patch 2021-12-20 17:54:18 +01:00
Erik Krogh Kristensen 4459c8e7c6 run the redundant-cast patch 2021-12-20 17:53:09 +01:00
Chris Smowton 92d3da5e56 Declassify fmt.Fprintf as a log sink 
In future we could try harder to find out whether you're Fprintf'ing to stdout, a file named xyz.log etc, but for now this causes Fprintf'ing to an HTTP writer to be mistaken for log-injection rather than just XSS.
 2021-12-17 17:07:58 +00:00
Owen Mansel-Chan da8f8e2eef Refactor to use SummarizedCallable, sourceElement and sinkElement 2021-12-16 19:35:54 +00:00
Owen Mansel-Chan ec3dd1e1c0 Revert "Update tests for no flow through receivers when no function body" 
This reverts commit 06f889fce6.
 2021-12-16 19:35:54 +00:00
Owen Mansel-Chan 9b2f29bbcd Allow data flow through receiver for modelled methods 2021-12-16 19:35:54 +00:00
Chris Smowton ede57b6527
Merge pull request #637 from smowton/smowton/fix/log-injection-sanitizers 
Fix sanitization by strings.Replace[All] in go/unsafe-quoting and go/log-injection
 2021-12-16 12:28:40 +00:00
Chris Smowton f5108449a5
Update change-notes/2021-12-14-strings-replace-sanitizers.md 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2021-12-15 20:07:34 +00:00
Chris Smowton 9de1532735
Add log-injection test using strings.ReplaceAll 2021-12-15 15:35:14 +00:00
Dave Bartolomeo e1417f18bf
Merge pull request #640 from github/release-prep/2.7.4 
Release preparation for version 2.7.4
 2021-12-14 16:42:40 -05:00
github-actions[bot] ee6ea0f8cb Release preparation for version 2.7.4 2021-12-14 21:34:55 +00:00
Dave Bartolomeo d14ea51954
Merge pull request #639 from github/dbartol/fix-change-notes 
Fix change notes
 2021-12-14 14:32:56 -05:00
Dave Bartolomeo a3e5b4c99c Move pre-packaging change notes to `old-change-notes` directory 2021-12-14 12:46:56 -05:00
Dave Bartolomeo 42ecc9b1c7 Move new change notes to appropriate pack 2021-12-14 12:46:19 -05:00
Chris Smowton bd806a8ff7
Merge pull request #638 from owen-mc/test-database-sql-models 
Add missing tests for DatabaseSql function models
 2021-12-14 17:22:40 +00:00