github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
54 970 коммитов 1 532 Ветки 130 Теги 474 MiB
Граф коммитов

653 Коммитов

Автор SHA1 Сообщение Дата
Kasper Svendsen 7c5625a4dc Go: Make implicit this receivers explicit 2023-05-12 12:14:13 +02:00
Chris Smowton ee64ea59e1
Merge pull request #12901 from porcupineyhairs/goDsn 
Go: Add query to detect DSN Injection.
 2023-05-11 22:45:43 +01:00
Chris Smowton 99f4eef9c5
Fix spelling 2023-05-11 22:12:35 +01:00
Chris Smowton a10b11e09e
Fix spelling and remove dead code 2023-05-11 22:12:17 +01:00
Chris Smowton b6c2db6baf
Fix duplicate query ID 2023-05-11 22:10:09 +01:00
Porcupiney Hairs 2c518c1fa6 Include changes from review 2023-05-12 01:59:42 +05:30
Porcupiney Hairs ae6fda03b7 Include changes from review 2023-05-11 23:56:50 +05:30
Porcupiney Hairs d536157c1a Go : Add query to detect potential timing attacks 2023-05-11 09:57:50 +05:30
Owen Mansel-Chan 5ef74c96de
Merge pull request #13105 from owen-mc/go/change-diagnostic-message 
Go: Update "go/autobuilder/package-not-found" diagnostic message
 2023-05-11 05:27:09 +01:00
Owen Mansel-Chan 270ba09ffb
Merge pull request #11732 from owen-mc/go/fix/model-data-flow-through-varargs 
Go: Allow data flow through varargs parameters
 2023-05-11 05:26:40 +01:00
Porcupiney Hairs ec424d7e51 Go: Add query to detect DSN Injection. 2023-05-11 03:45:29 +05:30
Owen Mansel-Chan 1c66564ccc
address review comments 2023-05-10 14:05:09 +01:00
Owen Mansel-Chan 8f41ff36fb
Add change note 2023-05-10 13:50:04 +01:00
Owen Mansel-Chan 50d3cffe61
Accept review comments 2023-05-10 13:28:11 +01:00
Owen Mansel-Chan fcf3cb7ea4
Update "go/autobuilder/package-not-found" message 2023-05-10 12:24:03 +01:00
Owen Mansel-Chan f9d2467eaa
Downgrade package-not-found diagnostic to warning 
error is reserved for when the build fails.
 2023-05-10 09:58:58 +01:00
Michael Nebel 4ac0396b67 Go/Python/Ruby/Swift: Sync files and make dummy implementation. 2023-05-08 16:18:59 +02:00
Kasper Svendsen 46727af948 Go: Enable warnings for implicit this receivers 2023-05-03 15:41:55 +02:00
Owen Mansel-Chan 3f645e9401
Merge pull request #13006 from kaspersv/kaspersv/go-explicit-this-receivers 
Go: Make implicit this receivers explicit
 2023-05-03 13:47:10 +01:00
Ian Lynagh b56b843d13
Merge pull request #12987 from github/post-release-prep/codeql-cli-2.13.1 
Post-release preparation for codeql-cli-2.13.1
 2023-05-03 13:12:10 +01:00
Kasper Svendsen e969018f99 Go: Make implicit this receivers explicit 2023-05-03 12:45:42 +02:00
github-actions[bot] 18d4af994d Post-release preparation for codeql-cli-2.13.1 2023-05-02 10:50:20 +00:00
Anders Schack-Mulligen ca09649679 Dataflow: Forward hasLocationInfo. 2023-05-02 10:48:32 +02:00
Anders Schack-Mulligen 5927bb2030 Dataflow: Replace "extends Node" with "instanceof Node". 2023-05-02 09:48:34 +02:00
Anders Schack-Mulligen 6c8cb0dc5e
Merge pull request #12930 from aschackmull/dataflow/split-typedcontent 
Dataflow: Refactor access paths to split TypedContent into an explicit pair
 2023-05-01 14:58:15 +02:00
github-actions[bot] 3bd29171fb Release preparation for version 2.13.1 2023-04-28 12:14:35 +00:00
Michael B. Gale edfe2d7ab7
Merge pull request #12944 from github/mbg/go/html-template-sanitizers 
Go: Add `html/template` functions as sanitisers for XSS queries
 2023-04-28 12:15:57 +01:00
Michael B. Gale 5a44fae515
Go: add test for unrelated A->C data flow 2023-04-28 10:56:12 +01:00
Owen Mansel-Chan 8415c4a4eb
Remove ArgumentNode assumption 2023-04-28 09:23:38 +01:00
Owen Mansel-Chan c7c0a73b90
Accept review suggestions 2023-04-28 09:23:37 +01:00
Owen Mansel-Chan 52cc61198d
Use `CallExpr.hasImplicitArgs()` 2023-04-28 09:23:37 +01:00
Owen Mansel-Chan b928f13d94
Add `CallExpr.hasImplicitArgs()` 2023-04-28 09:23:36 +01:00
Owen Mansel-Chan f3c1c53b54
Add CallExpr.getCalleeType() 
This avoids using `getTarget()`, so it works even when that doesn't
exist (for example when calling a variable with function type).
 2023-04-28 09:23:36 +01:00
Owen Mansel-Chan 3f095db853
Formatted parameters always a variadic parameter 2023-04-28 06:09:11 +01:00
Owen Mansel-Chan f2368a9441
Do not use variadic sink fn in tests 2023-04-28 06:09:11 +01:00
Owen Mansel-Chan bc0f9030e3
use CallNode.getSyntacticArgument 2023-04-28 06:09:10 +01:00
Owen Mansel-Chan 2d3fed9c07
Accept intended test result changes 2023-04-28 06:09:10 +01:00
Owen Mansel-Chan 17077f3ec5
Update OutParameter.getExitNode for implicit varargs slices 2023-04-28 06:09:10 +01:00
Michael B. Gale 72b082806b
Go: Update `html-template-escaping-passthrough` 
Modify this query to apply sanitizers only in the data flow
between untrusted inputs and passthrough conversion types.
 2023-04-27 17:14:38 +01:00
Anders Schack-Mulligen 71ae0909d8 Dataflow: Enforce type pruning in all forward stages. 2023-04-27 14:55:26 +02:00
Anders Schack-Mulligen 9140cbefc0 Dataflow: Sync. 2023-04-27 14:55:23 +02:00
Michael B. Gale 1aa1153ed6
Go: Add `html/template` as XSS queries sanitizer 2023-04-26 21:21:52 +01:00
Owen Mansel-Chan 39da26e9b5
Update ParameterInput.getEntryNode for implicit varargs slices 2023-04-26 14:35:20 +01:00
Owen Mansel-Chan 1e3d81842e
Update CallNode.getArgument for implicit varargs 
It now has one only result corresponding to a variadic parameter. If the
argument is followed by an ellipsis then it is just the argument itself.
Otherwise it is a ImplicitVarargsSlice node.
 2023-04-26 14:35:19 +01:00
Anders Schack-Mulligen d681671356 Dataflow: Sync. 2023-04-26 14:45:07 +02:00
Owen Mansel-Chan 3e73e02175
Update PostUpdateNodes for implicit varargs slices 
We don't want a post update node for the implicit varargs slice, and we
do want one for each argument which is stored in the implicit varargs
slice.
 2023-04-25 07:33:35 +01:00
Owen Mansel-Chan 73b712a8c9
Allow data flow through varargs parameters 2023-04-25 07:33:34 +01:00
Michael Nebel 656d8d2451 Sync files. 2023-04-20 11:29:51 +02:00
Owen Mansel-Chan 2914480ff6
Avoid platform-specific results 
These were introduced in https://github.com/github/codeql/pull/12750 but
the relevant tests that should have caught it weren't run.
 2023-04-19 11:18:19 +01:00
Alex Ford 924ce250dd
Merge pull request #12847 from github/post-release-prep/codeql-cli-2.13.0 
Post-release preparation for codeql-cli-2.13.0
 2023-04-18 14:40:40 +01:00