github
/
codeql-go
зеркало из https://github.com/github/codeql-go.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
2 447 коммитов 92 Ветки 49 Теги 23 MiB
Граф коммитов

50 Коммитов

Автор SHA1 Сообщение Дата
Asger Feldthaus da52cb24f6 Go: sync FlowSummaryImpl and AccessPathSyntax.qll 2022-02-21 14:40:23 +01:00
Andrew Eisenberg 49d239f4bf Push upgrades pack into lib pack 
PR Related to https://github.com/github/semmle-code/pull/40918
Removes the upgrades pack and uses ql/lib/upgrades instead.

Also, fix malformed parameter in instruction.

Co-authored-by: Chris Smowton <smowton@github.com>
 2022-01-04 11:32:52 -08:00
Owen Mansel-Chan 1a299d2e09
Update sync-dataflow-libraries target in Makefile 
The location of the dataflow libraries in codeql-go has changed
and there is a new file to be synced.
 2021-12-08 11:20:34 -05:00
Sauyon Lee 4c67ef2b0b
Add FlowSummaryImpl to sync-dataflow-nodes target 2021-12-02 10:31:01 -05:00
Sauyon Lee 459f4d18a8
Fix sync-dataflow-libraries 2021-12-02 10:31:01 -05:00
Cornelius Riemenschneider 17a9dbfb62 Add port of the existing compiler-tracing.spec files to the new Lua tracing infrastructure. 2021-11-08 12:29:06 +01:00
Dave Bartolomeo 590b4aac2a Fix PR feedback 2021-10-07 11:00:15 -04:00
Dave Bartolomeo bc9764fcde Invoke `bash` explicitly for Windows 2021-08-24 10:31:03 -04:00
Dave Bartolomeo 7c70745e52 Build target to run `codeql pack install` 2021-08-24 10:31:02 -04:00
Dave Bartolomeo 1726a8b65f Initial makefile changes for pack refactoring 2021-08-24 10:31:01 -04:00
Sauyon Lee 03c3b15caa
Improve autoformatting check 2021-04-27 01:18:21 -07:00
Chris Smowton 87d8bc8d6f Add basic extractor smoke test 
This exercises the extractor via 'codeql', with and without tracing.
 2021-03-29 14:53:44 +01:00
Sauyon Lee 8438b893ec
Add HTML tracing capability 2021-03-18 10:51:12 -07:00
Sauyon Lee 17cd04c6b2
Avoid attempting to build i386 darwin binaries 2021-02-19 10:20:29 -08:00
Owen Mansel-Chan 4bfe088c0f Update dataflow branch from master to main 2020-11-17 15:48:50 +00:00
Sauyon Lee 80c2fcdbb8
Autoformat tests 2020-11-10 09:35:16 -08:00
Chris Smowton 2b07e6a0f4
Merge pull request #324 from sauyon/tracing 
Build tracing
 2020-10-15 11:27:34 +01:00
Chris Smowton 83a7411a05 Improve accuracy of allocation-size-overflow by excluding len(...) calls that never see a large operand 
This is achieved by splitting the query into two pieces: (1) trace flow from indefinitely large object creation to len(...) calls, then (2) considering those particular len(...) calls as taint propagators, trace taint from the same sources all the way to an allocation call. This is more accurate than the previous solution, which considered any len(...) call to propagate taint, potentially confusing an array that stored a large value in one of its cells for an array which is itself of large size.
 2020-10-14 10:16:08 +01:00
Chris Smowton b370a865f1
Merge pull request #370 from max-schaefer/fix-formatting-targets 
Fix escaping in Makefile targets.
 2020-10-09 10:56:07 +01:00
Max Schaefer 9db478aa03 Fix escaping in Makefile targets. 
Previously, invoking `make autoformat` would run a command of this form:

```sh
... | grep \\.go$ | ...
```

Note that the `$` is not escaped. This probably wasn't intended, even though it happens to work anyway, since the shell doesn't try to expand lone `$`s.

More problematically, invoking `make check-formatting` would run a command of this form:

```sh
... | grep \\.go| ...
```

Note that the `$` is gone, so it matches `.go` anywhere in the file name. In particular, it matches `ql/test/library-tests/semmle/go/frameworks/Protobuf/vendor/google.golang.org/protobuf/LICENSE`, which I think is responsible for the somewhat mysterious "expected 'package', found Copyright" errors we've been seeing from CI.

This PR fixes both targets to run

```sh
... | grep '\.go$' | ...
```

Because of the single quotes we only need a single backslash, and the `$` gets left alone.
 2020-10-09 09:07:24 +01:00
Sauyon Lee 85c92251d6 Add a new binary for tracing 2020-10-08 23:31:06 -07:00
Chris Smowton 6b28c0705a Add Action to build and upload qhelp 2020-09-29 16:16:25 +01:00
Max Schaefer 52a659183d
Merge pull request #314 from smowton/smowton/admin/bump-golang-tools 
Bump to latest version of golang.org/x/tools
 2020-09-07 16:02:55 +01:00
Chris Smowton 380410e687 Go autoformat: exclude vendor/ directory 2020-09-03 14:37:26 +01:00
Max Schaefer d7cfcf46a5 Run tests with consistency queries. 2020-08-24 17:39:28 +01:00
Owen Mansel-Chan 69212b9ad9 Deal with build constraints 
Note that build constraints can be explicit (comments at the top of the
file) or implicit (part of the file name)
 2020-08-12 17:07:29 +01:00
Chris Smowton 3c1daf08f8 Escape go-fmt file filter 
This should have been looking for \.go$, but I forgot to escape the dollar sign in a Makefile
 2020-07-30 17:06:01 +01:00
Chris Smowton d05657ddff Make the gofmt CI test actaully fatal 
Turns out gofmt doesn't actually return 1 when it finds problems, only when it finds source files which don't compile (all of which are now excluded).

This also fixes existing overlooked inconsistencies as a result of this mistake.
 2020-07-10 11:02:50 +01:00
Chris Smowton ce94c68e0a Add Go autoformatting to the 'autoformat' make target and to CI 
Existing gofmt complaints are fixed, and files that specifically test queries that relate to badly formatting code are tagged as such.
 2020-07-08 14:20:19 +01:00
Max Schaefer 5275168253 Make target branch configurable for `sync-dataflow-libraries`. 
You can now do `make DATAFLOW_BRANCH=<committish> sync-dataflow-libraries`; default is still `master`.
 2020-06-29 10:02:59 +01:00
Max Schaefer 04af08ca0d Add Make target to autoformat all QL. 
Use

```sh
make autoformat
```

to format all `.ql` and `.qll` files under `ql/src`.

Use

```sh
make AUTOFORMAT=--check-only autoformat
```

to check that all `.ql` and `.qll` files under `ql/src` are correctly formatted and fail if they are not.
 2020-06-09 17:27:53 +01:00
Max Schaefer 1f54edfe99 Add make target for synchronising data-flow libraries. 2020-05-26 11:09:07 +01:00
Sauyon Lee aef7524f35
Add a go-gen-dbscheme for generating dbschemes 2020-05-22 08:04:40 -07:00
Pavel Avgustinov 291150a755 Delete outdated COPYRIGHT file 
This seems to be copied from Semmle/ql, and it claims the wrong license.
 2020-04-06 14:35:44 +01:00
Max Schaefer 17a8c722cd Use CodeQL for creating stats. 2020-04-02 10:15:10 +01:00
Sauyon Lee f60f6ea7d0
Add examples qlpack.yml to CodeQL manifest 2020-03-18 09:30:45 -07:00
Sauyon Lee e75497ed3b
update stats sha and stats 2020-03-04 06:26:43 -08:00
Sauyon Lee c3b57e4e74
Makefile: make testdb target phony 2020-03-04 03:27:11 -08:00
Max Schaefer 7148b66d31 Make extractor targets phony. 2020-02-27 12:32:05 +00:00
Sauyon Lee ed3971af47
Makefile: make tools-ARCH no longer build the tokenizer 2020-02-12 15:52:43 -08:00
Sauyon Lee bf2b655586
Makefile: make all target build extractor instead of tools 2020-02-12 15:52:42 -08:00
Sauyon Lee dc9d790bd3
Makefile: Make better use of built-in variables 2020-02-12 15:52:42 -08:00
Sauyon Lee 01f4bfe4b8
Makefile: Use codeql to create stats database 2020-02-12 15:52:40 -08:00
Max Schaefer d18eb9717a Fix environment setup on Windows. 2020-02-06 14:28:16 +00:00
Sauyon Lee 7676a56af6
Makefile: Make extractor-common extractor target 2020-01-28 14:38:15 -08:00
Max Schaefer ebea811a83 Add example queries. 2020-01-24 10:26:59 +00:00
Sauyon Lee 32fa033a55
Makefile: Add exe suffix back to tools/bin targets 2020-01-17 14:05:29 -08:00
Sauyon Lee 52fe0afa48
Makefile: Delete entire test db in clean 2020-01-17 14:05:27 -08:00
Sauyon Lee 1eb9466de2
Use codeql for testing and add binary cross compilation support 
Also add support for building the extractor inside this repository
so that users can build and use the extractor, and an up-to-date
version can be used for testing.
 2020-01-17 14:05:26 -08:00
Max Schaefer d14eb855fc Go analysis support for CodeQL. 2019-11-08 12:16:26 +00:00