github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
54 970 коммитов 1 541 ветка 130 Теги 480 MiB
Граф коммитов

653 Коммитов

Автор SHA1 Сообщение Дата
Owen Mansel-Chan ebdea243b2
Make qldoc clearer about behaviour of override 2022-11-25 09:46:07 +00:00
Erik Krogh Kristensen b2267c0e49
Merge pull request #11343 from erik-krogh/redundantAssignment 
QL: add redundant-assignment query
 2022-11-22 13:03:14 +01:00
Edoardo Pirovano 6c33ddcd47
Merge pull request #11349 from github/edoardo/2.11.4-mergeback 
Merge `rc/3.8` into `main`
 2022-11-21 18:08:27 +00:00
erik-krogh 64707f4f7b
remove redundant assignments 2022-11-21 17:45:05 +01:00
github-actions[bot] 5b14ebf22a Post-release preparation for codeql-cli-2.11.4 2022-11-18 11:26:00 +00:00
erik-krogh 23dc977d48
add a severity to incompleteswitchoverenum.ql to fix a compiler warning 2022-11-18 10:29:42 +01:00
Alvaro Muñoz 8a27660615 change handler function name 2022-11-18 09:43:17 +01:00
Alvaro Muñoz 69ecbda133 add change note 2022-11-18 09:43:17 +01:00
Alvaro Muñoz 7496b61b8d Add rsync since both --rsh and --rsync-path admit commands 2022-11-18 09:43:17 +01:00
github-actions[bot] e105c13e77 Release preparation for version 2.11.4 2022-11-17 16:40:45 +00:00
Owen Mansel-Chan 4073d77635
Add change notes 2022-11-17 14:27:07 +00:00
Owen Mansel-Chan ab15a19028
Address review comments 2022-11-17 14:27:07 +00:00
Owen Mansel-Chan 166a3688f8
Use standard variable names for `hasLocationInfo` 
This makes them match the QLDoc and also other implementations of
`hasLocationInfo`.
 2022-11-17 14:27:07 +00:00
Owen Mansel-Chan 1a65a27fde
Update test expectations 
In https://github.com/github/codeql/pull/8641, `localFlowExit` was
changed to use `Stage2::readStepCand` instead of `read`, which means
that the big-step relation is broken up less. This causes test result
changes. Nothing is lost from the `select` clause, but some results may
have fewer paths, and fewer nodes and edges are output in the test
results.
 2022-11-17 14:27:06 +00:00
Owen Mansel-Chan 71aeeee7c8
Accept trivial change to test output 
In the `subpaths` section, the last node is now printed without its type
if it is the sink of the path.

This comes from the commit "Dataflow: Bugfix: include subpaths ending at
a sink. " in https://github.com/github/codeql/pull/7526
 2022-11-17 14:27:06 +00:00
Owen Mansel-Chan f2e2c02db6
Rename predicates to avoid clashes 2022-11-17 14:27:06 +00:00
Owen Mansel-Chan 1718ef88be
Data flow: Inline local(Expr)?(Flow|Taint) 
See https://github.com/github/codeql/pull/7791
 2022-11-17 14:27:05 +00:00
Owen Mansel-Chan 736435adda
Go: Add stub `expectsContent` 
Corresponds to https://github.com/github/codeql/pull/8870
 2022-11-17 14:27:05 +00:00
Owen Mansel-Chan 50210a9d24
Go: ParameterPosition and ArgumentPosition 
Corresponds to https://github.com/github/codeql/pull/7260, though some
of those changes had already been made.
 2022-11-17 14:27:05 +00:00
Owen Mansel-Chan 83a3af2fff
Go: Summarized Callable 
Corresponds to https://github.com/github/codeql/pull/9270
 2022-11-17 14:27:04 +00:00
Owen Mansel-Chan 10ed4ad3df
Go: Split `summaryThroughStep` into two predicates 
Cf. https://github.com/github/codeql/pull/9195
 2022-11-17 14:27:04 +00:00
Owen Mansel-Chan 1ee5d3e80e
Move ParameterPosition etc to DataflowDispatch.qll 2022-11-17 14:27:04 +00:00
Owen Mansel-Chan e5829201e1
Go: Implement ContentSet 2022-11-17 14:27:03 +00:00
Owen Mansel-Chan 282699e5b5
Go: Refactor SummarizedCallable. 
Equivalent of https://github.com/github/codeql/pull/9210
 2022-11-17 14:27:03 +00:00
Owen Mansel-Chan c768f04e32
Go: Introduce generated flag as a part of the kind column for flow summaries 
Equivalent of https://github.com/github/codeql/pull/8628
 2022-11-17 14:27:03 +00:00
Owen Mansel-Chan dae60c9deb
Update data flow libraries to 55e052af26 2022-11-17 14:27:02 +00:00
github-actions[bot] fca754bddd Post-release preparation for codeql-cli-2.11.3 2022-11-05 14:30:48 +00:00
github-actions[bot] 508327235a Release preparation for version 2.11.3 2022-11-04 20:16:23 +00:00
erik-krogh f9195d194b
go: make sure the source/sink have the same type as the `edges` relation 2022-11-03 11:20:15 +01:00
erik-krogh c9fcef2608
go: add a precision tag to go/examples/deferinloop 2022-11-03 11:20:15 +01:00
erik-krogh 1ec204987d
go: remove precision from metric queries 2022-11-03 11:20:15 +01:00
Dave Bartolomeo 9d5e5e3ee7 `${workspace}` all the things 2022-11-01 13:29:05 -04:00
Arthur Baars aba87a139d
Merge pull request #10668 from aibaars/ruby-deps 
Ruby: update dependencies
 2022-11-01 13:55:42 +01:00
erik-krogh 84a7fddd95
remove explicit versions in lock files, as the dependencies are all installed locally 2022-11-01 09:09:26 +01:00
Chris Smowton 3573e211cc Correct test expectations 2022-10-29 11:40:58 +01:00
Chris Smowton b6e4f472d1 Remove unnecessary import 2022-10-29 11:40:57 +01:00
Chris Smowton 6d321e0151 Add change note 2022-10-29 11:40:57 +01:00
Chris Smowton 5c66d87ed6 gofmt 2022-10-29 11:40:57 +01:00
Chris Smowton 0c6c135967 Go: exclude protobuf read steps from cleartext-logging query 
This query already treats structs differently to usual: it includes field -> whole struct taint steps, but explicitly excludes struct -> field steps. This means that a logging framework sinking an entire struct with a tainted field yields an alert, but we don't get FPs caused by writing field `x` but then reading field `y`.

However, protobuf messages have a special treatment, with taint usually associated with the whole struct and getter methods propagating that taint out. Suppressing these getter method steps specifically for the cleartext-logging query mirrors its treatment of structs in general and avoids this sort of field-mismatch FP.

On the downside we will miss same-field propagation like `m.field = password; Log(m.GetField())` if we don't have source code for the implementation of `m`. However this is hopefully unusual since the typical use of protobufs is to serialize and deserialize, rather than using the struct as a general-purpose datastructure.
 2022-10-29 11:40:57 +01:00
Chris Smowton f9e811bddf Legacy support qlpacks: continue using libraryPathDependencies; add a comment noting this is obsolete. 2022-10-28 16:47:30 +01:00
Chris Smowton ee63e60bb7 qlpacks: libraryPathDependencies -> dependencies 2022-10-28 16:07:36 +01:00
Rasmus Wriedt Larsen 8628ff5e52
Merge pull request #10999 from RasmusWL/inline-fail-tag 
InlineExpectationsTest: Fail if missing `getARelevantTag`
 2022-10-28 10:35:49 +02:00
Rasmus Wriedt Larsen fc7eb5b4fc
InlineExpectationsTest: sync 2022-10-27 09:02:28 +02:00
Henry Mercer c1984ea35f Go: Update expected output 2022-10-26 19:11:21 +01:00
Rasmus Wriedt Larsen 5e9897d150
InlineExpectationsTest: sync 2022-10-26 18:21:13 +02:00
Henry Mercer b0b321a16f
Go: Standardise formatting 2022-10-26 16:31:08 +01:00
Henry Mercer 4bc8529490
Go: Extract locations of successfully extracted files 
Switch the successfully extracted files query to the `location, message` results format so that we get rich location information when exporting the results of this query to SARIF.  Previously the query used the `message` results format, which meant the interpreted results lacked a location.
 2022-10-26 16:28:02 +01:00
github-actions[bot] be7693283b Post-release preparation for codeql-cli-2.11.2 2022-10-21 08:07:17 +00:00
Arthur Baars c59c6f6eb6
Update go/ql/src/CHANGELOG.md 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2022-10-20 15:22:54 +02:00
Arthur Baars 45c9a0d0b1
Apply suggestions from code review 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2022-10-20 15:22:29 +02:00
github-actions[bot] 9a0848bbc4 Release preparation for version 2.11.2 2022-10-20 11:05:19 +00:00
Josh Soref 0a4c724b69 spelling: implementation 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:36 -04:00
Josh Soref e6998d40c3 spelling: cryptographically 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:36 -04:00
Josh Soref 9b372f3db4 spelling: characters 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:36 -04:00
Josh Soref b1052992fe spelling: against 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:35 -04:00
Dave Bartolomeo 5ee7986649
Merge pull request #10736 from github/post-release-prep/codeql-cli-2.11.1 
Post-release preparation for codeql-cli-2.11.1
 2022-10-07 14:23:31 -04:00
github-actions[bot] b8ef9e0ddc Post-release preparation for codeql-cli-2.11.1 2022-10-07 15:59:45 +00:00
erik-krogh 99b7c77abc
add change-note 2022-10-07 13:44:36 +02:00
erik-krogh d5c45056bd
fix some more style-guide violations in the alert-messages 2022-10-07 11:21:01 +02:00
github-actions[bot] a02dcdc5e1 Release preparation for version 2.11.1 2022-10-07 02:20:28 +00:00
Chris Smowton 28fa06ab9c
Merge pull request #10709 from gregxsunday/main 
add BeegoInput.RequestBody source to Beego framework
 2022-10-06 16:04:04 +01:00
Chris Smowton 812a5e5c74
Autoformat test.go 2022-10-06 14:08:56 +01:00
Chris Smowton 4e161c867e
Rename 2022-10-06-beego- to 2022-10-06-beego-request-body-source.md 2022-10-06 14:01:36 +01:00
Chris Smowton 7d98b74eec
Create 2022-10-06-beego- 2022-10-06 14:00:52 +01:00
gregxsunday 9960d11042 added RequestBody source to Beego framework 2022-10-06 13:23:56 +02:00
Henry Mercer d80d39504f Tag successfully extracted files queries 
Tag the successfully extracted files queries with
`successfully-extracted-files` to make them easier to identify
programmatically in a language-independent way.
This follows the prior art for lines of code queries, which are tagged
`lines-of-code`.
 2022-10-05 19:19:43 +01:00
Chris Smowton a8197b27aa
Merge pull request #10561 from github/henrymercer/go-consistent-query-id 
Go: Use a consistent query identifier for successfully extracted files
 2022-09-24 17:22:56 +01:00
github-actions[bot] 6cef0af5df Post-release preparation for codeql-cli-2.11.0 2022-09-23 21:01:40 +00:00
Henry Mercer 8f9dafcce9
Go: Use a consistent query identifier for successfully extracted files 
Update the query identifier for
`Diagnostics/SuccessfullyExtractedFiles.ql` to be consistent with other
languages.
 2022-09-23 16:02:36 +01:00
github-actions[bot] f5cf8cffa3 Release preparation for version 2.11.0 2022-09-22 20:14:12 +00:00
Henry Mercer f8f99af8b7 Bump the minor version of packs we regularly release 2022-09-22 12:14:19 +01:00
Andrew Eisenberg 99e8cb78b0
Merge pull request #10496 from aeisenberg/aeisenberg/merge-rc3.7-into-main 
Aeisenberg/merge rc3.7 into main
 2022-09-21 08:09:47 -07:00
erik-krogh 175d3acf4d
reword alert-message `go/user-controlled-bypass` to avoid using "here" 2022-09-20 22:51:35 +02:00
erik-krogh 83bedc0320
be more specific about what the source is in `go/suspicious-character-in-regex`, which also avoids using "here" in the alert-message 2022-09-20 22:51:35 +02:00
erik-krogh 1be14962a0
use "depends to" for a taint-tracking query 2022-09-20 22:51:35 +02:00
erik-krogh c241185c21
avoid more instances of "this location" and "here" in alert-messages 2022-09-20 22:51:35 +02:00
erik-krogh 2602a38d94
update expected test output 2022-09-20 22:51:35 +02:00
erik-krogh 3cf5516df6
make the alert messages of taint-tracking queries more consistent 2022-09-20 22:51:35 +02:00
erik-krogh e2a41cf49f
fix most ql/alert-message-style-violation 2022-09-20 22:51:35 +02:00
Andrew Eisenberg 58e4861b45 Merge branch 'main' into rc/3.7 2022-09-20 12:43:20 -07:00
erik-krogh 49d1e584a8
deprecate a source class that wasn't used anywhere 2022-09-19 15:07:18 +02:00
erik-krogh f6ada6e022
use sanitizer class in the insecure-randomness query 2022-09-19 15:07:00 +02:00
Erik Krogh Kristensen a4cd913aea
Merge pull request #10312 from erik-krogh/fix-caseDiff 
ensure consistent casing of names
 2022-09-19 10:43:12 +02:00
github-actions[bot] 67ce442674 Post-release preparation for codeql-cli-2.10.5 2022-09-16 14:23:44 +00:00
Rasmus Wriedt Larsen ca66a29b18
Go: Rewrite `::Range` patterns to use `instanceof` 2022-09-13 15:48:17 +02:00
Rasmus Wriedt Larsen 6f5701f9c7
Go: Rewrite concepts to use `extends ... instanceof ...` 2022-09-13 15:36:16 +02:00
erik-krogh bae4490620
add change-note 2022-09-12 12:12:18 +02:00
erik-krogh 26d8553f6e
ensure consistent casing of names 2022-09-09 10:34:14 +02:00
github-actions[bot] a9d80a5a48 Release preparation for version 2.10.5 2022-09-08 11:35:54 +00:00
Erik Krogh Kristensen 6cee635cb5
Merge pull request #10180 from erik-krogh/fixTags 
Add missing security tags
 2022-09-02 08:04:57 +02:00
Edoardo Pirovano 8f332714f4
Merge pull request #10260 from github/edoardo/3.7-mergeback 
Merge `rc/3.7` into `main`
 2022-09-01 15:44:17 +01:00
erik-krogh d0814aa37c
Go: add change-note for go 2022-08-29 13:10:23 +02:00
erik-krogh 33ba01927f
Go: add CWE tag and @security-severity tag to go/insecure-hostkeycallback 2022-08-29 13:10:23 +02:00
github-actions[bot] 3b4ad3c4f1 Post-release preparation for codeql-cli-2.10.4 2022-08-26 09:32:11 +00:00
erik-krogh cc7a9ef97a
rename more acronyms 2022-08-25 20:52:27 +02:00
Ian Lynagh 711e769382
Update go/ql/lib/change-notes/released/0.2.4.md 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2022-08-25 14:25:30 +01:00
Ian Lynagh b951e94d85
Update go/ql/lib/CHANGELOG.md 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2022-08-25 14:25:20 +01:00
Erik Krogh Kristensen 06afe9c0f4
Merge pull request #9816 from erik-krogh/msgConsis 
Make alert messages consistent across languages
 2022-08-25 15:20:01 +02:00
github-actions[bot] 0f63bc077f Release preparation for version 2.10.4 2022-08-25 12:52:26 +00:00
Ian Lynagh 3fcfd32eb1 Make *.ql non-executable 2022-08-24 16:55:11 +01:00
Ian Lynagh b9a4b5ab9a Make *.qlref non-executable 2022-08-24 16:53:16 +01:00
Ian Lynagh 344863d896 Make *.qhelp non-executable 2022-08-24 16:38:15 +01:00
erik-krogh 1c0f2251e2
Merge branch 'main' into msgConsis 2022-08-24 14:38:57 +02:00
Michael Nebel 761ed283b6 C#/Java/Ruby/Swift: Address review comments. 2022-08-24 09:58:54 +02:00
Michael Nebel 2e273f2273 C#: Re-arange the import order, such that CsvValidation follows ExternalFlow directly. 2022-08-24 09:58:54 +02:00
Michael Nebel 37976d56bc C#/Java/Go/Swift: Move CsvValidation back into ExternalFlow. 2022-08-24 09:58:53 +02:00
Michael Nebel 2c2e09b20b Go: Add summary model validation on the kind column. 2022-08-24 09:58:52 +02:00
Michael Nebel 37f01fe10e Go: Re-factor CSV validation into separate file. 2022-08-24 09:58:52 +02:00
erik-krogh f7846a598e
add change-notes 2022-08-23 07:54:01 +02:00
erik-krogh 7e0bd5bde4
update expected output of tests 2022-08-22 21:41:47 +02:00
erik-krogh 20625ae60d
update {js/go/py}/xpath-injection to match csharp/java 2022-08-22 21:41:46 +02:00
erik-krogh 2d0a4c3d83
update {go/py}/stack-trace-exposure to match javascript 2022-08-22 21:41:46 +02:00
erik-krogh 151529d08f
correct the query-id of the experimental go/pam-auth-bypass query 2022-08-22 21:41:46 +02:00
erik-krogh 3553f3d9b8
update {rb/py/js/go}/path-injection to match java/csharp 2022-08-22 21:41:45 +02:00
erik-krogh 28083ebe09
run the implicit-this patch 2022-08-22 21:23:31 +02:00
erik-krogh a593a52b5e
add missing qldoc (that was already missing?) 2022-08-22 21:22:39 +02:00
erik-krogh e89e0eb7fb
make some acronyms camelCase 2022-08-22 21:22:35 +02:00
Chris Smowton 25195bb0ba
Merge pull request #10103 from smowton/smowton/feature/golang-1.19-support 
Go: support go 1.19
 2022-08-22 16:49:11 +01:00
Chris Smowton f3ef8510d3
Merge pull request #10093 from smowton/smowton/feature/java-singular-locations 
Java: pick an arbitrary representative location when an entity has many candidate locations.
 2022-08-22 09:32:43 +01:00
Chris Smowton 259b942fac Indent blocks that gofmt would mistake for markdown 
As of go 1.19 it will try to format markdown nicely, but in both these cases the formatting isn't supposed to be interpreted this way, so indent it to make it a preformatted block.
 2022-08-19 19:06:21 +01:00
Chris Smowton 8d20b9cf52 Use hasLocationInfo to match several Location fields at once 2022-08-19 19:03:17 +01:00
Chris Smowton 1ea7caf559 Fix join ordering in inline-expectations test 2022-08-19 18:17:22 +01:00
Chris Smowton 6f4fbac412
Create 2022-08-19-go-119-support.md 2022-08-19 17:20:03 +01:00
Chris Smowton e2afc80aff Autoformat go 2022-08-19 10:29:45 +01:00
Chris Smowton 45f922b3f2 Add models for Go 1.19's new url.JoinPath and URL.JoinPath functions 2022-08-19 10:29:45 +01:00
Chris Smowton 6068f63e9e Add taint models for go 1.19's new fmt.Append functions 2022-08-19 10:29:45 +01:00
Chris Smowton d2055283de Add models for go 1.19's new atomic pointer typex 2022-08-18 17:47:13 +01:00
Erik Krogh Kristensen 4f93f2b9ba
Merge pull request #10076 from erik-krogh/ql-for-ql-fixes 
various QL-for-QL fixes
 2022-08-18 15:46:48 +02:00
Chris Smowton 72009f8614
Merge pull request #10085 from smowton/smowton/fix/dont-use-write-instruction-for-channel-flow 
Go: don't use WriteNode for channel writes
 2022-08-18 12:47:55 +01:00
Chris Smowton 3802deab70 Adjust test expectations re: reformatting 2022-08-17 17:31:27 +01:00
Chris Smowton e33ddbdcfd Format go 2022-08-17 16:42:06 +01:00
erik-krogh 6b9f01535b
change All to Most in the change-notes 2022-08-17 15:34:57 +02:00
Chris Smowton 077bae55fe Go: don't use WriteNode for channel writes 
I overlooked the fact that this has a WriteInstruction, which wasn't bound in the channel-write case, but somehow the evaluator discarded the implied cartesian product until last night's performance evaluation.

Rather than try to cram channel writes into WriteInstruction, just handle them as their own beast.
 2022-08-17 14:27:16 +01:00
erik-krogh 2622c78766
add change-notes 2022-08-17 13:55:16 +02:00
erik-krogh 8066e39d07
delete some redundant imports 2022-08-17 13:50:04 +02:00
erik-krogh 2e44fba67d
add explicit this 2022-08-17 13:33:31 +02:00
erik-krogh 5586c9a17e
delete old deprecations 2022-08-16 22:27:15 +02:00
Alex Ford d02ad51d74
Merge pull request #10032 from github/post-release-prep/codeql-cli-2.10.3 
Post-release preparation for codeql-cli-2.10.3
 2022-08-16 12:04:07 +01:00
Chris Smowton 79bae0caeb
Merge pull request #9999 from github/smowton/feature/golang-channel-flow 
Go: implement conservative cross-thread dataflow
 2022-08-15 15:38:15 +01:00
Chris Smowton 9f82088f5d
Remove unnecessary casts 2022-08-15 11:47:58 +01:00
Chris Smowton 50fb6621a9
Create 2022-08-12-cross-thread-flow.md 2022-08-12 09:00:16 +01:00
github-actions[bot] 21d0c78376 Post-release preparation for codeql-cli-2.10.3 2022-08-11 23:20:39 +00:00
github-actions[bot] 57c4f9145b Release preparation for version 2.10.3 2022-08-11 11:12:15 +00:00
Erik Krogh Kristensen 887f6557ed
fix common misspellings throughout github/codeql 2022-08-10 23:21:41 +02:00
Chris Smowton bf24d7886a Accept test changes 2022-08-10 18:10:02 +01:00
Chris Smowton 2abd1f77f4 Go: implement conservative cross-thread dataflow 
Steps into captured variables are moved into jumpStep where they always should have been, and the store/load step implementation for channels is completed.

For the time being this takes a very conservative approach to identify channels that are likely connected: if there is exactly one receive site and one send site for a field, the two are presumed connected.
 2022-08-10 12:44:12 +01:00
Erik Krogh Kristensen 559ec7ba56 Merge branch 'main' into repeatedWord 2022-08-09 21:22:47 +02:00
Chris Smowton 96091e4fa0
Merge pull request #9947 from github/smowton/fix/golang-path-injection-numeric-sanitizer 
Go: note that numeric-typed nodes can't cause path traversal
 2022-08-04 09:00:34 +01:00
Chris Smowton e04c77ce15
Rename sanitizer 2022-08-03 09:37:20 +01:00
Chris Smowton e04a9b5805
Add change note 2022-08-02 11:37:27 +01:00
Chris Smowton 13b2b7674d
Go: note that numeric-typed nodes can't cause path traversal 2022-08-02 11:28:28 +01:00
github-actions[bot] e8747d3176 Post-release preparation for codeql-cli-2.10.2 2022-07-28 20:00:09 +00:00
github-actions[bot] 212786ed91 Release preparation for version 2.10.2 2022-07-28 13:38:35 +00:00
Cornelius Riemenschneider ca819573f5
Merge pull request #9862 from github/adityasharad/codeql-cli-2.10.1-mergeback 
Merge codeql-cli-2.10.1 into main
 2022-07-20 10:42:34 +02:00
Andrew Eisenberg 2f50549184 Move definitions.ql back to src 2022-07-15 11:48:15 -07:00
github-actions[bot] 0ee476129a Post-release preparation for codeql-cli-2.10.1 2022-07-14 14:38:49 +00:00
Erik Krogh Kristensen 85a652f3d1 remove a bunch of repeated words 2022-07-14 12:42:48 +02:00
github-actions[bot] d1aa0d7dd3 Release preparation for version 2.10.1 2022-07-14 08:56:03 +00:00
github-actions[bot] d506f448ef Post-release preparation for codeql-cli-2.10.0 2022-06-24 07:36:33 +00:00
github-actions[bot] a74051c658 Release preparation for version 2.10.0 2022-06-23 11:17:46 +00:00
Anders Schack-Mulligen df6d68b215
Merge pull request #9618 from aschackmull/dataflow/deprecate-barrierguard-class 
Dataflow: Deprecate BarrierGuard class
 2022-06-22 10:44:08 +02:00
Anders Schack-Mulligen f8f9b7d3b4
Apply suggestions from code review 2022-06-21 14:11:36 +02:00
Chris Smowton 7bb0d62863
Update `comparisonBarrierGuard` qldoc 2022-06-21 12:12:17 +01:00
Chris Smowton 8ae4c21a3e
Update doc for `divideByZeroSanitizerGuard` 2022-06-21 12:11:19 +01:00
Edoardo Pirovano 70dbd92e25
Bump minor version of all regularly released packs 2022-06-21 11:22:58 +01:00
Edoardo Pirovano ad02b85efa
Merge branch `main` into `rc/3.6` 2022-06-21 11:15:25 +01:00
Anders Schack-Mulligen a4796e1542 Add change notes. 2022-06-21 11:17:47 +02:00
Ian Lynagh f22de1ac81
Merge pull request #9583 from igfoo/igfoo/locationdocs 
Fix broken links to information about Locations
 2022-06-20 17:28:24 +01:00
Anders Schack-Mulligen 87d5305f5b Go: Ad-hoc patch the shared libs. 2022-06-20 15:46:38 +02:00
Anders Schack-Mulligen 406f5b525b Go: Deprecate and replace BarrierGuard class 2022-06-20 15:46:27 +02:00
Rasmus Wriedt Larsen b65a10d1ef Inline Expectation Tests: sync 2022-06-17 17:38:19 +02:00
Ian Lynagh b80e6421b6 Fix broken links to information about Locations 2022-06-16 16:57:59 +01:00
github-actions[bot] 1ed70d51d7 Post-release preparation for codeql-cli-2.9.4 2022-06-15 13:25:20 +00:00
github-actions[bot] 104ac05f49 Release preparation for version 2.9.4 2022-06-15 08:22:38 +00:00
Dave Bartolomeo 5e5e2646e2 Fix `codeql/suite-helpers` dependency for Go 2022-06-07 10:55:49 -04:00
Rasmus Wriedt Larsen 50196d099b Inline Expectation Tests: sync 2022-06-03 11:39:57 +02:00
Rasmus Wriedt Larsen 07c22a857f
Merge pull request #9420 from RasmusWL/sync-go-inline 
Go: Sync InlineExpectationsTest
 2022-06-03 11:37:13 +02:00
Chris Smowton 04422eeaee
Merge pull request #9378 from porcupineyhairs/goJwtSign 
Golang : Add query to detect JWT signing vulnerabilities
 2022-06-02 20:53:03 +01:00
Chris Smowton d5ac7190cc Remove duplicate function 2022-06-02 17:02:54 +01:00
Chris Smowton e54b29a846 Autoformat 2022-06-02 15:58:29 +01:00
Chris Smowton 602495df4c Replace cases accidentally handled by CompareExprSanitizer with ReturnedAlongsideErrorSanitizerGuard 2022-06-02 15:53:41 +01:00
Chris Smowton b48a07e7b8 Tighten up CompareExprSanitizer 
- Document
- Only actually consider comparisons
- Don't sanitize literals
 2022-06-02 15:18:38 +01:00
Chris Smowton 3155771abe Rename empty-string sanitizer to reflect what it actually does. 2022-06-02 15:10:02 +01:00
Chris Smowton bfbc1d48b7 Simplify redundant sanitizer 2022-06-02 15:02:41 +01:00
Porcupiney Hairs 361b7037c6 Include suggested changes from review. 2022-06-02 19:11:44 +05:30
Rasmus Wriedt Larsen 0b486ade9b Go: Autoformat 2022-06-02 15:12:13 +02:00
Rasmus Wriedt Larsen aadf7aefb0 Go: Use new location in `hasLocationInfo` 2022-06-02 15:05:58 +02:00
Rasmus Wriedt Larsen 3f857e113c Go: Adjust `hasActualResult` overrides 2022-06-02 14:55:27 +02:00
Rasmus Wriedt Larsen 86caf747f3 Go: Sync InlineExpectationsTest 2022-06-02 14:54:51 +02:00
Porcupiney Hairs 1ef42a11ad Include suggested changes from review. 2022-06-02 16:04:29 +05:30
Porcupiney Hairs ae2bc1b410 Include suggested changes from review. 2022-05-31 23:10:57 +05:30
Nick Rolfe f417c12c5e
Merge pull request #9332 from github/post-release-prep/codeql-cli-2.9.3 
Post-release preparation for codeql-cli-2.9.3
 2022-05-31 16:17:50 +01:00
Porcupiney Hairs e0f74a51ac Include suggested changes from review. 2022-05-31 17:17:54 +05:30
Chris Smowton d4f9c75315
Remove dead code 2022-05-31 11:14:36 +01:00
Chris Smowton cea909f03e Autoformat 2022-05-31 11:14:00 +01:00
Chris Smowton 8b32eaf05c
Copyedits 2022-05-31 11:05:40 +01:00
github-actions[bot] ed2f3409bc Post-release preparation for codeql-cli-2.9.3 2022-05-31 09:54:55 +00:00
Porcupiney Hairs 5c5e978d30 Remove local data flow query 2022-05-31 03:53:02 +05:30
Porcupiney Hairs bd1ddc177e Golang : Add query to detect JWT signing vulnerabilities 
Supersedes github/codeql-go#705
 2022-05-31 01:56:59 +05:30
Porcupiney Hairs ae2cc378e5 Golang : Add Query To Detect PAM Authorization Bugs 2022-05-31 01:28:55 +05:30
github-actions[bot] 1f1b364feb Release preparation for version 2.9.3 2022-05-25 07:46:48 +00:00
Chuan-kai Lin c58b5397c2 Go: delete test qhelp file 
There shouldn't be qhelp files in the ql/test tree.
https://github.com/github/codeql/pull/8631#issuecomment-1087316116
 2022-05-20 10:22:47 -07:00
Chuan-kai Lin aa514fff32 codeql-go merge prep: move into go/ directory 2022-05-20 10:07:19 -07:00