hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,333 Commits 1,671 Branches 157 Tags
ginsbach/NewOverlayLocalJava
Commit Graph

4731 Commits

Author SHA1 Message Date
Tom Hvitved
e6dc36b2c4 Merge pull request #16636 from hvitved/tree-sitter/verbosity-fix 
Tree-sitter: Verbosity fixes
 2024-06-04 08:33:28 +02:00
Paolo Tranquilli
7b8c11379d Javascript: use codeql_pack for javascript extractor 2024-06-03 23:14:44 +02:00
Cornelius Riemenschneider
1bd7aef1b2 Fix search paths. 
It turns out we still need to supply this option, so `codeql` goes looking
for the extractor paths specified in the `codeql-workspace.yml` file.
 2024-06-03 16:33:17 +02:00
Cornelius Riemenschneider
5c77b8708c Ruby: Unified handling of in-tree extractor packs. 2024-06-03 16:06:24 +02:00
Cornelius Riemenschneider
b9da01a384 Merge remote-tracking branch 'origin/main' into criemen/new-pkg 2024-06-03 15:47:15 +02:00
Tom Hvitved
beeae69845 Tree-sitter: Verbosity fixes 2024-05-31 20:10:19 +02:00
Alex Ford
1100b75a3c Ruby: handle routes with path/action pairs 2024-05-31 15:54:57 +01:00
Alex Ford
0473655752 Ruby: actiondispatch add hash arg testcase 2024-05-31 15:08:35 +01:00
Alex Ford
22858249f9 Ruby: actiondispatch test whitespace changes 2024-05-31 15:07:39 +01:00
Paolo Tranquilli
096a31dbef Mark all integration tests as legacy 
This is in preparation for the new integration test framework. Tests
marked thus will be run by the current framework and ignored by the new
one.
 2024-05-31 16:04:50 +02:00
Alex Ford
4644f08195 Ruby: Routing.qll - rename call as methodCall 2024-05-31 14:45:32 +01:00
Alex Ford
25f9449f53 Ruby: Routing.qll - rename method as httpMethod 2024-05-31 14:45:26 +01:00
Alex Ford
af9ed21c36 Ruby: Routing.qll - rename method as methodCall 2024-05-31 14:45:20 +01:00
Cornelius Riemenschneider
60cb8e7e8e Ruby: Move to new packaging rules. 2024-05-30 14:25:20 +02:00
github-actions[bot]
906b65d09c Post-release preparation for codeql-cli-2.17.4 2024-05-28 18:02:25 +00:00
github-actions[bot]
33b4ae8bbb Release preparation for version 2.17.4 2024-05-28 15:44:32 +00:00
Tom Hvitved
69fb2bb97c Merge pull request #16597 from hvitved/tree-sitter/empty-location 
Tree-sitter: Emit `empty_location` relation to avoid scan
 2024-05-27 15:19:15 +02:00
Anders Schack-Mulligen
1432519cc2 Dataflow: Add totalorder predicates to all languages. 2024-05-27 11:01:52 +02:00
Anders Schack-Mulligen
bc8ca1af86 Dataflow: Introduce NodeRegions for use in isUnreachableInCall. 2024-05-27 11:01:51 +02:00
Tom Hvitved
686879a2a3 Ruby: Add up/downgrade scripts 2024-05-27 10:39:22 +02:00
Tom Hvitved
94d2e9591d Tree-sitter: Emit empty_location relation to avoid scan 2024-05-27 10:39:21 +02:00
Cornelius Riemenschneider
b09f3c1c0d Don't build with cross any longer. 
We've removed cross from the internal build when converting to bazel,
mirror that here.
 2024-05-24 16:17:37 +02:00
Cornelius Riemenschneider
8c46b61e85 Ruby: Change how we pull in shared/tree-sitter-extractor dependency 
Previously, we pulled in the shared tree-sitter extractor via a `git`
dependency in `Cargo.toml` to address a `rules_rust` limitation (no `path`
dependencies outside of the cargo workspace)). This was a problem,
as that means we're cloning `github/codeql` _again_ for the build, which is
quite slow.

I found another way that is faster, and still produces correct builds
for both `cargo`` and `rules_rust`:
* Cargo depends on a fake crate that has the same dependencies as the real crate (thanks to `sync-files.py`). Therefore, cargo pulls in the right dependencies into the lockfile, which bazel targets
* For local builds, we override the path to that dependency in a cargo config, so we're pulling in the correct code
* rules_rust only uses `path` dependencies for collecting transitive dependencies, it never pulls in the code from there. So far that, we manually provide a `BUILD.bazel` file for the shared extractor, and depend on that.
 2024-05-24 15:37:35 +02:00
Tom Hvitved
386bc1eb03 Bazel: repin 2024-05-24 13:53:55 +02:00
Tom Hvitved
7490472772 Update Python to use Rust 1.74 2024-05-24 13:05:39 +02:00
Tom Hvitved
0dbce3d077 Merge pull request #16451 from hvitved/treesitter/codeql-verbosity 
Tree-sitter: Respect verbosity defined in `CODEQL_VERBOSITY`
 2024-05-24 11:24:01 +02:00
Dave Bartolomeo
613ccaac1d Add change note to all v1.0.0 packs 2024-05-23 13:01:22 -04:00
Tom Hvitved
e4cd9d86f6 Tree-sitter: Respect verbosity defined in CODEQL_VERBOSITY 2024-05-23 13:38:35 +02:00
Dave Bartolomeo
ffe4c8c87b Update all pack versions to 1.0.0 2024-05-22 13:39:08 -04:00
Anders Schack-Mulligen
bbebdfea8d Merge pull request #16511 from aschackmull/dataflow/configuration-provenance 
Dataflow: Add provenance for configuration-specific steps.
 2024-05-22 14:07:10 +02:00
Alex Ford
8119a27540 Merge pull request #16185 from alexrford/rb/conditions-arr0 
Ruby: ActiveRecord - refine `conditions` argument as an SQLi sink
 2024-05-22 12:19:10 +01:00
Tom Hvitved
a006c29a00 Merge pull request #16481 from hvitved/treesitter/bump2 
Tree-sitter: Bump to 0.22.6
 2024-05-22 12:53:14 +02:00
Anders Schack-Mulligen
012b861ffb Ruby: Accept qltest .expected file changes. 2024-05-22 10:08:59 +02:00
Anders Schack-Mulligen
c4ae18649e Ruby: Accept qltest .expected file changes (interesting). 2024-05-22 10:08:59 +02:00
Tom Hvitved
22aea47604 Repin 2024-05-21 20:59:54 +02:00
Tom Hvitved
a87ceed361 Merge pull request #16394 from hvitved/dataflow/synth-param-ret-node 
Data flow: Synthesize parameter return nodes
 2024-05-21 20:55:14 +02:00
Tom Hvitved
bc1283c715 Ruby: Reference official Tree-sitter grammar in Cargo.toml 2024-05-21 20:51:50 +02:00
Chuan-kai Lin
8a22e2283c Merge pull request #16424 from github/cklin/ruby-entities-reorder 
Ruby: Use entities in reorder directives
 2024-05-21 07:32:28 -07:00
Rasmus Wriedt Larsen
2451a6d3f6 Accept .expected changes 2024-05-21 14:47:42 +02:00
Asger F
13d01f1ec4 Ruby/Python: add recursion guard 2024-05-21 14:40:15 +02:00
Asger F
14c71a351e Sync shared files 2024-05-21 14:38:55 +02:00
Tom Hvitved
80364e9570 Ruby: Repin in Cargo.toml 2024-05-21 11:25:21 +02:00
Tom Hvitved
bf2ae9890f Tree-sitter: Bump to 0.22.6 2024-05-21 11:14:06 +02:00
Joe Farebrother
01a6c5e82f Merge pull request #16446 from joefarebrother/shared-sensitive-heuristics 
Ruby/Python/JS/Swift: Add category of Private information to shared sensitive data heuristics
 2024-05-21 09:07:13 +01:00
am0o0
dcadda23cd update expected file 2024-05-16 15:15:27 +02:00
am0o0
f06c3fddd9 fix qhelp, fix duplicate query id 2024-05-16 15:12:31 +02:00
Alex Ford
78dc6502f5 Merge branch 'main' into amammad-ruby-bombs 2024-05-16 13:53:31 +01:00
github-actions[bot]
32e8b5c667 Post-release preparation for codeql-cli-2.17.3 2024-05-14 21:14:08 +00:00
github-actions[bot]
100166fa53 Release preparation for version 2.17.3 2024-05-14 19:23:18 +00:00
Sim4n6
7f153ed07b Add some method calls as a Source 2024-05-12 09:46:36 +01:00