github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
47 581 коммит 1 542 Ветки 132 Теги 495 MiB
Граф коммитов

169 Коммитов

Автор SHA1 Сообщение Дата
Paolo Tranquilli 141ba2e039 Bazel: rename workspace to codeql 2022-04-12 17:37:29 +02:00
Paolo Tranquilli 6440242268 Swift+Bazel: apply review comments 2022-04-12 16:03:20 +02:00
Paolo Tranquilli a205b465ba Bazel: reorganization 
* fixed 5.0.0 as bazel version
* made dependencies better loadable
* moved `//swift/install` to `//swift:create-extractor-pack` (following
  the clearer ruby naming)
* renamed `extractor_pack` to `extractor-pack` for consistency with Ruby
 2022-04-12 12:40:59 +02:00
Paolo Tranquilli 13b2442fed Bazel: code reorganization 2022-04-12 12:40:59 +02:00
Dave Bartolomeo 9f074cd8fd Bump a few more versions 
Also fixes up some dependency declarations that should have been "*" because they refer to packs in the same workspace.
 2022-04-08 13:01:41 -04:00
Michael Nebel 7eddc1e7ec Java: Adjust scripts for new location. 2022-03-23 10:35:32 +01:00
Michael Nebel 7fc11be787 Java: Move generate_flow_model file into a shared models-as-data script folder. 2022-03-23 10:35:32 +01:00
Mathias Vorreiter Pedersen 5cbd86519b C++: Add internal extraction errors query and modify the 'code-scanning-selectors' to exclude internal queries. 2022-03-22 10:52:02 +00:00
Paolo Tranquilli ef4d1de9c3 check-qhelp: call super init in IncludeHandler 
`xml.sax.ContentHandler` has a non-trivial `__init__`. While this is
probably harmless, it does not hurt to fix this.
 2022-03-01 16:50:55 +01:00
Paolo Tranquilli 01a37e5165 fix `check-qhelp.py` again 2022-02-24 11:56:47 +01:00
Paolo Tranquilli 4020464c2d fix `check-qhelp.py` 
It turns out checking changes on `.inc.qhelp` files is a bit trickier,
as we need to first find which `qhelp` files use them. The previous
iteration of this script was working under the assumption that
`.inc.qhelp` files were only included from the current or a parent
path, but this turns out to be wrong.

This time around, if we are asked to check one or more `.inc.qhelp`
files we build an include map from all `qhelp` files and run the help
generator on the `qhelp` files actually including them.
 2022-02-24 11:40:46 +01:00
Paolo Tranquilli 9667315d49 pre-commit: add qhelp check 
Also the instructions on customizing `pre-commit`'s behaviour have been
updated to use the `--config` option.
 2022-02-24 10:55:53 +01:00
Jeroen Ketema 671528b483 Find `qldir` by using the location of `prepare-db-upgrade.sh` 2022-02-16 11:35:15 +01:00
Jeroen Ketema 8ad0d8ea69 Factor out creating `upgrade.properties` into a function 2022-02-16 10:54:12 +01:00
Jeroen Ketema b27dd6ca72 Simplify check_hash_valid 2022-02-16 10:53:39 +01:00
Jeroen Ketema f558ac5b07 Make `--lang` a required script argument 2022-02-16 10:18:55 +01:00
Jeroen Ketema 1209bbd9b4 Add version of `prepare-db-upgrade.sh` supporting multiple languages 2022-02-15 18:39:21 +01:00
Benjamin Muskalla ff8a96b96d
Rename framework coverage query 
Move it to the other summary queries, update all references.
 2022-02-08 11:14:03 +01:00
Benjamin Muskalla 6e3d2a2046
Update misc/suite-helpers/security-and-quality-selectors.yml 
Co-authored-by: Henry Mercer <henry.mercer@me.com>
 2022-02-08 11:07:35 +01:00
Benjamin Muskalla fb91821882
Update misc/suite-helpers/security-extended-selectors.yml 
Co-authored-by: Henry Mercer <henry.mercer@me.com>
 2022-02-08 11:06:51 +01:00
Benjamin Muskalla 94c517efd6
Update misc/suite-helpers/code-scanning-selectors.yml 
Co-authored-by: Henry Mercer <henry.mercer@me.com>
 2022-02-08 11:06:35 +01:00
Benjamin Muskalla 284c397883
Update misc/suite-helpers/lgtm-selectors.yml 
Co-authored-by: Henry Mercer <henry.mercer@me.com>
 2022-02-08 11:06:30 +01:00
Benjamin Muskalla a1432c47dc
Exclude framework coverage query from suites 
We don't want to run this query on any database but rather
in a specific setup. Exclude from suites by default.
 2022-02-07 12:08:18 +01:00
Dave Bartolomeo d0dac03bad Manually bump versions 2021-11-29 14:21:08 -05:00
Dave Bartolomeo 2dfcd1dd9c Add `groups` property 
Also removed versions from test packs
 2021-11-29 14:15:53 -05:00
Arthur Baars dcf71c4f9a Ruby: update generate-code-scanning-query-list.py 2021-10-25 15:04:34 +02:00
Arthur Baars a6ac2e73a1 Speed up generate-code-scanning-query-list.py 
Use 'codeql execute cli-server' to avoid repeated JVM startup overhead
 2021-10-25 15:03:28 +02:00
Tamas Vajk 70ffbae091 Introduce foldable region in CSV coverage PR comments 2021-10-19 13:34:25 +02:00
Tamás Vajk d52616b687
Merge pull request #6683 from tamasvajk/feature/csv-coverage-fix 
Only leave CSV coverage updater job enabled on github/codeql
 2021-09-14 10:13:28 +02:00
Tamas Vajk 80f5ec29d4 Log stdout and stderr in CSV coverage jobs 2021-09-13 16:16:03 +02:00
Tamas Vajk cc7471f37d Fix package separator in timeseries report 2021-09-09 12:53:59 +02:00
Tamas Vajk cbb37f70c4 Change timeseries CSV report to only include dates when values changed 2021-09-09 11:34:38 +02:00
Tamas Vajk 1fe9e9262f Fix CSV timeseries script to create DB with scheme from correct git SHA 2021-09-09 10:59:52 +02:00
Rasmus Wriedt Larsen 67df890f68 Misc: Fail by default if query pack can't be found 2021-09-03 10:56:49 +02:00
Rasmus Wriedt Larsen 9386a900eb Misc: Clean whitespace in generate-code-scanning-query-list.py 2021-09-03 10:46:25 +02:00
Dave Bartolomeo ede2ae11e9 Fix incompatibility with release CLI 
This fixes #6563, in which a customer reports being unable to run a query suite despite following the "Getting Started with the CodeQL CLI" instructions. The problem is that the released versions of the CodeQL CLI incorrectly disallow any reference to a library pack from within a .qls file. This is a CLI bug that will be fixed in the next CLI release, but since our policy is to make `github/codeql`'s `main` branch compatible with the latest released CLI, we need to work around this for now by pretending `codeql/suite-helpers` is a query pack.
 2021-08-27 14:17:48 -04:00
Andrew Eisenberg 3660c64328 Packaging: Rafactor Python core libraries 
Extract the external facing `qll` files into the codeql/python-all
query pack.
 2021-08-24 13:23:45 -07:00
Andrew Eisenberg c9f1c98390 Packaging: C# refactoring 
Split c# pack into `codeql/csharp-all` and `codeql/csharp-queries`.
 2021-08-19 14:09:35 -07:00
Andrew Eisenberg 8e750f18ad Packaging: Java refactoring 
Split java pack into `codeql/java-all` and `codeql/java-queries`.
 2021-08-19 14:09:35 -07:00
Andrew Eisenberg 2c5dd2dfa3 Packaging: Refactor the cpp libraries 
This PR separates the core cpp packs into `codeql/cpp-queries` and
`codeql/cpp-all`.

There are very few lines of code changed. Almost all changes are moving
files around.
 2021-08-17 11:22:36 -07:00
Andrew Eisenberg e566fb9c5a Packaging: Update suite-helpers qlpack 
Uses new style naming scheme.
 2021-08-16 17:51:33 -07:00
Arthur Baars d960ef2dac Code Scanning selectors: Include diagnostic and summary metric queries 2021-07-19 17:05:43 +02:00
Tamas Vajk f3f069fed5 Fix markdown link in framework coverage PR comment 2021-07-02 11:56:00 +02:00
Tamas Vajk dc63f23d6b Fix review findings 2021-06-30 13:40:36 +02:00
Tamas Vajk 6a35c8c5f4 Upgrade database in coverage report jobs 2021-06-30 13:40:36 +02:00
Tamás Vajk 10a6089739
Merge pull request #6148 from tamasvajk/feature/try-csv-source-models 
C#: Start using CSV based flow models
 2021-06-30 12:58:42 +02:00
Tamas Vajk 513482b4d5 Adjust code review findings (string escaping) 2021-06-29 08:45:13 +02:00
Tamas Vajk 006303420b Fix CSV framework coverage commenter workflow 2021-06-28 15:07:13 +02:00
Tamas Vajk 3170781d57 Rework timeseries report to iterate git history only once 2021-06-28 11:29:45 +02:00
Tamas Vajk 1ec1e1cfc8 Adjust framework coverage report generator to include all sources not just remote ones 2021-06-28 11:20:32 +02:00
Tamas Vajk 4524563923 Fix timeseries coverage report to handle multiple languages 2021-06-28 11:20:32 +02:00
Tamas Vajk 1d8b19e153 Adjust coverage report generator to allow multiple sink identifiers per CWE 2021-06-28 11:20:32 +02:00
Tamas Vajk 5aba7142e8 C#: Add framework coverage report 2021-06-28 11:20:32 +02:00
Tamas Vajk 016e8fb2cf Adjust framework coverage jobs to cover C# 2021-06-28 11:20:32 +02:00
Tamás Vajk 1cddcdfcb1
Merge pull request #6123 from tamasvajk/feature/framework-coverage-pr 
Add scheduled job to update framework coverage
 2021-06-25 09:18:10 +02:00
Tamas Vajk 477dfa28ec Fix framework coverage commenting action 
This commit handles the case when the current run finds no coverage change and the previous run is identified,
but it doesn't have the required artifacts.
 2021-06-24 10:44:36 +02:00
Tamas Vajk ad6e47be39 Apply code review findings 2021-06-24 09:13:08 +02:00
Tamas Vajk 7557b7a67d Add scheduled coverage job to open PR with changes 2021-06-24 09:13:08 +02:00
Tamas Vajk 9d004ec2d5 Handle case when changes had been reported, and then removed 2021-06-23 08:25:20 +02:00
Tamas Vajk a165cde808 Compute framework coverage diff in artifacts job 2021-06-23 08:25:20 +02:00
Tamas Vajk d6361d8500 Use string interpolation 2021-06-23 08:23:44 +02:00
Tamas Vajk 12e4ad2640 Fix code quality issues 2021-06-23 08:23:44 +02:00
Tamas Vajk d28fd363f9 Fix string vs int ID comparison 2021-06-23 08:23:44 +02:00
Tamas Vajk 801007357f Only post comment with framework coverage change if it changed or wasn't done before 2021-06-23 08:23:44 +02:00
Tamas Vajk 0e91269a23 Refactor framework coverage job to download artifacts from python 2021-06-23 08:23:44 +02:00
Tamas Vajk 07b83d5dc1 Remove commented code 2021-06-17 13:04:39 +02:00
Tamas Vajk 4abaa7870f Add CSV coverage PR commenter 2021-06-17 13:04:39 +02:00
Tamas Vajk 916780a452 Fix codeql CLI path 2021-06-10 15:07:54 +02:00
Tamas Vajk b067309909 Change artifact names 2021-06-10 11:26:07 +02:00
Tamas Vajk 55dd6ed3d1 Allow space separated package patterns in framework-aggregated reports 2021-06-10 10:54:12 +02:00
Tamas Vajk ba9c2e0702 Rework CSV report generator and change timeseries report to use framework.csv 2021-06-10 10:11:24 +02:00
Tamas Vajk c6cb7c6eed Rename time-series file to timeseries 2021-06-10 10:11:24 +02:00
Tamas Vajk d0ec1e2f37 Generate file with package info 2021-06-10 10:11:24 +02:00
Tamas Vajk 3353c3ecdd Add workflow to generate timeseries CSV coverage report 2021-06-10 10:11:24 +02:00
Tamas Vajk 4de4277a8d Add timeseries CSV generator script 2021-06-10 10:11:23 +02:00
Tamas Vajk 18931e39c8 Improve error reporting in CI check for CSV coverage report comparison 2021-05-31 09:52:14 +02:00
Henry Mercer 263699d8bc
Merge pull request #5914 from github/henrymercer/code-scanning-diagnostic-queries 
Code Scanning selectors: Include diagnostic queries
 2021-05-28 18:53:11 +01:00
Tamas Vajk 8880d0055e Fix file formatting 2021-05-25 13:33:26 +02:00
Tamas Vajk 511486d045 Rework file diff (show line differences) 2021-05-25 13:33:26 +02:00
Tamas Vajk ce53586002 Refactor file comparison 2021-05-25 13:33:26 +02:00
Tamas Vajk 3db22ba482 Add Java coverage report files 2021-05-25 13:33:26 +02:00
Tamas Vajk f09352620f Add comparison step to workflow 2021-05-25 13:33:26 +02:00
Tamas Vajk f1911e338d Move and generate files to documentation folder + clean up after the script is executed 2021-05-25 13:33:26 +02:00
Tamas Vajk 6dc46ec1ee Add org.apache.commons.io to frameworks, and handle overlapping package prefixes 2021-05-25 13:33:25 +02:00
Tamas Vajk 663e6a8d73 Use non-breaking hyphen in CWE identifier 2021-05-25 13:33:25 +02:00
Tamas Vajk dda401f62a Inline CSV table into RST page 2021-05-25 13:33:25 +02:00
Tamas Vajk 2e67a3216c Add option to manually trigger the workflow 2021-05-25 13:33:25 +02:00
Tamas Vajk 1297d1c744 Add framework and cwe static data 2021-05-25 13:33:25 +02:00
Tamas Vajk 2adb3e992a Code quality improvements on coverage report generator script 2021-05-25 13:33:25 +02:00
Tamas Vajk d0a46eb7b7 Adjust formatting 2021-05-25 13:33:25 +02:00
Tamas Vajk f26dba67ac Adjust 'Total' label to 'Totals' 2021-05-25 13:33:25 +02:00
Tamas Vajk 564fca0da4 Adjust workflow triggers and uploads 2021-05-25 13:33:25 +02:00
Tamas Vajk ef414681be Add RST documentation page 2021-05-25 13:33:25 +02:00
Tamas Vajk beea36191b Add CSV file with framework and CWE info to be used in RST file 2021-05-25 13:33:25 +02:00
Tamas Vajk 979034a17f Add github action to generate CSV coverage report 2021-05-25 13:33:25 +02:00
Henry Mercer 0ad69d11a8 Code Scanning selectors: Include diagnostic queries 2021-05-17 18:39:33 +01:00
Henry Mercer a3c57c43c8 Code Scanning selectors: Include summary metrics 2021-05-05 16:38:39 +01:00
Henry Mercer 74c9994305 Code Scanning selectors: Add alert aliases 2021-05-05 16:36:39 +01:00
Mathias Vorreiter Pedersen 229ab7623e - Add pre-commit hook script to misc/scripts 
- Refer to it in CONTRIBUTING.md
- Add setup note in docs folder
 2021-01-05 13:47:30 +01:00
Bas van Schaik 31495b876e
Python script to generate lists of code scanning queries in CSV format (#4177) 
* Create a PowerShell script that can be used to report on the set of queries inside of a particular QL Suite.
* Translate PowerShell script into Python
* support running this script from anywhere within the CodeQL git repo
* print non-fatal error if metadata is not available
* make sure warning about missing pack is printed to stderr
* only run on pushes against main and rcs
* detect repo by checking remote, rather than first SHA
* specify full sha of dsaltares/fetch-gh-release-asset
* trigger workflow on PR that modifies paths of interest

Co-authored-by: Justin Hutchings <jhutchings1@users.noreply.github.com>
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
 2020-09-10 12:25:02 -07:00