Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merge codeql-go repository into codeql #8631

Merged
merged 2,539 commits into from
May 23, 2022
Merged

Merge codeql-go repository into codeql #8631

merged 2,539 commits into from
May 23, 2022

Conversation

cklin
Copy link
Contributor

@cklin cklin commented Mar 31, 2022
edited
Loading

This PR will be merged on 2022-05-23
For background, see announcement github/codeql-go#741

This PR merges the github/codeql-go repository into github/codeql under the go directory.

The repository merge involves the following steps:

  1. Push github/codeql-go:main into github/codeql as a new branch B
  2. Move everything in the branch B into the go directory
  3. Merge github/codeql:main into the branch B
  4. Consolidate and apply fixes as necessary

The cklin/merge-codeql-go-prep branch contains steps 1–3.
The cklin/merge-codeql-go branch contains steps 1–4.

The following link shows only the commits in step 4, which is the more interesting part:
cklin/merge-codeql-go-prep...cklin/merge-codeql-go

smowton and others added 30 commits December 13, 2021 10:36
@smowton
Merge pull request #625 from smowton/smowton/fix/minor-perf-improvements
08c10bf 
Improve performance: join-order AllocationSizeOverflow's source and use `matches` not `regexpFind`
@smowton
Merge pull request #632 from owen-mc/refactor-variadic-helper-functio…
559aec1 
…ns-for-builtin-functions

Refactor isVariadic helper functions
@smowton
Merge pull request #633 from owen-mc/database-sql-model-incorrect
89b2a2f 
Fix incorrect type name in database/sql model
@smowton
Merge pull request #574 from sauyon/dataflow-update
9309abf 
Update dataflow libraries and add support for CSV summary flow
@owen-mc
Add missing tests for DatabaseSql function models
6a2a829
@smowton
Fix sanitization by strings.Replace[All] in go/unsafe-quoting and go/…
c2b42ce 
…log-injection
@smowton
Update comment
f86510e
@smowton
Merge pull request #638 from owen-mc/test-database-sql-models
bd806a8 
Add missing tests for DatabaseSql function models
@dbartol
Move new change notes to appropriate pack
42ecc9b
@dbartol
Move pre-packaging change notes to old-change-notes directory
a3e5b4c
@dbartol
Merge pull request #639 from github/dbartol/fix-change-notes
d14ea51 
Fix change notes
Release preparation for version 2.7.4
ee6ea0f
@dbartol
Merge pull request #640 from github/release-prep/2.7.4
e1417f1 
Release preparation for version 2.7.4
@smowton
Add log-injection test using strings.ReplaceAll
9de1532
@smowton @owen-mc
Update change-notes/2021-12-14-strings-replace-sanitizers.md
f510844 
Co-authored-by: Owen Mansel-Chan <[email protected]>
@smowton
Merge pull request #637 from smowton/smowton/fix/log-injection-saniti…
ede57b6 
…zers

Fix sanitization by strings.Replace[All] in go/unsafe-quoting and go/log-injection
@owen-mc
Allow data flow through receiver for modelled methods
9b2f29b
@owen-mc
Revert "Update tests for no flow through receivers when no function b…
ec3dd1e 
…ody"

This reverts commit 06f889f.
@owen-mc
Refactor to use SummarizedCallable, sourceElement and sinkElement
da8f8e2
@smowton
Declassify fmt.Fprintf as a log sink
92d3da5 
In future we could try harder to find out whether you're Fprintf'ing to stdout, a file named xyz.log etc, but for now this causes Fprintf'ing to an HTTP writer to be mistaken for log-injection rather than just XSS.
@erik-krogh
run the redundant-cast patch
4459c8e
@erik-krogh
run the non-us-language patch
d339f13
@erik-krogh
run the use-set-literals patch
afe7ee1
Post-release version bumps
00aae7c
@dbartol
Merge pull request #644 from github/post-release-prep/codeql-cli-2.7.4
091906d 
Post-release preparation for codeql-cli-2.7.4
@dbartol
Move change notes to proper location
171aa8b
@hvitved
Merge pull request #653 from dbartol/dbartol/move-change-notes
50457d1 
Move change notes to proper location
@owen-mc
Merge pull request #651 from erik-krogh/patches
daa55ea 
various automatic patches applied to codeql-go
Release preparation for version 2.7.5
980c162
@hvitved
Merge pull request #656 from github/release-prep/2.7.5
a0766e0 
Release preparation for version 2.7.5
cokeBeer and others added 18 commits May 13, 2022 20:23
@cokeBeer
Merge branch 'github:main' into main
252b190
add v2modulePath()
808dde2
add v2modulePath()
75f2edd
add v1modulePath()
aa2d445
fix format
7f21c0c
@smowton
Only attempt go.mod updating if go >= 1.16
2930bd4 
Prior to this (a) Go will attempt to update go.mod/sum anyhow, and (b) the `mod tidy -e` option isn't available.
@smowton
Merge pull request #734 from cokeBeer/main
32e2949 
fix #9097
@smowton
Merge pull request #730 from owen-mc/bugfix/build/go-mod-tidy
77461f7 
Run `go mod tidy -e` before building
@MathiasVP
Merge pull request #737 from github/post-release-prep/codeql-cli-2.9.2
0b0161f 
Post-release preparation for codeql-cli-2.9.2
@criemen
Update Lua tracing config.
3b4d04d
@criemen
Merge pull request #740 from github/criemen/lua-tracing-config
415c3d1 
Update Lua tracing config.
@cklin
codeql-go merge prep: move into go/ directory
aa514ff
@cklin
Merge branch 'main' into cklin/merge-codeql-go-prep
097d518
@cklin
codeql-go merge prep: integrate go/ into codeql
1276c41
@cklin
Go: delete test qhelp file
c58b539 
There shouldn't be qhelp files in the ql/test tree.
#8631 (comment)
@aibaars @cklin
Go: fix search-path for 'make test'
7bc6c10
@cklin
Go: fix search and tool paths for 'make test'
827c7ab
@cklin
Clean up direct references to codeql-go
7f96319 
This commit removes special handling of the github/codeql-go repository in the
ql-for-ql-dataset_measure.yml and the query-list.yml workflows.
@cklin cklin force-pushed the cklin/merge-codeql-go-prep branch from cf7a57d to 097d518 Compare May 20, 2022 17:24
@cklin cklin requested review from a team as code owners May 20, 2022 17:24
@cklin cklin force-pushed the cklin/merge-codeql-go branch from b6ff2a0 to 7f96319 Compare May 20, 2022 17:24
@cklin cklin changed the base branch from cklin/merge-codeql-go-prep to main May 20, 2022 17:27
@cklin cklin closed this May 20, 2022
@cklin cklin reopened this May 20, 2022
github-advanced-security[bot]
github-advanced-security bot found potential problems May 20, 2022
View reviewed changes
go/ql/lib/semmle/go/AST.qll
/**
* Gets a child node of this node.
*/
AstNode getAChild() { result = getChild(_) }

Check warning

Code scanning / CodeQL

Using implicit `this`

Use of implicit `this`.
go/ql/lib/semmle/go/AST.qll
/**
* Gets the number of child nodes of this node.
*/
int getNumChild() { result = count(getAChild()) }

Check warning

Code scanning / CodeQL

Using implicit `this`

Use of implicit `this`.
go/ql/lib/semmle/go/AST.qll
AstNode getUniquelyNumberedChild(int index) {
result =
rank[index + 1](AstNode child, string kind, int i |
child = getChildOfKind(kind, i)

Check warning

Code scanning / CodeQL

Using implicit `this`

Use of implicit `this`.
go/ql/lib/semmle/go/AST.qll

/** Gets the parent node of this AST node, but without crossing function boundaries. */
private AstNode parentInSameFunction() {
result = getParent() and

Check warning

Code scanning / CodeQL

Using implicit `this`

Use of implicit `this`.
go/ql/lib/semmle/go/AST.qll
}

/** Gets the innermost function definition to which this AST node belongs, if any. */
FuncDef getEnclosingFunction() { result = getParent().parentInSameFunction*() }

Check warning

Code scanning / CodeQL

Using implicit `this`

Use of implicit `this`.
@adityasharad adityasharad mentioned this pull request May 20, 2022
Merged
adityasharad
adityasharad approved these changes May 20, 2022
View reviewed changes
Copy link
Collaborator

@adityasharad adityasharad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good to go. The full diff is too large for the UI, but the partial diff looks reasonable, the contents of the go folder are what I expect, and relevant tests are passing. We can keep an eye out for follow-up cleanup.

@cklin cklin merged commit d3ebc81 into main May 23, 2022
@cklin cklin deleted the cklin/merge-codeql-go branch May 23, 2022 16:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@owen-mc owen-mc owen-mc left review comments

@aibaars aibaars aibaars left review comments

@adityasharad adityasharad adityasharad approved these changes

Assignees
No one assigned
Labels
documentation
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.