github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
71 972 коммитов 1 534 Ветки 130 Теги 471 MiB
Граф коммитов

2670 Коммитов

Автор SHA1 Сообщение Дата
Michael B. Gale 4dead2bd8d
Go: Use 1.23 for extractor 2024-09-05 21:12:40 +01:00
Michael B. Gale ca796b0383
Go: Use 1.23 in tests 2024-09-05 21:12:39 +01:00
Owen Mansel-Chan 013ee34de7
Merge pull request #17381 from owen-mc/go/fix/qldoc/resultvariabledecl 
Go: Fix QLDoc for ResultVariableDecl
 2024-09-05 11:57:45 +01:00
Owen Mansel-Chan 9786934d9a
Remove errant space at end of line 2024-09-05 11:27:20 +01:00
Owen Mansel-Chan 5bafa8ace2
Add comment about `x, y int` being a single ResultVariableDecl 2024-09-05 10:27:11 +01:00
Chris Smowton fe9d879e37 Prettify tests 2024-09-04 22:33:21 +01:00
Chris Smowton 4c5344d62a Accept test suggestions 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2024-09-04 22:30:17 +01:00
Chris Smowton cbd129fddd Add test for aliasing interface method definitions 2024-09-04 17:53:45 +01:00
Owen Mansel-Chan 351c50afc1
Fix QLDoc for ResultVariableDecl 2024-09-04 14:02:35 +01:00
Michael B. Gale cd8a5d7707
Merge pull request #17378 from github/mbg/go/improve-typeparamtype 
Go: Add `getParent` and `getIndex` for `TypeParamType`
 2024-09-04 13:31:51 +01:00
Michael B. Gale db72bd4f96
Go: Add `getParent` and `getIndex` for `TypeParamType` 2024-09-04 12:28:58 +01:00
Erik Krogh Kristensen 4258119ba3
Merge branch 'main' into del-deps-sep-2024 2024-09-04 12:43:41 +02:00
Owen Mansel-Chan 27e9c1b885
Merge pull request #17266 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2024-09-04 10:05:20 +01:00
github-actions[bot] 3eeb79c599 Add changed framework coverage reports 2024-09-04 00:19:10 +00:00
Chris Smowton 6ed0a37efd Autoformat 2024-09-03 21:29:56 +01:00
Chris Smowton bf2fb2f6e2 Add tests for interface implementation across aliasing 2024-09-03 21:18:20 +01:00
erik-krogh e2b16bd8f9
add some change-notes 2024-09-03 22:06:07 +02:00
erik-krogh 0fdd06fff5
use my script to delete outdated deprecations 2024-09-03 20:30:58 +02:00
Chris Smowton 73cc7460f3 Fix test; update expectations per autoformat changes 2024-09-03 18:44:30 +01:00
Chris Smowton a94601c8c0 Add test checking for entity counts and def-use matches under aliasing 2024-09-03 17:58:09 +01:00
Owen Mansel-Chan f5c195d830
Remove change note from 1.15.md 
We will include this change note when there is documentation about how to use the functionality.
 2024-09-03 16:24:55 +01:00
Henry Mercer 3490067316 Merge branch 'main' into henrymercer/rc-3.15-mergeback 2024-08-29 19:48:01 +01:00
Tom Hvitved 7f8e6bf574
Merge pull request #16970 from hvitved/dataflow/local-big-step-stage 
Data flow: Compute local big step relation as stage output
 2024-08-28 12:28:16 +02:00
Cornelius Riemenschneider bfc6fee828 Go: Move all integration tests. 
We no longer need the platform-specific directories,
so simplify the test organization.
If you want to retain the `linux` directory for two tests,
or not do this at all, just skip merging this PR.
It's purely optional.
 2024-08-28 10:37:59 +02:00
github-actions[bot] 3e774476c6 Post-release preparation for codeql-cli-2.18.3 2024-08-27 18:52:31 +00:00
github-actions[bot] 0db6379602 Release preparation for version 2.18.3 2024-08-27 17:50:22 +00:00
Henry Mercer 0f44cd3f62
Revert "Release preparation for version 2.18.3" 2024-08-27 18:19:25 +01:00
Tom Hvitved c92c96fa78 Data flow: Compute local big step relation per stage 2024-08-26 09:15:27 +02:00
Chris Smowton 7cb67a50be Add change note for ioutil fix 2024-08-24 17:49:26 +01:00
Chris Smowton a832730a11 Revert "Convert squirrel sql-injection sinks to MaD (non-existent methods removed)" 
This reverts commit 06f86dd22f.
 2024-08-24 17:44:40 +01:00
Chris Smowton ab88b9b136 Revert "Upgrade and convert gorqlite sql-injection sinks to MaD" 
This reverts commit ce0cb12c29.
 2024-08-24 17:43:15 +01:00
Chris Smowton 8fc3b00fb9 Revert "Convert gogf/gf sql-injection sinks to MaD" 
This reverts commit db559f75b6.
 2024-08-24 17:43:12 +01:00
Chris Smowton e7f788ae35 Revert "Convert sqlx sql-injection sinks to MaD" 
This reverts commit 7ad63fc3e6.
 2024-08-24 17:43:09 +01:00
Chris Smowton 4e6d7fcb29 Revert "Convert Gorm sql-injection sinks to MaD" 
This reverts commit ba310417a8.
 2024-08-24 17:43:06 +01:00
Chris Smowton d8a2c08f12 Revert "Convert Xorm sql-injection sinks to MaD" 
This reverts commit 3b2b7d7d1c.
 2024-08-24 17:43:03 +01:00
Chris Smowton 59bb142e8b Revert "Convert Bun sql-injection sinks to MaD" 
This reverts commit 3eb5b2669b.
 2024-08-24 17:43:00 +01:00
Chris Smowton ec59492866 Revert "Convert Beego orm sql-injection sinks to MaD" 
This reverts commit ad213579a1.
 2024-08-24 17:42:57 +01:00
Chris Smowton fa07f16bcc Revert "Convert database/sql sql-injection sinks to MaD" 
This reverts commit 501bb3eb56.
 2024-08-24 17:42:55 +01:00
Chris Smowton b3326babba Revert "Convert database/sql/driver sql-injection sinks to MaD" 
This reverts commit 652dd88c36.
 2024-08-24 17:42:52 +01:00
Chris Smowton c33568b602 Revert "Convert mongodb nosql-injection sinks to MaD" 
This reverts commit ec9d88b364.
 2024-08-24 17:42:49 +01:00
Chris Smowton 437df5c2a5 Revert "Convert gocb nosql-injection sinks to MaD" 
This reverts commit 2d2afb17ad.
 2024-08-24 17:42:45 +01:00
Chris Smowton a6e3b913d0 Revert "Convert logging sinks to use MaD" 
This reverts commit fa472f5e18.
 2024-08-24 17:39:24 +01:00
Chris Smowton 686f47af98 Revert "Fix typo in package path" 
This reverts commit 6f5a045437.
 2024-08-24 17:34:34 +01:00
Chris Smowton 67d94376e8
Merge pull request #17227 from smowton/smowton/fix/baseline-vs-nonroot-vendor-dirs 
Go / configure-baseline: account for multiple vendor directories and the `CODEQL_EXTRACTOR_GO_EXTRACT_VENDOR_DIRS` setting
 2024-08-22 15:00:51 +01:00
Owen Mansel-Chan 2edadbf423
Try to fix packages in frameworks coverage 2024-08-22 11:44:34 +01:00
github-actions[bot] 17cd9624fb Release preparation for version 2.18.3 2024-08-21 17:13:52 +00:00
Edward Minnix III 2f3ebfb81f
Merge pull request #17205 from egregius313/egregius313/go/dataflow/models/environment 
Go: Add models for environment variables
 2024-08-21 12:27:33 -04:00
Ed Minnix c2fa721966 Fix stub 2024-08-21 09:56:42 -04:00
Ed Minnix 6fdff977e5 Fix test cases 2024-08-21 09:47:46 -04:00
Edward Minnix III 2aa3e1f7a2
Alphabetize models 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2024-08-21 09:44:20 -04:00
Edward Minnix III 210ea5be79
Add model from older versions of caarlos0/env 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2024-08-21 09:43:58 -04:00
Edward Minnix III 7ae52425ce
Update package list in change note 2024-08-21 09:43:24 -04:00
Edward Minnix III 318a376a78
Remove ProcAttr models 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2024-08-21 09:43:04 -04:00
Owen Mansel-Chan a1a6fe45f1
Merge pull request #17245 from owen-mc/go/update-frameworks 
Go: Update frameworks.csv
 2024-08-21 10:52:21 +01:00
Chris Smowton f13f19d5dc Fix typo 2024-08-21 10:22:42 +01:00
Chris Smowton 2939cefc68 Use platform path separators for file testing, and forward-slashes for reporting to CodeQL 2024-08-21 10:15:44 +01:00
Chris Smowton c99a84689b Switch test expectations to use unix-style paths 2024-08-21 09:56:08 +01:00
Ed Minnix 0eddaa0664 syscall environment variables 2024-08-21 00:36:48 -04:00
Ed Minnix 9f00a0060d gobuffalo/envy 2024-08-21 00:30:36 -04:00
Ed Minnix cf3b3d75d0 Fix caarlos0 test 2024-08-21 00:29:17 -04:00
Ed Minnix 8a7e378b40 caarlos0/env 2024-08-21 00:06:10 -04:00
Ed Minnix f0f535b0e4 Fix frontend errors 2024-08-21 00:06:06 -04:00
Ed Minnix 257436a49d Convert test to inline expectation test 2024-08-21 00:06:02 -04:00
Edward Minnix III 47974914a5 Apply suggestions from code review 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2024-08-21 00:05:53 -04:00
Ed Minnix ed36aaa570 Fix some minor issues 2024-08-21 00:03:36 -04:00
Ed Minnix 69679dec1d Add defer statement 2024-08-21 00:03:32 -04:00
Ed Minnix 69f02293f5 Add change note 2024-08-21 00:03:29 -04:00
Ed Minnix 65a6fa7bc3 Go Environment variable (parsing) models and tests 2024-08-21 00:03:18 -04:00
Edward Minnix III 6103749188
Merge pull request #16710 from egregius313/egregius313/go/dataflow/file-sources 
Go: Add `file` sources
 2024-08-20 23:45:17 -04:00
Owen Mansel-Chan f0fe3a3388
Merge pull request #17260 from owen-mc/go/mad/convert-sink-5 
Go: Allow MaD models for XSS sinks using "html-injection" or "js-injection"
 2024-08-20 22:40:44 +01:00
Ed Minnix b14c58445a Fix formatting 2024-08-20 16:47:19 -04:00
Ed Minnix 06f73e76b8 Add additional test cases 2024-08-20 12:44:23 -04:00
Edward Minnix III e066c52ac6
Update change note 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2024-08-20 12:33:38 -04:00
Chris Smowton fc301206d1 Change note 2024-08-20 17:11:58 +01:00
Chris Smowton 3acab640b2 Add configure-baseline integration test 2024-08-20 17:07:09 +01:00
Chris Smowton 15b5bcc67c Output to stdout, not stderr 2024-08-20 17:01:54 +01:00
Chris Smowton 8b9617cd38 Update bazel build files 2024-08-20 15:56:28 +01:00
Chris Smowton ea3e5c8a99 Clarify comment 2024-08-20 15:56:27 +01:00
Chris Smowton f1f6f9b580 Share vendor-dir extraction logic between extractor and configure-baseline script 2024-08-20 15:56:26 +01:00
Chris Smowton 22802fd41f Improve struct naming 2024-08-20 15:56:25 +01:00
Chris Smowton 5d34dbf2c2 Remove unnecessary batch script flag 2024-08-20 15:56:24 +01:00
Chris Smowton 624d2b83c0 Tidy comments 2024-08-20 15:56:23 +01:00
Chris Smowton 21366dd502 Go / configure-baseline: account for multiple vendor directories and the `CODEQL_EXTRACTOR_GO_EXTRACT_VENDOR_DIRS` setting 
Our existing configure-baseline scripts would give the wrong result if a `vendor` directory wasn't at the root of the repository, or if the `CODEQL_EXTRACTOR_GO_EXTRACT_VENDOR_DIRS` variable was set to `true` indicating the user wants their vendored code scanned.

Here I replace the shell scripts that implemented the very simplest behaviour with a small Go program.
 2024-08-20 15:56:22 +01:00
Owen Mansel-Chan 30f8d6e4ff
Allow MaD models for XSS sinks using "html-injection" or "js-injection" 2024-08-20 14:04:23 +01:00
Anders Schack-Mulligen 993bfee096
Merge pull request #17259 from aschackmull/dataflow/remove-srcsink-grouping 
Dataflow: Remove src/sink grouping feature
 2024-08-20 14:42:33 +02:00
Anders Schack-Mulligen 8470e91c16 Legacy Dataflow: Sync. 2024-08-20 10:07:57 +02:00
Ed Minnix 0361b5c342 Fix AllocationSizeOverflow expectations 2024-08-19 22:31:29 -04:00
Ed Minnix bb1cf4f51f Fix tests 2024-08-19 20:14:23 -04:00
Ed Minnix e3ffbbe3b7 Fix extensible name in io/fs models 2024-08-19 19:02:07 -04:00
Ed Minnix 442026cc9d Fix test results 2024-08-19 17:23:32 -04:00
Ed Minnix 2629e09b67 Add `io/ioutil` and `io/fs` models 2024-08-19 17:22:46 -04:00
Ed Minnix a308bdb75d Modify UnhandledCloseWritableHandle to use post processing 2024-08-19 12:59:34 -04:00
Ed Minnix 5e8185ac4f Port test to inline expectations test 2024-08-19 12:44:30 -04:00
Ed Minnix 704cd8aee3 Update change note 2024-08-19 12:28:55 -04:00
Edward Minnix III fc38476e42 Fix models 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2024-08-19 12:25:55 -04:00
Ed Minnix f89174a6f3 CI changes (provenance) 2024-08-19 12:25:52 -04:00
Ed Minnix 0f7ad98a23 Change note 2024-08-19 12:25:48 -04:00
Ed Minnix eb8c785c6b Fix formatting 2024-08-19 12:25:43 -04:00
Ed Minnix 3f640a99d3 Tests for `file` models 2024-08-19 12:25:37 -04:00
Ed Minnix 383e27c2bd Add file sources 2024-08-19 12:25:27 -04:00
Owen Mansel-Chan 2d2afb17ad
Convert gocb nosql-injection sinks to MaD 2024-08-16 11:19:15 +01:00
Owen Mansel-Chan ec9d88b364
Convert mongodb nosql-injection sinks to MaD 2024-08-16 11:19:13 +01:00
Owen Mansel-Chan 86e9f15929
Accept MaD sinks with kind `nosql-injection` 2024-08-16 11:19:12 +01:00
Owen Mansel-Chan ced000ae46
Add `Argument.getACorrespondingSyntacticArgument` 2024-08-16 11:19:09 +01:00
Owen Mansel-Chan 652dd88c36
Convert database/sql/driver sql-injection sinks to MaD 2024-08-16 11:19:06 +01:00
Owen Mansel-Chan c7859ecebf
Improve SQL tests 
Separate the tests for Squirrel and database/sql. Add tests for
database/sql/driver.
 2024-08-16 11:19:04 +01:00
Owen Mansel-Chan 501bb3eb56
Convert database/sql sql-injection sinks to MaD 2024-08-16 11:19:03 +01:00
Owen Mansel-Chan ad213579a1
Convert Beego orm sql-injection sinks to MaD 2024-08-16 11:19:01 +01:00
Owen Mansel-Chan e1bdc7f5a7
Update Beego orm tests 2024-08-16 11:19:00 +01:00
Owen Mansel-Chan 3eb5b2669b
Convert Bun sql-injection sinks to MaD 2024-08-16 11:18:58 +01:00
Owen Mansel-Chan 3b2b7d7d1c
Convert Xorm sql-injection sinks to MaD 2024-08-16 11:18:57 +01:00
Owen Mansel-Chan ba310417a8
Convert Gorm sql-injection sinks to MaD 2024-08-16 11:18:55 +01:00
Owen Mansel-Chan 7ad63fc3e6
Convert sqlx sql-injection sinks to MaD 2024-08-16 11:18:54 +01:00
Owen Mansel-Chan db559f75b6
Convert gogf/gf sql-injection sinks to MaD 2024-08-16 11:18:52 +01:00
Owen Mansel-Chan ce0cb12c29
Upgrade and convert gorqlite sql-injection sinks to MaD 2024-08-16 11:18:51 +01:00
Owen Mansel-Chan 06f86dd22f
Convert squirrel sql-injection sinks to MaD (non-existent methods removed) 
Various non-existent methods were modeled, and I couldn't find any
evidence that they used to exist. They aren't in the stubs or tests. I
have removed them.
 2024-08-16 11:18:49 +01:00
Owen Mansel-Chan 0acb29d3dd
Update frameworks.csv 2024-08-16 11:15:13 +01:00
github-actions[bot] 86ab941acd Add changed framework coverage reports 2024-08-14 00:18:29 +00:00
Tom Hvitved aeabee3e34
Merge pull request #17179 from hvitved/shared/pretty-print-models 
Go/Java: Share more `PrettyPrintModels.ql` logic
 2024-08-13 14:15:40 +02:00
Tom Hvitved f83df76928 Shared: Apply `ShowProvenance` in `InlineFlowTest.qll` 2024-08-13 13:34:43 +02:00
Tom Hvitved d5a0df3f87 Go/Java: Share more `PrettyPrintModels.ql` logic 2024-08-13 12:48:22 +02:00
Owen Mansel-Chan 0dfdee775b
Merge pull request #17177 from owen-mc/go/mad/convert-sink-3 
Go: convert regex-use, url-redirection sinks to use models-as-data
 2024-08-12 16:21:48 +01:00
Owen Mansel-Chan 6b6e773ce1
Merge pull request #17196 from owen-mc/go/tidy-up-test-go-mod-2 
Go: Remove unneeded dependency from test go.mod
 2024-08-12 15:48:05 +01:00
Owen Mansel-Chan e6873cfb2e
Merge pull request #17195 from owen-mc/go/tidy-up-test-go-mod 
Go: Remove unneeded dependencies from test go.mod
 2024-08-12 15:45:32 +01:00
Michael Nebel 4a5c9f0ec4
Merge pull request #17007 from michaelnebel/shared/neutralimplementation 
C#/Java/Go: Neutrals are split into separate classes.
 2024-08-12 13:58:12 +02:00
Owen Mansel-Chan 600c84505f
Remove unneeded dependency from test go.mod 2024-08-12 10:15:36 +01:00
Owen Mansel-Chan 30dc2289a3
Remove unneeded dependencies from test go.mod 2024-08-12 10:14:09 +01:00
Owen Mansel-Chan 1df81dbfb6
Use `regex-use[receiver]` instead of `regex-use[-1]` 2024-08-11 00:37:25 +01:00
Owen Mansel-Chan 49f3959405
Convert url-redirection sinks to MaD 2024-08-11 00:29:53 +01:00
Owen Mansel-Chan 3a285f500e
Convert regex-use sinks to use MaD 2024-08-11 00:21:31 +01:00
Owen Mansel-Chan a5a999f7d6
Merge pull request #17162 from owen-mc/go/mad/convert-sink-2 
Go: Convert log-injection, path-injection and command-injection sinks to use models-as-data
 2024-08-11 00:20:42 +01:00
github-actions[bot] 8b51f9865d Add changed framework coverage reports 2024-08-10 00:18:17 +00:00
Owen Mansel-Chan 6f5a045437
Fix typo in package path 
Co-authored-by: Edward Minnix III <egregius313@github.com>
 2024-08-09 14:27:58 +01:00
Cornelius Riemenschneider cdf067703b Merge remote-tracking branch 'origin/main' into criemen/pytest-go 2024-08-09 09:59:29 +02:00
Cornelius Riemenschneider ae96111848 Revert "Simplify test." 
This reverts commit 2310bd94a4.
 2024-08-09 09:48:38 +02:00
Michael B. Gale 267ee3dce9
Merge pull request #17168 from github/dependabot/go_modules/go/extractor/extractor-dependencies-d889f6e8ba 2024-08-08 17:16:23 +01:00
Owen Mansel-Chan 32958e9625
Pretty print models in stored command test 2024-08-08 17:06:06 +01:00
Owen Mansel-Chan d066faf212
Update test expectatations 2024-08-08 17:06:01 +01:00
Owen Mansel-Chan 5ef37c4501
Converting command-injection sinks to use MaD 2024-08-08 17:03:57 +01:00
Owen Mansel-Chan 8536e7eb02
Convert path-injection sinks to use MaD 2024-08-08 17:03:53 +01:00
Owen Mansel-Chan fa472f5e18
Convert logging sinks to use MaD 2024-08-08 17:01:49 +01:00
Owen Mansel-Chan d240951da0
Merge pull request #17157 from owen-mc/go/mad/change-provenance-for-package-grouping 
Go: Change provenance for MaD models that use package grouping
 2024-08-08 16:57:31 +01:00
Alexander Eyers-Taylor ffd811a55d
Merge pull request #17182 from github/post-release-prep/codeql-cli-2.18.2 
Post-release preparation for codeql-cli-2.18.2
 2024-08-08 16:28:03 +01:00
Michael B. Gale 2109bba928
Go: Bump Go version in `ExternalValueFlow` test 2024-08-08 15:34:47 +01:00
github-actions[bot] cc6d87c276 Post-release preparation for codeql-cli-2.18.2 2024-08-08 12:56:21 +00:00
Cornelius Riemenschneider 2310bd94a4 Simplify test. 2024-08-08 13:51:38 +02:00
Owen Mansel-Chan 55de3511b0
Fix frameworks.csv 2024-08-08 10:31:00 +01:00
dependabot[bot] c1e242ecda
Bump golang.org/x/tools 
Bumps the extractor-dependencies group in /go/extractor with 1 update: [golang.org/x/tools](https://github.com/golang/tools).


Updates `golang.org/x/tools` from 0.23.0 to 0.24.0
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.23.0...v0.24.0)

---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-08-08 03:50:32 +00:00
github-actions[bot] 019da8c287 Release preparation for version 2.18.2 2024-08-07 14:02:38 +00:00
Alexander Eyers-Taylor 46577b585e
Revert "Release preparation for version 2.18.2" 2024-08-07 14:24:37 +01:00
Cornelius Riemenschneider 46cf779062 Address review. 2024-08-06 18:08:25 +02:00
Cornelius Riemenschneider ffde68aaec Merge remote-tracking branch 'origin/main' into criemen/pytest-go 2024-08-06 17:03:16 +02:00
Owen Mansel-Chan f0d1740ff8
Update text expectations 2024-08-06 13:48:45 +01:00
github-actions[bot] c14ba0e4bd Release preparation for version 2.18.2 2024-08-06 12:46:15 +00:00
Owen Mansel-Chan 572c773345
Change provenance for MaD models that use package grouping 2024-08-06 13:13:39 +01:00
Paolo Tranquilli 79740ed72b
Merge pull request #17145 from github/redsun82/go 
Go/Bazel: fix gazelle invocation to use bundled bazel go
 2024-08-06 10:36:40 +02:00
Dave Bartolomeo 7e82986e7c Update Go test expectations 2024-08-05 13:20:12 -04:00
Paolo Tranquilli 841f317cbd
Merge branch 'main' into redsun82/go 2024-08-05 14:30:28 +02:00
Cornelius Riemenschneider 133a0914b5 Delete old go integration test library. 2024-08-05 13:31:33 +02:00
Cornelius Riemenschneider 6cb6aeffbb Rename build-environment.expected to build_environment.expected. 
This follows the convention of our other expected files.
 2024-08-05 13:30:23 +02:00
Cornelius Riemenschneider aec06c8100 Port go tests. 2024-08-05 13:22:03 +02:00
Paolo Tranquilli ccec347b0a Go/Bazel: fix gazelle invocation to use bundled bazel go 2024-08-05 10:13:14 +02:00
dependabot[bot] 74596ef000
Bump golang.org/x/mod 
Bumps the extractor-dependencies group in /go/extractor with 1 update: [golang.org/x/mod](https://github.com/golang/mod).


Updates `golang.org/x/mod` from 0.19.0 to 0.20.0
- [Commits](https://github.com/golang/mod/compare/v0.19.0...v0.20.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-08-05 03:18:38 +00:00
github-actions[bot] f5394c9ee9 Add changed framework coverage reports 2024-08-04 00:19:56 +00:00
Owen Mansel-Chan 4d75832c9a
Update go/ql/test/query-tests/Security/CWE-643/XPathInjection.expected 2024-08-02 07:41:26 +01:00
Owen Mansel-Chan b95189d132
Merge branch 'main' into go/gokogiri/update-import-paths 2024-08-01 16:30:52 +01:00
Owen Mansel-Chan c23938d119
Merge pull request #17113 from owen-mc/go/xmlpath/add-more-package-paths 
Go: add more import paths for `xmlpath`
 2024-08-01 16:26:33 +01:00
Owen Mansel-Chan 9167057dfd
Update test expectations 2024-08-01 15:22:08 +01:00
Owen Mansel-Chan c75db669ed
Add import path for gokogiri 2024-08-01 15:21:24 +01:00
Owen Mansel-Chan 1a697fe993
Merge pull request #17115 from owen-mc/go/update-frameworks 
Go: add newly modeled packages to frameworks.csv
 2024-08-01 15:13:12 +01:00
Owen Mansel-Chan 3ccdce291a
Update test expectations 2024-08-01 15:12:08 +01:00
Owen Mansel-Chan 62adb31ca6
Add more import paths for xmlpath 2024-08-01 14:52:19 +01:00
Owen Mansel-Chan 9d866192a6
Add paths from QL models to MaD models 2024-08-01 14:52:18 +01:00
Owen Mansel-Chan 8325c4c69c
Updated .expected files 2024-08-01 13:12:21 +01:00
Owen Mansel-Chan cbe54717f6
Revert "Revert post-processing for 6 queries pending bug fix" 
This reverts commit a8236e1545.
 2024-08-01 13:10:06 +01:00
Owen Mansel-Chan d5dc95f1e6
Update frameworks.csv 2024-08-01 11:03:50 +01:00
Anders Schack-Mulligen 377301a55a
Merge pull request #17108 from aschackmull/dataflow/flowthrough-provenance 
Dataflow: Propagate provenance correctly for flow-through wrappers.
 2024-08-01 09:35:56 +02:00
Anders Schack-Mulligen 9724516c84 C#/Go/Java/Python/Ruby: Accept qltest .expected changes. 2024-07-31 14:45:10 +02:00
Owen Mansel-Chan 01c6dbaa27
Accept provenance numbering changes 2024-07-31 12:19:18 +01:00
Owen Mansel-Chan e4cd29efc6
Fix missing go-jose package path 2024-07-31 11:09:53 +01:00
Owen Mansel-Chan f8e8b362ab
Merge branch 'main' into workflow/coverage/update 2024-07-31 10:07:35 +01:00
github-actions[bot] d0c2b4a60f Add changed framework coverage reports 2024-07-31 00:15:22 +00:00
Owen Mansel-Chan a8236e1545
Revert post-processing for 6 queries pending bug fix 
This commit will be reverted when a bug is fixed which is currently
stopping these tests from working with post-processing.
 2024-07-30 12:58:01 +01:00
Owen Mansel-Chan ffeb86c1f5
Update `.expected` files 2024-07-30 12:54:42 +01:00
Owen Mansel-Chan 5c8f21d596
Use post-process provenance pretty-printing in ql tests 2024-07-30 11:35:10 +01:00
Owen Mansel-Chan 94f290411f
Use post-process provenance pretty-printing in qlref tests 2024-07-30 11:35:09 +01:00
Owen Mansel-Chan 9cb01d4573
Merge branch 'main' into go/mad/convert-sinks 2024-07-30 08:03:18 +01:00
Owen Mansel-Chan f307f272d5 Go: Use provenance pretty-printing as a qltest post-process step 2024-07-28 21:31:50 +01:00
Owen Mansel-Chan 6960c5232b Go: Add support for provenance pretty-printing as a qltest post-process step 2024-07-28 21:31:50 +01:00
Owen Mansel-Chan 1aa63c3f2e
Accept model numbering changes 2024-07-25 14:55:50 +01:00
Owen Mansel-Chan a6cb511ed7
Convert XPath injection sinks to MaD 2024-07-25 12:56:06 +01:00
Owen Mansel-Chan f3069c8fbb
Improve XPath injection test (incl extra sinks) 
Currently the extra sinks are not detected. This will be fixed in the
next commit.
 2024-07-25 12:55:05 +01:00
Owen Mansel-Chan 78b66abad3
Convert existing credentials sinks to MaD 
I checked that the tests failed when I removed the classes and passed
again when I add the MaD models.
 2024-07-25 12:53:16 +01:00
Owen Mansel-Chan 93c9910e6f
Convert go/request-forgery sinks to MaD 2024-07-25 12:53:15 +01:00
Owen Mansel-Chan f7d681516a
Allow MaD sinks for go/request-forgery 
Request forgery sinks which have `getRequest` different from the sink
itself cannot be modeled using models-as-data.
 2024-07-25 12:53:14 +01:00
Anders Schack-Mulligen 7a48fe1102 Dataflow: Replace ppReprType with DataFlowType.toString. 2024-07-25 13:08:47 +02:00
github-actions[bot] 49cc8f8ff8 Post-release preparation for codeql-cli-2.18.1 2024-07-22 22:00:48 +00:00
github-actions[bot] 368bcb684a Release preparation for version 2.18.1 2024-07-22 21:30:50 +00:00
Chuan-kai Lin 23320b6e5e
Revert "Release preparation for version 2.18.1" 2024-07-22 13:22:49 -07:00
github-actions[bot] 55935fc123 Release preparation for version 2.18.1 2024-07-22 14:56:15 +00:00
github-actions[bot] f83b70dbc2 Add changed framework coverage reports 2024-07-20 00:17:36 +00:00
Owen Mansel-Chan 24261b29d5
Merge pull request #17012 from owen-mc/go/mad/convert-sources-websockets 
Go: convert models for websocket readers as remote flow sources to models-as-data
 2024-07-19 10:04:27 +01:00
Michael Nebel 2796597d1a Code quality improvements. 2024-07-19 09:36:17 +02:00
Michael B. Gale 3a9ff64780
Go: Output stdout/stderr for `go version` if something goes wrong 2024-07-18 15:37:59 +01:00
Michael Nebel ca4bd0c606 C#/Java/Go: Neutrals are split into seperate classes. 2024-07-18 16:29:38 +02:00
Owen Mansel-Chan cb0589dfb7
Tests: accept model numbering changes 2024-07-18 11:35:52 +01:00
Owen Mansel-Chan fc17b905f0
Convert WebSocketReaderAsSource to MaD 2024-07-18 10:53:13 +01:00
Owen Mansel-Chan 0a2ed8302a
Add test for websocket remote flow sources 2024-07-18 07:45:03 +01:00
Owen Mansel-Chan 1e4aadfbfd
Trivial: improve variable name 2024-07-18 07:44:19 +01:00
Owen Mansel-Chan 8bc883274f
Minor improvement to jsoniter test 2024-07-18 07:38:23 +01:00
github-actions[bot] ca42eac589 Add changed framework coverage reports 2024-07-18 00:17:53 +00:00
Owen Mansel-Chan 433137ada6
Merge pull request #16960 from owen-mc/go/mad-sources-fasthttp 
Go: Convert fasthttp sources to MaD
 2024-07-17 21:31:49 +01:00
dependabot[bot] 3641dfebff
Bump the extractor-dependencies group across 1 directory with 2 updates 
Bumps the extractor-dependencies group with 2 updates in the /go/extractor directory: [golang.org/x/mod](https://github.com/golang/mod) and [golang.org/x/tools](https://github.com/golang/tools).


Updates `golang.org/x/mod` from 0.15.0 to 0.19.0
- [Commits](https://github.com/golang/mod/compare/v0.15.0...v0.19.0)

Updates `golang.org/x/tools` from 0.18.0 to 0.23.0
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.18.0...v0.23.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
- dependency-name: golang.org/x/tools
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-07-17 11:46:01 +00:00
Paolo Tranquilli bf69c76829
Merge pull request #16987 from github/redsun82/go 
Go/Bazel: use gazelle `go_deps` instead of a vendor directory
 2024-07-17 13:44:23 +02:00
Owen Mansel-Chan d109b1e20d
Accept model numbering changes in tests 2024-07-17 12:37:23 +01:00
Owen Mansel-Chan 6b52cd4957
Do not use "request" threat model kind 
It is not supported yet.
 2024-07-17 12:12:00 +01:00
Owen Mansel-Chan cfdd48711b
Convert Fasthttp::RequestHeader::RemoteFlowSource to MaD 2024-07-17 12:11:59 +01:00
Owen Mansel-Chan abeca3d9f9
Convert Fasthttp::RequestCtx::RemoteFlowSource to MaD 2024-07-17 12:11:58 +01:00
Owen Mansel-Chan 729069e3d9
Convert Fasthttp::Request::RemoteFlowSource to MaD 2024-07-17 12:11:57 +01:00
Owen Mansel-Chan c3169d258f
Convert Fasthttp::Args::RemoteFlowSource to MaD 2024-07-17 12:11:57 +01:00
Owen Mansel-Chan 5a00b5ec96
Convert Fasthttp::URI::RemoteFlowSource to MaD 2024-07-17 12:11:56 +01:00
Owen Mansel-Chan f33927457f
Adapt test to work better for MaD 
In MaD, `Argument[n]` corresponds to the post-update node of the
argument, which in the old version of the test will be the definition of
`dstReader` for the tests for `ReadBody`, `ReadLimitBody`,
`ContinueReadBodyStream`, `ContinueReadBody`.
 2024-07-17 12:11:55 +01:00
Owen Mansel-Chan a8a4a201bd
Merge pull request #16992 from owen-mc/go/mad/use-package-grouping 
Go: use package grouping in existing models-as-data models
 2024-07-17 12:08:26 +01:00
Owen Mansel-Chan f67026f2ad
Accept model numbering changes in tests 2024-07-17 11:02:28 +01:00
Owen Mansel-Chan 4c3220ea9d
Use package grouping in models for gocb 2024-07-17 10:36:38 +01:00
Owen Mansel-Chan 4b2075bfb1
Split models for separate protobuf packages into separate files 2024-07-17 10:36:37 +01:00
Owen Mansel-Chan aa0749e4ba
Use package grouping for go-jose/jwt models 2024-07-17 10:36:37 +01:00
Owen Mansel-Chan 8a5a9418c7
Add frameworks to frameworks.csv 2024-07-17 10:20:44 +01:00
Owen Mansel-Chan e6c7e1a0bc
Merge pull request #16990 from owen-mc/go/change-string-prefix-check 
Go: Change string prefix check
 2024-07-17 09:57:45 +01:00
Owen Mansel-Chan fc6b17ad64
Test: accept model numbers changing 2024-07-16 21:36:12 +01:00
Owen Mansel-Chan 535b4ea986
Convert net/http UserControlledRequestField sources to MaD 2024-07-16 16:53:02 +01:00
Owen Mansel-Chan 873fd6646b
Convert Revel::UserControlledRequestMethod sources to MaD 2024-07-16 16:53:01 +01:00
Owen Mansel-Chan 034f2d4221
Convert Revel field read sources to MaD 2024-07-16 16:53:01 +01:00
Owen Mansel-Chan 2da1de7b13
Use `packageGrouping` in Revel models 2024-07-16 16:53:00 +01:00
Owen Mansel-Chan 8647f69720
Change string prefix check 
This avoids putting all the prefixes in the string pool.
 2024-07-16 15:56:28 +01:00
Owen Mansel-Chan ca06589386
Make comments clearer 2024-07-16 12:14:21 +01:00
Owen Mansel-Chan cafb1181a0
Tests: Accept model numbering changes 2024-07-16 12:14:09 +01:00
Paolo Tranquilli e469534b84 Go/Bazel: use gazelle `go_deps` instead of a vendor directory 2024-07-16 13:12:37 +02:00
Owen Mansel-Chan 124567caa4
Convert Mux::RequestVars to MaD 2024-07-16 11:18:19 +01:00
Owen Mansel-Chan b3744ef230
Sort Gin source models 2024-07-16 11:18:18 +01:00
Owen Mansel-Chan 061c187a8e
Convert GithubComGinGonicGinContextBindSource to MaD 2024-07-16 11:18:18 +01:00
Owen Mansel-Chan ef833de123
Convert GithubComGinGonicGinContextSource to MaD 2024-07-16 11:18:17 +01:00
Owen Mansel-Chan 06a2a40f50
Convert GoRestfulReadEntitySource to MaD 2024-07-16 11:18:16 +01:00
Owen Mansel-Chan 7bfa4c1947
Convert GoRestfulSource to MaD 2024-07-16 11:18:14 +01:00
Anders Schack-Mulligen 0fb27fb6fc
Merge pull request #16979 from aschackmull/dataflow/internsets 
Dataflow: Replace MakeSets with QlBuiltins::InternSets.
 2024-07-16 10:47:07 +02:00
Anders Schack-Mulligen da5abc8321 Dataflow: Replace MakeSets with QlBuiltins::InternSets. 2024-07-15 13:35:57 +02:00
Owen Mansel-Chan 3efbee0d81
Accept provenance numbering changes 2024-07-14 16:06:29 +01:00
Owen Mansel-Chan 99ed3c2ac1
Convert ElazarlGoproxy::UserControlledRequestData to MaD 2024-07-14 14:28:48 +01:00
Owen Mansel-Chan 2ec64a9ca8
Convert EchoContextBinder to MaD 2024-07-14 14:28:47 +01:00
Owen Mansel-Chan 3fc598dbe9
Convert EchoContextSource to MaD 2024-07-14 14:28:46 +01:00