hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
79,182 Commits 1,673 Branches 157 Tags
2b65eebbc8226bd927fca1ca3fde3b800f87eedf
Commit Graph

252 Commits

Author SHA1 Message Date
Tom Hvitved
179bae8791 Merge pull request #19025 from hvitved/rust/rust-analyzer-comparison 
Rust: Add telemetry for comparing against `rust-analyzer`
 2025-03-19 11:06:27 +01:00
Tom Hvitved
0bf2bfa2f1 Rust: Take depdency renaming into account when extracting the crate graph 2025-03-19 08:39:22 +01:00
Arthur Baars
f08d1d10f1 Rust: tainted path implement basic sanitizers 2025-03-18 19:16:13 +01:00
Arthur Baars
8223dded99 Rust: TaintedPath query 2025-03-18 19:10:03 +01:00
Simon Friis Vindum
7a18da82fa Merge pull request #19000 from paldepind/rust-cleartext-transmission 
Rust: Add cleartext transmission query
 2025-03-17 14:56:57 +01:00
Simon Friis Vindum
0bf826559c Rust: Apply qhelp suggestions from review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2025-03-17 07:56:37 +01:00
Tom Hvitved
89f6245772 Rust: Add telemetry for comparing against rust-analyzer 2025-03-14 14:48:15 +01:00
Simon Friis Vindum
a96a5fc737 Rust: Address PR comments 2025-03-14 13:24:16 +01:00
Simon Friis Vindum
4dbfda59cf Merge branch 'main' into rust-data-flow-split 2025-03-14 09:58:46 +01:00
Simon Friis Vindum
fb718660d9 Rust: Generate more sinks and update query description 2025-03-13 17:35:32 +01:00
Tom Hvitved
af91152f5c Address review comments 2025-03-13 15:04:59 +01:00
Simon Friis Vindum
1ae28c7907 Merge branch 'main' into rust-cleartext-transmission 2025-03-13 15:01:11 +01:00
Geoffrey White
1aa223652f Merge pull request #18977 from geoffw0/sourcesinkdoc 
Rust: Source and sink doc / tidy up
 2025-03-13 10:53:44 +00:00
Simon Friis Vindum
3c644144b1 Rust: Extract data flow node and content into separate files 2025-03-13 11:22:04 +01:00
Arthur Baars
fa79dbc89a Merge pull request #18228 from github/aibaars/crate-graph 
Rust: extract crate graph
 2025-03-13 10:00:48 +01:00
Simon Friis Vindum
4de69c70a8 Rust: Add cleartext transmission query 2025-03-13 08:45:36 +01:00
Geoffrey White
56f6a67d5f Rust: Add sinks for rust/regex-injection to stats. 2025-03-12 16:08:33 +00:00
Geoffrey White
f8112945a8 Merge branch 'main' into sourcesinkdoc 2025-03-12 16:04:56 +00:00
Simon Friis Vindum
b3601b1ac2 Merge pull request #18946 from paldepind/rust-regex-injection 
Rust: Add regular expression injection query
 2025-03-12 08:15:54 +01:00
Geoffrey White
044d0a13f0 Rust: Include WeakSensitiveDataHashing sinks as well. 2025-03-11 15:41:38 +00:00
Geoffrey White
4924a0faf3 Rust: Introduce a QuerySink class, common to all query sinks. 2025-03-11 15:41:37 +00:00
Simon Friis Vindum
1e0b78ebd3 Rust: Update regex injection description 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2025-03-11 12:47:12 +01:00
Simon Friis Vindum
b48fd99913 Rust: Applying suggestions to documentation 2025-03-10 16:30:52 +01:00
Simon Friis Vindum
5c83644360 Rust: Use CWE 20 for regex injection query 2025-03-10 14:52:25 +01:00
Simon Friis Vindum
344fea2128 Rust: Enable local threat models in tests and use active threat models for regex query 2025-03-10 13:23:20 +01:00
Arthur Baars
98a40967d2 Rust: ignore crate graph elements from summary stats and AST no-location checks 
These elements depend on the version of the standard libraries and platform, and
in addition no location information is extracted for them at the moment.

f
 2025-03-10 10:16:15 +01:00
Simon Friis Vindum
179ea041f4 Rust: Merge query implementation into one file 2025-03-10 09:09:13 +01:00
Geoffrey White
fe139e5bea Rust: Rearrange the unused variable query logic so that it's clearer what the comments apply to. 2025-03-07 14:55:34 +00:00
Geoffrey White
cc902a6ad1 Rust: Fix unused value FPs due to unexpanded macro calls as well. 2025-03-07 14:48:27 +00:00
Geoffrey White
e0839a369c Rust: Fix unused variable FPs due to unexpanded macro calls. 2025-03-07 14:40:02 +00:00
Simon Friis Vindum
494f914070 Rust: Add regular expression injection query 2025-03-07 12:37:30 +01:00
Tom Hvitved
1f13f0009f Rust: Move AstConsistency.qll into internal 2025-03-04 13:00:09 +01:00
Simon Friis Vindum
7476aeaabf Rust: Handle ref patterns in data flow 
To do this we:
* Let SSA writes target the name inside identifier patterns instead of
  the pattern itself
* Include relevant names in the data flow graph
* Add a store step from a identifier patterns with `ref` into the
  contained name. So we have an edge `ref a` -> `a` that stores in the
  reference content type.
 2025-02-12 13:20:11 +01:00
Tom Hvitved
11bf4c831d Update rust/ql/src/queries/telemetry/DatabaseQualityDiagnostics.ql 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2025-02-07 13:55:11 +01:00
Tom Hvitved
89502d63e5 Rust: Implement database quality telemetry query 2025-02-06 10:46:48 +01:00
Tom Hvitved
45fc1daa74 Rust: Hide internal implementation details from DataFlow::Node 2025-02-03 14:12:56 +01:00
Tom Hvitved
8eb5792f3b Address review comments 2025-01-31 10:10:55 +01:00
Geoffrey White
0a3d44c44e Rust: Re-apply suggested changes (I accidentally force-pushed them away). 2025-01-24 17:31:38 +00:00
Geoffrey White
44b9a1188b Rust: Another .qhelp fix. 2025-01-23 18:46:35 +00:00
Geoffrey White
d27a71eaaf Rust: Minor fixes. 2025-01-23 18:21:27 +00:00
Geoffrey White
55705232f6 Update rust/ql/src/queries/security/CWE-312/CleartextLoggingBad.rs 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-01-23 18:18:05 +00:00
Geoffrey White
613a1656f3 Rust: Simplify QL slightly. 2025-01-23 18:13:59 +00:00
Geoffrey White
4214c837b8 Rust: Clean up the query message. 2025-01-23 18:03:25 +00:00
Geoffrey White
ccc124360e Rust: Add .qhelp and examples. 2025-01-23 17:46:04 +00:00
Geoffrey White
e70816727b Rust: Add the sinks to metrics. 2025-01-23 17:17:25 +00:00
Geoffrey White
59c3ac6f80 Rust: Allow flow through reference taking (&). 2025-01-23 17:17:07 +00:00
Geoffrey White
78c58aa5f1 Rust: Allow implicit taint reads from tuple contents at sinks. 2025-01-23 17:17:05 +00:00
Geoffrey White
4297d05c05 Rust: Implement the query. 2025-01-23 17:16:59 +00:00
Geoffrey White
bb3be2f8af Rust: Add a test for the log crate + placeholder query. 2025-01-23 12:24:47 +00:00
Geoffrey White
e5faf92bab Rust: Make QL-for-QL happy (part 2). 2025-01-16 16:16:02 +00:00