github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
65 231 коммит 1 534 Ветки 130 Теги 471 MiB
Граф коммитов

1759 Коммитов

Автор SHA1 Сообщение Дата
Arthur Baars c219b1a3c7
Merge pull request #16013 from github/rc/3.13 
Merge rc/3.13 into main
 2024-03-21 16:04:58 +01:00
Henry Mercer 4e3a6e2140
Merge pull request #15874 from github/henrymercer/mark-loc-as-telemetry 
Show lines of code data in debug mode only
 2024-03-21 12:20:09 +00:00
Michael Nebel 6619be3137
Merge pull request #15940 from michaelnebel/csharp/sourcesinktests 
C#: Source- and sink tests.
 2024-03-21 08:12:16 +01:00
Henry Mercer a76832f4e0 Mark LOC queries as `debug` instead 2024-03-20 21:18:55 +00:00
Michael B. Gale 06134467e9
Go: Make `CODEQL_EXTRACTOR_GO_FAST_PACKAGE_INFO` true by default 2024-03-20 12:01:49 +00:00
Dave Bartolomeo 311ba8ea1b Merge from `main` to resolve conflicts 2024-03-19 10:41:31 -04:00
Michael Nebel 70c6744944 Java/Go/Swift: Sync changes. 2024-03-19 14:20:43 +01:00
Tom Hvitved fc55567d90
Merge pull request #15853 from hvitved/dataflow/get-location 
Data flow: Replace `hasLocationInfo` with `getLocation`
 2024-03-18 20:21:46 +01:00
github-actions[bot] aebe9f6992 Post-release preparation for codeql-cli-2.16.5 2024-03-18 12:16:26 +00:00
github-actions[bot] 0a6243d07b Release preparation for version 2.16.5 2024-03-18 10:14:07 +00:00
Max Schaefer d3e0a90ae5 Go: Mention raw string iterals in QHelp for `go/incomplete-hostname-regexp`. 2024-03-15 11:22:40 +00:00
Tony Torralba 20691e409c Add change note 2024-03-14 11:56:43 +01:00
Tony Torralba 87b2dcc892 Adjust test expectations 2024-03-14 10:25:04 +01:00
Tony Torralba d8c0ab8e1f Go: Consider more strings as hardcoded credentials 2024-03-14 10:11:39 +01:00
Tom Hvitved e4a4c18166 Go: Implement new data flow interface 2024-03-13 14:41:57 +01:00
Tom Hvitved dddba3228b
Merge pull request #15867 from hvitved/dataflow/ap-limit 
Data flow: Add `ConfigSig::accessPathLimit`
 2024-03-12 14:57:51 +01:00
Henry Mercer c325ff8a23 Mark lines of code queries as telemetry queries 
The new file coverage metrics are available in all supported GHES
versions. This PR tags lines of code queries as telemetry queries. Lines
of code information will still be available in the SARIF file, but it
will no longer be displayed in the logging output of the CLI.

The one exception is the metric queries for Java/Kotlin that provides
separate lines of code information for Java and Kotlin. I've kept these
since separate file coverage information for languages like Java and
Kotlin is only available for GHES 3.12 and later.
 2024-03-11 16:40:31 +00:00
Tony Torralba 04436208ab
Merge pull request #15843 from atorralba/atorralba/go/uncontrolled-allocation-size 
Go: Promote `go/uncontrolled-allocation-size` from experimental
 2024-03-11 16:12:27 +01:00
Tony Torralba ff2d78d2c8
Update go/ql/src/Security/CWE-770/UncontrolledAllocationSize.ql 2024-03-11 15:53:40 +01:00
Tom Hvitved da66281fef Sync files 2024-03-11 13:02:04 +01:00
Tony Torralba a09eb9f4c5
Update go/ql/src/Security/CWE-770/UncontrolledAllocationSize.ql 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2024-03-11 08:58:59 +01:00
Owen Mansel-Chan 820c14577a
Merge pull request #13553 from am0o0/amammad-go-bombs 
Go: Decompression Bombs
 2024-03-10 13:48:04 +00:00
am0o0 43df6a2c07 add comments for already implemented `io.Read` and `io.WriteTo` Sinks. 
remove some sinks about `"decompressor"` which was added wrongly.
change `GeneralReadIoSink` type from module to class.
separate `KlauspostGzipAndPgzip` `KlauspostPgzip` and `KlauspostGzip`.
 2024-03-08 20:05:46 +04:00
am0o0 66130d208e convert abstract predicate `isAdditionalFlowStep` to non-abstract 2024-03-08 19:30:41 +04:00
Tony Torralba 138ce42cf6 Fix qhelp 2024-03-07 15:22:46 +01:00
Tony Torralba 7d74125508 Go: Promote go/uncontrolled-allocation-size 2024-03-07 15:17:49 +01:00
github-actions[bot] dc9092c9ec Post-release preparation for codeql-cli-2.16.4 2024-03-06 22:19:33 +00:00
github-actions[bot] 2f058ffb4d Release preparation for version 2.16.4 2024-03-06 20:56:51 +00:00
Angela P Wen ce31f8641a
Revert "Release preparation for version 2.16.4" 2024-03-06 12:07:33 -08:00
Owen Mansel-Chan 4e5a6d770a
Merge branch 'main' into workflow/coverage/update 2024-03-06 13:43:05 +00:00
Owen Mansel-Chan f1115af146
Merge pull request #15130 from Malayke/main 
Go: new query for detect DOS vulnerability
 2024-03-06 11:32:57 +00:00
Tony Torralba f4c2e65614
Merge pull request #15812 from atorralba/atorralba/go/squirrel-sinks 
Go: Add SQLi sinks for Squirrel
 2024-03-06 12:09:19 +01:00
Malayke 02bab4c15a
Update go/ql/src/experimental/CWE-770/DenialOfService.ql 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2024-03-06 17:57:20 +08:00
github-actions[bot] b71074f9c4 Add changed framework coverage reports 2024-03-06 00:16:26 +00:00
github-actions[bot] 661e68dab5 Release preparation for version 2.16.4 2024-03-05 18:13:58 +00:00
Angela P Wen 967963a653
Revert "Release preparation for version 2.16.4" 2024-03-05 08:53:33 -08:00
Tony Torralba e78e71c875 List Squirrel builders explicitly 2024-03-05 16:05:22 +01:00
Michael B. Gale 40ff75db07
Go: Update list of expected files for `single-go-mod-and-go-files-not-under-it` test 2024-03-05 14:56:51 +00:00
Tony Torralba a264ea23c6 Go: Add SQLi sinks for Squirrel 2024-03-05 15:35:34 +01:00
Michael B. Gale a8d240dd72
Go: Add integration test for mixed layout project 2024-03-05 14:08:16 +00:00
Michael B. Gale ac394dc80c
Go: Better check for path prefixes 2024-03-05 13:46:33 +00:00
Owen Mansel-Chan 8e43c5c683
Merge pull request #15811 from owen-mc/go/limit-password-heuristics 
Go: Only check strings of length <= 100 for dummy password with <= 2 unique characters
 2024-03-05 13:42:26 +00:00
Michael B. Gale b1e0bc03ab
Go: Fix check for whether it is safe to initialise a `go.mod` file in a given directory 2024-03-05 12:48:21 +00:00
Michael B. Gale 367ecf75d5
Go: Use import path for auto-generated Go module names 2024-03-05 12:48:21 +00:00
Michael B. Gale 2aa093c95c
Go: Move `getImportPath` to shared `util` package 2024-03-05 12:48:19 +00:00
Owen Mansel-Chan 4dde1fb117
Only check strings of length <= 100 for dummy password with <= 2 unique characters 2024-03-05 11:45:17 +00:00
Tony Torralba a78e04eb34
Merge pull request #15795 from atorralba/atorralba/go/macaron-sources 
Go: Add Macaron sources
 2024-03-05 09:08:58 +01:00
github-actions[bot] a67218a027 Release preparation for version 2.16.4 2024-03-04 17:42:08 +00:00
Tony Torralba 7286f56718 Change tests to inline expectations 2024-03-04 17:29:12 +01:00
Owen Mansel-Chan dcc2b2c50d
Merge pull request #15057 from aydinnyunus/main 
Web Cache Deception Vulnerability on Go Frameworks
 2024-03-04 14:36:39 +00:00