github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
71 972 коммитов 1 532 Ветки 130 Теги 474 MiB
Граф коммитов

2670 Коммитов

Автор SHA1 Сообщение Дата
github-actions[bot] 21d0c78376 Post-release preparation for codeql-cli-2.10.3 2022-08-11 23:20:39 +00:00
github-actions[bot] 57c4f9145b Release preparation for version 2.10.3 2022-08-11 11:12:15 +00:00
Erik Krogh Kristensen 887f6557ed
fix common misspellings throughout github/codeql 2022-08-10 23:21:41 +02:00
Chris Smowton bf24d7886a Accept test changes 2022-08-10 18:10:02 +01:00
Chris Smowton 2abd1f77f4 Go: implement conservative cross-thread dataflow 
Steps into captured variables are moved into jumpStep where they always should have been, and the store/load step implementation for channels is completed.

For the time being this takes a very conservative approach to identify channels that are likely connected: if there is exactly one receive site and one send site for a field, the two are presumed connected.
 2022-08-10 12:44:12 +01:00
Erik Krogh Kristensen 559ec7ba56 Merge branch 'main' into repeatedWord 2022-08-09 21:22:47 +02:00
Chris Smowton 96091e4fa0
Merge pull request #9947 from github/smowton/fix/golang-path-injection-numeric-sanitizer 
Go: note that numeric-typed nodes can't cause path traversal
 2022-08-04 09:00:34 +01:00
Chris Smowton e04c77ce15
Rename sanitizer 2022-08-03 09:37:20 +01:00
Chris Smowton e04a9b5805
Add change note 2022-08-02 11:37:27 +01:00
Chris Smowton 13b2b7674d
Go: note that numeric-typed nodes can't cause path traversal 2022-08-02 11:28:28 +01:00
github-actions[bot] e8747d3176 Post-release preparation for codeql-cli-2.10.2 2022-07-28 20:00:09 +00:00
github-actions[bot] 212786ed91 Release preparation for version 2.10.2 2022-07-28 13:38:35 +00:00
Cornelius Riemenschneider ca819573f5
Merge pull request #9862 from github/adityasharad/codeql-cli-2.10.1-mergeback 
Merge codeql-cli-2.10.1 into main
 2022-07-20 10:42:34 +02:00
Andrew Eisenberg 2f50549184 Move definitions.ql back to src 2022-07-15 11:48:15 -07:00
github-actions[bot] 0ee476129a Post-release preparation for codeql-cli-2.10.1 2022-07-14 14:38:49 +00:00
Erik Krogh Kristensen 85a652f3d1 remove a bunch of repeated words 2022-07-14 12:42:48 +02:00
github-actions[bot] d1aa0d7dd3 Release preparation for version 2.10.1 2022-07-14 08:56:03 +00:00
github-actions[bot] d506f448ef Post-release preparation for codeql-cli-2.10.0 2022-06-24 07:36:33 +00:00
github-actions[bot] a74051c658 Release preparation for version 2.10.0 2022-06-23 11:17:46 +00:00
Anders Schack-Mulligen df6d68b215
Merge pull request #9618 from aschackmull/dataflow/deprecate-barrierguard-class 
Dataflow: Deprecate BarrierGuard class
 2022-06-22 10:44:08 +02:00
Anders Schack-Mulligen f8f9b7d3b4
Apply suggestions from code review 2022-06-21 14:11:36 +02:00
Chris Smowton 7bb0d62863
Update `comparisonBarrierGuard` qldoc 2022-06-21 12:12:17 +01:00
Chris Smowton 8ae4c21a3e
Update doc for `divideByZeroSanitizerGuard` 2022-06-21 12:11:19 +01:00
Edoardo Pirovano 70dbd92e25
Bump minor version of all regularly released packs 2022-06-21 11:22:58 +01:00
Edoardo Pirovano ad02b85efa
Merge branch `main` into `rc/3.6` 2022-06-21 11:15:25 +01:00
Cornelius Riemenschneider 091299668a
Merge pull request #9617 from github/criemen/fix-go-pattern-lua-config 
Go: Properly escape dash in tracing-config.lua
 2022-06-21 11:45:14 +02:00
Anders Schack-Mulligen a4796e1542 Add change notes. 2022-06-21 11:17:47 +02:00
Ian Lynagh f22de1ac81
Merge pull request #9583 from igfoo/igfoo/locationdocs 
Fix broken links to information about Locations
 2022-06-20 17:28:24 +01:00
Anders Schack-Mulligen 87d5305f5b Go: Ad-hoc patch the shared libs. 2022-06-20 15:46:38 +02:00
Anders Schack-Mulligen 406f5b525b Go: Deprecate and replace BarrierGuard class 2022-06-20 15:46:27 +02:00
Cornelius Riemenschneider d3c7395fa2
Go: Properly escape dash in tracing-config.lua 
Previously, the pattern didn't match what it was intended to match.
 2022-06-20 14:29:50 +02:00
Rasmus Wriedt Larsen ae44a941f9
Merge pull request #9421 from RasmusWL/inline-brackets 
Inline Expectation Tests: Allow `tag[foo bar]`
 2022-06-20 10:01:19 +02:00
Rasmus Wriedt Larsen b65a10d1ef Inline Expectation Tests: sync 2022-06-17 17:38:19 +02:00
Ian Lynagh b80e6421b6 Fix broken links to information about Locations 2022-06-16 16:57:59 +01:00
Chris Smowton 16a2107f89 Go autobuilder: don't attempt a go mod tidy when there's a vendor directory present 
This is likely to spuriously remove dependencies leading to a later build failure due to missing requirements.
 2022-06-16 10:12:39 +01:00
github-actions[bot] 1ed70d51d7 Post-release preparation for codeql-cli-2.9.4 2022-06-15 13:25:20 +00:00
github-actions[bot] 104ac05f49 Release preparation for version 2.9.4 2022-06-15 08:22:38 +00:00
Dave Bartolomeo 5e5e2646e2 Fix `codeql/suite-helpers` dependency for Go 2022-06-07 10:55:49 -04:00
Rasmus Wriedt Larsen 50196d099b Inline Expectation Tests: sync 2022-06-03 11:39:57 +02:00
Rasmus Wriedt Larsen 07c22a857f
Merge pull request #9420 from RasmusWL/sync-go-inline 
Go: Sync InlineExpectationsTest
 2022-06-03 11:37:13 +02:00
Chris Smowton 04422eeaee
Merge pull request #9378 from porcupineyhairs/goJwtSign 
Golang : Add query to detect JWT signing vulnerabilities
 2022-06-02 20:53:03 +01:00
Chris Smowton d5ac7190cc Remove duplicate function 2022-06-02 17:02:54 +01:00
Chris Smowton e54b29a846 Autoformat 2022-06-02 15:58:29 +01:00
Chris Smowton 602495df4c Replace cases accidentally handled by CompareExprSanitizer with ReturnedAlongsideErrorSanitizerGuard 2022-06-02 15:53:41 +01:00
Chris Smowton b48a07e7b8 Tighten up CompareExprSanitizer 
- Document
- Only actually consider comparisons
- Don't sanitize literals
 2022-06-02 15:18:38 +01:00
Chris Smowton 3155771abe Rename empty-string sanitizer to reflect what it actually does. 2022-06-02 15:10:02 +01:00
Chris Smowton bfbc1d48b7 Simplify redundant sanitizer 2022-06-02 15:02:41 +01:00
Porcupiney Hairs 361b7037c6 Include suggested changes from review. 2022-06-02 19:11:44 +05:30
Rasmus Wriedt Larsen 0b486ade9b Go: Autoformat 2022-06-02 15:12:13 +02:00
Rasmus Wriedt Larsen aadf7aefb0 Go: Use new location in `hasLocationInfo` 2022-06-02 15:05:58 +02:00
Rasmus Wriedt Larsen 3f857e113c Go: Adjust `hasActualResult` overrides 2022-06-02 14:55:27 +02:00
Rasmus Wriedt Larsen 86caf747f3 Go: Sync InlineExpectationsTest 2022-06-02 14:54:51 +02:00
Porcupiney Hairs 1ef42a11ad Include suggested changes from review. 2022-06-02 16:04:29 +05:30
Porcupiney Hairs ae2bc1b410 Include suggested changes from review. 2022-05-31 23:10:57 +05:30
Nick Rolfe f417c12c5e
Merge pull request #9332 from github/post-release-prep/codeql-cli-2.9.3 
Post-release preparation for codeql-cli-2.9.3
 2022-05-31 16:17:50 +01:00
Porcupiney Hairs e0f74a51ac Include suggested changes from review. 2022-05-31 17:17:54 +05:30
Chris Smowton d4f9c75315
Remove dead code 2022-05-31 11:14:36 +01:00
Chris Smowton cea909f03e Autoformat 2022-05-31 11:14:00 +01:00
Chris Smowton 8b32eaf05c
Copyedits 2022-05-31 11:05:40 +01:00
github-actions[bot] ed2f3409bc Post-release preparation for codeql-cli-2.9.3 2022-05-31 09:54:55 +00:00
Porcupiney Hairs 5c5e978d30 Remove local data flow query 2022-05-31 03:53:02 +05:30
Porcupiney Hairs bd1ddc177e Golang : Add query to detect JWT signing vulnerabilities 
Supersedes github/codeql-go#705
 2022-05-31 01:56:59 +05:30
Porcupiney Hairs ae2cc378e5 Golang : Add Query To Detect PAM Authorization Bugs 2022-05-31 01:28:55 +05:30
github-actions[bot] 1f1b364feb Release preparation for version 2.9.3 2022-05-25 07:46:48 +00:00
Aditya Sharad beddd306f5
Docs: Update references to github/codeql-go 
github/codeql-go is being merged into github/codeql.
Update references to `codeql-go` within the CodeQL CLI docs.
Add Go to the list of mentioned languages where applicable.

Leave an explanatory note in the setup instructions about the
previous requirement to check out `github/codeql-go`, and
mention this is no longer necessary.

The remaining references are to historical commits,
which will continue to exist.
 2022-05-20 12:10:21 -07:00
Chuan-kai Lin 827c7ab153 Go: fix search and tool paths for 'make test' 2022-05-20 10:22:47 -07:00
Arthur Baars 7bc6c10f5b Go: fix search-path for 'make test' 2022-05-20 10:22:47 -07:00
Chuan-kai Lin c58b5397c2 Go: delete test qhelp file 
There shouldn't be qhelp files in the ql/test tree.
https://github.com/github/codeql/pull/8631#issuecomment-1087316116
 2022-05-20 10:22:47 -07:00
Chuan-kai Lin 1276c41e83 codeql-go merge prep: integrate go/ into codeql 2022-05-20 10:22:47 -07:00
Chuan-kai Lin aa514fff32 codeql-go merge prep: move into go/ directory 2022-05-20 10:07:19 -07:00