hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,161 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.6
Commit Graph

418 Commits

Author SHA1 Message Date
Owen Mansel-Chan
59ac2d3d3e Move TransformPath into FileLabelFor 
This way we don't have to remember to transform it at all call sites.
 2025-11-14 10:25:40 +00:00
dependabot[bot]
acfca601bc Bump golang.org/x/tools 
Bumps the extractor-dependencies group in /go/extractor with 1 update: [golang.org/x/tools](https://github.com/golang/tools).


Updates `golang.org/x/tools` from 0.38.0 to 0.39.0
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.38.0...v0.39.0)

---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-version: 0.39.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-14 03:08:48 +00:00
Nick Rolfe
86465b36e0 Merge pull request #20623 from github/nickrolfe/go-extractor-overlay 
Go: basic overlay support
 2025-11-12 14:56:25 +00:00
dependabot[bot]
c88952423e Bump golang.org/x/mod 
Bumps the extractor-dependencies group in /go/extractor with 1 update: [golang.org/x/mod](https://github.com/golang/mod).


Updates `golang.org/x/mod` from 0.29.0 to 0.30.0
- [Commits](https://github.com/golang/mod/compare/v0.29.0...v0.30.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-version: 0.30.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-12 03:08:31 +00:00
Nick Rolfe
e32a5ca846 Go: add some overlay-related logging 2025-11-07 16:52:24 +00:00
Nick Rolfe
10fa1d650d Go: be consistent in replacement of backslashes in file labels 2025-11-07 16:52:20 +00:00
Nick Rolfe
50e01283da Go: overlay workaround for cgo-processed files 2025-11-07 16:52:17 +00:00
Nick Rolfe
5aaed8941a Go: pass source root from autobuilder to extractor 
This ensures the extractor can resolve the relative paths for files
changed in the overlay.
 2025-11-07 16:52:16 +00:00
Nick Rolfe
dd4f27868e Go: apply path transformer for file TRAP labels 2025-11-07 16:52:15 +00:00
Nick Rolfe
aff874e835 Go: merge with incoming path transformer when setting GOPATH 2025-11-07 16:52:12 +00:00
Nick Rolfe
99236f7877 Go: skip overlay extraction of unchanged go.mod files 2025-11-07 16:52:10 +00:00
Nick Rolfe
604df2125d Go: implement basic overlay extraction 
When in overlay mode, extractFile will exit early if the file isn't in
the list of files that changed since the base was extracted.
 2025-11-07 16:52:08 +00:00
Nick Rolfe
05e5502680 Go: recognize CODEQL_PATH_TRANSFORMER env var 2025-11-07 16:52:07 +00:00
Nick Rolfe
c91e5618a4 Go: add dbscheme relations for overlay support 2025-11-07 16:52:05 +00:00
dependabot[bot]
500421d891 Bump the extractor-dependencies group in /go/extractor with 2 updates 
Bumps the extractor-dependencies group in /go/extractor with 2 updates: [golang.org/x/mod](https://github.com/golang/mod) and [golang.org/x/tools](https://github.com/golang/tools).


Updates `golang.org/x/mod` from 0.28.0 to 0.29.0
- [Commits](https://github.com/golang/mod/compare/v0.28.0...v0.29.0)

Updates `golang.org/x/tools` from 0.37.0 to 0.38.0
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.37.0...v0.38.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-version: 0.29.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
- dependency-name: golang.org/x/tools
  dependency-version: 0.38.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-13 03:14:48 +00:00
Michael B. Gale
8c8499229d Configure git to use the certificate, if needed 2025-09-24 15:52:04 +01:00
Michael B. Gale
bc38b79c9a Convert URLs to expected format 2025-09-24 15:52:04 +01:00
Michael B. Gale
4ef8ff9a0f Append * to git_source URL if not present 
Since `GOPRIVATE` / `GONOPROXY` expect a glob pattern
 2025-09-24 15:52:03 +01:00
Michael B. Gale
a8fa1a76c4 Use git_source configurations for GOPRIVATE 2025-09-24 15:52:02 +01:00
Michael B. Gale
895399ff05 Rename proxy_configs to goproxy_servers and only store URLs 2025-09-24 15:52:01 +01:00
Michael B. Gale
23a04613c0 Set lower-case variants of HTTP_PROXY and HTTPS_PROXY 2025-09-24 15:52:00 +01:00
Michael B. Gale
711d49770f Improve logging to include proxy vars 2025-09-24 15:51:59 +01:00
dependabot[bot]
b996dc3b62 Bump golang.org/x/tools 
Bumps the extractor-dependencies group in /go/extractor with 1 update: [golang.org/x/tools](https://github.com/golang/tools).


Updates `golang.org/x/tools` from 0.36.0 to 0.37.0
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.36.0...v0.37.0)

---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-version: 0.37.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-11 03:08:27 +00:00
dependabot[bot]
f104205538 Bump golang.org/x/mod 
Bumps the extractor-dependencies group in /go/extractor with 1 update: [golang.org/x/mod](https://github.com/golang/mod).


Updates `golang.org/x/mod` from 0.27.0 to 0.28.0
- [Commits](https://github.com/golang/mod/compare/v0.27.0...v0.28.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-version: 0.28.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-09 03:08:18 +00:00
Michael B. Gale
8c13faf3d8 Go: Set log level based on CODEQL_VERBOSITY 2025-09-05 14:18:31 +01:00
dependabot[bot]
e99b423e28 Bump the extractor-dependencies group in /go/extractor with 2 updates 
Bumps the extractor-dependencies group in /go/extractor with 2 updates: [golang.org/x/mod](https://github.com/golang/mod) and [golang.org/x/tools](https://github.com/golang/tools).


Updates `golang.org/x/mod` from 0.26.0 to 0.27.0
- [Commits](https://github.com/golang/mod/compare/v0.26.0...v0.27.0)

Updates `golang.org/x/tools` from 0.35.0 to 0.36.0
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.35.0...v0.36.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-version: 0.27.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
- dependency-name: golang.org/x/tools
  dependency-version: 0.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-21 03:46:43 +00:00
Jeroen Ketema
4b215d50e2 Go: Update maxGoVersion in the autobuilder 2025-08-13 14:09:53 +02:00
Jeroen Ketema
976ef99d60 Go: Request go1.25.0 toolchain 2025-08-13 13:39:35 +02:00
dependabot[bot]
c267a88f88 Bump golang.org/x/tools 
---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-version: 0.35.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-07-14 03:37:24 +00:00
dependabot[bot]
e57b272cfa Bump golang.org/x/mod 
Bumps the extractor-dependencies group in /go/extractor with 1 update: [golang.org/x/mod](https://github.com/golang/mod).


Updates `golang.org/x/mod` from 0.25.0 to 0.26.0
- [Commits](https://github.com/golang/mod/compare/v0.25.0...v0.26.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-version: 0.26.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-07-10 03:41:42 +00:00
dependabot[bot]
bbabf2c410 Bump the extractor-dependencies group in /go/extractor with 2 updates 
Bumps the extractor-dependencies group in /go/extractor with 2 updates: [golang.org/x/mod](https://github.com/golang/mod) and [golang.org/x/tools](https://github.com/golang/tools).


Updates `golang.org/x/mod` from 0.24.0 to 0.25.0
- [Commits](https://github.com/golang/mod/compare/v0.24.0...v0.25.0)

Updates `golang.org/x/tools` from 0.33.0 to 0.34.0
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.33.0...v0.34.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-version: 0.25.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
- dependency-name: golang.org/x/tools
  dependency-version: 0.34.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-06 03:29:36 +00:00
Owen Mansel-Chan
6f71e3b30e Merge pull request #19491 from owen-mc/go/add-test-flags 
Go: Check more things while running tests
 2025-05-28 10:12:05 +01:00
Michael B. Gale
c236084043 Go: Explicitly check whether proxy env vars are empty 2025-05-27 14:58:18 +01:00
Owen Mansel-Chan
463a711552 Use reflection for interface nil check instead 2025-05-21 22:22:10 +01:00
Owen Mansel-Chan
83cd349531 Change variable name and add comment 2025-05-20 13:13:26 +01:00
Owen Mansel-Chan
47dac64301 fix previous commit 2025-05-20 13:13:25 +01:00
Owen Mansel-Chan
d5044fd072 Deal better with Windows paths 2025-05-20 13:13:24 +01:00
Owen Mansel-Chan
401c60654e Fix nil checks to stop creating unused labels 
In go, an interface with value nil does not compare equal to nil. This
is known as "typed nils". So our existing nil checks weren't working,
which shows why we needed more nil checks inside the type switches. The
solution is to explicitly check for each type we care about.
 2025-05-20 13:13:22 +01:00
Owen Mansel-Chan
a857069345 Merge pull request #19464 from owen-mc/go/fix/extract-recv-alias-type 
Go: fix database inconsistency when receiver has alias type
 2025-05-06 15:08:42 -04:00
Owen Mansel-Chan
c781f98bdc (unrelated tidy up) resolveTypeAlias not needed 
`types.Unalias` already does the same thing
 2025-05-06 05:45:06 -04:00
Owen Mansel-Chan
228c45aaf8 Look through aliases when identifying method receivers 2025-05-06 05:45:04 -04:00
dependabot[bot]
824271a84a Bump golang.org/x/tools 
Bumps the extractor-dependencies group in /go/extractor with 1 update: [golang.org/x/tools](https://github.com/golang/tools).


Updates `golang.org/x/tools` from 0.32.0 to 0.33.0
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.32.0...v0.33.0)

---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-version: 0.33.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-06 03:58:02 +00:00
Michael B. Gale
7592ce47e3 Go: Restore parseRegistryConfigsFail test for the empty string 2025-04-25 15:45:12 +01:00
Michael B. Gale
91a794433a Go: Change "Unable" to "Failed" for consistency 2025-04-25 15:42:29 +01:00
Michael B. Gale
5172a4d6ec Go: Remove check from getEnvVars 2025-04-25 15:41:57 +01:00
Michael B. Gale
9cfa451477 Go: Fix/improve comment about environment variable preservation 2025-04-25 15:41:35 +01:00
Michael B. Gale
e805d1ee90 Merge remote-tracking branch 'origin/main' into mbg/go/private-registries 2025-04-25 12:55:36 +01:00
Michael B. Gale
cafe1efefa Go: Refactor ApplyProxyEnvVars 2025-04-25 12:30:48 +01:00
Paolo Tranquilli
69b87a63b8 Go: remove invalid toolchain version diagnostics 
This diagnostic was introduced by https://github.com/github/codeql/pull/15979.
However in the meantime the Go team [has backtracked](https://github.com/golang/go/issues/62278#issuecomment-2062002018)
on their decision, which leads to confusing alerts for user (e.g. https://github.com/github/codeql-action/issues/2868).
Even using Go toolchains from 1.21 to 1.22 we weren't immediately able
to reproduce the problem that this diagnostics was meant to guard
against. Therefore it was deemed simpler to just remove it.

_En passant_ the `Makefile` now accepts `rtjo` not being set.
 2025-04-24 14:41:05 +02:00
Michael B. Gale
e210be7bb2 Go: Preserve environment variables in ApplyProxyEnvVars 2025-04-08 12:38:38 +01:00