hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 03:06:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,334 Commits 1,672 Branches 157 Tags
ginsbach/OverlayLocalJava
Commit Graph

1896 Commits

Author SHA1 Message Date
Geoffrey White
c77bf2b4eb Rust: Add a test for sensitive data. 2025-01-06 13:26:25 +00:00
Tom Hvitved
8f6ae6274d Rust: Add support for MaD sources and sinks with access paths 2025-01-06 13:26:49 +01:00
Simon Friis Vindum
c55b256d47 Rust: Remove accidentally commited expected files 2025-01-06 12:01:03 +01:00
Paolo Tranquilli
10d8aa454b Merge branch 'main' into redsun82/rust-mute-warnings-in-uncompiled-blocks 2025-01-06 10:01:57 +01:00
Simon Friis Vindum
5c64a8c948 Rust: Accept expected changes and fix other CI complaints 2025-01-03 16:38:11 +01:00
Simon Friis Vindum
cd957ba63b Rust: Add models for functions used inside format! macro 2025-01-03 14:09:23 +01:00
Simon Friis Vindum
0d19fb6040 Rust: Add taint from children of format_args to format_args 2025-01-03 14:06:47 +01:00
Simon Friis Vindum
2ef9339d00 Rust: Generate CFG node for FormatArgsArg 2025-01-03 13:58:25 +01:00
Simon Friis Vindum
42d125676e Rust: Value flow through macro calls 2025-01-03 13:47:29 +01:00
Simon Friis Vindum
f09632df58 Rust: Add data flow tests for macros and format_args 2025-01-03 13:28:19 +01:00
Paolo Tranquilli
f13d03b18c Rust: fix typo (thanks copilot!) 2024-12-20 14:18:36 +01:00
Paolo Tranquilli
485586f780 Rust: reinstate extraction of test code 
Users will still be able to opt out:
* for unit tests, by providing the `cargo_cfg_overrides=-test` extractor
  option
* for integration tests, by excluding the test files from the analysis
  using `paths-ignore` in the codescanning configuration file

We may want to revisit whether we want a single option for both. Also
further work will be needed to restrict our security queries to non-test
code on the QL side.
 2024-12-20 14:12:41 +01:00
Arthur Baars
2b2a37353b Merge pull request #18328 from github/redsun82/fix-cargo-fmt-checks 
CI: fix rust formatting
 2024-12-20 13:41:28 +01:00
Paolo Tranquilli
73a5a3f7ee Rust: support paths and paths-ignore from the code scanning configuration file 
This is done by simply adding the autobuilder from the shared
tree-sitter extractor library.
 2024-12-19 17:37:56 +01:00
Paolo Tranquilli
2e150772fd Merge branch 'main' into redsun82/fix-cargo-fmt-checks 2024-12-19 15:52:36 +01:00
Simon Friis Vindum
a28ddd642c Rust: Add variables example with let statement in macro 2024-12-19 13:12:45 +01:00
Paolo Tranquilli
df39610029 Rust: skip injected sources in clippy and fmt checks 2024-12-19 12:29:27 +01:00
Paolo Tranquilli
7f5b8fdcec Rust: remove clippy warnings 2024-12-19 12:22:40 +01:00
Paolo Tranquilli
290a1043b1 Rust: fetch ungram and rust-analyzer code instead of checking it in 
* The ungram file is now taken from the rust-analyzer dependencies
  pulled in by bazel
* the grammar parsing code is not published, so it must be taken
  directly from rust-analyzer code. That part should be less prone to be
  updated than the ungram file, so it does not necessarily need to be
  in sync with the rust-analyzer version is used elsewhere.
* both need some patches. The former is patched during build, the latter
  during loading in `MODULE.bazel`.
 2024-12-18 16:37:24 +01:00
Arthur Baars
023f48ff1c Merge pull request #18295 from github/aibaars/update-rust-ungram 
Rust: update rust-analyzer
 2024-12-18 16:01:50 +01:00
Simon Friis Vindum
508c7e6e85 Merge pull request #18314 from paldepind/rust-tuple-ref-patterns 
Rust: Add read steps for tuple and reference patterns
 2024-12-18 14:13:08 +01:00
Tom Hvitved
00688ebd79 Merge pull request #18312 from hvitved/rust/operator-overloading-test 
Rust: Add data flow tests for operator overloading
 2024-12-18 13:58:39 +01:00
Paolo Tranquilli
218bc8069b Rust: exclude extraction of code excluded by cfg 2024-12-18 13:34:40 +01:00
Simon Friis Vindum
09fd27af80 Rust: Add read steps for tuple and reference patterns 2024-12-18 13:22:05 +01:00
Simon Friis Vindum
b5b8af3aa2 Rust: Add data flow tests for borrows 2024-12-18 13:00:38 +01:00
Arthur Baars
a6ec51a951 Rust: update expected output 2024-12-18 13:00:14 +01:00
Arthur Baars
71959f5faa Rust: address clippy warnings 2024-12-18 13:00:13 +01:00
Tom Hvitved
3a63dbcd5d Apply suggestions from code review 
Co-authored-by: Simon Friis Vindum <paldepind@github.com>
 2024-12-18 12:46:11 +01:00
Simon Friis Vindum
049fab4c72 Rust: Remove taint steps 2024-12-18 11:22:56 +01:00
Tom Hvitved
025a67384f Rust: Add data flow tests for operator overloading 2024-12-18 09:26:17 +01:00
Simon Friis Vindum
c1e21974c6 Rust: Address review comments 2024-12-17 17:24:42 +01:00
Simon Friis Vindum
d8c301a96b Merge branch 'main' into rust-data-flow-models 2024-12-17 16:09:59 +01:00
Arthur Baars
23e6a825aa Rust: fix QL code 2024-12-17 14:07:48 +01:00
Arthur Baars
029e2604a3 Rust: //rust/codegen 2024-12-17 14:07:44 +01:00
Arthur Baars
c13e173681 Rust: fix codegeneration for AsmOptions 2024-12-17 14:05:53 +01:00
Arthur Baars
8e7eedc172 Update codegen/grammar 2024-12-17 14:05:50 +01:00
Arthur Baars
3928efe05f Rust: update rust.ungram 2024-12-17 14:05:12 +01:00
Tom Hvitved
8efd870192 Merge pull request #18292 from hvitved/rust/never-skip-lhs 
Rust: Never skip assignment LHS in data flow
 2024-12-17 13:18:17 +01:00
Tom Hvitved
d8c05b5388 Merge pull request #18290 from hvitved/rust/perf-fixes 
Rust: Fix two bad joins
 2024-12-17 13:18:05 +01:00
Simon Friis Vindum
ee87d4c948 Merge branch 'main' into rust-data-flow-models 2024-12-17 13:12:32 +01:00
Simon Friis Vindum
402d4e11c4 Rust: Re-add inline expectations query tags 2024-12-16 16:36:30 +01:00
Tom Hvitved
ddd05b5d1b Rust: Never skip match scrutinee/patterns in data flow 2024-12-16 15:12:16 +01:00
Tom Hvitved
9f2b436d35 Rust: Never skip assignment LHS in data flow 2024-12-16 15:12:15 +01:00
Paolo Tranquilli
4975e7b739 Merge branch 'main' into redsun82/extract-self-param-ref 2024-12-16 15:06:16 +01:00
Tom Hvitved
5ed03e266a Rust: Fix semantic merge conflicts 2024-12-16 14:47:13 +01:00
Paolo Tranquilli
4c4a8d7619 Rust: extract isRef for SelfParam 2024-12-16 14:24:56 +01:00
Michael Nebel
aaf0cd5dee Merge pull request #17968 from michaelnebel/java/movetestutils 
Move test utilities to the query pack.
 2024-12-16 13:41:30 +01:00
Simon Friis Vindum
cad4f39aee Rust: Database name capitalization 2024-12-16 13:15:42 +01:00
Simon Friis Vindum
defbbb2a24 Rust: Add additional models for stdlib and sqlx 2024-12-16 11:46:57 +01:00
Simon Friis Vindum
aab3428bc7 Rust: Model address-of and dereference as stores and loads 2024-12-16 11:31:15 +01:00