hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-13 08:51:20 +02:00
Code Issues Packages Projects Releases Wiki Activity
87,881 Commits 1,785 Branches 169 Tags
de281fc00cdfef102eefdb67d92481fc2bd2e776
Commit Graph

453 Commits

Author SHA1 Message Date
dependabot[bot]
72fcf27d1a Bump golang.org/x/mod 
Bumps the extractor-dependencies group in /go/extractor with 1 update: [golang.org/x/mod](https://github.com/golang/mod).


Updates `golang.org/x/mod` from 0.36.0 to 0.37.0
- [Commits](https://github.com/golang/mod/compare/v0.36.0...v0.37.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-version: 0.37.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-06-09 03:03:37 +00:00
github-actions[bot]
5a38cbd5d5 Go: Update to 1.26.4 2026-06-08 04:30:10 +00:00
Jeroen Ketema
76f71dd235 Merge pull request #21817 from jketema/go-version 
Go: Make version parsing robust in the face of custom Go builds
 2026-05-18 10:45:55 +02:00
Owen Mansel-Chan
6b65866ff4 Merge branch 'main' into fix/go-extractor-root-test-files 2026-05-11 17:18:43 +01:00
Arieh Schneier
aa1d322fe7 Address PR feedback 
Changes based on code review:

1. Remove redundant strings.Contains check in isExactTestPackage
   The equality check on the next line handles both cases, making
   the early return unnecessary.

2. Extract package selection logic into selectBestPackages function
   This reduces code duplication and allows the test to call the
   actual implementation rather than copying the logic.

3. Add TestSelectBestPackages to test the new function
   Comprehensive test covering single packages, test vs production,
   exact vs nested tests, and multiple packages.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-05-11 21:07:39 +10:00
Arieh Schneier
151a332f0a Add Bazel build target for extractor_test.go 
Generated by manually applying the output from CI's Gazelle check.
This adds the go_test target for the new extractor_test.go file.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-05-11 20:55:11 +10:00
Arieh Schneier
3ef4a5836c Fix Go extractor to extract root internal test files 
When CODEQL_EXTRACTOR_GO_OPTION_EXTRACT_TESTS=true is set, the Go
extractor was incorrectly skipping internal test files (package foo)
at repository roots when the project contains nested test packages.

Root Cause:
The extractor selected package variants by longest ID string, but this
heuristic fails when nested packages have tests. For a package like
"github.com/go-git/go-git/v6", packages.Load returns multiple variants:

1. "github.com/go-git/go-git/v6" (19 files, production only)
2. "github.com/go-git/go-git/v6 [github.com/go-git/go-git/v6.test]"
   (39 files, production + 20 root tests) ← Should select this
3. "github.com/go-git/go-git/v6 [github.com/go-git/go-git/v6/plumbing/format/packfile.test]"
   (19 files, test dependency) ← Was incorrectly selected (longest string)

The old logic selected variant #3 (76 chars) over #2 (68 chars),
causing 20 root test files to be missing from the database.

Fix:
Replace string length comparison with a better heuristic that prefers:
1. Exact test packages (e.g., "pkg [pkg.test]") over nested dependencies
2. Packages with more Syntax nodes (more files to extract)
3. String length as a tiebreaker

This ensures the extractor selects the variant with the most complete
test coverage, particularly for root-level internal tests.

Testing:
- Added comprehensive unit tests covering the selection logic
- Tests simulate the real-world go-git scenario
- All tests pass

Impact:
Root-level external tests (package foo_test) were already extracted
correctly. This fix ensures internal tests (package foo) at the root
are now also extracted when they exist alongside nested test packages.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-05-11 13:42:17 +10:00
dependabot[bot]
8f9d5c5217 Bump the extractor-dependencies group in /go/extractor with 2 updates 
Bumps the extractor-dependencies group in /go/extractor with 2 updates: [golang.org/x/mod](https://github.com/golang/mod) and [golang.org/x/tools](https://github.com/golang/tools).


Updates `golang.org/x/mod` from 0.35.0 to 0.36.0
- [Commits](https://github.com/golang/mod/compare/v0.35.0...v0.36.0)

Updates `golang.org/x/tools` from 0.44.0 to 0.45.0
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.44.0...v0.45.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-version: 0.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
- dependency-name: golang.org/x/tools
  dependency-version: 0.45.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-05-11 03:06:30 +00:00
Jeroen Ketema
e38303b922 Go: Make version parsing robust in the face of custom Go builds 
cf. afcf04cb64/src/go/version/version.go (L20)
 2026-05-08 15:15:42 +02:00
dependabot[bot]
b19f2c6874 Bump the extractor-dependencies group in /go/extractor with 2 updates 
Bumps the extractor-dependencies group in /go/extractor with 2 updates: [golang.org/x/mod](https://github.com/golang/mod) and [golang.org/x/tools](https://github.com/golang/tools).


Updates `golang.org/x/mod` from 0.34.0 to 0.35.0
- [Commits](https://github.com/golang/mod/compare/v0.34.0...v0.35.0)

Updates `golang.org/x/tools` from 0.43.0 to 0.44.0
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.43.0...v0.44.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-version: 0.35.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
- dependency-name: golang.org/x/tools
  dependency-version: 0.44.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-14 03:04:45 +00:00
Mario Campos
fb871cdfb8 Add tests for multiple Git sources and GoProxy servers in registry config parsing 2026-04-02 10:12:48 -05:00
dependabot[bot]
c9e0927992 Bump the extractor-dependencies group across 1 directory with 2 updates 
Bumps the extractor-dependencies group with 2 updates in the /go/extractor directory: [golang.org/x/mod](https://github.com/golang/mod) and [golang.org/x/tools](https://github.com/golang/tools).


Updates `golang.org/x/mod` from 0.33.0 to 0.34.0
- [Commits](https://github.com/golang/mod/compare/v0.33.0...v0.34.0)

Updates `golang.org/x/tools` from 0.42.0 to 0.43.0
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.42.0...v0.43.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-version: 0.34.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
- dependency-name: golang.org/x/tools
  dependency-version: 0.43.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-13 03:04:44 +00:00
Paolo Tranquilli
42e41c57d4 Go: fix standalone build of the Go extractor 
https://github.com/github/codeql/pull/21276 worked together with the
internal changes but broke the standalone build of the Go extractor of
this repo in isolation.

The root cause was the lack of an auto-loaded `java_library` rule
definition. This fixes it.

I also checked this doesn't happen anywhere else.
 2026-02-25 13:33:54 +01:00
Owen Mansel-Chan
f01d5840b0 Update to 1.26.0 2026-02-10 22:32:33 +00:00
Jeroen Ketema
50ed0af9da Go: Bump maxGoVersion to 1.26 2026-02-10 22:31:08 +00:00
Jeroen Ketema
e00e3a87ff Update Go version in tests to 1.26.0 2026-02-10 22:31:00 +00:00
Michael B. Gale
518fb44a92 Go: Bump toolchain to 1.25.7 2026-02-10 10:01:38 +00:00
dependabot[bot]
e172cb3f7a Bump the extractor-dependencies group in /go/extractor with 2 updates 
Bumps the extractor-dependencies group in /go/extractor with 2 updates: [golang.org/x/mod](https://github.com/golang/mod) and [golang.org/x/tools](https://github.com/golang/tools).


Updates `golang.org/x/mod` from 0.32.0 to 0.33.0
- [Commits](https://github.com/golang/mod/compare/v0.32.0...v0.33.0)

Updates `golang.org/x/tools` from 0.41.0 to 0.42.0
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.41.0...v0.42.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-version: 0.33.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
- dependency-name: golang.org/x/tools
  dependency-version: 0.42.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-10 03:15:54 +00:00
Michael B. Gale
d5c4a19efa Apply suggestions from code review 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2026-02-03 10:34:14 +00:00
Michael B. Gale
d079671ec8 Align testItems with what getEnvVars does 2026-02-02 16:17:22 +00:00
Michael B. Gale
cbbc057dd3 Fix singular/plural wording and add test 2026-02-02 16:15:36 +00:00
Michael B. Gale
30b30d65c8 Emit the new diagnostic 2026-02-02 14:47:25 +00:00
Michael B. Gale
6d67e419ff Move private registry sources out of util package 2026-02-02 14:45:06 +00:00
Michael B. Gale
29930fa6bf Track active proxy configurations 2026-02-02 14:40:08 +00:00
Michael B. Gale
a57c6cde30 Add EmitPrivateRegistryUsed 2026-02-02 14:39:27 +00:00
Michael B. Gale
45e0a929a8 Move nil check into FileDiagnosticsWriter implementation of WriteDiagnostic 2026-01-25 15:33:26 +00:00
Michael B. Gale
8e7d62600d Make EmitCannotFindPackages testable and add tests 2026-01-25 15:24:43 +00:00
Michael B. Gale
f1f4ddb76c Add dependency on testify/assert 2026-01-25 15:20:06 +00:00
Michael B. Gale
fafc2ddc0b Add DiagnosticsWriter interface to abstract over diagnostics output implementation 2026-01-25 15:20:05 +00:00
Michael B. Gale
f837d90060 Improve go/autobuilder/package-not-found diagnostic message 2026-01-25 15:18:19 +00:00
Michael B. Gale
fdc5ae375b Add IsActionsWorkflow 2026-01-25 12:39:56 +00:00
Michael B. Gale
e250c711aa Add IsDynamicActionsWorkflow 2026-01-25 12:06:30 +00:00
dependabot[bot]
37bb9d77d3 Bump golang.org/x/tools 
Bumps the extractor-dependencies group in /go/extractor with 1 update: [golang.org/x/tools](https://github.com/golang/tools).


Updates `golang.org/x/tools` from 0.40.0 to 0.41.0
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.40.0...v0.41.0)

---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-version: 0.41.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-13 05:38:36 +00:00
dependabot[bot]
4318c285cb Bump golang.org/x/mod 
Bumps the extractor-dependencies group in /go/extractor with 1 update: [golang.org/x/mod](https://github.com/golang/mod).


Updates `golang.org/x/mod` from 0.31.0 to 0.32.0
- [Commits](https://github.com/golang/mod/compare/v0.31.0...v0.32.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-version: 0.32.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-12 03:07:33 +00:00
dependabot[bot]
9eb1eb8f0d Bump the extractor-dependencies group in /go/extractor with 2 updates 
Bumps the extractor-dependencies group in /go/extractor with 2 updates: [golang.org/x/mod](https://github.com/golang/mod) and [golang.org/x/tools](https://github.com/golang/tools).


Updates `golang.org/x/mod` from 0.30.0 to 0.31.0
- [Commits](https://github.com/golang/mod/compare/v0.30.0...v0.31.0)

Updates `golang.org/x/tools` from 0.39.0 to 0.40.0
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.39.0...v0.40.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-version: 0.31.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
- dependency-name: golang.org/x/tools
  dependency-version: 0.40.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-09 03:07:27 +00:00
Owen Mansel-Chan
59ac2d3d3e Move TransformPath into FileLabelFor 
This way we don't have to remember to transform it at all call sites.
 2025-11-14 10:25:40 +00:00
dependabot[bot]
acfca601bc Bump golang.org/x/tools 
Bumps the extractor-dependencies group in /go/extractor with 1 update: [golang.org/x/tools](https://github.com/golang/tools).


Updates `golang.org/x/tools` from 0.38.0 to 0.39.0
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.38.0...v0.39.0)

---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-version: 0.39.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-14 03:08:48 +00:00
Nick Rolfe
86465b36e0 Merge pull request #20623 from github/nickrolfe/go-extractor-overlay 
Go: basic overlay support
 2025-11-12 14:56:25 +00:00
dependabot[bot]
c88952423e Bump golang.org/x/mod 
Bumps the extractor-dependencies group in /go/extractor with 1 update: [golang.org/x/mod](https://github.com/golang/mod).


Updates `golang.org/x/mod` from 0.29.0 to 0.30.0
- [Commits](https://github.com/golang/mod/compare/v0.29.0...v0.30.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-version: 0.30.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-12 03:08:31 +00:00
Nick Rolfe
e32a5ca846 Go: add some overlay-related logging 2025-11-07 16:52:24 +00:00
Nick Rolfe
10fa1d650d Go: be consistent in replacement of backslashes in file labels 2025-11-07 16:52:20 +00:00
Nick Rolfe
50e01283da Go: overlay workaround for cgo-processed files 2025-11-07 16:52:17 +00:00
Nick Rolfe
5aaed8941a Go: pass source root from autobuilder to extractor 
This ensures the extractor can resolve the relative paths for files
changed in the overlay.
 2025-11-07 16:52:16 +00:00
Nick Rolfe
dd4f27868e Go: apply path transformer for file TRAP labels 2025-11-07 16:52:15 +00:00
Nick Rolfe
aff874e835 Go: merge with incoming path transformer when setting GOPATH 2025-11-07 16:52:12 +00:00
Nick Rolfe
99236f7877 Go: skip overlay extraction of unchanged go.mod files 2025-11-07 16:52:10 +00:00
Nick Rolfe
604df2125d Go: implement basic overlay extraction 
When in overlay mode, extractFile will exit early if the file isn't in
the list of files that changed since the base was extracted.
 2025-11-07 16:52:08 +00:00
Nick Rolfe
05e5502680 Go: recognize CODEQL_PATH_TRANSFORMER env var 2025-11-07 16:52:07 +00:00
Nick Rolfe
c91e5618a4 Go: add dbscheme relations for overlay support 2025-11-07 16:52:05 +00:00
dependabot[bot]
500421d891 Bump the extractor-dependencies group in /go/extractor with 2 updates 
Bumps the extractor-dependencies group in /go/extractor with 2 updates: [golang.org/x/mod](https://github.com/golang/mod) and [golang.org/x/tools](https://github.com/golang/tools).


Updates `golang.org/x/mod` from 0.28.0 to 0.29.0
- [Commits](https://github.com/golang/mod/compare/v0.28.0...v0.29.0)

Updates `golang.org/x/tools` from 0.37.0 to 0.38.0
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.37.0...v0.38.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-version: 0.29.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
- dependency-name: golang.org/x/tools
  dependency-version: 0.38.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-13 03:14:48 +00:00