hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-12 13:11:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
85,364 Commits 1,689 Branches 160 Tags
bedb80346a700a0f721f1985a113dbf754a74236
Commit Graph

237 Commits

Author SHA1 Message Date
Michael Nebel
b0ef0f06eb Java: Include metrics in the database quality diagnostics and lower threshold. 2025-09-08 12:05:37 +02:00
idrissrio
ac52a1b123 Java: Move extractorInformationSkipKey predicate to library pack 2025-07-29 09:45:18 +02:00
Jonas Jensen
118abd40c9 Java: add exclude-from-incremental tag to telemetry queries 
In the future, this tag should signal to the action that the queries
should be excluded from incremental scans because they are too slow
and/or produce too many results.

The three queries tagged here rely on global data-flow analysis to find
all XSS sinks. All other metric and diagnostic queries are fast enough
for incrementality.
 2025-04-02 14:19:45 -07:00
Tom Hvitved
89502d63e5 Rust: Implement database quality telemetry query 2025-02-06 10:46:48 +01:00
Ian Lynagh
41ed6e6695 Java: Deprecate RefType.nestedName(), and add RefType.getNestedName() 2024-09-16 17:16:25 +01:00
Tamas Vajk
0263cc1609 Improve code quality 2024-08-07 15:27:14 +02:00
Chris Smowton
80cb908289 Amend message 2024-06-27 09:57:35 +01:00
Chris Smowton
df860d4128 autoformat 2024-06-27 09:57:25 +01:00
Chris Smowton
16a90aa180 autoformat 2024-06-27 09:57:19 +01:00
Chris Smowton
6292cacd74 Add link to build modes docs 2024-06-27 09:57:13 +01:00
Chris Smowton
d43762cae3 Apply suggestions from code review 
Co-authored-by: Sarita Iyer <66540150+saritai@users.noreply.github.com>
Co-authored-by: Chad Bentz <1760475+felickz@users.noreply.github.com>
 2024-06-27 09:57:07 +01:00
Chris Smowton
f397ab2d72 Java: add diagnostic query indicating low database quality 2024-06-27 09:57:02 +01:00
Michael Nebel
9db32f4d26 Java: Identify more APIs as supported in the telemetry queries (as QL defined sinks). 2024-04-26 12:39:46 +02:00
Michael Nebel
acb2bbb2a3 Java: Identify more APIs as supported in the telemetry queries (as QL defined sources). 2024-04-26 12:39:46 +02:00
Anders Schack-Mulligen
2925e45434 Java/Dataflow: Propagate MaD-id/model-id to PathGraph. 2024-04-12 09:19:51 +02:00
Chris Smowton
0bb6a64e81 Java: extractor information: tolerate fractional percentages 2024-03-01 16:49:29 +00:00
Chris Smowton
ffa998eb4a Autoformat 2024-02-29 14:59:45 +00:00
Chris Smowton
5d55265910 Add telemetry for untyped expressions and missing call targets 2024-02-29 14:59:45 +00:00
Tom Hvitved
f9dbf676a6 Java: Use FlowSummaryImpl from dataflow pack 2023-12-10 11:25:45 +01:00
erik-krogh
e3e8f3d7c4 Java: delete various outdated deprecations 2023-10-09 09:14:54 +02:00
Ian Lynagh
a2659eecfb Merge pull request #14018 from igfoo/igfoo/extractor_information_kotlin1 
Kotlin: Write usesK2 ("uses Kotlin 2") information to the database
 2023-09-04 13:38:23 +01:00
Anders Starcke Henriksen
361ae1747e Merge branch 'main' into starcke/automodel-pack 2023-08-30 09:25:28 +02:00
Jean Helie
41726f52a2 Merge pull request #13954 from github/kaeluka/add-provenance-to-metadata 
Java: Automodel: Add Candidates for Regression Testing
 2023-08-29 14:33:02 +01:00
Jean Helie
de76c0749a Java: Automodel Framework Mode: Add Candidates for Regression Testing 2023-08-29 09:53:55 +01:00
Ian Lynagh
deaf912cb8 Kotlin: Add an integration test for extractor information 2023-08-22 16:39:18 +01:00
Michael Nebel
5623ccf4a0 Java: Re-factor NeutralCallable to include all neutrals and introduce NeutralSummaryCallable. 2023-08-21 09:59:00 +02:00
Stephan Brandauer
808dc3e8d3 Java: Automodel framework mode: track exact ai- provenance in alreadyAiModeled meta data property 2023-08-16 09:25:03 +02:00
Stephan Brandauer
bc55afcee7 Java: Automodel framework mode: use new interface 2023-08-14 13:17:55 +02:00
Stephan Brandauer
551b34e3be Java: Automodel application mode: include candidates that are useful for regression testing 2023-08-14 11:46:40 +02:00
Stephan Brandauer
1a95a34441 Java: automodel: use the call for call context, rather than the argument 2023-08-14 09:54:44 +02:00
Stephan Brandauer
4107758c8a Java: automodel extraction: add strings to query selection 2023-08-14 09:49:50 +02:00
Stephan Brandauer
a9906f6f7b Java: fix - add extra $@ 
Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>
 2023-08-11 09:15:09 +02:00
Stephan Brandauer
e927470961 Merge branch 'main' into kaeluka/java-automodel-variadic-args 2023-08-09 09:02:32 +02:00
Anders Starcke Henriksen
3918e57ffe Take filter pack into account. 2023-08-08 15:10:12 +02:00
Anders Starcke Henriksen
8d34ab6d18 Merge branch 'main' into starcke/automodel-pack 2023-08-08 15:02:33 +02:00
Stephan Brandauer
3433437034 Java: automodel application mode: only extract the first argument corresponding to a varargs array 2023-08-07 14:15:17 +02:00
Stephan Brandauer
e1a5eba61b Java: automodel application mode: refactor varargs endpoint class to rely on normal argument node for nicer extracted examples 2023-08-07 12:18:52 +02:00
Stephan Brandauer
650ff8db87 Java: automodel comments 2023-08-07 12:18:51 +02:00
Stephan Brandauer
0781cb78e8 Java: automodel application mode: add isVarargsArray metadata value 2023-08-07 12:18:51 +02:00
Stephan Brandauer
5abf7769a7 Java: automodel application mode: use endpoint class like in framework mode 2023-08-07 12:18:51 +02:00
Anders Starcke Henriksen
e2abd3ff13 Create separate automodel pack. 2023-08-03 13:55:15 +02:00
Anders Starcke Henriksen
131ae1aae9 Fix name in predicate. 2023-08-03 09:53:40 +02:00
Anders Starcke Henriksen
1c425a5602 Change from package to endpoint. 2023-08-03 09:50:23 +02:00
Anders Starcke Henriksen
9b8d7df370 Add option to filter automodel queries by package. 2023-08-03 09:50:23 +02:00
Anders Schack-Mulligen
7bc8bf616f Merge pull request #13863 from aschackmull/dataflow/pack4 
Dataflow: Move the shared library to a properly shared qlpack.
 2023-08-02 14:19:49 +02:00
Anders Schack-Mulligen
405a3a73d1 Java: Remove irrelevant import. 2023-08-01 14:31:30 +02:00
Stephan Brandauer
621c05dc4b Java: format 2023-08-01 09:19:03 +02:00
Stephan Brandauer
058236877e Java: Drive-by: fix oversight in #13823 
In PR #13823, we had rewritten the endpoints that are being considered for framework mode. We used to use `DataFlow::ParameterNode` as endpoints.
However, `ParameterNode`s do not exist for the implicit `this` parameter; they also do not exist for bodiless interface-methods.

In PR #13823, we forgot to model that `this` only exists for non-static methods and to only consider parameters that we have source code for.
 2023-08-01 09:18:58 +02:00
Stephan Brandauer
37b6b46dbf Java: update extraction query tests after merging PR #13747 2023-08-01 09:18:57 +02:00
Stephan Brandauer
8bf960bd44 Java: fix QL-for-QL alert 2023-07-28 14:28:47 +02:00