github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
47 581 коммит 1 542 Ветки 132 Теги 495 MiB
Граф коммитов

47581 Коммитов

Автор SHA1 Сообщение Дата
Michael Nebel d7aafbfe64 Java: Add model generator script that emits data extensions. 2022-11-28 12:30:35 +01:00
Michael Nebel 9c93402b26 Java: Convert integration test to use data extensions instead of inlined models. 2022-11-28 12:30:35 +01:00
Michael Nebel 157a228088 Java: Add query packs with names to enable dependency resolution. 2022-11-28 12:30:35 +01:00
Michael Nebel 2d309bb8f8 Java: Include the library query pack to get the data extensions included. 2022-11-28 12:30:35 +01:00
Michael Nebel b3a3b676ba Java: Remove manual models from QL code. 2022-11-28 12:30:34 +01:00
Michael Nebel f4e1867d28 Java: Define extensible predicates to at least be empty. 2022-11-28 12:30:34 +01:00
Michael Nebel 0abeb831c7 Java: Move summaryModel predicate, which constructs a CSV row to the testcode where it is used. 2022-11-28 12:30:34 +01:00
Michael Nebel 663d091776 Java: Invert dependencies and use the extensible predicates. 2022-11-28 12:30:34 +01:00
Michael Nebel 9cb5ff1cdc Java: Add data extensions for all manual models. 2022-11-28 12:30:34 +01:00
Michael Nebel 8e25cac653 Java: Add extensible predicates. 2022-11-28 12:30:34 +01:00
Michael Nebel 7b6f202f23 Java: Renaming. 2022-11-28 12:30:34 +01:00
Michael Nebel 63e2206d16 Java: Prepare QL pack for data extensions. 2022-11-28 12:30:34 +01:00
Michael Nebel fc4b9827b9 Java: Add script for converting extensions. 2022-11-28 12:30:34 +01:00
Michael Nebel 9f7103c4fb Java: Add queries for extracting sources, sinks and summaries. 2022-11-28 12:30:34 +01:00
Michael Nebel a8ee878356 Java: Add bi-directional import of FragmentInjection. 2022-11-28 12:30:33 +01:00
Michael Nebel 663112576a Java: Update commons-io models. 2022-11-28 12:30:33 +01:00
Erik Krogh Kristensen 7a3898168f
Update README.md 2022-11-28 12:12:36 +01:00
Tom Hvitved cde05e1190 Data flow: Sync files 2022-11-28 12:11:38 +01:00
Tom Hvitved c65780ee99 Data flow: Inline `revFlowInNotToReturn` 2022-11-28 12:11:18 +01:00
Tom Hvitved bdb205a318 Data flow: Track return kind instead of return position in pruning stages 2-4 2022-11-28 12:11:18 +01:00
Tom Hvitved 4346a7f426 Data flow: Inline `fwdFlowOutNotFromArg` 2022-11-28 12:11:18 +01:00
Tom Hvitved 70d2a0df8a Data flow: Track parameter position instead of parameter in pruning stages 2-4 2022-11-28 12:11:12 +01:00
Taus 530b795eaa
Merge pull request #11402 from yoff/python/port-super-not-enclosing-class 
Python: port `py/super-not-enclosing-class`
 2022-11-28 11:52:57 +01:00
Nick Rolfe 8a94cabdbf
Merge pull request #11250 from github/nickrolfe/stack-trace-exposure 
Ruby: add stack-trace exposure query
 2022-11-28 10:45:59 +00:00
Geoffrey White b3d2e759a6 Swift: Update swift/sql-injection to include local flow sources. 2022-11-28 10:11:44 +00:00
Geoffrey White a5a459fe0a Swift: Update swift/unsafe-js-eval to include local flow sources. 2022-11-28 10:11:44 +00:00
Michael Nebel 7456f3750d
Merge pull request #11432 from michaelnebel/java/flowtestgeneratortools 
Java: Flow test case generator
 2022-11-28 10:41:42 +01:00
erik-krogh 0c2ff98dc2
add flow from the first splat argument to the first splat parameter 2022-11-28 09:54:05 +01:00
erik-krogh d5725255fe
add failing test for splat parameter flow 2022-11-28 09:53:03 +01:00
Michael Nebel 24e830f91d Java: Fix some minor bugs in the CSV printing of summaries for flow test generation. 2022-11-28 09:07:40 +01:00
Michael Nebel abe4d99e12 Java: Make some rudimentary tooling for testing the flow test case generator script. 2022-11-28 09:07:40 +01:00
Chris Smowton 5a0cce2a18
Merge pull request #11430 from erik-krogh/go-go 
GO: get the Go CI to go fast!
 2022-11-26 11:47:04 +00:00
erik-krogh 2b0ecec0c8
only run other-os on non-ql changes 2022-11-26 10:43:33 +01:00
erik-krogh dcfa0b38c1
use a non-xl mac runner because the XL runners keep queing 2022-11-26 10:43:33 +01:00
erik-krogh 2b996f11cc
use query compilation cache 2022-11-26 10:43:33 +01:00
erik-krogh 1e732ad4d7
use XL workers, and update the windows runner 2022-11-26 10:43:33 +01:00
erik-krogh d7763f236f
use more threads for codeql test 2022-11-26 10:43:33 +01:00
erik-krogh b6034b4935
delete language specific format check 2022-11-26 10:43:30 +01:00
Chris Smowton fb1f22144d
Merge pull request #11352 from smowton/smowton/admin/kotlin-tests-1.7.20 
Kotlin: bump default CI version to 1.7.20
 2022-11-25 21:05:10 +00:00
Chris Smowton 0879f02db6 Adapt custom_plugin test to Kotlin 1.7.20 2022-11-25 17:54:53 +00:00
Ian Lynagh a423f5f695 Kotlin: Enable java/misnamed-type query 
We used to get alerts for the class around a local function, a lambda,
or a function reference, which we give name "". Now those are marked as
compiler-generated, and the query ignores compiler-generated types.
 2022-11-25 17:11:40 +00:00
Jeroen Ketema 53b86fd53b
Merge pull request #11428 from jketema/default-taint-tests 
C++: Add more tests that exercise the default taint barrier implementation
 2022-11-25 12:13:18 +01:00
Chris Smowton 180c3cee44 Accept integration test changes caused by variable location changes 2022-11-25 10:54:50 +00:00
Chris Smowton 32847c125a Accept more test changes due to variable locations changing 
There is also one non-location change: kotlin.Byte (and likely other primitives) now have real equals and toString overrides, which matches their native source and documentation; before they appeared to have fake overrides.
 2022-11-25 10:47:48 +00:00
Alex Ford 8362caa9d9
Merge pull request #11417 from alexrford/ruby/activesupport-json_escape 
Ruby: model ActiveSupport `json_escape` flow
 2022-11-25 10:46:34 +00:00
Chris Smowton 8ec681e61c Kotlin: bump default CI version to 1.7.20 
A bunch of test expectations change because 7f531d8426 means that we now see (a) local variable declarations with source locations covering only their identifier, not the whole statement, and (b) more SYNTHETIC_OFFSET values for the parts of a destructuring assignment
or initialiser, which show up as file.kt:0:0:0:0 in DbLocation form.
 2022-11-25 10:19:26 +00:00
Jeroen Ketema 4607f5990e
C++: Add more tests that exercise the default taint barrier implementation 2022-11-25 10:19:45 +01:00
Paolo Tranquilli 8df7d465cb Swift: cache more aggressively in CI 
* the QL compilation cache action is used for ql and integration tests
* all caches (Bazel and QL) are populated on push
 2022-11-25 08:52:46 +01:00
Rasmus Lerchedahl Petersen 77d98b217e Python: add import 2022-11-25 08:52:35 +01:00
yoff d804acdef7
Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2022-11-25 08:50:37 +01:00