github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
58 206 коммитов 1 534 Ветки 130 Теги 471 MiB
Граф коммитов

1109 Коммитов

Автор SHA1 Сообщение Дата
Jeroen Ketema 0d1fd88729
Merge pull request #14050 from jketema/inline-6 
Consolidate all `InlineFlowTest` libraries in the dataflow qlpack
 2023-08-29 09:30:35 +02:00
Dave Bartolomeo 3343b78015
Merge pull request #14074 from github/post-release-prep/codeql-cli-2.14.3 
Post-release preparation for codeql-cli-2.14.3
 2023-08-28 13:34:10 -04:00
github-actions[bot] 3eba77421a Post-release preparation for codeql-cli-2.14.3 2023-08-28 15:53:49 +00:00
Jeroen Ketema 9d573e5544
Consolidate all `InlineFlowTest` libraries in the dataflow qlpack 2023-08-24 21:38:46 +02:00
Michael Nebel ce6fd8ac5f
Merge pull request #13432 from michaelnebel/updateissupported 
Java/C#: Update telemetry queries to report callables with sink/source neutrals as being supported.
 2023-08-22 08:39:38 +02:00
Jeroen Ketema 2d0f73d7c2
Merge pull request #13881 from jketema/shared-taint-tracking 
Introduce shared taint tracking library
 2023-08-21 12:45:49 +02:00
Michael Nebel 106ba11e10 Address review comments. 2023-08-21 09:59:02 +02:00
Michael Nebel d66fe08661 Add QLDoc for the getKind predicate. 2023-08-21 09:59:02 +02:00
Michael Nebel 25cc561e50 Go: Sync files and make manual adjustments. 2023-08-21 09:59:01 +02:00
github-actions[bot] 098dfb4242 Release preparation for version 2.14.3 2023-08-18 14:48:15 +00:00
Michael B. Gale a1c9deea61
Merge pull request #13867 from github/mbg/go/1.21-support 
Go: Basic Go 1.21 support
 2023-08-18 14:37:11 +01:00
Michael B. Gale 9082fd218e
Add taint flow tests for `clear` 2023-08-17 18:39:32 +01:00
Michael B. Gale 109b96f038
Add comment explaining `TaintStep` test 2023-08-17 17:50:41 +01:00
Michael B. Gale e65269be69
Add `DefaultTaintSanitizer` for `clear` 2023-08-17 17:49:46 +01:00
Jeroen Ketema 33e8310625
Merge branch 'main' into shared-taint-tracking 2023-08-17 00:14:25 +02:00
Michael B. Gale 1bd536dd9e
Rename `getLocation` to `hasLocation` 2023-08-16 11:21:35 +01:00
Michael B. Gale c981fd714e
Exclude `String` from `TaintSteps` 
For `os.dirEntry` and `os.unixDirent` which are only available
on unix and Windows respectively.
 2023-08-15 20:32:41 +01:00
Michael B. Gale ee58dbc6f7
Add new built-ins to `builtinFunction` predicate 
- `clear` isn't pure because it modifies a data structure in place
- `clear` may not be used correctly, but this is determined statically
 2023-08-15 20:16:42 +01:00
Chris Smowton 3bcfbcdf68
Don't warn when Go version exactly matches go.mod 
We had only previously tested this with e.g. installed go 1.20.5 >= go.mod request `go 1.20`; now we have go 1.21.0 which shouldn't elicit a warning because 1.21.0 is equal to the go.mod request `go 1.21`.
 2023-08-15 16:49:42 +01:00
Henry Mercer 1213eba630
Merge branch 'main' into post-release-prep/codeql-cli-2.14.2 2023-08-11 13:54:55 +01:00
Michael B. Gale 513da82510
Model data flow for `min` and `max` 2023-08-11 11:51:07 +01:00
Michael B. Gale d189a15737
Exclude `poly1305.mac.Write` from `TaintSteps` 
Not available on arm64
 2023-08-11 11:33:52 +01:00
Michael B. Gale a623733dfa
Add location info to `TaintSteps` query 2023-08-11 11:10:39 +01:00
Michael B. Gale ee0bfff9f4
Update expected test output for `TaintStep` 2023-08-11 10:57:11 +01:00
Michael B. Gale bb56536bfa
Update expected test output for `LocalTaintStep` 2023-08-11 10:57:10 +01:00
Michael B. Gale 14731e8fa3
Bump supported Go version to 1.21 2023-08-11 10:57:10 +01:00
Michael B. Gale 238049a870
Add Go 1.21 builtins 2023-08-11 10:57:10 +01:00
Michael B. Gale 4df4a0f51f
Update expected test output for `TypeParamType` 2023-08-11 10:55:00 +01:00
Michael B. Gale 48c35ce5e9
Use Go 1.21 for extractor 2023-08-11 10:55:00 +01:00
Michael B. Gale 13d4bd9c0a
Make `CompareIdenticalValues` test work on arm64 2023-08-11 10:51:52 +01:00
Owen Mansel-Chan 35a300f894
Apply suggestions from code review 
Co-authored-by: Michael B. Gale <mbg@github.com>
 2023-08-11 10:06:14 +01:00
Owen Mansel-Chan b7dfa2347c
Put QLDoc on data flow and taint tracking modules 
We preserve all old QLDocs, but move them from the
config to the Flow module. This makes more sense than
the Config module, which is often private, and is generally
not directly accessed.
 2023-08-11 10:06:12 +01:00
Owen Mansel-Chan 08e1e8a120
Improve inaccurate deprecation comments 2023-08-10 15:50:08 +01:00
Owen Mansel-Chan 94c15f712a
Remove unnecessary fieldFlowBranchLimit 2023-08-10 15:50:06 +01:00
Owen Mansel-Chan 0928fa6e1f
Give MyFlowstate a less generic name 2023-08-10 15:50:05 +01:00
Owen Mansel-Chan 36b1a0dc54
Update for recent changes to `DsnInjection` 2023-08-10 15:50:03 +01:00
Owen Mansel-Chan 2578ef4786
Remove output from running query like a test 2023-08-10 15:50:02 +01:00
Owen Mansel-Chan 089ea010d7
Improve QLDoc for Config::FlowState in `StringBreak` 2023-08-10 15:50:01 +01:00
Owen Mansel-Chan e33d303b48
Do not make unnecessary changes 2023-08-10 15:49:59 +01:00
Owen Mansel-Chan e6c8a0b653
Use more descriptive names for merged path graphs 2023-08-10 15:49:58 +01:00
Owen Mansel-Chan 6b4bf12316
Revert edit to deprecated class 2023-08-10 15:49:57 +01:00
Owen Mansel-Chan 046e517c3f
Remove unnecessary import 2023-08-10 15:49:54 +01:00
Owen Mansel-Chan 81d4149a17
Note deprecation in QLDoc for `LogInjection` 2023-08-10 15:49:52 +01:00
Owen Mansel-Chan b6b7e1589c
Make taint tracking tests use new API 2023-08-10 15:49:51 +01:00
Owen Mansel-Chan c11da5bf67
Make taint tracking tests use InlineFlowTest 2023-08-10 15:49:50 +01:00
Owen Mansel-Chan 663fb2cc06
Make taint tracking tests use config from InlineFlowTest 2023-08-10 15:49:48 +01:00
Owen Mansel-Chan 8db3e4a9b4
Make `IncorrectIntegerConversion` use new API 2023-08-10 15:49:47 +01:00
Owen Mansel-Chan 6c0c8d6963
Make `BadRedirectCheck` use new API 2023-08-10 15:49:45 +01:00
Owen Mansel-Chan 442dfc1833
Make `InsecureTLS` use new API 2023-08-10 15:49:44 +01:00
Owen Mansel-Chan b00e44725c
Make `CorsMisconfiguration` use new API 2023-08-10 15:49:43 +01:00