File tree
7,309 files changed
+541103
-85670
lines changed- .devcontainer
- swift
- .github
- actions/fetch-codeql
- problem-matchers
- workflows
- config
- cpp
- downgrades
- 19e31bf071f588bb7efd1e4d5a185ce4f6fbbd84
- cf72c8898d19eb1b3374432cf79d8276cb07ad43
- ql
- lib
- change-notes
- released
- experimental/semmle/code/cpp
- security
- semantic
- analysis
- semmle/code/cpp
- commons
- controlflow
- internal
- dataflow/internal
- tainttracking1
- tainttracking2
- exprs
- internal
- ir
- dataflow/internal
- tainttracking1
- tainttracking2
- tainttracking3
- implementation
- aliased_ssa
- gvn
- internal
- internal
- raw
- gvn
- internal
- unaliased_ssa
- gvn
- internal
- internal
- models
- implementations
- interfaces
- rangeanalysis
- security
- stmts
- upgrades
- cf72c8898d19eb1b3374432cf79d8276cb07ad43
- e9a518baf14f4322ac243578a8e1391386ff030f
- src
- Best Practices/Unused Entities
- Diagnostics
- Internal
- Likely Bugs
- Conversion
- Leap Year
- Memory Management
- OO
- Security/CWE
- CWE-078
- CWE-120
- CWE-311
- CWE-497
- CWE-611
- change-notes
- released
- codeql-suites
- experimental
- Best Practices
- Security/CWE
- CWE-020
- CWE-266
- CWE-285
- CWE-362
- CWE-476
- CWE-670
- jsf/4.05 Libraries
- test
- TestUtilities
- experimental/query-tests/Security/CWE
- CWE-020/NoCheckBeforeUnsafePutUser
- CWE-285
- CWE-476/semmle/tests
- CWE-670/semmle/tests
- library-tests
- controlflow
- dereferenced
- dominance
- nullness
- dataflow
- dataflow-tests
- fields
- taint-tests
- declarationEntry/declarationEntry
- defuse
- depends_initializers
- floats/float128
- ir
- ir
- modulus-analysis
- range-analysis
- sign-analysis
- ssa
- lambdas/captures
- sideEffects/stmts
- string_analysis
- switch_cfg
- switch
- syntax-zoo
- templates/nontype_instantiations
- functions
- general
- usings
- valuenumbering/GlobalValueNumbering
- variables/global
- vector_types
- query-tests
- Best Practices/Unused Entities/UnusedLocals
- Likely Bugs
- Conversion/LossyFunctionResultCast
- Memory Management/ReturnStackAllocatedMemory
- Security/CWE
- CWE-078
- SAMATE/ExecTainted
- semmle/ExecTainted
- CWE-311/semmle/tests
- CWE-497
- SAMATE
- semmle/tests
- CWE-611
- jsf/4.13 Functions/AV Rule 114
- successor-tests
- break_labels
- dostmt
- ifstmt
- ifelsestmt
- ifstmt
- pruning
- switchstmt/switchstmt
- whilestmt
- csharp
- documentation/library-coverage
- downgrades
- extractor/Semmle.Extraction.CSharp
- Entities
- Statements
- Populators
- ql
- campaigns/Solorigate
- lib
- change-notes/released
- src
- change-notes/released
- lib
- change-notes
- released
- semmle/code
- cil
- csharp
- commons
- controlflow
- internal
- dataflow
- internal
- rangeanalysis
- tainttracking1
- tainttracking2
- tainttracking3
- tainttracking4
- tainttracking5
- dispatch
- exprs
- frameworks
- generated/dotnet
- microsoft
- extensions
- system
- collections
- componentmodel
- data
- io
- net
- runtime
- security
- cryptography
- text
- threading
- web/ui
- xml
- security/dataflow
- flowsinks
- flowsources
- src
- API Abuse
- Concurrency
- Diagnostics
- Documentation
- Language Abuse
- Likely Bugs
- LeapYear
- Metrics/Summaries
- Performance
- Security Features
- CWE-020
- CWE-091
- CWE-134
- CWE-209
- CWE-248
- Stubs
- Telemetry
- change-notes
- released
- experimental
- CWE-918
- Security Features
- CWE-759
- backdoor
- ir
- implementation
- internal
- raw
- gvn
- internal
- common
- desugar
- unaliased_ssa
- gvn
- internal
- internal
- utils/model-generator
- internal
- test
- TestUtilities
- experimental/ir/ir
- library-tests
- cil
- attributes
- dataflow
- typeAnnotations
- commons/Disposal
- conversion/operator
- csharp7
- csharp9-standalone
- dataflow
- collections
- content
- delegates
- external-models
- flowsources/aspremote
- library
- dispatch
- frameworks
- EntityFramework
- JsonNET
- NHibernate
- structuralcomparison
- query-tests
- Language Abuse/UselessCastToSelf
- Security Features
- CWE-020
- CWE-022/TaintedPath
- CWE-078
- CWE-079
- StoredXSS
- XSS
- CWE-090
- CWE-091/XMLInjection
- CWE-094
- CWE-099
- CWE-112
- CWE-117
- CWE-134
- CWE-209
- CWE-601/UrlRedirect
- CWE-643
- CWE-730
- ReDoSGlobalTimeout
- ReDoS
- RegexInjection
- CWE-807
- Stubs/Minimal
- Telemetry
- LibraryUsage
- SupportedExternalSinks
- SupportedExternalSources
- resources/stubs
- utils/model-generator
- tools
- docs
- codeql
- codeql-cli
- codeql-for-visual-studio-code
- codeql-language-guides
- ql-language-reference
- query-help
- reusables
- support/reusables
- writing-codeql-queries
- ql-libraries/dataflow
- go
- build
- codeql-tools
- linux64
- osx64
- win64
- docs/language/learn-ql/go
- downgrades
- 90fa7836e0a239f69bbebffcf342e92c240d54bc
- initial
- external-packs/codeql/suite-helpers/0.0.2
- extractor-smoke-test
- extractor
- autobuilder
- cli
- go-autobuilder
- go-bootstrap
- go-build-runner
- go-extractor
- go-gen-dbscheme
- go-tokenizer
- dbscheme
- net/sourceforge/pmd/cpd
- opencsv
- srcarchive
- trap
- util
- old-change-notes
- 1.23
- 1.24
- ql
- config
- legacy-support
- suites/lgtm
- docs
- examples
- snippets
- lib
- change-notes/released
- semmle/go
- concepts
- controlflow
- dataflow
- barrierguardutil
- internal
- tainttracking1
- tainttracking2
- dependencies
- frameworks
- stdlib
- security
- upgrades
- 2842941c6f9c6350b23351b33525fc5b19df4063
- 4affa49dbe2bbab1a33f0e3ea6b045116abbcfda
- 8f168c8af3fee9b57bcfce85bb2ab708a5e3c828
- b279419c7e1983b3db2de30b09452a06c01aa9ff
- b37faf5d62cccefad9fcfd8f5c026620097b2355
- b9a2082d22aebdd102e11995a7cfd46e0268a813
- bcb9599aba6c9ac4d617fac314b9a999b3a5b40e
- bcbec1b0e44ae4365dd4e5bade5aec80135a4a00
- ee5c327face2866a7b3b12dcce5c291be52ebf52
- f1263a745347568af228ad3ddb2decb142c3a1a8
- f7fb4ff6229adffa2c2c4238ef72c82359d56be4
- ffced433fce33521f90c1b6c66b611902cdceac2
- initial
- src
- Diagnostics
- InconsistentCode
- Metrics
- RedundantCode
- Security
- CWE-020
- CWE-022
- CWE-078
- CWE-079
- CWE-089
- CWE-117
- CWE-190
- CWE-209
- CWE-295
- CWE-312
- CWE-322
- CWE-326
- CWE-327
- CWE-338
- CWE-352
- CWE-601
- CWE-640
- CWE-643
- CWE-681
- CWE-798
- CWE-918
- Summary
- change-notes/released
- codeql-suites
- experimental
- CWE-090
- example
- CWE-1004
- CWE-285
- CWE-321
- CWE-327
- examples
- CWE-369
- CWE-400
- CWE-79
- CWE-807
- CWE-840
- CWE-918
- CWE-942
- InconsistentCode
- IntegerOverflow
- Unsafe
- frameworks
- filters
- test
- TestUtilities
- consistency
- CONSISTENCY
- example-tests/snippets
- experimental
- CWE-090
- vendor
- github.com
- go-ldap/ldap
- v3
- jtblin/go-ldap-client
- gopkg.in/ldap.v2
- depstubber_reflect_635541987
- CWE-1004
- vendor
- github.com
- gin-gonic/gin
- binding
- gorilla/sessions
- CWE-285
- vendor
- github.com/msteinert/pam
- CWE-321
- vendor
- github.com
- appleboy/gin-jwt/v2
- cristalhq/jwt/v3
- gin-gonic/gin
- go-kit/kit/auth/jwt
- golang-jwt/jwt/v4
- lestrrat/go-jwx/jwk
- square/go-jose/v3
- gopkg.in/square/go-jose.v2
- CWE-369
- CWE-400
- vendor
- gorm.io/gorm
- CWE-79
- CWE-807
- CWE-840
- CWE-918
- vendor
- github.com
- gin-gonic/gin
- go-chi/chi
- go-playground/validator
- gorilla
- mux
- websocket
- golang.org/x/net/websocket
- CWE-942
- InconsistentCode
- vendor
- gorm.io/gorm
- Unsafe
- frameworks
- CleverGo
- vendor
- clevergo.tech/clevergo
- Fiber
- vendor
- github.com/gofiber
- fiber
- utils
- extractor-tests
- diagnostics
- CONSISTENCY
- broken2
- broken
- notbroken
- empty-interface
- go-mod-comments
- go1.13
- go1.14
- go1.16
- go1.17
- html
- robustness
- tolerate-curly-braces
- CONSISTENCY
- subdir{}
- library-tests/semmle/go
- Decl
- Expr
- Files
- CONSISTENCY
- vendor
- github.com/github/nonexistent
- Function
- vendor
- github.com/anotherpkg
- GoModExpr
- squirrel
- vendor
- IR
- Packages
- vendor
- github.com
- nonexistent-test-pkg
- nonexistent
- test
- v2/test
- PrintAst
- Scopes
- StringOps
- Concatenation
- HasPrefix
- Types
- CONSISTENCY
- pkg1
- pkg2
- concepts
- EscapeFunction
- HTTP
- LoggerCall
- vendor
- github.com
- golang/glog
- sirupsen/logrus
- k8s.io/klog
- Regexp
- Templates
- controlflow/ControlFlowGraph
- dataflow
- CallGraph
- ExternalFlowVarArgs
- vendor
- github.com/nonexistent/test
- ExternalFlow
- vendor
- github.com/nonexistent/test
- FlowSteps
- FunctionInputsAndOutputs
- GenericFunctionsAndTypes
- GlobalValueNumbering
- GuardingFunctions
- InterProceduralDataFlow
- ListOfConstantsSanitizerGuards
- Nodes
- PostUpdateNodes
- PromotedFields
- PromotedMethods
- Properties
- ReadsAndWrites
- SSA
- TypeAssertions
- VarArgsWithFunctionModels
- vendor
- github.com/nonexistent/test
- VarArgs
- dependencies
- codeql-go
- fabric-snaps
- hrm-profile-tool
- sweb
- frameworks
- BeegoOrm
- vendor
- github.com/astaxie/beego/orm
- Beego
- vendor
- github.com/astaxie/beego
- context
- logs
- utils
- Chi
- vendor
- github.com/go-chi/chi
- CouchbaseV1
- vendor
- gopkg.in/couchbase/gocb.v1
- Echo
- vendor
- github.com/labstack/echo/v4
- ElazarlGoproxy
- vendor
- github.com/elazarl/goproxy
- Email
- vendor
- github.com/sendgrid/sendgrid-go/helpers/mail
- Encoding
- vendor
- github.com/json-iterator/go
- EvanphxJsonPatch
- vendor
- github.com/evanphx/json-patch/v5
- Gin
- vendor
- github.com/gin-gonic/gin
- binding
- GoKit
- vendor
- github.com/go-kit/kit/endpoint
- Gorestful
- vendor
- github.com/emicklei/go-restful
- v3
- K8sIoApiCoreV1
- vendor
- k8s.io
- apimachinery/pkg/runtime
- api/core/v1
- K8sIoApimachineryPkgRuntime
- vendor
- k8s.io/apimachinery/pkg
- conversion
- runtime
- schema
- K8sIoClientGo
- vendor
- k8s.io/client-go/kubernetes/typed/core/v1
- Macaron
- vendor
- gopkg.in/macaron.v1
- Mux
- vendor
- github.com/gorilla/mux
- NoSQL
- vendor
- github.com/couchbase/gocb/v2
- go.mongodb.org/mongo-driver
- bson
- primitive
- mongo
- gopkg.in/couchbase/gocb.v1
- Protobuf
- protos
- query
- vendor
- github.com/golang/protobuf
- proto
- google.golang.org/protobuf
- internal/impl
- proto
- reflect/protoreflect
- runtime
- protoiface
- protoimpl
- Revel
- examples
- booking/app
- controllers
- models
- views
- Hotels
- application
- vendor
- github.com/revel
- modules
- orm/gorp/app/controllers
- static/app/controllers
- revel
- logger
- session
- views/myAppController
- SQL
- Gorm
- vendor
- github.com/jinzhu/gorm
- gorm.io/gorm
- Sqlx
- vendor
- github.com/jmoiron/sqlx
- vendor
- github.com
- Masterminds/squirrel
- go-pg/pg
- orm
- v9
- go-xorm/xorm
- xorm.io/xorm
- Spew
- vendor
- github.com/davecgh/go-spew/spew
- StdlibTaintFlow
- vendor
- golang.org/x/net/context
- SystemCommandExecutors
- vendor
- github.com/codeskyblue/go-sh
- golang.org/x/crypto/ssh
- TaintSteps
- WebSocket
- vendor
- github.com
- gobwas/ws
- gorilla/websocket
- sacOO7/gowebsocket
- golang.org/x/net/websocket
- nhooyr.io/websocket
- XNetHtml
- vendor
- golang.org/x/net/html
- Yaml
- vendor
- gopkg.in
- yaml.v1
- yaml.v2
- yaml.v3
- Zap
- vendor
- go.uber.org/zap
- zapcore
- security/SensitiveActions
- query-tests
- AlertSuppression
- Diagnostics
- CONSISTENCY
- invalid{
- InconsistentCode
- ConstantLengthComparison
- InconsistentLoopOrientation
- LengthComparisonOffByOne
- MissingErrorCheck
- MistypedExponentiation
- WhitespaceContradictsPrecedence
- WrappedErrorAlwaysNil
- vendor
- github.com/pkg/errors
- RedundantCode
- CompareIdenticalValues
- DeadStoreOfField
- DeadStoreOfLocal
- CONSISTENCY
- DuplicateBranches
- DuplicateCondition
- DuplicateSwitchCase
- ExprHasNoEffect
- ImpossibleInterfaceNilCheck
- CONSISTENCY
- NegativeLengthCheck
- RedundantExpr
- RedundantRecover
- SelfAssignment
- ShiftOutOfRange
- UnreachableStatement
- Security
- CWE-020
- IncompleteHostnameRegexp
- vendor
- github.com/elazarl/goproxy
- IncompleteUrlSchemeCheck
- MissingRegexpAnchor
- SuspiciousCharacterInRegexp
- CWE-022
- CWE-078
- CWE-079
- vendor
- github.com
- gobwas/ws
- gorilla/websocket
- golang.org/x/net/websocket
- nhooyr.io/websocket
- CWE-089
- vendor
- github.com/Masterminds/squirrel
- go.mongodb.org/mongo-driver
- bson
- primitive
- mongo
- options
- CWE-117
- vendor
- github.com
- astaxie/beego
- logs
- utils
- davecgh/go-spew/spew
- elazarl/goproxy
- golang/glog
- sirupsen/logrus
- go.uber.org/zap
- k8s.io/klog
- CWE-190
- CWE-209
- CWE-295/DisabledCertificateCheck
- CWE-312
- vendor
- github.com
- golang/glog
- sirupsen/logrus
- k8s.io/klog
- CWE-322
- vendor
- golang.org
- x/crypto/ssh
- knownhosts
- CWE-326
- CWE-327
- CWE-338/InsecureRandomness
- CWE-352
- vendor
- golang.org/x/oauth2
- CWE-601
- BadRedirectCheck
- OpenUrlRedirect
- CWE-640
- vendor
- github.com/sendgrid/sendgrid-go/helpers
- mail
- CWE-643
- vendor
- github.com
- ChrisTrenkamp/goxpath
- tree
- antchfx
- htmlquery
- jsonquery
- xmlquery
- xpath
- go-xmlpath/xmlpath
- jbowtie/gokogiri
- xml
- xpath
- santhosh-tekuri/xpathparser
- CWE-681
- CWE-798
- CWE-918
- vendor
- github.com
- gobwas/ws
- gorilla/websocket
- sacOO7/gowebsocket
- golang.org/x/net/websocket
- nhooyr.io/websocket
- Summary
- CONSISTENCY
- vendor
- github.com/github/codeql-go/extractor/util
- definitions
- filters/ClassifyFiles
- vendor
- github.com/onsi
- ginkgo
- gomega
- scripts
- templates/project
- tools
Some content is hidden
Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.
7,309 files changed
+541103
-85670
lines changedLines changed: 3 additions & 0 deletions
Original file line number | Diff line number | Diff line change | |
---|---|---|---|
| |||
| 1 | + | |
| 2 | + | |
| 3 | + |
Lines changed: 1 addition & 0 deletions
Original file line number | Diff line number | Diff line change | |
---|---|---|---|
| |||
| 1 | + |
Lines changed: 0 additions & 27 deletions
This file was deleted.
Lines changed: 2 additions & 0 deletions
Original file line number | Diff line number | Diff line change | |
---|---|---|---|
| |||
3 | 3 |
| |
4 | 4 |
| |
5 | 5 |
| |
| 6 | + | |
| 7 | + | |
6 | 8 |
| |
7 | 9 |
| |
8 | 10 |
| |
|
Lines changed: 9 additions & 0 deletions
Original file line number | Diff line number | Diff line change | |
---|---|---|---|
| |||
| 1 | + | |
| 2 | + | |
| 3 | + | |
| 4 | + | |
| 5 | + | |
| 6 | + | |
| 7 | + | |
| 8 | + | |
| 9 | + |
Lines changed: 25 additions & 0 deletions
Original file line number | Diff line number | Diff line change | |
---|---|---|---|
| |||
| 1 | + | |
| 2 | + | |
| 3 | + | |
| 4 | + | |
| 5 | + | |
| 6 | + | |
| 7 | + | |
| 8 | + | |
| 9 | + | |
| 10 | + | |
| 11 | + | |
| 12 | + | |
| 13 | + | |
| 14 | + | |
| 15 | + | |
| 16 | + | |
| 17 | + | |
| 18 | + | |
| 19 | + | |
| 20 | + | |
| 21 | + | |
| 22 | + | |
| 23 | + | |
| 24 | + | |
| 25 | + |
Lines changed: 22 additions & 0 deletions
Original file line number | Diff line number | Diff line change | |
---|---|---|---|
| |||
| 1 | + | |
| 2 | + | |
| 3 | + | |
| 4 | + | |
| 5 | + | |
| 6 | + | |
| 7 | + | |
| 8 | + | |
| 9 | + | |
| 10 | + | |
| 11 | + | |
| 12 | + | |
| 13 | + | |
| 14 | + | |
| 15 | + | |
| 16 | + | |
| 17 | + | |
| 18 | + | |
| 19 | + | |
| 20 | + | |
| 21 | + | |
| 22 | + |
Lines changed: 20 additions & 0 deletions
Original file line number | Diff line number | Diff line change | |
---|---|---|---|
| |||
| 1 | + | |
| 2 | + | |
| 3 | + | |
| 4 | + | |
| 5 | + | |
| 6 | + | |
| 7 | + | |
| 8 | + | |
| 9 | + | |
| 10 | + | |
| 11 | + | |
| 12 | + | |
| 13 | + | |
| 14 | + | |
| 15 | + | |
| 16 | + | |
| 17 | + | |
| 18 | + | |
| 19 | + | |
| 20 | + |
Lines changed: 13 additions & 0 deletions
Original file line number | Diff line number | Diff line change | |
---|---|---|---|
| |||
| 1 | + | |
| 2 | + | |
| 3 | + | |
| 4 | + | |
| 5 | + | |
| 6 | + | |
| 7 | + | |
| 8 | + | |
| 9 | + | |
| 10 | + | |
| 11 | + | |
| 12 | + | |
| 13 | + |
Lines changed: 9 additions & 0 deletions
Original file line number | Diff line number | Diff line change | |
---|---|---|---|
| |||
39 | 39 |
| |
40 | 40 |
| |
41 | 41 |
| |
| 42 | + | |
42 | 43 |
| |
43 | 44 |
| |
44 | 45 |
| |
| |||
52 | 53 |
| |
53 | 54 |
| |
54 | 55 |
| |
| 56 | + | |
| 57 | + | |
| 58 | + | |
| 59 | + | |
| 60 | + | |
| 61 | + | |
| 62 | + | |
| 63 | + | |
55 | 64 |
| |
56 | 65 |
| |
57 | 66 |
| |
|
0 commit comments