hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-04 14:46:48 +01:00
Code Issues Packages Projects Releases Wiki Activity
74,382 Commits 1,699 Branches 161 Tags
baec4adbb1fd8c0550091517f9eb59cb3d94de0a
Commit Graph

1006 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
012e1b498d Dataflow: Remove duplicate definitions 2024-05-27 11:01:51 +02:00
Anders Schack-Mulligen
bc8ca1af86 Dataflow: Introduce NodeRegions for use in isUnreachableInCall. 2024-05-27 11:01:51 +02:00
Anders Schack-Mulligen
486eaad566 Shared: Add MakeSets module. 2024-05-27 11:01:51 +02:00
Tom Hvitved
94d2e9591d Tree-sitter: Emit empty_location relation to avoid scan 2024-05-27 10:39:21 +02:00
Cornelius Riemenschneider
8c46b61e85 Ruby: Change how we pull in shared/tree-sitter-extractor dependency 
Previously, we pulled in the shared tree-sitter extractor via a `git`
dependency in `Cargo.toml` to address a `rules_rust` limitation (no `path`
dependencies outside of the cargo workspace)). This was a problem,
as that means we're cloning `github/codeql` _again_ for the build, which is
quite slow.

I found another way that is faster, and still produces correct builds
for both `cargo`` and `rules_rust`:
* Cargo depends on a fake crate that has the same dependencies as the real crate (thanks to `sync-files.py`). Therefore, cargo pulls in the right dependencies into the lockfile, which bazel targets
* For local builds, we override the path to that dependency in a cargo config, so we're pulling in the correct code
* rules_rust only uses `path` dependencies for collecting transitive dependencies, it never pulls in the code from there. So far that, we manually provide a `BUILD.bazel` file for the shared extractor, and depend on that.
 2024-05-24 15:37:35 +02:00
Tom Hvitved
0dbce3d077 Merge pull request #16451 from hvitved/treesitter/codeql-verbosity 
Tree-sitter: Respect verbosity defined in `CODEQL_VERBOSITY`
 2024-05-24 11:24:01 +02:00
Dave Bartolomeo
f498e05099 Merge branch 'main' into dbartol/v1 2024-05-23 14:37:28 -04:00
Dave Bartolomeo
613ccaac1d Add change note to all v1.0.0 packs 2024-05-23 13:01:22 -04:00
Tom Hvitved
e4cd9d86f6 Tree-sitter: Respect verbosity defined in CODEQL_VERBOSITY 2024-05-23 13:38:35 +02:00
Tom Hvitved
a523be4d0a Tree-sitter: Add set_tracing_level to shared extractor module 2024-05-23 12:58:53 +02:00
Anders Schack-Mulligen
f353065d26 Java: Allow overloading for exact model matches. 2024-05-23 10:50:01 +02:00
Anders Schack-Mulligen
0f864081cb Java: Remove source dispatch when there's an exact match from a manual model. 2024-05-23 10:50:00 +02:00
Dave Bartolomeo
ffe4c8c87b Update all pack versions to 1.0.0 2024-05-22 13:39:08 -04:00
Anders Schack-Mulligen
bbebdfea8d Merge pull request #16511 from aschackmull/dataflow/configuration-provenance 
Dataflow: Add provenance for configuration-specific steps.
 2024-05-22 14:07:10 +02:00
Tom Hvitved
a992b67d97 Merge pull request #16556 from hvitved/dataflow/simplify 
Data flow: Remove two redundant conjuncts
 2024-05-22 13:58:04 +02:00
Tom Hvitved
a006c29a00 Merge pull request #16481 from hvitved/treesitter/bump2 
Tree-sitter: Bump to 0.22.6
 2024-05-22 12:53:14 +02:00
Tom Hvitved
70cf16597b Data flow: Remove two redundant conjuncts 2024-05-22 12:45:11 +02:00
Michael Nebel
84e412fe36 Merge pull request #16477 from michaelnebel/csharp/madinlinetest 
C#: Inline expectation for model generator test.
 2024-05-22 11:05:23 +02:00
Anders Schack-Mulligen
22c1d52381 Dataflow: Add provenance for configuration-specific steps. 2024-05-22 10:05:42 +02:00
Tom Hvitved
bebcd679a4 Address review comments 2024-05-21 14:51:52 +02:00
Tom Hvitved
18f138e754 Add change note 2024-05-21 14:47:42 +02:00
Tom Hvitved
454687d583 Data flow: Synthesize parameter return nodes 2024-05-21 14:47:42 +02:00
Tom Hvitved
bf2ae9890f Tree-sitter: Bump to 0.22.6 2024-05-21 11:14:06 +02:00
Michael Nebel
78b8a9259a Share the Models as Data inline expect predicates. 2024-05-17 09:44:57 +02:00
github-actions[bot]
32e8b5c667 Post-release preparation for codeql-cli-2.17.3 2024-05-14 21:14:08 +00:00
github-actions[bot]
100166fa53 Release preparation for version 2.17.3 2024-05-14 19:23:18 +00:00
Owen Mansel-Chan
c11fac81fd Make summaryThroughStepValue include param outputs 
This matches summaryThroughStepTaint.
 2024-05-07 13:55:42 +01:00
Anders Schack-Mulligen
248ffa15a2 Merge pull request #16318 from aschackmull/dataflow/doublyboundedfasttc 
Dataflow: Use doublyBoundedFastTC.
 2024-05-01 09:48:23 +02:00
github-actions[bot]
99928b82ed Post-release preparation for codeql-cli-2.17.2 2024-04-30 12:15:35 +00:00
github-actions[bot]
5228d94d42 Release preparation for version 2.17.2 2024-04-30 10:25:51 +00:00
Mathias Vorreiter Pedersen
2482519cd3 DataFlow: Cached second level scope. 2024-04-26 13:09:59 +01:00
Tom Hvitved
95d579d9de Data flow: Fix bad join 
```
Evaluated relational algebra for predicate _DataFlowImpl::Impl<HardcodedDataInterpretedAsCodeQuery::HardcodedDataInterpretedAsCodeFlow::C>::ret__#count_range@d112335l with tuple counts:
            285176  ~2%    {3} r1 = SCAN `_DataFlowDispatch::DataFlowCall.getEnclosingCallable/0#dispred#b7b78b19_DataFlowImpl::Impl<Hardcoded__#shared` OUTPUT In.1, In.0, In.2
        3265592261  ~3%    {5}    | JOIN WITH `DataFlowImpl::Impl<HardcodedDataInterpretedAsCodeQuery::HardcodedDataInterpretedAsCodeFlow::C>::returnCallEdge1/4#d02cae42_2301#join_rhs` ON FIRST 2 OUTPUT Lhs.0, Lhs.2, Rhs.2, Lhs.1, Rhs.3
             39070  ~8%    {6}    | JOIN WITH `DataFlowImplCommon::Cached::viableImplInCallContextExt/2#58e931ad` ON FIRST 3 OUTPUT Lhs.0, Lhs.3, Lhs.1, Lhs.2, Lhs.4, _
             39070  ~0%    {6}    | REWRITE WITH Out.5 := 1
                           return r1
```
 2024-04-24 12:22:28 +02:00
Anders Schack-Mulligen
830b83f653 Dataflow: Use doublyBoundedFastTC. 2024-04-23 13:07:20 +02:00
Anders Schack-Mulligen
b2f09949df Merge pull request #15599 from aschackmull/dataflow/fieldflowbranchlimit-v2 
Dataflow: update fieldFlowBranchLimit semantics
 2024-04-23 10:08:05 +02:00
Tom Hvitved
18acad516b Merge pull request #16251 from hvitved/dataflow/fix-bad-join2 
Data flow: Fix a bad join
 2024-04-19 09:49:41 +02:00
Anders Schack-Mulligen
595014966a Dataflow: Add change note. 2024-04-19 08:46:04 +02:00
Tom Hvitved
339c40c2b7 Data flow: Fix bad join 2024-04-18 21:30:32 +02:00
Asger F
decd576a6b Merge pull request #15386 from asgerf/js/graph-export 
JS: Add library for exporting graphs as type models
 2024-04-18 11:56:17 +02:00
Asger F
c0db40d11a Merge branch 'js/graph-export' of github.com:asgerf/codeql into js/graph-export 2024-04-16 20:25:11 +02:00
Asger F
be64daf265 Merge branch 'main' into js/graph-export 2024-04-16 20:23:33 +02:00
Asger F
ee5cb6f3d8 Update shared/mad/codeql/mad/dynamic/GraphExport.qll 2024-04-16 20:10:51 +02:00
Asger F
844b29b637 Update shared/mad/codeql/mad/dynamic/GraphExport.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2024-04-16 20:09:26 +02:00
github-actions[bot]
622e176a16 Post-release preparation for codeql-cli-2.17.1 2024-04-16 14:21:32 +00:00
github-actions[bot]
9bfe4ea90a Release preparation for version 2.17.1 2024-04-15 17:34:47 +00:00
Anders Schack-Mulligen
db6d27bd2b C++: Count return dispatch based on 2nd level scopes. 2024-04-15 15:13:08 +02:00
Anders Schack-Mulligen
b87b8329a0 Dataflow: Use default fieldFlowBranchLimit in qltests. 2024-04-15 15:13:03 +02:00
Anders Schack-Mulligen
f945687a93 Dataflow: Simplify branch and join. 2024-04-15 15:13:01 +02:00
Anders Schack-Mulligen
82afbbc17b Dataflow: Adjust fieldFlowBranchLimit count (block less) and adjust return edge condition (block more) 2024-04-15 15:12:58 +02:00
Anders Schack-Mulligen
1389c7220b Dataflow: Amend change note. 2024-04-15 14:35:39 +02:00
Asger F
3949ae4123 Update shared/mad/codeql/mad/dynamic/GraphExport.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2024-04-12 15:00:24 +02:00