hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-16 16:04:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
67,374 Commits 1,679 Branches 158 Tags
ceccc9294c680ea46a8ce2ca8bf4a5b426b8d920
Commit Graph

4415 Commits

Author SHA1 Message Date
Paolo Tranquilli
096a31dbef Mark all integration tests as legacy 
This is in preparation for the new integration test framework. Tests
marked thus will be run by the current framework and ignored by the new
one.
 2024-05-31 16:04:50 +02:00
github-actions[bot]
906b65d09c Post-release preparation for codeql-cli-2.17.4 2024-05-28 18:02:25 +00:00
github-actions[bot]
33b4ae8bbb Release preparation for version 2.17.4 2024-05-28 15:44:32 +00:00
Tom Hvitved
69fb2bb97c Merge pull request #16597 from hvitved/tree-sitter/empty-location 
Tree-sitter: Emit `empty_location` relation to avoid scan
 2024-05-27 15:19:15 +02:00
Anders Schack-Mulligen
1432519cc2 Dataflow: Add totalorder predicates to all languages. 2024-05-27 11:01:52 +02:00
Anders Schack-Mulligen
bc8ca1af86 Dataflow: Introduce NodeRegions for use in isUnreachableInCall. 2024-05-27 11:01:51 +02:00
Tom Hvitved
686879a2a3 Ruby: Add up/downgrade scripts 2024-05-27 10:39:22 +02:00
Tom Hvitved
94d2e9591d Tree-sitter: Emit empty_location relation to avoid scan 2024-05-27 10:39:21 +02:00
Cornelius Riemenschneider
b09f3c1c0d Don't build with cross any longer. 
We've removed cross from the internal build when converting to bazel,
mirror that here.
 2024-05-24 16:17:37 +02:00
Cornelius Riemenschneider
8c46b61e85 Ruby: Change how we pull in shared/tree-sitter-extractor dependency 
Previously, we pulled in the shared tree-sitter extractor via a `git`
dependency in `Cargo.toml` to address a `rules_rust` limitation (no `path`
dependencies outside of the cargo workspace)). This was a problem,
as that means we're cloning `github/codeql` _again_ for the build, which is
quite slow.

I found another way that is faster, and still produces correct builds
for both `cargo`` and `rules_rust`:
* Cargo depends on a fake crate that has the same dependencies as the real crate (thanks to `sync-files.py`). Therefore, cargo pulls in the right dependencies into the lockfile, which bazel targets
* For local builds, we override the path to that dependency in a cargo config, so we're pulling in the correct code
* rules_rust only uses `path` dependencies for collecting transitive dependencies, it never pulls in the code from there. So far that, we manually provide a `BUILD.bazel` file for the shared extractor, and depend on that.
 2024-05-24 15:37:35 +02:00
Tom Hvitved
386bc1eb03 Bazel: repin 2024-05-24 13:53:55 +02:00
Tom Hvitved
7490472772 Update Python to use Rust 1.74 2024-05-24 13:05:39 +02:00
Tom Hvitved
0dbce3d077 Merge pull request #16451 from hvitved/treesitter/codeql-verbosity 
Tree-sitter: Respect verbosity defined in `CODEQL_VERBOSITY`
 2024-05-24 11:24:01 +02:00
Dave Bartolomeo
613ccaac1d Add change note to all v1.0.0 packs 2024-05-23 13:01:22 -04:00
Tom Hvitved
e4cd9d86f6 Tree-sitter: Respect verbosity defined in CODEQL_VERBOSITY 2024-05-23 13:38:35 +02:00
Dave Bartolomeo
ffe4c8c87b Update all pack versions to 1.0.0 2024-05-22 13:39:08 -04:00
Anders Schack-Mulligen
bbebdfea8d Merge pull request #16511 from aschackmull/dataflow/configuration-provenance 
Dataflow: Add provenance for configuration-specific steps.
 2024-05-22 14:07:10 +02:00
Alex Ford
8119a27540 Merge pull request #16185 from alexrford/rb/conditions-arr0 
Ruby: ActiveRecord - refine `conditions` argument as an SQLi sink
 2024-05-22 12:19:10 +01:00
Tom Hvitved
a006c29a00 Merge pull request #16481 from hvitved/treesitter/bump2 
Tree-sitter: Bump to 0.22.6
 2024-05-22 12:53:14 +02:00
Anders Schack-Mulligen
012b861ffb Ruby: Accept qltest .expected file changes. 2024-05-22 10:08:59 +02:00
Anders Schack-Mulligen
c4ae18649e Ruby: Accept qltest .expected file changes (interesting). 2024-05-22 10:08:59 +02:00
Tom Hvitved
22aea47604 Repin 2024-05-21 20:59:54 +02:00
Tom Hvitved
a87ceed361 Merge pull request #16394 from hvitved/dataflow/synth-param-ret-node 
Data flow: Synthesize parameter return nodes
 2024-05-21 20:55:14 +02:00
Tom Hvitved
bc1283c715 Ruby: Reference official Tree-sitter grammar in Cargo.toml 2024-05-21 20:51:50 +02:00
Chuan-kai Lin
8a22e2283c Merge pull request #16424 from github/cklin/ruby-entities-reorder 
Ruby: Use entities in reorder directives
 2024-05-21 07:32:28 -07:00
Rasmus Wriedt Larsen
2451a6d3f6 Accept .expected changes 2024-05-21 14:47:42 +02:00
Tom Hvitved
80364e9570 Ruby: Repin in Cargo.toml 2024-05-21 11:25:21 +02:00
Tom Hvitved
bf2ae9890f Tree-sitter: Bump to 0.22.6 2024-05-21 11:14:06 +02:00
Joe Farebrother
01a6c5e82f Merge pull request #16446 from joefarebrother/shared-sensitive-heuristics 
Ruby/Python/JS/Swift: Add category of Private information to shared sensitive data heuristics
 2024-05-21 09:07:13 +01:00
am0o0
dcadda23cd update expected file 2024-05-16 15:15:27 +02:00
am0o0
f06c3fddd9 fix qhelp, fix duplicate query id 2024-05-16 15:12:31 +02:00
Alex Ford
78dc6502f5 Merge branch 'main' into amammad-ruby-bombs 2024-05-16 13:53:31 +01:00
github-actions[bot]
32e8b5c667 Post-release preparation for codeql-cli-2.17.3 2024-05-14 21:14:08 +00:00
github-actions[bot]
100166fa53 Release preparation for version 2.17.3 2024-05-14 19:23:18 +00:00
Joe Farebrother
da93a08639 Add change notes 
No change note is needed for Swift, as the new heuristics are unused and thus should not affect any queries.
 2024-05-09 10:03:20 +01:00
Joe Farebrother
9aff22c664 Fix typos in sensitive data regex 2024-05-09 09:39:03 +01:00
Joe Farebrother
5f4bc4197b Add private category to sensitive data heuristics 2024-05-08 10:02:00 +01:00
Chuan-kai Lin
cbc0261567 Ruby: Use entities in reorder directives 2024-05-03 11:18:15 -07:00
Harry Maclean
ef88f3ed09 Merge pull request #16377 from hmac/hmac-sanitization-fp 
Ruby: Fix StringSubstitutionCall charpred
 2024-05-02 13:31:01 +01:00
Owen Mansel-Chan
9bfb189fa7 Merge pull request #16392 from owen-mc/external-flow/standardize-empty-model-yml 
External flow: standardize `empty.model.yml`
 2024-05-02 11:01:47 +01:00
Owen Mansel-Chan
83249cd9c2 Fix grammar in comment 2024-05-02 09:59:48 +01:00
Owen Mansel-Chan
16dcc0969b Standardise comment explaining why extensible predicates must be defined 2024-05-01 22:00:01 +01:00
Owen Mansel-Chan
09e59ccf44 Name files with empty definitions of MaD extensible predicates to erowdmpty.model.yml 2024-05-01 21:39:38 +01:00
Harry Maclean
c00d0d302d Ruby: fix wording in rb/request-without-cert-validation 2024-05-01 17:25:58 +01:00
Harry Maclean
f7fc2e0b00 Ruby: Fix StringSubstitutionCall charpred 
Some missing parens meant this class targeted way more things than
intended.
 2024-05-01 16:14:58 +01:00
github-actions[bot]
99928b82ed Post-release preparation for codeql-cli-2.17.2 2024-04-30 12:15:35 +00:00
github-actions[bot]
5228d94d42 Release preparation for version 2.17.2 2024-04-30 10:25:51 +00:00
Erik Krogh Kristensen
7e839792da Merge pull request #16330 from erik-krogh/del-deps-apr-2024 
All: delete outdated deprecations
 2024-04-30 10:43:39 +02:00
Harry Maclean
51bc8e917e Ruby: Reduce FPs for rb/incomplete-hostname-regexp 
Arguments in calls to `match[?]` should only be considered regular
expression interpretations if the `match` refers to the standard library
method, not a method in source code.
 2024-04-29 11:19:34 +01:00
Harry Maclean
8b23f6db10 Ruby: Add URI.open example to rb/kernel-open qhelp 2024-04-27 09:53:54 +01:00