hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 08:43:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,879 Commits 1,670 Branches 157 Tags
main
Commit Graph

332 Commits

Author SHA1 Message Date
idrissrio
926d7f53f2 C/C++ overlay: Update identical files 2025-12-11 16:56:29 +01:00
Asger F
dbf14c190a Factor XML discard predicates into OverlayXml.qll 2025-11-26 11:48:32 +01:00
Nora Dimitrijević
a88d3397cd Add overlay builtins to python dbscheme 2025-10-06 11:36:56 +02:00
Alex Eyers-Taylor
dcc5572767 Java: Hnalde global files as exceptions rather than annotating them 
This allows us to merge them without redundent annoations for now.
 2025-09-10 17:26:54 +01:00
Jeroen Ketema
cbde11ddc9 Properly share ConceptsShared.qll 2025-07-14 16:30:45 +02:00
Jeroen Ketema
f07d8ee493 Remove duplicate copies of CryptoAlgorithms and CryptoAlgorithmNames 2025-07-14 11:39:06 +02:00
Jeroen Ketema
c582a9ccd6 Remove duplicate copies of SensitiveDataHeuristics 2025-07-14 11:38:52 +02:00
Jeroen Ketema
617edf0b70 C++: synchronize dbscheme 2025-06-30 15:28:45 +02:00
Nick Rolfe
c6ff07ad5a Merge branch 'main' into nickrolfe/ruby-overlay-extraction 2025-06-25 05:46:26 -04:00
Kasper Svendsen
869ba0d246 Use regex to match overlay annotations 2025-06-25 09:30:49 +02:00
Aditya Sharad
a79e3cf604 QLDoc scripts: Fix overly permissive regex ranges 
The range `A-aa-z` was too permissive and
includes special characters between `Z` and `a`.
Low impact, but fix to address an internally
reported code scanning alert.
 2025-06-24 10:00:29 -07:00
Kasper Svendsen
ed8b787f28 rename overlay[caller] to overlay[caller?] 2025-06-20 13:58:01 +02:00
Kasper Svendsen
b1346e2ddb Address copilot review comments 2025-06-20 13:58:00 +02:00
Kasper Svendsen
cd2fe64b39 Add script to add overlay annotations 2025-06-20 13:58:00 +02:00
Nick Rolfe
1bd7c4f11c Ruby: add databaseMetadata relation to dbscheme 
This is required for overlay support.
 2025-06-19 16:34:15 +01:00
Michael Nebel
6820cbabc8 C#: Accept file sync mismatch for C# testfiles if they are identical modulo comments. 2025-04-02 14:01:00 +02:00
Geoffrey White
821eb4f3e6 Rust: Add sensitive data library. 2025-01-06 13:26:26 +00:00
Geoffrey White
de042ea9d7 Merge branch 'main' into badcrypto 2024-12-05 18:36:47 +00:00
Geoffrey White
07e3421f6f Rust: Add shared ConceptsShared.qll, CryptoAlgorithms.qll and CryptoAlgorithmNames.qll to Rust. 2024-12-05 15:22:09 +00:00
Anders Schack-Mulligen
c654a05998 Dataflow: Remove identical-files entries for deleted api. 2024-12-03 14:52:30 +01:00
Arthur Baars
2d07270c1e Rust: stop sharing Diagnostics.qll with Ruby :-( 2024-10-24 15:14:13 +02:00
Michael Nebel
dd993c3900 Merge pull request #17509 from michaelnebel/modelgen/parammodule 
C#/Java: Re-factor the model generator to be a parameterized module.
 2024-09-26 10:57:16 +02:00
Arthur Baars
bdb4d89f9f Rust: add Diagnostics.qll 2024-09-24 17:34:27 +02:00
Michael Nebel
de4a7da286 Java/C#: No longer sync CaptureModels.qll. 2024-09-19 12:20:55 +02:00
Paolo Tranquilli
f8c9d96882 Bazel: remove non-working fake tree-sitter-extractor workaround 
The `.cargo/config.toml` override based workaround wasn't really
working, as while `cargo build|check` was reading that, `cargo metadata`
wasn't, ending up in a completely broken IDE experience.

For the moment, we just use a unified workspace `Cargo.toml` for all
extractors using the shared tree-sitter code, which has the downside of
making bazel pull in dependencies for all of them, and not being able to
do sparse checkouts for them. We should investigate and rivist this in
the future.
 2024-09-11 08:17:11 +02:00
Paolo Tranquilli
7e1290aa74 Rust: reuse shared rust trap library 2024-08-30 16:08:37 +02:00
Mathias Vorreiter Pedersen
00d772f980 C++: Fix value numbering imports. 2024-06-24 11:53:24 +01:00
Michael Nebel
8630583856 C#/Java: Exclude the model printing implementation form sync files. 2024-06-24 11:50:57 +02:00
Tom Hvitved
94d2e9591d Tree-sitter: Emit empty_location relation to avoid scan 2024-05-27 10:39:21 +02:00
Cornelius Riemenschneider
8c46b61e85 Ruby: Change how we pull in shared/tree-sitter-extractor dependency 
Previously, we pulled in the shared tree-sitter extractor via a `git`
dependency in `Cargo.toml` to address a `rules_rust` limitation (no `path`
dependencies outside of the cargo workspace)). This was a problem,
as that means we're cloning `github/codeql` _again_ for the build, which is
quite slow.

I found another way that is faster, and still produces correct builds
for both `cargo`` and `rules_rust`:
* Cargo depends on a fake crate that has the same dependencies as the real crate (thanks to `sync-files.py`). Therefore, cargo pulls in the right dependencies into the lockfile, which bazel targets
* For local builds, we override the path to that dependency in a cargo config, so we're pulling in the correct code
* rules_rust only uses `path` dependencies for collecting transitive dependencies, it never pulls in the code from there. So far that, we manually provide a `BUILD.bazel` file for the shared extractor, and depend on that.
 2024-05-24 15:37:35 +02:00
Rasmus Wriedt Larsen
e0e405bb31 Python: replace dataflow-test location in files 2024-04-23 09:40:59 +02:00
Tom Hvitved
a6c147134a Java: Switch to shared XML.qll implementation 2024-03-19 13:15:45 +01:00
Tom Hvitved
754b491d09 C++: Switch to shared XML.qll implementation 2024-03-19 13:14:42 +01:00
Tom Hvitved
529e901fb1 C#: Switch to shared XML.qll implementation 2024-03-19 13:14:42 +01:00
Tom Hvitved
16cef92106 JS: Add DataFlow::Node.getLocation 2024-03-13 13:06:16 +01:00
Michael Nebel
f2e467d8ea C#: Cleanup identical-files. 2024-03-07 19:22:47 +01:00
Tom Hvitved
62b16c0fa3 Share getFileBySourceArchiveName implementation 2024-02-23 11:25:49 +01:00
erik-krogh
0511786a22 delete typo files from list of synchronized files 2024-01-22 09:15:27 +01:00
Tom Hvitved
84aa9f17a0 Python/Ruby: Use SummaryTypeTracker from typetracking pack 2023-12-14 13:25:18 +01:00
Tom Hvitved
2d3f96f201 Swift: Use FlowSummaryImpl from dataflow pack 2023-12-10 11:25:44 +01:00
Tom Hvitved
35c654aa76 Go: Use FlowSummaryImpl from dataflow pack 2023-12-10 11:25:44 +01:00
Tom Hvitved
faaa558ed9 Python: Use FlowSummaryImpl from dataflow pack 2023-12-10 11:25:44 +01:00
Tom Hvitved
a2093c9aa2 C#: Use FlowSummaryImpl from dataflow pack 2023-12-10 11:25:43 +01:00
Tom Hvitved
28373e0fdf JS: Adapt to changes in shared code 2023-12-10 11:25:43 +01:00
Tom Hvitved
0e81577269 Ruby: Use FlowSummaryImpl from dataflow pack 2023-12-10 11:25:43 +01:00
Tom Hvitved
6ce8e0510f Ruby: Adopt shared type tracking library 2023-11-20 16:03:24 +01:00
Asger F
6df919a917 JS/Ruby: remove sync between two queries 2023-10-11 10:06:11 +02:00
Alex Ford
4031623fda Ruby: delete identical-files refs to deleted files 2023-09-21 14:22:34 +01:00
Tom Hvitved
253f932d2a Python: Use data flow consistency checks from shared pack 2023-08-30 15:29:41 +02:00
Tom Hvitved
9af706c2a5 Swift: Use data flow consistency checks from shared pack 2023-08-30 15:29:41 +02:00