github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
72 034 коммитов 1 534 Ветки 130 Теги 471 MiB
Граф коммитов

312 Коммитов

Автор SHA1 Сообщение Дата
Arthur Baars 2d07270c1e Rust: stop sharing Diagnostics.qll with Ruby :-( 2024-10-24 15:14:13 +02:00
Michael Nebel dd993c3900
Merge pull request #17509 from michaelnebel/modelgen/parammodule 
C#/Java: Re-factor the model generator to be a parameterized module.
 2024-09-26 10:57:16 +02:00
Arthur Baars bdb4d89f9f Rust: add Diagnostics.qll 2024-09-24 17:34:27 +02:00
Michael Nebel de4a7da286 Java/C#: No longer sync CaptureModels.qll. 2024-09-19 12:20:55 +02:00
Paolo Tranquilli f8c9d96882 Bazel: remove non-working fake `tree-sitter-extractor` workaround 
The `.cargo/config.toml` override based workaround wasn't really
working, as while `cargo build|check` was reading that, `cargo metadata`
wasn't, ending up in a completely broken IDE experience.

For the moment, we just use a unified workspace `Cargo.toml` for all
extractors using the shared tree-sitter code, which has the downside of
making bazel pull in dependencies for all of them, and not being able to
do sparse checkouts for them. We should investigate and rivist this in
the future.
 2024-09-11 08:17:11 +02:00
Paolo Tranquilli 7e1290aa74 Rust: reuse shared rust trap library 2024-08-30 16:08:37 +02:00
Mathias Vorreiter Pedersen 00d772f980 C++: Fix value numbering imports. 2024-06-24 11:53:24 +01:00
Michael Nebel 8630583856 C#/Java: Exclude the model printing implementation form sync files. 2024-06-24 11:50:57 +02:00
Tom Hvitved 94d2e9591d Tree-sitter: Emit `empty_location` relation to avoid scan 2024-05-27 10:39:21 +02:00
Cornelius Riemenschneider 8c46b61e85 Ruby: Change how we pull in `shared/tree-sitter-extractor` dependency 
Previously, we pulled in the shared tree-sitter extractor via a `git`
dependency in `Cargo.toml` to address a `rules_rust` limitation (no `path`
dependencies outside of the cargo workspace)). This was a problem,
as that means we're cloning `github/codeql` _again_ for the build, which is
quite slow.

I found another way that is faster, and still produces correct builds
for both `cargo`` and `rules_rust`:
* Cargo depends on a fake crate that has the same dependencies as the real crate (thanks to `sync-files.py`). Therefore, cargo pulls in the right dependencies into the lockfile, which bazel targets
* For local builds, we override the path to that dependency in a cargo config, so we're pulling in the correct code
* rules_rust only uses `path` dependencies for collecting transitive dependencies, it never pulls in the code from there. So far that, we manually provide a `BUILD.bazel` file for the shared extractor, and depend on that.
 2024-05-24 15:37:35 +02:00
Rasmus Wriedt Larsen e0e405bb31
Python: replace dataflow-test location in files 2024-04-23 09:40:59 +02:00
Tom Hvitved a6c147134a Java: Switch to shared `XML.qll` implementation 2024-03-19 13:15:45 +01:00
Tom Hvitved 754b491d09 C++: Switch to shared `XML.qll` implementation 2024-03-19 13:14:42 +01:00
Tom Hvitved 529e901fb1 C#: Switch to shared `XML.qll` implementation 2024-03-19 13:14:42 +01:00
Tom Hvitved 16cef92106 JS: Add `DataFlow::Node.getLocation` 2024-03-13 13:06:16 +01:00
Michael Nebel f2e467d8ea C#: Cleanup identical-files. 2024-03-07 19:22:47 +01:00
Tom Hvitved 62b16c0fa3 Share `getFileBySourceArchiveName` implementation 2024-02-23 11:25:49 +01:00
erik-krogh 0511786a22
delete typo files from list of synchronized files 2024-01-22 09:15:27 +01:00
Tom Hvitved 84aa9f17a0 Python/Ruby: Use `SummaryTypeTracker` from `typetracking` pack 2023-12-14 13:25:18 +01:00
Tom Hvitved 2d3f96f201 Swift: Use `FlowSummaryImpl` from `dataflow` pack 2023-12-10 11:25:44 +01:00
Tom Hvitved 35c654aa76 Go: Use `FlowSummaryImpl` from `dataflow` pack 2023-12-10 11:25:44 +01:00
Tom Hvitved faaa558ed9 Python: Use `FlowSummaryImpl` from `dataflow` pack 2023-12-10 11:25:44 +01:00
Tom Hvitved a2093c9aa2 C#: Use `FlowSummaryImpl` from `dataflow` pack 2023-12-10 11:25:43 +01:00
Tom Hvitved 28373e0fdf JS: Adapt to changes in shared code 2023-12-10 11:25:43 +01:00
Tom Hvitved 0e81577269 Ruby: Use `FlowSummaryImpl` from `dataflow` pack 2023-12-10 11:25:43 +01:00
Tom Hvitved 6ce8e0510f Ruby: Adopt shared type tracking library 2023-11-20 16:03:24 +01:00
Asger F 6df919a917 JS/Ruby: remove sync between two queries 2023-10-11 10:06:11 +02:00
Alex Ford 4031623fda Ruby: delete identical-files refs to deleted files 2023-09-21 14:22:34 +01:00
Tom Hvitved 253f932d2a Python: Use data flow consistency checks from shared pack 2023-08-30 15:29:41 +02:00
Tom Hvitved 9af706c2a5 Swift: Use data flow consistency checks from shared pack 2023-08-30 15:29:41 +02:00
Tom Hvitved db304d118b C++: Use data flow consistency checks from shared pack 2023-08-30 15:29:41 +02:00
Tom Hvitved fefe64bf0c Java: Use data flow consistency checks from shared pack 2023-08-30 15:29:41 +02:00
Tom Hvitved 5c8367a695 C#: Use data flow consistency checks from shared pack 2023-08-30 15:29:41 +02:00
Tom Hvitved c4b626a416 Ruby: Use data flow consistency checks from shared pack 2023-08-30 15:29:41 +02:00
yoff 6e05246daa
Merge pull request #13935 from yoff/python/mad-on-externals 
Python: MaD on externals
 2023-08-28 14:04:54 +02:00
Rasmus Lerchedahl Petersen ad49eada48 Python: Do not alter `codeql-workspaces.yml` 
And remove the qlpack referred to therein.
Instead we rename and duplicate the extesion file
that this qlpack pointed to.
These two extension files are kept in sync by `identical-files.json`.
 2023-08-25 11:46:41 +02:00
Jeroen Ketema 2d0f73d7c2
Merge pull request #13881 from jketema/shared-taint-tracking 
Introduce shared taint tracking library
 2023-08-21 12:45:49 +02:00
Tom Hvitved 7cc01ea8b5
Merge pull request #13595 from hvitved/csharp/use-shared-cfg-pack 
C#: Adopt shared CFG construction library from shared `controlflow` pack
 2023-08-17 10:37:09 +02:00
Jeroen Ketema 33e8310625
Merge branch 'main' into shared-taint-tracking 2023-08-17 00:14:25 +02:00
Owen Mansel-Chan 039925164d
Keep newline at the end of identical-files.json 
VS Code's JSON formatter removed it automatically. It turns out
that the easiest way to keep it is to use the
`files.insertFinalNewline` setting, which the JSON formatter obeys.
 2023-08-10 15:49:55 +01:00
Owen Mansel-Chan 653563fcbc
Make `StringsNewReplacer` use new API 
We don't have to keep a deprecated copy as this is private. This allows
us to delete a copy of the DataFlow library!
 2023-08-10 15:48:57 +01:00
Jeroen Ketema 747cd1745a
Update all languages to use the shared taint-tracking library 2023-08-04 22:53:25 +02:00
Jeroen Ketema bdd64ce86d
Introduce shared taint tracking library 2023-08-04 22:51:55 +02:00
Tom Hvitved b69188fee9 C#: Adopt shared CFG construction library from shared `controlflow` pack 2023-08-03 14:12:24 +02:00
Tom Hvitved 1988397f93 Make shared CFG construction library a parameterized module 2023-08-03 09:39:30 +02:00
Anders Schack-Mulligen 5946d5e806 Dataflow: Remove sync. 2023-08-01 14:02:34 +02:00
Rasmus Lerchedahl Petersen 0267b32904 fix eol 2023-06-14 21:17:12 +02:00
Rasmus Lerchedahl Petersen b5961c7f6b ruby: move to internal folder 2023-06-13 11:49:30 +02:00
Rasmus Lerchedahl Petersen b294f48dbe Merge branch 'main' of https://github.com/github/codeql into python-ruby/track-through-summaries-pm 2023-06-09 14:16:34 +02:00
Geoffrey White 02cae30270 Merge branch 'main' into sharedsensitive 2023-05-31 12:57:33 +01:00