github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
58 310 коммитов 1 532 Ветки 130 Теги 474 MiB
Граф коммитов

284 Коммитов

Автор SHA1 Сообщение Дата
Tom Hvitved 253f932d2a Python: Use data flow consistency checks from shared pack 2023-08-30 15:29:41 +02:00
Tom Hvitved 9af706c2a5 Swift: Use data flow consistency checks from shared pack 2023-08-30 15:29:41 +02:00
Tom Hvitved db304d118b C++: Use data flow consistency checks from shared pack 2023-08-30 15:29:41 +02:00
Tom Hvitved fefe64bf0c Java: Use data flow consistency checks from shared pack 2023-08-30 15:29:41 +02:00
Tom Hvitved 5c8367a695 C#: Use data flow consistency checks from shared pack 2023-08-30 15:29:41 +02:00
Tom Hvitved c4b626a416 Ruby: Use data flow consistency checks from shared pack 2023-08-30 15:29:41 +02:00
yoff 6e05246daa
Merge pull request #13935 from yoff/python/mad-on-externals 
Python: MaD on externals
 2023-08-28 14:04:54 +02:00
Rasmus Lerchedahl Petersen ad49eada48 Python: Do not alter `codeql-workspaces.yml` 
And remove the qlpack referred to therein.
Instead we rename and duplicate the extesion file
that this qlpack pointed to.
These two extension files are kept in sync by `identical-files.json`.
 2023-08-25 11:46:41 +02:00
Jeroen Ketema 2d0f73d7c2
Merge pull request #13881 from jketema/shared-taint-tracking 
Introduce shared taint tracking library
 2023-08-21 12:45:49 +02:00
Tom Hvitved 7cc01ea8b5
Merge pull request #13595 from hvitved/csharp/use-shared-cfg-pack 
C#: Adopt shared CFG construction library from shared `controlflow` pack
 2023-08-17 10:37:09 +02:00
Jeroen Ketema 33e8310625
Merge branch 'main' into shared-taint-tracking 2023-08-17 00:14:25 +02:00
Owen Mansel-Chan 039925164d
Keep newline at the end of identical-files.json 
VS Code's JSON formatter removed it automatically. It turns out
that the easiest way to keep it is to use the
`files.insertFinalNewline` setting, which the JSON formatter obeys.
 2023-08-10 15:49:55 +01:00
Owen Mansel-Chan 653563fcbc
Make `StringsNewReplacer` use new API 
We don't have to keep a deprecated copy as this is private. This allows
us to delete a copy of the DataFlow library!
 2023-08-10 15:48:57 +01:00
Jeroen Ketema 747cd1745a
Update all languages to use the shared taint-tracking library 2023-08-04 22:53:25 +02:00
Jeroen Ketema bdd64ce86d
Introduce shared taint tracking library 2023-08-04 22:51:55 +02:00
Tom Hvitved b69188fee9 C#: Adopt shared CFG construction library from shared `controlflow` pack 2023-08-03 14:12:24 +02:00
Tom Hvitved 1988397f93 Make shared CFG construction library a parameterized module 2023-08-03 09:39:30 +02:00
Anders Schack-Mulligen 5946d5e806 Dataflow: Remove sync. 2023-08-01 14:02:34 +02:00
Rasmus Lerchedahl Petersen 0267b32904 fix eol 2023-06-14 21:17:12 +02:00
Rasmus Lerchedahl Petersen b5961c7f6b ruby: move to internal folder 2023-06-13 11:49:30 +02:00
Rasmus Lerchedahl Petersen b294f48dbe Merge branch 'main' of https://github.com/github/codeql into python-ruby/track-through-summaries-pm 2023-06-09 14:16:34 +02:00
Geoffrey White 02cae30270 Merge branch 'main' into sharedsensitive 2023-05-31 12:57:33 +01:00
Rasmus Lerchedahl Petersen 2daa9577bb ruby/python: implement shared module 
ruby:
- create new shared file `SummaryTypeTracker.qll`
- move much logic into the module
- instantiate the module
- remove old logic, now provided by module

python:
- clone shared file
- instantiate module
- use (some of the) steps provided by the module
 2023-05-30 13:31:24 +02:00
Arthur Baars e6d29af5a4 sync-dbscheme-fragments: add files argument 2023-05-22 19:37:58 +02:00
Arthur Baars ef3005ea9e Python: sync shared dbscheme fragments 2023-05-22 19:37:58 +02:00
Arthur Baars 9f83dd5c7a Tree-sitter extractor: extract shared dbscheme fragments into 'prefix.dbscheme' 2023-05-22 19:28:51 +02:00
Arthur Baars fef0e1f1c8 JS: sync shared dbscheme fragments 2023-05-16 17:03:41 +02:00
Arthur Baars 7225ef09ba Script for detecting out-of-sync dbscheme fragments 2023-05-16 17:03:41 +02:00
Geoffrey White cc72bfbbbb Swift: Add the shared SensitiveDataHeuristics.qll to Swift. 2023-05-15 17:38:14 +01:00
Rasmus Wriedt Larsen 62f0c64a03
Merge pull request #12552 from erik-krogh/py-type-trackers 
Py: refactor regex tracking to type-trackers
 2023-05-11 16:18:34 +02:00
erik-krogh e677b62241
use type-tracking instead of global dataflow for tracking regular expressions 2023-05-01 10:41:53 +02:00
Michael Nebel 36ea61c25e C#: Address review comments. 2023-05-01 10:38:39 +02:00
Michael Nebel df6d9e1e64 Java: Add printing param module to sync files. 2023-04-13 09:21:05 +02:00
Jeroen Ketema 91b069603d
C++: Move SsaConsistency to its own file 
This removes the import of the `Print` library in places that are used in
production and not just debugging.
 2023-03-20 10:31:33 +01:00
Mathias Vorreiter Pedersen 3376d2aa12 Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2023-03-15 14:12:01 +00:00
Anders Schack-Mulligen abf3abdc65 Java: Delete DataFlowForOnActivityResult. 2023-03-15 09:47:21 +01:00
Anders Schack-Mulligen bea7c43584 Java: Delete DataFlowForSerializability 2023-03-15 09:42:02 +01:00
Jeroen Ketema 47930f94e2
Merge remote-tracking branch 'upstream/main' into merge-main 2023-03-06 15:20:39 +01:00
Anders Schack-Mulligen bf650c755c Dataflow: Sync changes to all languages. 2023-02-27 14:30:05 +01:00
Anders Schack-Mulligen 00a273b959 Java: Refactor data flow library. 2023-02-21 10:04:14 +01:00
Jeroen Ketema 7bd28183ba
Merge pull request #12151 from jketema/remove-experimental-dataflow 
C++: Remove experimental copy of the use-use IR dataflow library
 2023-02-10 18:08:14 +01:00
Jeroen Ketema b023c6bb23
C++: Remove experimental copy of the use-use IR dataflow library 2023-02-10 16:20:33 +01:00
Jeroen Ketema ecdeb9a970
C++: Revert `semmle.code.cpp.dataflow` to its old state 
While here make sure all queries and tests use IR dataflow when appropriate.
 2023-02-10 14:21:44 +01:00
Mathias Vorreiter Pedersen e1aef3127c Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2023-02-10 09:23:37 +00:00
Erik Krogh Kristensen 01f6862965
Merge pull request #11833 from erik-krogh/trackPyReg 
PY: track string-constants to regular expression uses
 2023-02-01 11:40:42 +01:00
Mathias Vorreiter Pedersen 1a27a069ac Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2023-01-31 11:15:42 +00:00
erik-krogh f04a9cb523
Merge branch 'main' into rbRegConcept 2023-01-30 11:05:40 +01:00
Mathias Vorreiter Pedersen 79b77b01fd Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow 2023-01-23 15:49:36 +00:00
Owen Mansel-Chan 13d1c88a11
Make new data flow copy for StringOps.StringsNewReplacer 2023-01-19 13:05:31 +00:00
erik-krogh e4d4873d0d
remove the dataflow copy for regexp tracking now that type-tracking is used 2023-01-18 11:04:51 +01:00