hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 20:56:33 +01:00
Code Issues Packages Projects Releases Wiki Activity
67,853 Commits 1,673 Branches 157 Tags
14b5114aa60d44fc36ee4e580a9a19937ef6827d
Commit Graph

9689 Commits

Author SHA1 Message Date
Cornelius Riemenschneider
ede0b5bdf4 Merge remote-tracking branch 'origin/main' into criemen/codeql-pack-group 2024-06-13 21:53:31 +02:00
Mathias Vorreiter Pedersen
3351b9547d Merge branch 'rc/3.14' into rc-3.14-mergeback 2024-06-11 16:21:08 +01:00
Cornelius Riemenschneider
3cf719cb39 pkg.bzl: Significantly restructure codeql_pack rule. 
This PR introduces a `codeql_pack_rule` that does the heavy lifting
of extracting arch- and common zip files for production dist building.
It also factors out the installer targets for individual packs,
as well as pack groups.

This changes the contract between the internal build system and the pack
definition significantly, which is why an accompanying internal PR is required.
No backwards compatibility layer is provided, as the PR as complex enough as-is.

The individual `codeql_pack` rules are now much simpler,
as they mostly stuff their inputs into a new `_CodeQLPackInfo` provider,
and let the installer and `codeql_pack_group` rules do the heavy lifting.
For working in the external repo with self-contained packs,
the per-pack installer targets are still available.
Internally, we'll only use the new `codeql_pack_group` targets
going forward, both for defining intree-dists and for building
the production zip files.
 2024-06-11 13:15:05 +02:00
github-actions[bot]
8a25081a0e Post-release preparation for codeql-cli-2.17.5 2024-06-10 15:33:08 +00:00
Cornelius Riemenschneider
00319c5010 Upgrade bazel to 7.2.0. 
This also bumps a bunch of external dependencies.
 2024-06-10 17:03:59 +02:00
github-actions[bot]
877bfa2468 Release preparation for version 2.17.5 2024-06-10 13:40:39 +00:00
Anders Schack-Mulligen
0c47203580 Javascript: Add support for pretty-printed provenace in tests. 2024-06-07 11:47:49 +02:00
Asger F
6e0f3df573 Merge pull request #14120 from asgerf/dynamic/typemodel-istypeused 
Dynamic: add TypeModel.isTypeUsed
 2024-06-06 15:31:16 +02:00
Paolo Tranquilli
2d42ea0f2f Merge pull request #16668 from github/criemen/pkg-js-fixup 
JS: Use `resources/tools` from external repo, not internal.
 2024-06-06 11:50:54 +02:00
Mauro Baluda
0b9bafc9c3 Update AutoBuildTests.java 2024-06-04 21:07:57 +02:00
Mauro Baluda
168cba86c1 Add .xsaccess test data 2024-06-04 20:55:07 +02:00
Mauro Baluda
8791e67789 Add .xsaccess test data 2024-06-04 17:50:08 +02:00
Mauro Baluda
576ee7892d Add .xsaccess test data 2024-06-04 17:36:05 +02:00
Mauro Baluda
7b3e9b4ec1 Extract .xsaccess files as JSON 2024-06-04 16:28:08 +02:00
Mauro Baluda
73b18129d9 Extract .xsaccess files as JSON 2024-06-04 16:23:05 +02:00
Cornelius Riemenschneider
e8c1e50276 JS: Use resources/tools from external repo, not internal. 
This was missing in https://github.com/github/codeql/pull/16656, so we couldn't actually
delete the resources in the internal repo.
 2024-06-04 13:54:41 +02:00
Paolo Tranquilli
7b8c11379d Javascript: use codeql_pack for javascript extractor 2024-06-03 23:14:44 +02:00
Paolo Tranquilli
096a31dbef Mark all integration tests as legacy 
This is in preparation for the new integration test framework. Tests
marked thus will be run by the current framework and ignored by the new
one.
 2024-05-31 16:04:50 +02:00
github-actions[bot]
906b65d09c Post-release preparation for codeql-cli-2.17.4 2024-05-28 18:02:25 +00:00
github-actions[bot]
33b4ae8bbb Release preparation for version 2.17.4 2024-05-28 15:44:32 +00:00
Erik Krogh Kristensen
c743abad54 Merge pull request #14294 from am0o0/amammad-js-CodeInjection_execa 
JS: provide command execution sinks for execa package
 2024-05-24 09:20:19 +02:00
Dave Bartolomeo
613ccaac1d Add change note to all v1.0.0 packs 2024-05-23 13:01:22 -04:00
erik-krogh
c80f48b23a Merge branch 'main' into amammad-js-CodeInjection_execa 2024-05-23 08:02:22 +02:00
Dave Bartolomeo
ffe4c8c87b Update all pack versions to 1.0.0 2024-05-22 13:39:08 -04:00
erik-krogh
a30bac14e9 add change-note 2024-05-21 22:14:39 +02:00
erik-krogh
61c72361cd move the "isFileTooLarge" earlier in the pipeline, so we're only doing it once 2024-05-21 20:01:24 +02:00
erik-krogh
241f977488 fix that very large TypeScript files would crash the extractor 2024-05-21 19:52:43 +02:00
Asger F
3b211089d6 JS: Remove redundant import 2024-05-21 14:40:17 +02:00
Asger F
6f19fc2fcd JS: Add isTypeUsed to avoid overpruning 2024-05-21 14:38:52 +02:00
Asger F
632cce2c16 JS: Add failing test due to overpruning 2024-05-21 14:20:13 +02:00
Asger F
43abc72780 JS: Add TypeModel.isTypeUsed 
f
 2024-05-21 14:19:56 +02:00
Joe Farebrother
01a6c5e82f Merge pull request #16446 from joefarebrother/shared-sensitive-heuristics 
Ruby/Python/JS/Swift: Add category of Private information to shared sensitive data heuristics
 2024-05-21 09:07:13 +01:00
erik-krogh
c166cb406a Merge branch 'main' into amammad-js-CodeInjection_execa 2024-05-21 08:48:12 +02:00
Erik Krogh Kristensen
03cf9b702c Merge pull request #14291 from am0o0/amammad-js-CodeInjection_Shelljs 
JS: Shelljs improvement
 2024-05-17 11:14:11 +02:00
am0o0
42a9962519 make shellJSMember predicate private, improve predicate document 2024-05-16 14:05:06 +02:00
Asger F
499c4df79b Merge pull request #13554 from am0o0/amammad-js-bombs 
JS: Decompression Bombs
 2024-05-16 13:25:41 +02:00
erik-krogh
56dff8540f add an example of how to get a floating point value between 0 and 1 2024-05-16 11:15:07 +02:00
erik-krogh
066f3b61a2 RandomSource is deprecated, it's crypto now 2024-05-16 11:14:50 +02:00
github-actions[bot]
32e8b5c667 Post-release preparation for codeql-cli-2.17.3 2024-05-14 21:14:08 +00:00
github-actions[bot]
100166fa53 Release preparation for version 2.17.3 2024-05-14 19:23:18 +00:00
Chuan-kai Lin
1758a1e04b Merge pull request #16422 from github/cklin/javascript-entities-reorder 
JS: Use entities in reorder directives
 2024-05-13 10:26:41 -07:00
Joe Farebrother
da93a08639 Add change notes 
No change note is needed for Swift, as the new heuristics are unused and thus should not affect any queries.
 2024-05-09 10:03:20 +01:00
Joe Farebrother
9aff22c664 Fix typos in sensitive data regex 2024-05-09 09:39:03 +01:00
Joe Farebrother
5f4bc4197b Add private category to sensitive data heuristics 2024-05-08 10:02:00 +01:00
Chuan-kai Lin
9b51e0e0ee JS: Use entities in reorder directives 2024-05-03 11:17:13 -07:00
erik-krogh
39a8b49222 add qhelp recommendation that you can use an obvious placeholder value 2024-05-03 19:37:31 +02:00
erik-krogh
b209fc67cb test the change to hardcoded-credentials 2024-05-03 19:34:18 +02:00
erik-krogh
d9e8e0e00a use some more standard values for credentials-kind for NodeJS client credentials 2024-05-03 13:58:37 +02:00
erik-krogh
ff85db36e2 exclude credentials as kind key from hardcoded-credentials when the key looks like a dummy password 2024-05-03 13:58:11 +02:00
Owen Mansel-Chan
83249cd9c2 Fix grammar in comment 2024-05-02 09:59:48 +01:00