hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
75,258 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.3
Commit Graph

1173 Commits

Author SHA1 Message Date
Geoffrey White
d72b978bc7 Rust: Add sensitive data sources. 2025-01-10 11:56:25 +00:00
Geoffrey White
8f4a52001f Rust: Add query framework. 2025-01-10 11:56:24 +00:00
Geoffrey White
509c6ffb7a Rust: Add tests for weak hashing. 2025-01-10 11:56:23 +00:00
Tom Hvitved
166f8916cc Rust: Remove Format.getArgument 2025-01-10 12:51:42 +01:00
Tom Hvitved
303b11ec36 Merge pull request #18298 from hvitved/rust/mad-source-sink 
Rust: Add support for MaD sources and sinks with access paths
 2025-01-10 11:49:51 +01:00
Geoffrey White
9a8a852277 Rust: Support snake case more widely in SensitiveDataHeuristics.qll. 2025-01-10 10:23:55 +00:00
Geoffrey White
88e351ad4f Rust: Expand sensitive data test cases. 2025-01-10 10:00:13 +00:00
Paolo Tranquilli
6ded99ccb1 Merge branch 'main' into redsun82/cargo-upgrade 2025-01-09 16:05:48 +01:00
Paolo Tranquilli
4f79199498 Rust: replace std::fs::canonicalize with dunce::canonicalize 
Rust-analyzer turned out to be quite picky about paths, where
`//?/`-prefixed paths can lead to flaky failures. See

https://github.com/rust-lang/rust-analyzer/issues/18894

for details.

This makes paths always be canonicalized with `dunce`. Previously,
`dunce` was used as a fallback, but that stopped working somewhere
after version 0.0.248 of rust-analyzer.
 2025-01-09 15:43:15 +01:00
Paolo Tranquilli
cd95cc8f94 Rust: update rust-analyzer to 0.0.257 2025-01-09 15:34:07 +01:00
Tom Hvitved
a7bb95249b Rust: Implement known{Source,Sink}Model 2025-01-09 11:47:57 +01:00
Paolo Tranquilli
ca05697365 Merge pull request #18429 from github/redsun82/rust-ast-generator-mustache 
Rust: make ast-generator use mustache templates
 2025-01-09 08:37:07 +01:00
Geoffrey White
3363235b1c Merge pull request #18414 from geoffw0/sensitive 
Rust: Sensitive data library
 2025-01-08 17:38:18 +00:00
Paolo Tranquilli
53b0a3464d Merge branch 'main' into redsun82/rust-ast-generator-mustache 2025-01-08 17:09:39 +01:00
Paolo Tranquilli
3bf2416e56 Merge pull request #18313 from github/redsun82/rust-mute-warnings-in-uncompiled-blocks 
Rust: exclude extraction of code excluded by `cfg`
 2025-01-08 17:03:29 +01:00
Tom Hvitved
868caf948c Rename {Source,Sink}Node to {Source,Sink}Element 2025-01-08 15:21:43 +01:00
Tom Hvitved
0dccbb9349 Rust: Add two more AST consistency checks 2025-01-08 14:30:01 +01:00
Tom Hvitved
033cd1778e Rust: Include index in Format.getArgument 2025-01-08 14:04:48 +01:00
Paolo Tranquilli
c7a9889606 Rust: update rust-analyzer 2025-01-08 11:14:08 +01:00
Paolo Tranquilli
d2c7decd02 Rust/Ruby: upgrade all cargo dependencies excluding rust-analyzer 
The rust-analyzer update will need more work as it seems to break rust
analysis on windows.

This was carried out using `cargo upgrade` from `cargo-edit`:
* getting exclusions options for rust-analyzer with
   ```bash
   cargo upgrade -i --dry-run | grep -o 'ra_ap_\S\+' | sort -u | sed 's/^/--exclude=/' > /tmp/exclude
   ```
* running
   ```bash
   cargo upgrade -i $(cat /tmp/exclude)
   misc/bazel/3rdparty/update_cargo_deps.sh
   ```
 2025-01-08 09:57:11 +01:00
Paolo Tranquilli
b390fac105 Rust: make ast-generator use mustache templates 
This simplifies the code and decouples the code template from the data
that is fed into it.
 2025-01-07 18:05:59 +01:00
Paolo Tranquilli
b4811906ea Rust: address review 2025-01-07 13:05:19 +01:00
Paolo Tranquilli
ce2877da5d Merge branch 'main' into redsun82/rust-mute-warnings-in-uncompiled-blocks 2025-01-07 13:00:04 +01:00
Geoffrey White
9d178ab8d6 Rust: Fix the failing integration tests. 2025-01-06 14:05:02 +00:00
Geoffrey White
f93aac07c2 Rust: Correct / clarify some QLDoc. 2025-01-06 13:50:41 +00:00
Geoffrey White
e1e980c2e8 Rust: Add sensitive data to summary queries. 2025-01-06 13:26:27 +00:00
Geoffrey White
821eb4f3e6 Rust: Add sensitive data library. 2025-01-06 13:26:26 +00:00
Geoffrey White
c77bf2b4eb Rust: Add a test for sensitive data. 2025-01-06 13:26:25 +00:00
Tom Hvitved
8f6ae6274d Rust: Add support for MaD sources and sinks with access paths 2025-01-06 13:26:49 +01:00
Simon Friis Vindum
c55b256d47 Rust: Remove accidentally commited expected files 2025-01-06 12:01:03 +01:00
Paolo Tranquilli
10d8aa454b Merge branch 'main' into redsun82/rust-mute-warnings-in-uncompiled-blocks 2025-01-06 10:01:57 +01:00
Simon Friis Vindum
5c64a8c948 Rust: Accept expected changes and fix other CI complaints 2025-01-03 16:38:11 +01:00
Simon Friis Vindum
cd957ba63b Rust: Add models for functions used inside format! macro 2025-01-03 14:09:23 +01:00
Simon Friis Vindum
0d19fb6040 Rust: Add taint from children of format_args to format_args 2025-01-03 14:06:47 +01:00
Simon Friis Vindum
2ef9339d00 Rust: Generate CFG node for FormatArgsArg 2025-01-03 13:58:25 +01:00
Simon Friis Vindum
42d125676e Rust: Value flow through macro calls 2025-01-03 13:47:29 +01:00
Simon Friis Vindum
f09632df58 Rust: Add data flow tests for macros and format_args 2025-01-03 13:28:19 +01:00
Paolo Tranquilli
f13d03b18c Rust: fix typo (thanks copilot!) 2024-12-20 14:18:36 +01:00
Paolo Tranquilli
485586f780 Rust: reinstate extraction of test code 
Users will still be able to opt out:
* for unit tests, by providing the `cargo_cfg_overrides=-test` extractor
  option
* for integration tests, by excluding the test files from the analysis
  using `paths-ignore` in the codescanning configuration file

We may want to revisit whether we want a single option for both. Also
further work will be needed to restrict our security queries to non-test
code on the QL side.
 2024-12-20 14:12:41 +01:00
Arthur Baars
2b2a37353b Merge pull request #18328 from github/redsun82/fix-cargo-fmt-checks 
CI: fix rust formatting
 2024-12-20 13:41:28 +01:00
Paolo Tranquilli
73a5a3f7ee Rust: support paths and paths-ignore from the code scanning configuration file 
This is done by simply adding the autobuilder from the shared
tree-sitter extractor library.
 2024-12-19 17:37:56 +01:00
Paolo Tranquilli
2e150772fd Merge branch 'main' into redsun82/fix-cargo-fmt-checks 2024-12-19 15:52:36 +01:00
Simon Friis Vindum
a28ddd642c Rust: Add variables example with let statement in macro 2024-12-19 13:12:45 +01:00
Paolo Tranquilli
df39610029 Rust: skip injected sources in clippy and fmt checks 2024-12-19 12:29:27 +01:00
Paolo Tranquilli
7f5b8fdcec Rust: remove clippy warnings 2024-12-19 12:22:40 +01:00
Paolo Tranquilli
290a1043b1 Rust: fetch ungram and rust-analyzer code instead of checking it in 
* The ungram file is now taken from the rust-analyzer dependencies
  pulled in by bazel
* the grammar parsing code is not published, so it must be taken
  directly from rust-analyzer code. That part should be less prone to be
  updated than the ungram file, so it does not necessarily need to be
  in sync with the rust-analyzer version is used elsewhere.
* both need some patches. The former is patched during build, the latter
  during loading in `MODULE.bazel`.
 2024-12-18 16:37:24 +01:00
Arthur Baars
023f48ff1c Merge pull request #18295 from github/aibaars/update-rust-ungram 
Rust: update rust-analyzer
 2024-12-18 16:01:50 +01:00
Simon Friis Vindum
508c7e6e85 Merge pull request #18314 from paldepind/rust-tuple-ref-patterns 
Rust: Add read steps for tuple and reference patterns
 2024-12-18 14:13:08 +01:00
Tom Hvitved
00688ebd79 Merge pull request #18312 from hvitved/rust/operator-overloading-test 
Rust: Add data flow tests for operator overloading
 2024-12-18 13:58:39 +01:00
Paolo Tranquilli
218bc8069b Rust: exclude extraction of code excluded by cfg 2024-12-18 13:34:40 +01:00