github
/
codeql-go
зеркало из https://github.com/github/codeql-go.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
2 322 коммитов 92 Ветки 49 Теги 23 MiB
Граф коммитов

2322 Коммитов

Автор SHA1 Сообщение Дата
Tom Hvitved 6a2f4719e8
Merge pull request #672 from github/post-release-prep/codeql-cli-2.7.6 
Post-release preparation for codeql-cli-2.7.6
 2022-01-24 13:01:01 +01:00
github-actions[bot] c52caa6322 Post-release preparation for codeql-cli-2.7.6 2022-01-20 12:59:04 +00:00
Tom Hvitved 8c00d3e643
Merge pull request #669 from github/release-prep/2.7.6 
Release preparation for version 2.7.6
 2022-01-20 10:45:00 +01:00
github-actions[bot] 1e5721b9b9 Release preparation for version 2.7.6 2022-01-20 08:21:09 +00:00
Tom Hvitved a0766e08a1
Merge pull request #656 from github/release-prep/2.7.5 
Release preparation for version 2.7.5
 2022-01-04 18:57:50 +01:00
github-actions[bot] 980c162fe3 Release preparation for version 2.7.5 2022-01-04 14:44:48 +00:00
Owen Mansel-Chan daa55eaae2
Merge pull request #651 from erik-krogh/patches 
various automatic patches applied to codeql-go
 2022-01-04 11:46:20 +00:00
Tom Hvitved 50457d1579
Merge pull request #653 from dbartol/dbartol/move-change-notes 
Move change notes to proper location
 2022-01-04 09:35:29 +01:00
Dave Bartolomeo 171aa8bd62 Move change notes to proper location 2022-01-03 17:38:09 -05:00
Dave Bartolomeo 091906d380
Merge pull request #644 from github/post-release-prep/codeql-cli-2.7.4 
Post-release preparation for codeql-cli-2.7.4
 2022-01-03 17:09:54 -05:00
github-actions[bot] 00aae7cba5 Post-release version bumps 2022-01-03 20:10:43 +00:00
Erik Krogh Kristensen afe7ee17a0 run the use-set-literals patch 2021-12-20 17:55:19 +01:00
Erik Krogh Kristensen d339f13629 run the non-us-language patch 2021-12-20 17:54:18 +01:00
Erik Krogh Kristensen 4459c8e7c6 run the redundant-cast patch 2021-12-20 17:53:09 +01:00
Owen Mansel-Chan da8f8e2eef Refactor to use SummarizedCallable, sourceElement and sinkElement 2021-12-16 19:35:54 +00:00
Owen Mansel-Chan ec3dd1e1c0 Revert "Update tests for no flow through receivers when no function body" 
This reverts commit 06f889fce6.
 2021-12-16 19:35:54 +00:00
Owen Mansel-Chan 9b2f29bbcd Allow data flow through receiver for modelled methods 2021-12-16 19:35:54 +00:00
Chris Smowton ede57b6527
Merge pull request #637 from smowton/smowton/fix/log-injection-sanitizers 
Fix sanitization by strings.Replace[All] in go/unsafe-quoting and go/log-injection
 2021-12-16 12:28:40 +00:00
Chris Smowton f5108449a5
Update change-notes/2021-12-14-strings-replace-sanitizers.md 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2021-12-15 20:07:34 +00:00
Chris Smowton 9de1532735
Add log-injection test using strings.ReplaceAll 2021-12-15 15:35:14 +00:00
Dave Bartolomeo e1417f18bf
Merge pull request #640 from github/release-prep/2.7.4 
Release preparation for version 2.7.4
 2021-12-14 16:42:40 -05:00
github-actions[bot] ee6ea0f8cb Release preparation for version 2.7.4 2021-12-14 21:34:55 +00:00
Dave Bartolomeo d14ea51954
Merge pull request #639 from github/dbartol/fix-change-notes 
Fix change notes
 2021-12-14 14:32:56 -05:00
Dave Bartolomeo a3e5b4c99c Move pre-packaging change notes to `old-change-notes` directory 2021-12-14 12:46:56 -05:00
Dave Bartolomeo 42ecc9b1c7 Move new change notes to appropriate pack 2021-12-14 12:46:19 -05:00
Chris Smowton bd806a8ff7
Merge pull request #638 from owen-mc/test-database-sql-models 
Add missing tests for DatabaseSql function models
 2021-12-14 17:22:40 +00:00
Chris Smowton f86510ee20
Update comment 2021-12-14 12:39:31 +00:00
Chris Smowton c2b42ce091 Fix sanitization by strings.Replace[All] in go/unsafe-quoting and go/log-injection 2021-12-14 12:37:18 +00:00
Owen Mansel-Chan 6a2a8298dd
Add missing tests for DatabaseSql function models 2021-12-13 14:18:46 -05:00
Chris Smowton 9309abf8cd
Merge pull request #574 from sauyon/dataflow-update 
Update dataflow libraries and add support for CSV summary flow
 2021-12-13 11:28:28 +00:00
Chris Smowton 89b2a2f9b0
Merge pull request #633 from owen-mc/database-sql-model-incorrect 
Fix incorrect type name in database/sql model
 2021-12-13 11:01:38 +00:00
Chris Smowton 559aec1d64
Merge pull request #632 from owen-mc/refactor-variadic-helper-functions-for-builtin-functions 
Refactor isVariadic helper functions
 2021-12-13 10:59:42 +00:00
Chris Smowton 08c10bf97b
Merge pull request #625 from smowton/smowton/fix/minor-perf-improvements 
Improve performance: join-order AllocationSizeOverflow's source and use `matches` not `regexpFind`
 2021-12-13 10:36:02 +00:00
Owen Mansel-Chan ce27b0da52
Fix incorrect type name in database/sql model 
This error seems to have been introduced in
36bbf1eeb9
 2021-12-12 17:47:52 -05:00
Owen Mansel-Chan 353aa8d603
Refactor isVariadic helper functions 
Store information more naturally for built-in functions.
 2021-12-12 16:56:26 -05:00
Dave Bartolomeo b57d3296f1
Merge pull request #620 from github/aeisenberg/version-policies 
Add version policies
 2021-12-10 17:39:15 -05:00
Andrew Eisenberg 3cc48fea6a
Merge pull request #622 from github/post-release/v2.7.3 
Post release/v2.7.3
 2021-12-10 10:00:11 -08:00
Chris Smowton e9e4f5a687 Improve performance: join-order AllocationSizeOverflow's source and use `matches` not `regexpFind` 
The join order fix takes 10 seconds off that predicate; the get-a-flag changes take about 25% off compared to using regexes.
 2021-12-10 12:23:50 +00:00
Chris Smowton facda77852 Dataflow relations: narrow all dataflow nodes before taking product with Configurations 
This is particularly important for ConversionWithoutBoundsCheckConfig which has 20 configs. By paring DataFlow::Node down to only those that have a local-flow successor, or only those with an isAdditionalFlowStep for some related configuration, the result size can be significantly reduced prior to taking the product against Configuration and finally paring down using config.fullBarrier etc.

Saves about 1m20s per analysis on cockroachdb.
 2021-12-09 16:56:38 +00:00
Andrew Eisenberg cedf55c46e Update pack dependency 2021-12-09 07:58:14 -08:00
Owen Mansel-Chan b234ba7f26
Fix bad join order in getAFalsifiedGuard 
viableParamArg should be evaluated first.
 2021-12-08 17:33:59 -05:00
Owen Mansel-Chan 06f889fce6
Update tests for no flow through receivers when no function body 
This branch originally included a commit to enable flow through receivers
when there is no function body. This was dropped, to be pursued later.
 2021-12-08 16:03:18 -05:00
Owen Mansel-Chan 88e7c44a6d
Update expected test results with extra nodes 2021-12-08 15:28:28 -05:00
Owen Mansel-Chan a01f90b903
Give DataFlowCallable a user-facing name (Callable), move to Scopes.qll 
I removed asFunctionNode() because it would need an import, but it
doesn't seem to be used anywhere.
 2021-12-08 11:30:39 -05:00
Owen Mansel-Chan a6532b988f
Allow implicit taint reads through more content types 2021-12-08 11:20:38 -05:00
Owen Mansel-Chan 754c838cc0
Fix accidental cartesian product 
PointerContent needs to have the PointerType specified as well
 2021-12-08 11:20:37 -05:00
Owen Mansel-Chan d70307243c
Fix bad join order in BarrierGuard.guards/2 2021-12-08 11:20:37 -05:00
Owen Mansel-Chan 1a9ea38c0b
Update non-shared dataflow files to match sync 2021-12-08 11:20:36 -05:00
Owen Mansel-Chan 095fe6e4a7
Do not allow "Argument" on its own 
# Conflicts:
#	ql/test/library-tests/semmle/go/dataflow/ExternalFlow/srcs.expected
 2021-12-08 11:20:36 -05:00
Sauyon Lee b2f62b185d
Allow for Return[i] specifications 2021-12-08 11:20:36 -05:00