github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
59 709 коммитов 1 541 ветка 130 Теги 483 MiB
Граф коммитов

333 Коммитов

Автор SHA1 Сообщение Дата
github-actions[bot] 18d4af994d Post-release preparation for codeql-cli-2.13.1 2023-05-02 10:50:20 +00:00
Tom Hvitved 4687ac16ff Type tracking: Use `noopt`+`inline_late` in `TypeTracker::[small]step` 2023-05-01 11:48:16 +02:00
github-actions[bot] 3bd29171fb Release preparation for version 2.13.1 2023-04-28 12:14:35 +00:00
Harry Maclean 8a89aec220 Shared: Handle trap compression option properly 
Extracting the compression setting from an environment variable is the
responsibility of the API consumer.
 2023-04-27 05:06:57 +00:00
Harry Maclean 3f6087e179 Shared: formatting 2023-04-23 06:04:55 +00:00
Harry Maclean 9005684b10 Shared: Add integration test for shared extractor 
This is a very basic test but provides some confidence that the extractor is
working.
 2023-04-23 05:29:22 +00:00
Harry Maclean ac1d250596 Shared: fix language prefix in extractor 2023-04-21 15:07:47 +07:00
Harry Maclean 8091d57f03 Shared: Remove unused type 2023-04-20 08:07:40 +07:00
Harry Maclean c4d7658cc6 Shared: high level API for the shared extractor 
This API makes it easy to create an extractor for simple use cases.
 2023-04-20 08:07:40 +07:00
Alex Ford 924ce250dd
Merge pull request #12847 from github/post-release-prep/codeql-cli-2.13.0 
Post-release preparation for codeql-cli-2.13.0
 2023-04-18 14:40:40 +01:00
Arthur Baars e5d89b969a
Merge pull request #12780 from aibaars/shared-yaml-lib 
JS: extract YAML library to a shared pack
 2023-04-18 11:09:53 +02:00
github-actions[bot] 648f0e19ec Post-release preparation for codeql-cli-2.13.0 2023-04-17 15:39:24 +00:00
Arthur Baars 048fb8b953 Add change note 2023-04-17 16:43:21 +02:00
github-actions[bot] 075d063370 Release preparation for version 2.13.0 2023-04-14 13:31:30 +00:00
Alex Ford 8c46bfd051
Merge pull request #12816 from github/rc/3.9 
Merge `rc/3.9` into `main`
 2023-04-13 12:35:41 +01:00
Arthur Baars ead8108aed Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2023-04-13 11:11:55 +02:00
Arthur Baars 83cd55cb29 Js/Yaml: add getFile() predicate 2023-04-11 16:01:44 +01:00
Arthur Baars f0b5f9c928 Shared YAML library 2023-04-06 15:11:35 +02:00
Harry Maclean 2107533822 Shared: Clippy fixes 
Use clearer methods where appropriate.
 2023-04-05 18:46:57 +08:00
Harry Maclean 6a8d417588 Shared: Clippy fixes 
Remove unnecessary borrows and lifetime specifiers.
 2023-04-05 18:46:57 +08:00
Harry Maclean a59215f3b9 Shared: Clippy fixes 2023-04-05 18:46:57 +08:00
Harry Maclean b6c071a10b Shared: Further consolidate generators 2023-04-05 18:46:57 +08:00
Harry Maclean f74d13cf06 Shared: Add db generation functions 
These are currently duplicated across the Ruby and QL extractors. Adding
them to the shared extractor library will get rid of this duplication.
 2023-04-05 18:46:56 +08:00
github-actions[bot] ac426b1302 Post-release preparation for codeql-cli-2.12.6 2023-04-04 16:49:26 +00:00
github-actions[bot] 0a3218676c Release preparation for version 2.12.6 2023-03-30 19:25:06 +00:00
github-actions[bot] e87ce62f95 Post-release preparation for codeql-cli-2.12.5 2023-03-30 13:48:58 +00:00
Erik Krogh Kristensen d3c3f2dc90
Merge pull request #12628 from erik-krogh/betterReDoS 
ReDoS: better super-linear algorithm
 2023-03-27 15:26:49 +02:00
Harry Maclean 6b2e8847f5 Rename shared extractor 
It is now called `tree-sitter-extractor`, to make it clearer that it
builds on tree-sitter grammars.
 2023-03-25 10:43:07 +13:00
erik-krogh 404cbc93eb
rename succ to pumpEnd throughout SuperLinearBackTracking.qll 2023-03-23 10:46:22 +01:00
erik-krogh 3f18b7730f
address some review comments 2023-03-23 10:39:56 +01:00
erik-krogh e189b36e3f
materialize less strings when ranking states 2023-03-23 10:35:58 +01:00
Harry Maclean c90299baee Ruby: Move codeql_threads calculation to library 2023-03-23 11:58:19 +13:00
Harry Maclean c4a7389873 Ruby: Move extractor into shared crate 
This makes it possible for different languages to share this extractor.
 2023-03-23 11:58:18 +13:00
erik-krogh 3d9bbd7824
ReDoS: fix potential bad mistake caught by QL-for-QL 2023-03-22 10:16:23 +01:00
erik-krogh 801e0ff050
ReDoS: implement a better super-linear algorithm, with better worst-case performance 2023-03-22 10:13:16 +01:00
Asger F 6d665da4dc
Merge pull request #12570 from github/post-release-prep/codeql-cli-2.12.5 
Post-release preparation for codeql-cli-2.12.5
 2023-03-21 13:06:25 +01:00
Erik Krogh Kristensen 2270d6fa61
fix typo 
Co-authored-by: Taus <tausbn@github.com>
 2023-03-20 10:56:30 +01:00
github-actions[bot] 981e171525 Post-release preparation for codeql-cli-2.12.5 2023-03-17 13:27:00 +00:00
github-actions[bot] fe4d27e8cc Release preparation for version 2.12.5 2023-03-16 12:58:50 +00:00
erik-krogh 54ec047433
ReDoS: put an artificial limitation on the analysis in polynomial-redos for large regular expressions 2023-03-16 12:20:53 +01:00
Anders Schack-Mulligen 3640b6d3a8 Shared: Autoformat 2023-03-10 09:41:20 +01:00
github-actions[bot] af61b45785 Post-release preparation for codeql-cli-2.12.4 2023-03-04 14:16:55 +00:00
github-actions[bot] 462da63970 Release preparation for version 2.12.4 2023-03-03 14:11:51 +00:00
Tom Hvitved bd5ae88a9a Ruby: Move `FileSystem.qll` implementation into shared `util` pack 2023-02-23 10:21:04 +01:00
Tom Hvitved 879eff41ea
Merge branch 'main' into util/inline-expect-test-use-end-line 2023-02-20 10:03:38 +01:00
Tom Hvitved 85e4707e0c Util: Use end line instead of start line for actual results 2023-02-17 13:22:28 +01:00
github-actions[bot] 8eb8daa4d4 Post-release preparation for codeql-cli-2.12.3 2023-02-16 17:23:25 +00:00
github-actions[bot] b0315119c6 Release preparation for version 2.12.3 2023-02-16 11:49:06 +00:00
Tom Hvitved 29ce9bfe24 Util: Make some predicates private 2023-02-13 15:58:31 +01:00
Tom Hvitved 97f79602a9 Copy `NumberUtils.qll` from Ruby into shared `util` pack 2023-02-13 15:57:53 +01:00
github-actions[bot] faf21f3edb Post-release preparation for codeql-cli-2.12.2 2023-02-02 23:01:04 +00:00
github-actions[bot] a4fa984792 Release preparation for version 2.12.2 2023-02-02 14:34:55 +00:00
Erik Krogh Kristensen 1ee9957838
Merge pull request #9807 from erik-krogh/endFilter 
JS: recognize "-->" as a bad tag filter
 2023-01-23 10:06:50 +01:00
github-actions[bot] b62cb6ba84 Post-release preparation for codeql-cli-2.12.1 2023-01-20 19:49:56 +00:00
github-actions[bot] 005b3e4a47 Release preparation for version 2.12.1 2023-01-20 12:03:19 +00:00
erik-krogh 38ca68febb
recognize "-->" as a bad tag filter 2023-01-10 18:09:56 +01:00
Tony Torralba 7ef8099a8b Shared: Remove omittable exists variables 2023-01-10 13:39:50 +01:00
yoff c01ce955ba
Merge pull request #11778 from yoff/shared/inline-tests 
Shared: Inline test expectations
 2023-01-09 13:21:18 +01:00
github-actions[bot] cdb8f67601 Post-release preparation for codeql-cli-2.12.0 2023-01-06 10:36:34 +00:00
github-actions[bot] b6a8193785 Release preparation for version 2.12.0 2023-01-05 16:32:14 +00:00
Rasmus Lerchedahl Petersen c3b3c05cf3 Revert "Merge pull request #37 from erik-krogh/shared/inline-tests" 
This reverts commit 65fe9abcfe, reversing
changes made to 08e9d3391f.
 2023-01-05 09:19:43 +01:00
Aditya Sharad 9988c19a42
Merge branch 'main' into tutorial/library-pack 2023-01-03 14:08:37 -08:00
erik-krogh b3dd50bc36
inline Location into the shared implementation of InlineExpectationsTest 2022-12-22 11:09:43 +01:00
Rasmus Lerchedahl Petersen b767dcfd18 shared: Add shared inline expectation test library 2022-12-22 10:20:05 +01:00
erik-krogh 5728e3ee8f
Merge branch 'main' into equiv 2022-12-21 21:28:32 +01:00
Arthur Baars 035ad65e43 AlertSuppression: move library into util folder 2022-12-21 10:39:57 +01:00
erik-krogh 0a828f7b31
fix the `left()`/`right()` predicates such that they return an `Either` 2022-12-20 13:56:25 +01:00
erik-krogh b1001d1a10
make TypeWithToString private inside the shared pack 2022-12-20 13:56:25 +01:00
erik-krogh 236e6db996
fix typos 2022-12-20 13:54:02 +01:00
erik-krogh 50a91b5017
shared: add a shared Either type 2022-12-20 13:54:02 +01:00
Aditya Sharad bcd711a708
Tutorial: Add separate QLDoc for Person class 
By moving the existing doc comment to the top level,
that comment is shown when a user hovers over the module name
in `import tutorial`.
 2022-12-19 15:54:12 -08:00
Aditya Sharad d772998bc7
Shared packs: Create `codeql/tutorial` library pack 
This contains the QL detective tutorial library
in `tutorial.qll`, so that it can be shared by
all language libraries and referenced on its own.
 2022-12-19 15:52:11 -08:00
Arthur Baars c9739b21cb AlertSuppression: add support for //codeql comments 2022-12-19 16:10:28 +01:00
Arthur Baars c176606be5 AlertSuppression: allow //lgtm comments to scope over the next line 2022-12-19 16:10:26 +01:00
Arthur Baars 016c7a8ca7
Merge pull request #11719 from aibaars/alert-suppression-shared 
Shared AlertSuppression library
 2022-12-19 16:04:44 +01:00
Arthur Baars 072a180093 Util: add AlertSuppression.qll 2022-12-19 12:06:36 +01:00
erik-krogh 6c8b1cf4be
changes based on Python review 2022-12-19 11:20:31 +01:00
erik-krogh 35e8d6afd4
move getACommonTld into a utility module without parameters 2022-12-18 17:23:45 +01:00
erik-krogh 26c5480ee6
share {js,rb}/regex/missing-regexp-anchor 2022-12-18 17:23:41 +01:00
erik-krogh 355499ea52
move `getACommonTld` to the shared pack 2022-12-17 17:26:18 +01:00
erik-krogh f67d0bc8c0
put the shared HostnameRegexp code in the shared regex pack 2022-12-17 17:26:18 +01:00
Henry Mercer 30451ee950
Merge pull request #11681 from github/henrymercer/mergeback-3.8 
Merge `rc/3.8` back to `main`
 2022-12-16 17:43:12 +00:00
Anders Schack-Mulligen 598b4c38b7
Merge pull request #11619 from aschackmull/java/typetrack-lambda 
Java: Switch DispatchFlow to typetracking.
 2022-12-14 14:08:29 +01:00
Henry Mercer 7167f078be Merge branch 'main' into henrymercer/mergeback-3.8 2022-12-13 18:40:53 +00:00
Anders Schack-Mulligen a29e529690 Shared: Add missing qldoc. 2022-12-13 15:49:30 +01:00
github-actions[bot] 343b7b1c8b Post-release preparation for codeql-cli-2.11.6 2022-12-11 18:15:04 +00:00
github-actions[bot] 0b2fb4f70a Release preparation for version 2.11.6 2022-12-10 15:49:35 +00:00
Anders Schack-Mulligen ae1373c2d6 Shared: Bugfix typetracking source-sink hasFlow. 2022-12-08 14:58:05 +01:00
Chris Smowton 49bc524fd0 Merge remote-tracking branch 'origin/rc/3.8' into smowton/admin/merge-rc38-into-main 2022-12-08 11:12:30 +00:00
Anders Schack-Mulligen 1b77f50fd7 Shared: Address review comments. 2022-12-06 10:42:16 +01:00
Anders Schack-Mulligen ed1fe1447b Shared: Add more precise types in TypeTracker. 2022-12-05 15:19:20 +01:00
Anders Schack-Mulligen 27755d1551 Shared: Add a qlpack with a parameterized module defining type-trackers. 2022-12-05 14:56:11 +01:00
Anders Schack-Mulligen 9eed12af23 Shared: Initial commit with copy of Ruby TypeTracker. 2022-12-05 14:54:03 +01:00
github-actions[bot] 5e35785fd0 Post-release preparation for codeql-cli-2.11.5 2022-12-02 11:37:44 +00:00
github-actions[bot] 31ab22e3a0 Release preparation for version 2.11.5 2022-12-01 20:05:14 +00:00
Anders Schack-Mulligen 758cb8b412 Shared: Fix trailing and non-ascii whitespace. 2022-11-30 11:14:43 +01:00
Anders Schack-Mulligen ba56565125
Update shared/util/codeql/util/Option.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2022-11-30 10:55:07 +01:00
Anders Schack-Mulligen 71f5c8aa88 Shared: Add Util qlpack. 2022-11-30 10:43:33 +01:00
github-actions[bot] 5b14ebf22a Post-release preparation for codeql-cli-2.11.4 2022-11-18 11:26:00 +00:00
github-actions[bot] e105c13e77 Release preparation for version 2.11.4 2022-11-17 16:40:45 +00:00
Tom Hvitved 67b6a82cf1
Merge pull request #11198 from hvitved/ssa/expose-phi-reads 
SSA: Expose phi-read nodes
 2022-11-16 15:11:58 +01:00
erik-krogh dff7b475fb
make the top-level comment in SuperlinearBackTracking.qll a QLDoc 2022-11-15 11:46:44 +01:00
Tom Hvitved 81a1fa167a SSA: Expose phi-reads 2022-11-15 11:45:32 +01:00
Erik Krogh Kristensen d2857006cf
Merge pull request #11247 from erik-krogh/py-redosMod 
Python: use the shared regex pack
 2022-11-14 21:10:43 +01:00
erik-krogh 324e0e8f90
always sort both by location and by term tostring 2022-11-14 17:33:48 +01:00
Tom Hvitved b242bd6468
Merge pull request #11080 from github/revert-11074-revert-10576-ssa/consistency-queries 
Revert "Revert "SSA: Turn consistency predicates into `query` predicates""
 2022-11-14 14:43:58 +01:00
erik-krogh f5daee2483
port canonicalization fix from #11071 to the shared pack 2022-11-07 14:26:55 +01:00
erik-krogh 5ec22bc180
add a shared regex pack 2022-11-07 14:22:46 +01:00
github-actions[bot] fca754bddd Post-release preparation for codeql-cli-2.11.3 2022-11-05 14:30:48 +00:00
github-actions[bot] 508327235a Release preparation for version 2.11.3 2022-11-04 20:16:23 +00:00
Tom Hvitved 1e3adcd14e
Revert "Revert "SSA: Turn consistency predicates into `query` predicates"" 2022-11-02 11:37:37 +01:00
Tom Hvitved 780ea72b3b
Revert "SSA: Turn consistency predicates into `query` predicates" 2022-11-02 09:11:45 +01:00
Tom Hvitved 28b7ab7fbe
Merge pull request #11066 from hvitved/ssa/deprecate-no-uncertain-reads-predicates 2022-11-01 22:06:08 +01:00
Tom Hvitved 640b0ce093 SSA: Deprecate `*NoUncertainReads` predicates 2022-11-01 15:21:32 +01:00
Arthur Baars aba87a139d
Merge pull request #10668 from aibaars/ruby-deps 
Ruby: update dependencies
 2022-11-01 13:55:42 +01:00
Tom Hvitved 4edef874d6 SSA: Turn consistency predicates into `query` predicates 2022-11-01 10:01:56 +01:00
github-actions[bot] be7693283b Post-release preparation for codeql-cli-2.11.2 2022-10-21 08:07:17 +00:00
github-actions[bot] 9a0848bbc4 Release preparation for version 2.11.2 2022-10-20 11:05:19 +00:00
github-actions[bot] b8ef9e0ddc Post-release preparation for codeql-cli-2.11.1 2022-10-07 15:59:45 +00:00
github-actions[bot] a02dcdc5e1 Release preparation for version 2.11.1 2022-10-07 02:20:28 +00:00
Arthur Baars ae7e6ef701 Ruby: update dependencies 2022-10-04 13:44:22 +02:00
github-actions[bot] 6cef0af5df Post-release preparation for codeql-cli-2.11.0 2022-09-23 21:01:40 +00:00
Dave Bartolomeo 55b1d89fd3
More relevant change note 2022-09-23 09:29:09 -04:00
Dave Bartolomeo e695630822
More relevant change note 2022-09-23 09:28:50 -04:00
Dave Bartolomeo 85bfc1d79e
More relevant change note 2022-09-23 09:27:47 -04:00
Dave Bartolomeo a792a7005b
More relevant change note 2022-09-23 09:27:19 -04:00
github-actions[bot] f5cf8cffa3 Release preparation for version 2.11.0 2022-09-22 20:14:12 +00:00
erik-krogh 88f295fbb1
make a shared library of the typo database 2022-09-08 15:49:43 +02:00
Tom Hvitved 9ebabd1e1f SSA: Strip `shared` from namespace and qlpack name 2022-09-05 11:17:30 +02:00
Tom Hvitved ba62b9e822 Address review comments 2022-09-02 13:07:27 +02:00
Tom Hvitved 6b728acd9e Use specific `codeql/shared-ssa` pack for the SSA library 2022-09-01 21:23:33 +02:00
Tom Hvitved 5f30d4ca21 SSA: Add missing QL doc 2022-09-01 09:36:50 +02:00
Tom Hvitved 8e5d6ba4f9 SSA: Create a new `shared` library pack and move implementation there 2022-09-01 09:36:49 +02:00