mirror of
https://github.com/github/codeql.git
synced 2026-07-05 19:45:29 +02:00
Compare commits
108 Commits
alexet/jav
...
tiferet/co
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
998ce38584 | ||
|
|
69974611f9 | ||
|
|
7fa039468c | ||
|
|
c35e9391ed | ||
|
|
906b922a1c | ||
|
|
5dcee41e65 | ||
|
|
4176fefe19 | ||
|
|
e71fd1691d | ||
|
|
9dae594c01 | ||
|
|
49d17f9964 | ||
|
|
a1e0f625f6 | ||
|
|
0dcd2b8765 | ||
|
|
3df95904c8 | ||
|
|
45058e2954 | ||
|
|
8c02838c38 | ||
|
|
0ab09de797 | ||
|
|
f715e2f58d | ||
|
|
20b0fc7b2c | ||
|
|
17a6c992e7 | ||
|
|
2ab175e603 | ||
|
|
4ea3887c6c | ||
|
|
9ffd984677 | ||
|
|
fbc9f4090e | ||
|
|
77f85b3a0d | ||
|
|
ddadc273a3 | ||
|
|
9685963b1c | ||
|
|
3fe67d9b86 | ||
|
|
1cf2769358 | ||
|
|
e9846c59a7 | ||
|
|
1e80a556ae | ||
|
|
68c6b59fca | ||
|
|
483cd5f795 | ||
|
|
2c941a16e1 | ||
|
|
1525c67fee | ||
|
|
9205992bd7 | ||
|
|
7a3f44b754 | ||
|
|
68aef3a791 | ||
|
|
2b8bc24bb2 | ||
|
|
794fb8995e | ||
|
|
ca32281f65 | ||
|
|
7cc2830768 | ||
|
|
878759e87a | ||
|
|
c71217ed5b | ||
|
|
27b7bbc7fd | ||
|
|
70ab280fce | ||
|
|
9b1f3ff026 | ||
|
|
3e728a7789 | ||
|
|
0f92be72b6 | ||
|
|
750ae23a79 | ||
|
|
9eda07a549 | ||
|
|
29ba00404b | ||
|
|
cf4befd670 | ||
|
|
9f74dc17fa | ||
|
|
6cf81b80cc | ||
|
|
8c56e9f7bd | ||
|
|
cf4b461c77 | ||
|
|
10faf9ae3f | ||
|
|
c5e436b4c6 | ||
|
|
d3b222988e | ||
|
|
3993ea9966 | ||
|
|
63f53eac98 | ||
|
|
afed4a058d | ||
|
|
8e4882955a | ||
|
|
467f648ea6 | ||
|
|
3009249ba9 | ||
|
|
627d5f4f8c | ||
|
|
436b790dc1 | ||
|
|
3d4e615361 | ||
|
|
193ad2345c | ||
|
|
dd82838d7a | ||
|
|
3bc1ace37d | ||
|
|
4d3bcb9d61 | ||
|
|
51973db0f3 | ||
|
|
cffae3b441 | ||
|
|
464e950166 | ||
|
|
3032a00a0a | ||
|
|
d37b5f9e1e | ||
|
|
8bd932cc82 | ||
|
|
6f7109000f | ||
|
|
fdb8e94d23 | ||
|
|
26daa1abb5 | ||
|
|
385d5cf50c | ||
|
|
2e1d733b0c | ||
|
|
fcace2a82b | ||
|
|
8643d9b4bb | ||
|
|
b530d4f440 | ||
|
|
b5f6b98706 | ||
|
|
dccddd6a93 | ||
|
|
488763cc3d | ||
|
|
c3e7161741 | ||
|
|
5bc08bad54 | ||
|
|
b11fc6005f | ||
|
|
3fde31e3cf | ||
|
|
097a1989ed | ||
|
|
6510c73e04 | ||
|
|
fd17990583 | ||
|
|
0e5a3a427a | ||
|
|
1c472a0f4a | ||
|
|
d9f174ee36 | ||
|
|
d3882552b6 | ||
|
|
77c2429269 | ||
|
|
81119f4ba1 | ||
|
|
b8942cd775 | ||
|
|
e1f639acc5 | ||
|
|
2bb034418a | ||
|
|
f32401a9c8 | ||
|
|
8b5b7af99b | ||
|
|
14c5efc9d0 |
16
.bazelrc
16
.bazelrc
@@ -1,17 +1,3 @@
|
|||||||
common --enable_platform_specific_config
|
build --repo_env=CC=clang --repo_env=CXX=clang++ --cxxopt="-std=c++17"
|
||||||
common --enable_bzlmod
|
|
||||||
# because we use --override_module with `%workspace%`, the lock file is not stable
|
|
||||||
common --lockfile_mode=off
|
|
||||||
|
|
||||||
# when building from this repository in isolation, the internal repository will not be found at ..
|
|
||||||
# where `MODULE.bazel` looks for it. The following will get us past the module loading phase, so
|
|
||||||
# that we can build things that do not rely on that
|
|
||||||
common --override_module=semmle_code=%workspace%/misc/bazel/semmle_code_stub
|
|
||||||
|
|
||||||
build --repo_env=CC=clang --repo_env=CXX=clang++
|
|
||||||
|
|
||||||
build:linux --cxxopt=-std=c++20
|
|
||||||
build:macos --cxxopt=-std=c++20 --cpu=darwin_x86_64
|
|
||||||
build:windows --cxxopt=/std:c++20 --cxxopt=/Zc:preprocessor
|
|
||||||
|
|
||||||
try-import %workspace%/local.bazelrc
|
try-import %workspace%/local.bazelrc
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
7.1.0
|
6.1.2
|
||||||
|
|||||||
@@ -1 +0,0 @@
|
|||||||
DisableFormat: true
|
|
||||||
@@ -1,6 +1,6 @@
|
|||||||
{
|
{
|
||||||
"extensions": [
|
"extensions": [
|
||||||
"rust-lang.rust-analyzer",
|
"rust-lang.rust",
|
||||||
"bungcip.better-toml",
|
"bungcip.better-toml",
|
||||||
"github.vscode-codeql",
|
"github.vscode-codeql",
|
||||||
"hbenl.vscode-test-explorer",
|
"hbenl.vscode-test-explorer",
|
||||||
|
|||||||
7
.gitattributes
vendored
7
.gitattributes
vendored
@@ -71,10 +71,3 @@ go/extractor/opencsv/CSVReader.java -text
|
|||||||
# `javascript/ql/experimental/adaptivethreatmodeling/test/update_endpoint_test_files.py`.
|
# `javascript/ql/experimental/adaptivethreatmodeling/test/update_endpoint_test_files.py`.
|
||||||
javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/**/*.js linguist-generated=true -merge
|
javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/**/*.js linguist-generated=true -merge
|
||||||
javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/**/*.ts linguist-generated=true -merge
|
javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/**/*.ts linguist-generated=true -merge
|
||||||
|
|
||||||
# Auto-generated modeling for Python
|
|
||||||
python/ql/lib/semmle/python/frameworks/data/internal/subclass-capture/*.yml linguist-generated=true
|
|
||||||
|
|
||||||
# auto-generated bazel lock file
|
|
||||||
ruby/extractor/cargo-bazel-lock.json linguist-generated=true
|
|
||||||
ruby/extractor/cargo-bazel-lock.json -merge
|
|
||||||
|
|||||||
23
.github/dependabot.yml
vendored
23
.github/dependabot.yml
vendored
@@ -17,26 +17,3 @@ updates:
|
|||||||
ignore:
|
ignore:
|
||||||
- dependency-name: '*'
|
- dependency-name: '*'
|
||||||
update-types: ['version-update:semver-patch', 'version-update:semver-minor']
|
update-types: ['version-update:semver-patch', 'version-update:semver-minor']
|
||||||
|
|
||||||
- package-ecosystem: "gomod"
|
|
||||||
directory: "go/extractor"
|
|
||||||
schedule:
|
|
||||||
interval: "daily"
|
|
||||||
allow:
|
|
||||||
- dependency-name: "golang.org/x/mod"
|
|
||||||
- dependency-name: "golang.org/x/tools"
|
|
||||||
groups:
|
|
||||||
extractor-dependencies:
|
|
||||||
patterns:
|
|
||||||
- "golang.org/x/*"
|
|
||||||
reviewers:
|
|
||||||
- "github/codeql-go"
|
|
||||||
|
|
||||||
- package-ecosystem: "gomod"
|
|
||||||
directory: "go/ql/test"
|
|
||||||
schedule:
|
|
||||||
interval: "monthly"
|
|
||||||
ignore:
|
|
||||||
- dependency-name: "*"
|
|
||||||
reviewers:
|
|
||||||
- "github/codeql-go"
|
|
||||||
|
|||||||
11
.github/labeler.yml
vendored
11
.github/labeler.yml
vendored
@@ -11,7 +11,7 @@ Go:
|
|||||||
- change-notes/**/*go.*
|
- change-notes/**/*go.*
|
||||||
|
|
||||||
Java:
|
Java:
|
||||||
- any: [ 'java/**/*', '!java/kotlin-extractor/**/*', '!java/ql/test/kotlin/**/*' ]
|
- any: [ 'java/**/*', '!java/kotlin-extractor/**/*', '!java/kotlin-explorer/**/*', '!java/ql/test/kotlin/**/*' ]
|
||||||
- change-notes/**/*java.*
|
- change-notes/**/*java.*
|
||||||
|
|
||||||
JS:
|
JS:
|
||||||
@@ -20,7 +20,8 @@ JS:
|
|||||||
|
|
||||||
Kotlin:
|
Kotlin:
|
||||||
- java/kotlin-extractor/**/*
|
- java/kotlin-extractor/**/*
|
||||||
- java/ql/test-kotlin*/**/*
|
- java/kotlin-explorer/**/*
|
||||||
|
- java/ql/test/kotlin/**/*
|
||||||
|
|
||||||
Python:
|
Python:
|
||||||
- python/**/*
|
- python/**/*
|
||||||
@@ -45,7 +46,11 @@ documentation:
|
|||||||
|
|
||||||
# Since these are all shared files that need to be synced, just pick _one_ copy of each.
|
# Since these are all shared files that need to be synced, just pick _one_ copy of each.
|
||||||
"DataFlow Library":
|
"DataFlow Library":
|
||||||
- "shared/dataflow/**/*"
|
- "java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl.qll"
|
||||||
|
- "java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplCommon.qll"
|
||||||
|
- "java/ql/lib/semmle/code/java/dataflow/internal/tainttracking1/TaintTrackingImpl.qll"
|
||||||
|
- "java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplConsistency.qll"
|
||||||
|
- "java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll"
|
||||||
|
|
||||||
"ATM":
|
"ATM":
|
||||||
- javascript/ql/experimental/adaptivethreatmodeling/**/*
|
- javascript/ql/experimental/adaptivethreatmodeling/**/*
|
||||||
|
|||||||
38
.github/workflows/check-change-note.yml
vendored
38
.github/workflows/check-change-note.yml
vendored
@@ -1,8 +1,5 @@
|
|||||||
name: Check change note
|
name: Check change note
|
||||||
|
|
||||||
permissions:
|
|
||||||
pull-requests: read
|
|
||||||
|
|
||||||
on:
|
on:
|
||||||
pull_request_target:
|
pull_request_target:
|
||||||
types: [labeled, unlabeled, opened, synchronize, reopened, ready_for_review]
|
types: [labeled, unlabeled, opened, synchronize, reopened, ready_for_review]
|
||||||
@@ -12,42 +9,27 @@ on:
|
|||||||
- "*/ql/lib/**/*.ql"
|
- "*/ql/lib/**/*.ql"
|
||||||
- "*/ql/lib/**/*.qll"
|
- "*/ql/lib/**/*.qll"
|
||||||
- "*/ql/lib/**/*.yml"
|
- "*/ql/lib/**/*.yml"
|
||||||
- "shared/**/*.ql"
|
|
||||||
- "shared/**/*.qll"
|
|
||||||
- "!**/experimental/**"
|
- "!**/experimental/**"
|
||||||
- "!ql/**"
|
- "!ql/**"
|
||||||
|
- "!swift/**"
|
||||||
- ".github/workflows/check-change-note.yml"
|
- ".github/workflows/check-change-note.yml"
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
check-change-note:
|
check-change-note:
|
||||||
env:
|
|
||||||
REPO: ${{ github.repository }}
|
|
||||||
PULL_REQUEST_NUMBER: ${{ github.event.number }}
|
|
||||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
|
|
||||||
- name: Fail if no change note found. To fix, either add one, or add the `no-change-note-required` label.
|
- name: Fail if no change note found. To fix, either add one, or add the `no-change-note-required` label.
|
||||||
if: |
|
if: |
|
||||||
github.event.pull_request.draft == false &&
|
github.event.pull_request.draft == false &&
|
||||||
!contains(github.event.pull_request.labels.*.name, 'no-change-note-required')
|
!contains(github.event.pull_request.labels.*.name, 'no-change-note-required')
|
||||||
|
env:
|
||||||
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||||
run: |
|
run: |
|
||||||
change_note_files=$(gh api "repos/$REPO/pulls/$PULL_REQUEST_NUMBER/files" --paginate --jq '.[].filename | select(test("/change-notes/.*[.]md$"))')
|
gh api 'repos/${{github.repository}}/pulls/${{github.event.number}}/files' --paginate --jq 'any(.[].filename ; test("/change-notes/.*[.]md$"))' |
|
||||||
|
grep true -c
|
||||||
if [ -z "$change_note_files" ]; then
|
- name: Fail if the change note filename doesn't match the expected format. The file name must be of the form 'YYYY-MM-DD.md' or 'YYYY-MM-DD-{title}.md', where '{title}' is arbitrary text.
|
||||||
echo "No change note found. Either add one, or add the 'no-change-note-required' label."
|
env:
|
||||||
exit 1
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||||
fi
|
|
||||||
|
|
||||||
echo "Change notes found:"
|
|
||||||
echo "$change_note_files"
|
|
||||||
|
|
||||||
- name: Fail if the change note filename doesn't match the expected format. The file name must be of the form 'YYYY-MM-DD.md', 'YYYY-MM-DD-{title}.md', where '{title}' is arbitrary text, or released/x.y.z.md for released change-notes
|
|
||||||
run: |
|
run: |
|
||||||
bad_change_note_file_names=$(gh api "repos/$REPO/pulls/$PULL_REQUEST_NUMBER/files" --paginate --jq '[.[].filename | select(test("/change-notes/.*[.]md$"))][] | select((test("/change-notes/[0-9]{4}-[0-9]{2}-[0-9]{2}.*[.]md$") or test("/change-notes/released/[0-9]*[.][0-9]*[.][0-9]*[.]md$")) | not)')
|
gh api 'repos/${{github.repository}}/pulls/${{github.event.number}}/files' --paginate --jq '[.[].filename | select(test("/change-notes/.*[.]md$"))] | all(test("/change-notes/[0-9]{4}-[0-9]{2}-[0-9]{2}.*[.]md$"))' |
|
||||||
|
grep true -c
|
||||||
if [ -n "$bad_change_note_file_names" ]; then
|
|
||||||
echo "The following change note file names are invalid:"
|
|
||||||
echo "$bad_change_note_file_names"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|||||||
32
.github/workflows/check-implicit-this.yml
vendored
32
.github/workflows/check-implicit-this.yml
vendored
@@ -1,32 +0,0 @@
|
|||||||
name: "Check implicit this warnings"
|
|
||||||
|
|
||||||
on:
|
|
||||||
workflow_dispatch:
|
|
||||||
pull_request:
|
|
||||||
paths:
|
|
||||||
- "**qlpack.yml"
|
|
||||||
branches:
|
|
||||||
- main
|
|
||||||
- "rc/*"
|
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
check:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v4
|
|
||||||
- name: Check that implicit this warnings is enabled for all packs
|
|
||||||
shell: bash
|
|
||||||
run: |
|
|
||||||
EXIT_CODE=0
|
|
||||||
packs="$(find . -iname 'qlpack.yml')"
|
|
||||||
for pack_file in ${packs}; do
|
|
||||||
option="$(yq '.warnOnImplicitThis' ${pack_file})"
|
|
||||||
if [ "${option}" != "true" ]; then
|
|
||||||
echo "::error file=${pack_file}::warnOnImplicitThis property must be set to 'true' for pack ${pack_file}"
|
|
||||||
EXIT_CODE=1
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
exit "${EXIT_CODE}"
|
|
||||||
5
.github/workflows/check-qldoc.yml
vendored
5
.github/workflows/check-qldoc.yml
vendored
@@ -10,15 +10,12 @@ on:
|
|||||||
- main
|
- main
|
||||||
- "rc/*"
|
- "rc/*"
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
qldoc:
|
qldoc:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v3
|
||||||
with:
|
with:
|
||||||
fetch-depth: 2
|
fetch-depth: 2
|
||||||
|
|
||||||
|
|||||||
5
.github/workflows/check-query-ids.yml
vendored
5
.github/workflows/check-query-ids.yml
vendored
@@ -11,14 +11,11 @@ on:
|
|||||||
- "rc/*"
|
- "rc/*"
|
||||||
workflow_dispatch:
|
workflow_dispatch:
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
check:
|
check:
|
||||||
name: Check query IDs
|
name: Check query IDs
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v3
|
||||||
- name: Check for duplicate query IDs
|
- name: Check for duplicate query IDs
|
||||||
run: python3 misc/scripts/check-query-ids.py
|
run: python3 misc/scripts/check-query-ids.py
|
||||||
|
|||||||
5
.github/workflows/close-stale.yml
vendored
5
.github/workflows/close-stale.yml
vendored
@@ -5,9 +5,6 @@ on:
|
|||||||
schedule:
|
schedule:
|
||||||
- cron: "30 1 * * *"
|
- cron: "30 1 * * *"
|
||||||
|
|
||||||
permissions:
|
|
||||||
issues: write
|
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
stale:
|
stale:
|
||||||
if: github.repository == 'github/codeql'
|
if: github.repository == 'github/codeql'
|
||||||
@@ -15,7 +12,7 @@ jobs:
|
|||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/stale@v9
|
- uses: actions/stale@v8
|
||||||
with:
|
with:
|
||||||
repo-token: ${{ secrets.GITHUB_TOKEN }}
|
repo-token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
stale-issue-message: 'This issue is stale because it has been open 14 days with no activity. Comment or remove the `Stale` label in order to avoid having this issue closed in 7 days.'
|
stale-issue-message: 'This issue is stale because it has been open 14 days with no activity. Comment or remove the `Stale` label in order to avoid having this issue closed in 7 days.'
|
||||||
|
|||||||
6
.github/workflows/codeql-analysis.yml
vendored
6
.github/workflows/codeql-analysis.yml
vendored
@@ -28,12 +28,12 @@ jobs:
|
|||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: Setup dotnet
|
- name: Setup dotnet
|
||||||
uses: actions/setup-dotnet@v4
|
uses: actions/setup-dotnet@v3
|
||||||
with:
|
with:
|
||||||
dotnet-version: 8.0.101
|
dotnet-version: 7.0.102
|
||||||
|
|
||||||
- name: Checkout repository
|
- name: Checkout repository
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v3
|
||||||
|
|
||||||
# Initializes the CodeQL tools for scanning.
|
# Initializes the CodeQL tools for scanning.
|
||||||
- name: Initialize CodeQL
|
- name: Initialize CodeQL
|
||||||
|
|||||||
12
.github/workflows/compile-queries.yml
vendored
12
.github/workflows/compile-queries.yml
vendored
@@ -8,16 +8,12 @@ on:
|
|||||||
- "codeql-cli-*"
|
- "codeql-cli-*"
|
||||||
pull_request:
|
pull_request:
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
compile-queries:
|
compile-queries:
|
||||||
if: github.repository_owner == 'github'
|
|
||||||
runs-on: ubuntu-latest-xl
|
runs-on: ubuntu-latest-xl
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v3
|
||||||
- name: Setup CodeQL
|
- name: Setup CodeQL
|
||||||
uses: ./.github/actions/fetch-codeql
|
uses: ./.github/actions/fetch-codeql
|
||||||
with:
|
with:
|
||||||
@@ -28,14 +24,14 @@ jobs:
|
|||||||
with:
|
with:
|
||||||
key: all-queries
|
key: all-queries
|
||||||
- name: check formatting
|
- name: check formatting
|
||||||
run: find shared */ql -type f \( -name "*.qll" -o -name "*.ql" \) -print0 | xargs -0 -n 3000 -P 10 codeql query format -q --check-only
|
run: find */ql -type f \( -name "*.qll" -o -name "*.ql" \) -print0 | xargs -0 -n 3000 -P 10 codeql query format -q --check-only
|
||||||
- name: compile queries - check-only
|
- name: compile queries - check-only
|
||||||
# run with --check-only if running in a PR (github.sha != main)
|
# run with --check-only if running in a PR (github.sha != main)
|
||||||
if : ${{ github.event_name == 'pull_request' }}
|
if : ${{ github.event_name == 'pull_request' }}
|
||||||
shell: bash
|
shell: bash
|
||||||
run: codeql query compile -q -j0 */ql/{src,examples} --keep-going --warnings=error --check-only --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}" --compilation-cache-size=500
|
run: codeql query compile -q -j0 */ql/{src,examples} --keep-going --warnings=error --check-only --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}"
|
||||||
- name: compile queries - full
|
- name: compile queries - full
|
||||||
# do full compile if running on main - this populates the cache
|
# do full compile if running on main - this populates the cache
|
||||||
if : ${{ github.event_name != 'pull_request' }}
|
if : ${{ github.event_name != 'pull_request' }}
|
||||||
shell: bash
|
shell: bash
|
||||||
run: codeql query compile -q -j0 */ql/{src,examples} --keep-going --warnings=error --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}" --compilation-cache-size=500
|
run: codeql query compile -q -j0 */ql/{src,examples} --keep-going --warnings=error --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}"
|
||||||
|
|||||||
57
.github/workflows/csharp-qltest.yml
vendored
57
.github/workflows/csharp-qltest.yml
vendored
@@ -25,14 +25,11 @@ defaults:
|
|||||||
run:
|
run:
|
||||||
working-directory: csharp
|
working-directory: csharp
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
qlupgrade:
|
qlupgrade:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v3
|
||||||
- uses: ./.github/actions/fetch-codeql
|
- uses: ./.github/actions/fetch-codeql
|
||||||
- name: Check DB upgrade scripts
|
- name: Check DB upgrade scripts
|
||||||
run: |
|
run: |
|
||||||
@@ -49,14 +46,14 @@ jobs:
|
|||||||
xargs codeql execute upgrades testdb
|
xargs codeql execute upgrades testdb
|
||||||
diff -q testdb/semmlecode.csharp.dbscheme downgrades/initial/semmlecode.csharp.dbscheme
|
diff -q testdb/semmlecode.csharp.dbscheme downgrades/initial/semmlecode.csharp.dbscheme
|
||||||
qltest:
|
qltest:
|
||||||
if: github.repository_owner == 'github'
|
|
||||||
runs-on: ubuntu-latest-xl
|
runs-on: ubuntu-latest-xl
|
||||||
strategy:
|
strategy:
|
||||||
fail-fast: false
|
fail-fast: false
|
||||||
matrix:
|
matrix:
|
||||||
slice: ["1/2", "2/2"]
|
slice: ["1/2", "2/2"]
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v3
|
||||||
|
- uses: ./.github/actions/fetch-codeql
|
||||||
- uses: ./csharp/actions/create-extractor-pack
|
- uses: ./csharp/actions/create-extractor-pack
|
||||||
- name: Cache compilation cache
|
- name: Cache compilation cache
|
||||||
id: query-cache
|
id: query-cache
|
||||||
@@ -65,41 +62,25 @@ jobs:
|
|||||||
key: csharp-qltest-${{ matrix.slice }}
|
key: csharp-qltest-${{ matrix.slice }}
|
||||||
- name: Run QL tests
|
- name: Run QL tests
|
||||||
run: |
|
run: |
|
||||||
codeql test run --threads=0 --ram 50000 --slice ${{ matrix.slice }} --search-path extractor-pack --check-databases --check-undefined-labels --check-repeated-labels --check-redefined-labels --consistency-queries ql/consistency-queries ql/test --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}"
|
CODEQL_PATH=$(gh codeql version --format=json | jq -r .unpackedLocation)
|
||||||
|
# The legacy ASP extractor is not in this repo, so take the one from the nightly build
|
||||||
|
mv "$CODEQL_PATH/csharp/tools/extractor-asp.jar" "${{ github.workspace }}/csharp/extractor-pack/tools"
|
||||||
|
# Safe guard against using the bundled extractor
|
||||||
|
rm -rf "$CODEQL_PATH/csharp"
|
||||||
|
codeql test run --threads=0 --ram 50000 --slice ${{ matrix.slice }} --search-path "${{ github.workspace }}/csharp/extractor-pack" --check-databases --check-undefined-labels --check-repeated-labels --check-redefined-labels --consistency-queries ql/consistency-queries ql/test --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}"
|
||||||
env:
|
env:
|
||||||
GITHUB_TOKEN: ${{ github.token }}
|
GITHUB_TOKEN: ${{ github.token }}
|
||||||
unit-tests:
|
unit-tests:
|
||||||
strategy:
|
|
||||||
matrix:
|
|
||||||
os: [ubuntu-latest, windows-2019]
|
|
||||||
runs-on: ${{ matrix.os }}
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v4
|
|
||||||
- name: Setup dotnet
|
|
||||||
uses: actions/setup-dotnet@v4
|
|
||||||
with:
|
|
||||||
dotnet-version: 8.0.101
|
|
||||||
- name: Extractor unit tests
|
|
||||||
run: |
|
|
||||||
dotnet test -p:RuntimeFrameworkVersion=8.0.1 extractor/Semmle.Util.Tests
|
|
||||||
dotnet test -p:RuntimeFrameworkVersion=8.0.1 extractor/Semmle.Extraction.Tests
|
|
||||||
dotnet test -p:RuntimeFrameworkVersion=8.0.1 autobuilder/Semmle.Autobuild.CSharp.Tests
|
|
||||||
dotnet test -p:RuntimeFrameworkVersion=8.0.1 "${{ github.workspace }}/cpp/autobuilder/Semmle.Autobuild.Cpp.Tests"
|
|
||||||
shell: bash
|
|
||||||
stubgentest:
|
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v3
|
||||||
- uses: ./csharp/actions/create-extractor-pack
|
- name: Setup dotnet
|
||||||
- name: Run stub generator tests
|
uses: actions/setup-dotnet@v3
|
||||||
|
with:
|
||||||
|
dotnet-version: 7.0.102
|
||||||
|
- name: Extractor unit tests
|
||||||
run: |
|
run: |
|
||||||
# Generate (Asp)NetCore stubs
|
dotnet test -p:RuntimeFrameworkVersion=7.0.2 "${{ github.workspace }}/csharp/extractor/Semmle.Util.Tests"
|
||||||
STUBS_PATH=stubs_output
|
dotnet test -p:RuntimeFrameworkVersion=7.0.2 "${{ github.workspace }}/csharp/extractor/Semmle.Extraction.Tests"
|
||||||
python3 scripts/stubs/make_stubs_nuget.py webapp Swashbuckle.AspNetCore.Swagger 6.5.0 "$STUBS_PATH"
|
dotnet test -p:RuntimeFrameworkVersion=7.0.2 "${{ github.workspace }}/csharp/autobuilder/Semmle.Autobuild.CSharp.Tests"
|
||||||
rm -rf ql/test/resources/stubs/_frameworks
|
dotnet test -p:RuntimeFrameworkVersion=7.0.2 "${{ github.workspace }}/cpp/autobuilder/Semmle.Autobuild.Cpp.Tests"
|
||||||
# Update existing stubs in the repo with the freshly generated ones
|
|
||||||
mv "$STUBS_PATH/output/stubs/_frameworks" ql/test/resources/stubs/
|
|
||||||
git status
|
|
||||||
codeql test run --threads=0 --search-path extractor-pack --check-databases --check-undefined-labels --check-repeated-labels --check-redefined-labels --consistency-queries ql/consistency-queries -- ql/test/library-tests/dataflow/flowsources/aspremote
|
|
||||||
env:
|
|
||||||
GITHUB_TOKEN: ${{ github.token }}
|
|
||||||
|
|||||||
8
.github/workflows/csv-coverage-metrics.yml
vendored
8
.github/workflows/csv-coverage-metrics.yml
vendored
@@ -14,16 +14,12 @@ on:
|
|||||||
- ".github/workflows/csv-coverage-metrics.yml"
|
- ".github/workflows/csv-coverage-metrics.yml"
|
||||||
- ".github/actions/fetch-codeql/action.yml"
|
- ".github/actions/fetch-codeql/action.yml"
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
security-events: write
|
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
publish-java:
|
publish-java:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout repository
|
- name: Checkout repository
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v3
|
||||||
- name: Setup CodeQL
|
- name: Setup CodeQL
|
||||||
uses: ./.github/actions/fetch-codeql
|
uses: ./.github/actions/fetch-codeql
|
||||||
- name: Create empty database
|
- name: Create empty database
|
||||||
@@ -51,7 +47,7 @@ jobs:
|
|||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout repository
|
- name: Checkout repository
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v3
|
||||||
- name: Setup CodeQL
|
- name: Setup CodeQL
|
||||||
uses: ./.github/actions/fetch-codeql
|
uses: ./.github/actions/fetch-codeql
|
||||||
- name: Create empty database
|
- name: Create empty database
|
||||||
|
|||||||
34
.github/workflows/csv-coverage-pr-artifacts.yml
vendored
34
.github/workflows/csv-coverage-pr-artifacts.yml
vendored
@@ -10,7 +10,6 @@ on:
|
|||||||
- "*/ql/src/**/*.qll"
|
- "*/ql/src/**/*.qll"
|
||||||
- "*/ql/lib/**/*.ql"
|
- "*/ql/lib/**/*.ql"
|
||||||
- "*/ql/lib/**/*.qll"
|
- "*/ql/lib/**/*.qll"
|
||||||
- "*/ql/lib/ext/**/*.yml"
|
|
||||||
- "misc/scripts/library-coverage/*.py"
|
- "misc/scripts/library-coverage/*.py"
|
||||||
# input data files
|
# input data files
|
||||||
- "*/documentation/library-coverage/cwe-sink.csv"
|
- "*/documentation/library-coverage/cwe-sink.csv"
|
||||||
@@ -19,10 +18,6 @@ on:
|
|||||||
- main
|
- main
|
||||||
- "rc/*"
|
- "rc/*"
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
pull-requests: read
|
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
generate:
|
generate:
|
||||||
name: Generate framework coverage artifacts
|
name: Generate framework coverage artifacts
|
||||||
@@ -35,11 +30,11 @@ jobs:
|
|||||||
GITHUB_CONTEXT: ${{ toJSON(github.event) }}
|
GITHUB_CONTEXT: ${{ toJSON(github.event) }}
|
||||||
run: echo "$GITHUB_CONTEXT"
|
run: echo "$GITHUB_CONTEXT"
|
||||||
- name: Clone self (github/codeql) - MERGE
|
- name: Clone self (github/codeql) - MERGE
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v3
|
||||||
with:
|
with:
|
||||||
path: merge
|
path: merge
|
||||||
- name: Clone self (github/codeql) - BASE
|
- name: Clone self (github/codeql) - BASE
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v3
|
||||||
with:
|
with:
|
||||||
fetch-depth: 2
|
fetch-depth: 2
|
||||||
path: base
|
path: base
|
||||||
@@ -93,32 +88,9 @@ jobs:
|
|||||||
- name: Save PR number
|
- name: Save PR number
|
||||||
run: |
|
run: |
|
||||||
mkdir -p pr
|
mkdir -p pr
|
||||||
echo ${PR_NUMBER} > pr/NR
|
echo ${{ github.event.pull_request.number }} > pr/NR
|
||||||
env:
|
|
||||||
PR_NUMBER: ${{ github.event.pull_request.number }}
|
|
||||||
- name: Upload PR number
|
- name: Upload PR number
|
||||||
uses: actions/upload-artifact@v3
|
uses: actions/upload-artifact@v3
|
||||||
with:
|
with:
|
||||||
name: pr
|
name: pr
|
||||||
path: pr/
|
path: pr/
|
||||||
- name: Save comment ID (if it exists)
|
|
||||||
run: |
|
|
||||||
# Find the latest comment starting with COMMENT_PREFIX
|
|
||||||
COMMENT_PREFIX=":warning: The head of this PR and the base branch were compared for differences in the framework coverage reports."
|
|
||||||
COMMENT_ID=$(gh api "repos/${GITHUB_REPOSITORY}/issues/${PR_NUMBER}/comments" --paginate | jq --arg prefix "${COMMENT_PREFIX}" 'map(select(.body|startswith($prefix)) | .id) | max // empty')
|
|
||||||
if [[ -z ${COMMENT_ID} ]]
|
|
||||||
then
|
|
||||||
echo "Comment not found. Not uploading 'comment/ID' artifact."
|
|
||||||
else
|
|
||||||
mkdir -p comment
|
|
||||||
echo ${COMMENT_ID} > comment/ID
|
|
||||||
fi
|
|
||||||
env:
|
|
||||||
GITHUB_TOKEN: ${{ github.token }}
|
|
||||||
PR_NUMBER: ${{ github.event.pull_request.number }}
|
|
||||||
- name: Upload comment ID (if it exists)
|
|
||||||
uses: actions/upload-artifact@v3
|
|
||||||
with:
|
|
||||||
name: comment
|
|
||||||
path: comment/
|
|
||||||
if-no-files-found: ignore
|
|
||||||
|
|||||||
@@ -6,10 +6,6 @@ on:
|
|||||||
types:
|
types:
|
||||||
- completed
|
- completed
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
pull-requests: write
|
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
check:
|
check:
|
||||||
name: Check framework coverage differences and comment
|
name: Check framework coverage differences and comment
|
||||||
@@ -24,7 +20,7 @@ jobs:
|
|||||||
GITHUB_CONTEXT: ${{ toJSON(github.event) }}
|
GITHUB_CONTEXT: ${{ toJSON(github.event) }}
|
||||||
run: echo "$GITHUB_CONTEXT"
|
run: echo "$GITHUB_CONTEXT"
|
||||||
- name: Clone self (github/codeql)
|
- name: Clone self (github/codeql)
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v3
|
||||||
- name: Set up Python 3.8
|
- name: Set up Python 3.8
|
||||||
uses: actions/setup-python@v4
|
uses: actions/setup-python@v4
|
||||||
with:
|
with:
|
||||||
|
|||||||
@@ -3,20 +3,17 @@ name: Build framework coverage timeseries reports
|
|||||||
on:
|
on:
|
||||||
workflow_dispatch:
|
workflow_dispatch:
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
build:
|
build:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: Clone self (github/codeql)
|
- name: Clone self (github/codeql)
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v3
|
||||||
with:
|
with:
|
||||||
path: script
|
path: script
|
||||||
- name: Clone self (github/codeql) for analysis
|
- name: Clone self (github/codeql) for analysis
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v3
|
||||||
with:
|
with:
|
||||||
path: codeqlModels
|
path: codeqlModels
|
||||||
fetch-depth: 0
|
fetch-depth: 0
|
||||||
|
|||||||
6
.github/workflows/csv-coverage-update.yml
vendored
6
.github/workflows/csv-coverage-update.yml
vendored
@@ -5,10 +5,6 @@ on:
|
|||||||
schedule:
|
schedule:
|
||||||
- cron: "0 0 * * *"
|
- cron: "0 0 * * *"
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: write
|
|
||||||
pull-requests: write
|
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
update:
|
update:
|
||||||
name: Update framework coverage report
|
name: Update framework coverage report
|
||||||
@@ -21,7 +17,7 @@ jobs:
|
|||||||
GITHUB_CONTEXT: ${{ toJSON(github.event) }}
|
GITHUB_CONTEXT: ${{ toJSON(github.event) }}
|
||||||
run: echo "$GITHUB_CONTEXT"
|
run: echo "$GITHUB_CONTEXT"
|
||||||
- name: Clone self (github/codeql)
|
- name: Clone self (github/codeql)
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v3
|
||||||
with:
|
with:
|
||||||
path: ql
|
path: ql
|
||||||
fetch-depth: 0
|
fetch-depth: 0
|
||||||
|
|||||||
7
.github/workflows/csv-coverage.yml
vendored
7
.github/workflows/csv-coverage.yml
vendored
@@ -7,20 +7,17 @@ on:
|
|||||||
description: "github/codeql repo SHA used for looking up the CSV models"
|
description: "github/codeql repo SHA used for looking up the CSV models"
|
||||||
required: false
|
required: false
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
build:
|
build:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: Clone self (github/codeql)
|
- name: Clone self (github/codeql)
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v3
|
||||||
with:
|
with:
|
||||||
path: script
|
path: script
|
||||||
- name: Clone self (github/codeql) for analysis
|
- name: Clone self (github/codeql) for analysis
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v3
|
||||||
with:
|
with:
|
||||||
path: codeqlModels
|
path: codeqlModels
|
||||||
ref: ${{ github.event.inputs.qlModelShaOverride || github.ref }}
|
ref: ${{ github.event.inputs.qlModelShaOverride || github.ref }}
|
||||||
|
|||||||
7
.github/workflows/fast-forward.yml
vendored
7
.github/workflows/fast-forward.yml
vendored
@@ -7,14 +7,13 @@ name: Fast-forward tracking branch for selected CodeQL version
|
|||||||
on:
|
on:
|
||||||
workflow_dispatch:
|
workflow_dispatch:
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: write
|
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
fast-forward:
|
fast-forward:
|
||||||
name: Fast-forward tracking branch for selected CodeQL version
|
name: Fast-forward tracking branch for selected CodeQL version
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
if: github.repository == 'github/codeql'
|
if: github.repository == 'github/codeql'
|
||||||
|
permissions:
|
||||||
|
contents: write
|
||||||
env:
|
env:
|
||||||
BRANCH_NAME: 'lgtm.com'
|
BRANCH_NAME: 'lgtm.com'
|
||||||
steps:
|
steps:
|
||||||
@@ -26,7 +25,7 @@ jobs:
|
|||||||
exit 1
|
exit 1
|
||||||
|
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v3
|
||||||
|
|
||||||
- name: Git config
|
- name: Git config
|
||||||
shell: bash
|
shell: bash
|
||||||
|
|||||||
25
.github/workflows/go-tests-other-os.yml
vendored
25
.github/workflows/go-tests-other-os.yml
vendored
@@ -7,26 +7,19 @@ on:
|
|||||||
- .github/workflows/go-tests-other-os.yml
|
- .github/workflows/go-tests-other-os.yml
|
||||||
- .github/actions/**
|
- .github/actions/**
|
||||||
- codeql-workspace.yml
|
- codeql-workspace.yml
|
||||||
env:
|
|
||||||
GO_VERSION: '~1.22.0'
|
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
test-mac:
|
test-mac:
|
||||||
name: Test MacOS
|
name: Test MacOS
|
||||||
runs-on: macos-latest
|
runs-on: macos-latest
|
||||||
steps:
|
steps:
|
||||||
- name: Set up Go ${{ env.GO_VERSION }}
|
- name: Set up Go 1.20
|
||||||
uses: actions/setup-go@v5
|
uses: actions/setup-go@v4
|
||||||
with:
|
with:
|
||||||
go-version: ${{ env.GO_VERSION }}
|
go-version: '1.20'
|
||||||
cache: false
|
|
||||||
id: go
|
id: go
|
||||||
|
|
||||||
- name: Check out code
|
- name: Check out code
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v2
|
||||||
|
|
||||||
- name: Set up CodeQL CLI
|
- name: Set up CodeQL CLI
|
||||||
uses: ./.github/actions/fetch-codeql
|
uses: ./.github/actions/fetch-codeql
|
||||||
@@ -51,19 +44,17 @@ jobs:
|
|||||||
make test cache="${{ steps.query-cache.outputs.cache-dir }}"
|
make test cache="${{ steps.query-cache.outputs.cache-dir }}"
|
||||||
|
|
||||||
test-win:
|
test-win:
|
||||||
if: github.repository_owner == 'github'
|
|
||||||
name: Test Windows
|
name: Test Windows
|
||||||
runs-on: windows-latest-xl
|
runs-on: windows-latest-xl
|
||||||
steps:
|
steps:
|
||||||
- name: Set up Go ${{ env.GO_VERSION }}
|
- name: Set up Go 1.20
|
||||||
uses: actions/setup-go@v5
|
uses: actions/setup-go@v4
|
||||||
with:
|
with:
|
||||||
go-version: ${{ env.GO_VERSION }}
|
go-version: '1.20'
|
||||||
cache: false
|
|
||||||
id: go
|
id: go
|
||||||
|
|
||||||
- name: Check out code
|
- name: Check out code
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v2
|
||||||
|
|
||||||
- name: Set up CodeQL CLI
|
- name: Set up CodeQL CLI
|
||||||
uses: ./.github/actions/fetch-codeql
|
uses: ./.github/actions/fetch-codeql
|
||||||
|
|||||||
17
.github/workflows/go-tests.yml
vendored
17
.github/workflows/go-tests.yml
vendored
@@ -15,28 +15,19 @@ on:
|
|||||||
- .github/workflows/go-tests.yml
|
- .github/workflows/go-tests.yml
|
||||||
- .github/actions/**
|
- .github/actions/**
|
||||||
- codeql-workspace.yml
|
- codeql-workspace.yml
|
||||||
|
|
||||||
env:
|
|
||||||
GO_VERSION: '~1.22.0'
|
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
test-linux:
|
test-linux:
|
||||||
if: github.repository_owner == 'github'
|
|
||||||
name: Test Linux (Ubuntu)
|
name: Test Linux (Ubuntu)
|
||||||
runs-on: ubuntu-latest-xl
|
runs-on: ubuntu-latest-xl
|
||||||
steps:
|
steps:
|
||||||
- name: Set up Go ${{ env.GO_VERSION }}
|
- name: Set up Go 1.20
|
||||||
uses: actions/setup-go@v5
|
uses: actions/setup-go@v4
|
||||||
with:
|
with:
|
||||||
go-version: ${{ env.GO_VERSION }}
|
go-version: '1.20'
|
||||||
cache: false
|
|
||||||
id: go
|
id: go
|
||||||
|
|
||||||
- name: Check out code
|
- name: Check out code
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v2
|
||||||
|
|
||||||
- name: Set up CodeQL CLI
|
- name: Set up CodeQL CLI
|
||||||
uses: ./.github/actions/fetch-codeql
|
uses: ./.github/actions/fetch-codeql
|
||||||
|
|||||||
65
.github/workflows/js-ml-tests.yml
vendored
Normal file
65
.github/workflows/js-ml-tests.yml
vendored
Normal file
@@ -0,0 +1,65 @@
|
|||||||
|
name: JS ML-powered queries tests
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
paths:
|
||||||
|
- "javascript/ql/experimental/adaptivethreatmodeling/**"
|
||||||
|
- .github/workflows/js-ml-tests.yml
|
||||||
|
- .github/actions/fetch-codeql/action.yml
|
||||||
|
- codeql-workspace.yml
|
||||||
|
branches:
|
||||||
|
- main
|
||||||
|
- "rc/*"
|
||||||
|
pull_request:
|
||||||
|
paths:
|
||||||
|
- "javascript/ql/experimental/adaptivethreatmodeling/**"
|
||||||
|
- .github/workflows/js-ml-tests.yml
|
||||||
|
- .github/actions/fetch-codeql/action.yml
|
||||||
|
- codeql-workspace.yml
|
||||||
|
workflow_dispatch:
|
||||||
|
|
||||||
|
defaults:
|
||||||
|
run:
|
||||||
|
working-directory: javascript/ql/experimental/adaptivethreatmodeling
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
qltest:
|
||||||
|
name: Test QL
|
||||||
|
runs-on: ubuntu-latest-xl
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v3
|
||||||
|
|
||||||
|
- uses: ./.github/actions/fetch-codeql
|
||||||
|
|
||||||
|
- name: Install pack dependencies
|
||||||
|
run: |
|
||||||
|
for pack in modelbuilding src test; do
|
||||||
|
codeql pack install --mode verify -- "${pack}"
|
||||||
|
done
|
||||||
|
|
||||||
|
- name: Cache compilation cache
|
||||||
|
id: query-cache
|
||||||
|
uses: ./.github/actions/cache-query-compilation
|
||||||
|
with:
|
||||||
|
key: js-ml-test
|
||||||
|
|
||||||
|
- name: Check QL compilation
|
||||||
|
run: |
|
||||||
|
codeql query compile \
|
||||||
|
--check-only \
|
||||||
|
--ram 50000 \
|
||||||
|
--additional-packs "${{ github.workspace }}" \
|
||||||
|
--threads=0 \
|
||||||
|
--compilation-cache "${{ steps.query-cache.outputs.cache-dir }}" \
|
||||||
|
-- \
|
||||||
|
lib modelbuilding src
|
||||||
|
|
||||||
|
- name: Run QL tests
|
||||||
|
run: |
|
||||||
|
codeql test run \
|
||||||
|
--threads=0 \
|
||||||
|
--ram 50000 \
|
||||||
|
--additional-packs "${{ github.workspace }}" \
|
||||||
|
--compilation-cache "${{ steps.query-cache.outputs.cache-dir }}" \
|
||||||
|
-- \
|
||||||
|
test
|
||||||
7
.github/workflows/labeler.yml
vendored
7
.github/workflows/labeler.yml
vendored
@@ -2,12 +2,11 @@ name: "Pull Request Labeler"
|
|||||||
on:
|
on:
|
||||||
- pull_request_target
|
- pull_request_target
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
pull-requests: write
|
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
triage:
|
triage:
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
|
pull-requests: write
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/labeler@v4
|
- uses: actions/labeler@v4
|
||||||
|
|||||||
16
.github/workflows/mad_modelDiff.yml
vendored
16
.github/workflows/mad_modelDiff.yml
vendored
@@ -12,7 +12,6 @@ on:
|
|||||||
- main
|
- main
|
||||||
paths:
|
paths:
|
||||||
- "java/ql/src/utils/modelgenerator/**/*.*"
|
- "java/ql/src/utils/modelgenerator/**/*.*"
|
||||||
- "misc/scripts/models-as-data/*.*"
|
|
||||||
- ".github/workflows/mad_modelDiff.yml"
|
- ".github/workflows/mad_modelDiff.yml"
|
||||||
|
|
||||||
permissions:
|
permissions:
|
||||||
@@ -28,12 +27,12 @@ jobs:
|
|||||||
slug: ${{fromJson(github.event.inputs.projects || '["apache/commons-codec", "apache/commons-io", "apache/commons-beanutils", "apache/commons-logging", "apache/commons-fileupload", "apache/commons-lang", "apache/commons-validator", "apache/commons-csv", "apache/dubbo"]' )}}
|
slug: ${{fromJson(github.event.inputs.projects || '["apache/commons-codec", "apache/commons-io", "apache/commons-beanutils", "apache/commons-logging", "apache/commons-fileupload", "apache/commons-lang", "apache/commons-validator", "apache/commons-csv", "apache/dubbo"]' )}}
|
||||||
steps:
|
steps:
|
||||||
- name: Clone github/codeql from PR
|
- name: Clone github/codeql from PR
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v3
|
||||||
if: github.event.pull_request
|
if: github.event.pull_request
|
||||||
with:
|
with:
|
||||||
path: codeql-pr
|
path: codeql-pr
|
||||||
- name: Clone github/codeql from main
|
- name: Clone github/codeql from main
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v3
|
||||||
with:
|
with:
|
||||||
path: codeql-main
|
path: codeql-main
|
||||||
ref: main
|
ref: main
|
||||||
@@ -62,9 +61,8 @@ jobs:
|
|||||||
DATABASE=$2
|
DATABASE=$2
|
||||||
cd codeql-$QL_VARIANT
|
cd codeql-$QL_VARIANT
|
||||||
SHORTNAME=`basename $DATABASE`
|
SHORTNAME=`basename $DATABASE`
|
||||||
python java/ql/src/utils/modelgenerator/GenerateFlowModel.py --with-summaries --with-sinks $DATABASE $SHORTNAME/$QL_VARIANT
|
python java/ql/src/utils/modelgenerator/GenerateFlowModel.py --with-summaries --with-sinks $DATABASE ${SHORTNAME}.temp.model.yml
|
||||||
mkdir -p $MODELS/$SHORTNAME
|
mv java/ql/lib/ext/generated/${SHORTNAME}.temp.model.yml $MODELS/${SHORTNAME}Generated_${QL_VARIANT}.model.yml
|
||||||
mv java/ql/lib/ext/generated/$SHORTNAME/$QL_VARIANT $MODELS/$SHORTNAME
|
|
||||||
cd ..
|
cd ..
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -87,16 +85,16 @@ jobs:
|
|||||||
set -x
|
set -x
|
||||||
MODELS=`pwd`/tmp-models
|
MODELS=`pwd`/tmp-models
|
||||||
ls -1 tmp-models/
|
ls -1 tmp-models/
|
||||||
for m in $MODELS/*/main/*.model.yml ; do
|
for m in $MODELS/*_main.model.yml ; do
|
||||||
t="${m/main/"pr"}"
|
t="${m/main/"pr"}"
|
||||||
basename=`basename $m`
|
basename=`basename $m`
|
||||||
name="diff_${basename/.model.yml/""}"
|
name="diff_${basename/_main.model.yml/""}"
|
||||||
(diff -w -u $m $t | diff2html -i stdin -F $MODELS/$name.html) || true
|
(diff -w -u $m $t | diff2html -i stdin -F $MODELS/$name.html) || true
|
||||||
done
|
done
|
||||||
- uses: actions/upload-artifact@v3
|
- uses: actions/upload-artifact@v3
|
||||||
with:
|
with:
|
||||||
name: models
|
name: models
|
||||||
path: tmp-models/**/**/*.model.yml
|
path: tmp-models/*.model.yml
|
||||||
retention-days: 20
|
retention-days: 20
|
||||||
- uses: actions/upload-artifact@v3
|
- uses: actions/upload-artifact@v3
|
||||||
with:
|
with:
|
||||||
|
|||||||
7
.github/workflows/mad_regenerate-models.yml
vendored
7
.github/workflows/mad_regenerate-models.yml
vendored
@@ -11,9 +11,6 @@ on:
|
|||||||
- ".github/workflows/mad_regenerate-models.yml"
|
- ".github/workflows/mad_regenerate-models.yml"
|
||||||
- ".github/actions/fetch-codeql/action.yml"
|
- ".github/actions/fetch-codeql/action.yml"
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
regenerate-models:
|
regenerate-models:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
@@ -30,11 +27,11 @@ jobs:
|
|||||||
ref: "placeholder"
|
ref: "placeholder"
|
||||||
steps:
|
steps:
|
||||||
- name: Clone self (github/codeql)
|
- name: Clone self (github/codeql)
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v3
|
||||||
- name: Setup CodeQL binaries
|
- name: Setup CodeQL binaries
|
||||||
uses: ./.github/actions/fetch-codeql
|
uses: ./.github/actions/fetch-codeql
|
||||||
- name: Clone repositories
|
- name: Clone repositories
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v3
|
||||||
with:
|
with:
|
||||||
path: repos/${{ matrix.ref }}
|
path: repos/${{ matrix.ref }}
|
||||||
ref: ${{ matrix.ref }}
|
ref: ${{ matrix.ref }}
|
||||||
|
|||||||
4
.github/workflows/qhelp-pr-preview.yml
vendored
4
.github/workflows/qhelp-pr-preview.yml
vendored
@@ -43,7 +43,7 @@ jobs:
|
|||||||
if-no-files-found: error
|
if-no-files-found: error
|
||||||
retention-days: 1
|
retention-days: 1
|
||||||
|
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v3
|
||||||
with:
|
with:
|
||||||
fetch-depth: 2
|
fetch-depth: 2
|
||||||
persist-credentials: false
|
persist-credentials: false
|
||||||
@@ -77,7 +77,7 @@ jobs:
|
|||||||
done < "${RUNNER_TEMP}/paths.txt" >> comment_body.txt
|
done < "${RUNNER_TEMP}/paths.txt" >> comment_body.txt
|
||||||
exit "${EXIT_CODE}"
|
exit "${EXIT_CODE}"
|
||||||
|
|
||||||
- if: ${{ !cancelled() }}
|
- if: always()
|
||||||
uses: actions/upload-artifact@v3
|
uses: actions/upload-artifact@v3
|
||||||
with:
|
with:
|
||||||
name: comment
|
name: comment
|
||||||
|
|||||||
13
.github/workflows/ql-for-ql-build.yml
vendored
13
.github/workflows/ql-for-ql-build.yml
vendored
@@ -9,22 +9,17 @@ on:
|
|||||||
env:
|
env:
|
||||||
CARGO_TERM_COLOR: always
|
CARGO_TERM_COLOR: always
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
security-events: write
|
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
analyze:
|
analyze:
|
||||||
if: github.repository_owner == 'github'
|
|
||||||
runs-on: ubuntu-latest-xl
|
runs-on: ubuntu-latest-xl
|
||||||
steps:
|
steps:
|
||||||
### Build the queries ###
|
### Build the queries ###
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v3
|
||||||
with:
|
with:
|
||||||
fetch-depth: 0
|
fetch-depth: 0
|
||||||
- name: Find codeql
|
- name: Find codeql
|
||||||
id: find-codeql
|
id: find-codeql
|
||||||
uses: github/codeql-action/init@main
|
uses: github/codeql-action/init@v2
|
||||||
with:
|
with:
|
||||||
languages: javascript # does not matter
|
languages: javascript # does not matter
|
||||||
- uses: ./.github/actions/os-version
|
- uses: ./.github/actions/os-version
|
||||||
@@ -37,7 +32,7 @@ jobs:
|
|||||||
path: |
|
path: |
|
||||||
ql/extractor-pack/
|
ql/extractor-pack/
|
||||||
ql/target/release/buramu
|
ql/target/release/buramu
|
||||||
key: ${{ runner.os }}-${{ steps.os_version.outputs.version }}-extractor-${{ hashFiles('ql/**/Cargo.lock') }}-${{ hashFiles('shared/tree-sitter-extractor') }}-${{ hashFiles('ql/**/*.rs') }}
|
key: ${{ runner.os }}-${{ steps.os_version.outputs.version }}-extractor-${{ hashFiles('ql/**/Cargo.lock') }}-${{ hashFiles('ql/**/*.rs') }}
|
||||||
- name: Cache cargo
|
- name: Cache cargo
|
||||||
if: steps.cache-extractor.outputs.cache-hit != 'true'
|
if: steps.cache-extractor.outputs.cache-hit != 'true'
|
||||||
uses: actions/cache@v3
|
uses: actions/cache@v3
|
||||||
@@ -70,7 +65,7 @@ jobs:
|
|||||||
exclude:*/ql/lib/upgrades/
|
exclude:*/ql/lib/upgrades/
|
||||||
exclude:java/ql/integration-tests
|
exclude:java/ql/integration-tests
|
||||||
- name: Upload sarif to code-scanning
|
- name: Upload sarif to code-scanning
|
||||||
uses: github/codeql-action/upload-sarif@main
|
uses: github/codeql-action/upload-sarif@v2
|
||||||
with:
|
with:
|
||||||
sarif_file: ql-for-ql.sarif
|
sarif_file: ql-for-ql.sarif
|
||||||
category: ql-for-ql
|
category: ql-for-ql
|
||||||
|
|||||||
12
.github/workflows/ql-for-ql-dataset_measure.yml
vendored
12
.github/workflows/ql-for-ql-dataset_measure.yml
vendored
@@ -11,10 +11,6 @@ on:
|
|||||||
- ql/ql/src/ql.dbscheme
|
- ql/ql/src/ql.dbscheme
|
||||||
workflow_dispatch:
|
workflow_dispatch:
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
security-events: read
|
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
measure:
|
measure:
|
||||||
env:
|
env:
|
||||||
@@ -25,11 +21,11 @@ jobs:
|
|||||||
- github/codeql
|
- github/codeql
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v3
|
||||||
|
|
||||||
- name: Find codeql
|
- name: Find codeql
|
||||||
id: find-codeql
|
id: find-codeql
|
||||||
uses: github/codeql-action/init@main
|
uses: github/codeql-action/init@v2
|
||||||
with:
|
with:
|
||||||
languages: javascript # does not matter
|
languages: javascript # does not matter
|
||||||
- uses: ./.github/actions/os-version
|
- uses: ./.github/actions/os-version
|
||||||
@@ -46,7 +42,7 @@ jobs:
|
|||||||
env:
|
env:
|
||||||
CODEQL: ${{ steps.find-codeql.outputs.codeql-path }}
|
CODEQL: ${{ steps.find-codeql.outputs.codeql-path }}
|
||||||
- name: Checkout ${{ matrix.repo }}
|
- name: Checkout ${{ matrix.repo }}
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v3
|
||||||
with:
|
with:
|
||||||
repository: ${{ matrix.repo }}
|
repository: ${{ matrix.repo }}
|
||||||
path: ${{ github.workspace }}/repo
|
path: ${{ github.workspace }}/repo
|
||||||
@@ -75,7 +71,7 @@ jobs:
|
|||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
needs: measure
|
needs: measure
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v3
|
||||||
- uses: actions/download-artifact@v3
|
- uses: actions/download-artifact@v3
|
||||||
with:
|
with:
|
||||||
name: measurements
|
name: measurements
|
||||||
|
|||||||
11
.github/workflows/ql-for-ql-tests.yml
vendored
11
.github/workflows/ql-for-ql-tests.yml
vendored
@@ -17,17 +17,14 @@ on:
|
|||||||
env:
|
env:
|
||||||
CARGO_TERM_COLOR: always
|
CARGO_TERM_COLOR: always
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
qltest:
|
qltest:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v3
|
||||||
- name: Find codeql
|
- name: Find codeql
|
||||||
id: find-codeql
|
id: find-codeql
|
||||||
uses: github/codeql-action/init@main
|
uses: github/codeql-action/init@v2
|
||||||
with:
|
with:
|
||||||
languages: javascript # does not matter
|
languages: javascript # does not matter
|
||||||
- uses: ./.github/actions/os-version
|
- uses: ./.github/actions/os-version
|
||||||
@@ -64,7 +61,7 @@ jobs:
|
|||||||
needs: [qltest]
|
needs: [qltest]
|
||||||
runs-on: ${{ matrix.os }}
|
runs-on: ${{ matrix.os }}
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v3
|
||||||
- name: Install GNU tar
|
- name: Install GNU tar
|
||||||
if: runner.os == 'macOS'
|
if: runner.os == 'macOS'
|
||||||
run: |
|
run: |
|
||||||
@@ -72,7 +69,7 @@ jobs:
|
|||||||
echo "/usr/local/opt/gnu-tar/libexec/gnubin" >> $GITHUB_PATH
|
echo "/usr/local/opt/gnu-tar/libexec/gnubin" >> $GITHUB_PATH
|
||||||
- name: Find codeql
|
- name: Find codeql
|
||||||
id: find-codeql
|
id: find-codeql
|
||||||
uses: github/codeql-action/init@main
|
uses: github/codeql-action/init@v2
|
||||||
with:
|
with:
|
||||||
languages: javascript # does not matter
|
languages: javascript # does not matter
|
||||||
- uses: ./.github/actions/os-version
|
- uses: ./.github/actions/os-version
|
||||||
|
|||||||
5
.github/workflows/query-list.yml
vendored
5
.github/workflows/query-list.yml
vendored
@@ -13,9 +13,6 @@ on:
|
|||||||
- '.github/actions/fetch-codeql/action.yml'
|
- '.github/actions/fetch-codeql/action.yml'
|
||||||
- 'misc/scripts/generate-code-scanning-query-list.py'
|
- 'misc/scripts/generate-code-scanning-query-list.py'
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
build:
|
build:
|
||||||
|
|
||||||
@@ -23,7 +20,7 @@ jobs:
|
|||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: Clone self (github/codeql)
|
- name: Clone self (github/codeql)
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v3
|
||||||
with:
|
with:
|
||||||
path: codeql
|
path: codeql
|
||||||
- name: Set up Python 3.8
|
- name: Set up Python 3.8
|
||||||
|
|||||||
87
.github/workflows/ruby-build.yml
vendored
87
.github/workflows/ruby-build.yml
vendored
@@ -32,9 +32,6 @@ defaults:
|
|||||||
run:
|
run:
|
||||||
working-directory: ruby
|
working-directory: ruby
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
build:
|
build:
|
||||||
strategy:
|
strategy:
|
||||||
@@ -45,17 +42,15 @@ jobs:
|
|||||||
runs-on: ${{ matrix.os }}
|
runs-on: ${{ matrix.os }}
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v3
|
||||||
- name: Install GNU tar
|
- name: Install GNU tar
|
||||||
if: runner.os == 'macOS'
|
if: runner.os == 'macOS'
|
||||||
run: |
|
run: |
|
||||||
brew install gnu-tar
|
brew install gnu-tar
|
||||||
echo "/usr/local/opt/gnu-tar/libexec/gnubin" >> $GITHUB_PATH
|
echo "/usr/local/opt/gnu-tar/libexec/gnubin" >> $GITHUB_PATH
|
||||||
- name: Prepare Windows
|
- name: Install cargo-cross
|
||||||
if: runner.os == 'Windows'
|
if: runner.os == 'Linux'
|
||||||
shell: powershell
|
run: cargo install cross --version 0.2.5
|
||||||
run: |
|
|
||||||
git config --global core.longpaths true
|
|
||||||
- uses: ./.github/actions/os-version
|
- uses: ./.github/actions/os-version
|
||||||
id: os_version
|
id: os_version
|
||||||
- name: Cache entire extractor
|
- name: Cache entire extractor
|
||||||
@@ -66,7 +61,7 @@ jobs:
|
|||||||
ruby/extractor/target/release/codeql-extractor-ruby
|
ruby/extractor/target/release/codeql-extractor-ruby
|
||||||
ruby/extractor/target/release/codeql-extractor-ruby.exe
|
ruby/extractor/target/release/codeql-extractor-ruby.exe
|
||||||
ruby/extractor/ql/lib/codeql/ruby/ast/internal/TreeSitter.qll
|
ruby/extractor/ql/lib/codeql/ruby/ast/internal/TreeSitter.qll
|
||||||
key: ${{ runner.os }}-${{ steps.os_version.outputs.version }}-ruby-extractor-${{ hashFiles('ruby/extractor/rust-toolchain.toml', 'ruby/extractor/Cargo.lock') }}-${{ hashFiles('shared/tree-sitter-extractor') }}-${{ hashFiles('ruby/extractor/**/*.rs') }}
|
key: ${{ runner.os }}-${{ steps.os_version.outputs.version }}-ruby-extractor-${{ hashFiles('ruby/extractor/rust-toolchain.toml', 'ruby/extractor/Cargo.lock') }}--${{ hashFiles('ruby/extractor/**/*.rs') }}
|
||||||
- uses: actions/cache@v3
|
- uses: actions/cache@v3
|
||||||
if: steps.cache-extractor.outputs.cache-hit != 'true'
|
if: steps.cache-extractor.outputs.cache-hit != 'true'
|
||||||
with:
|
with:
|
||||||
@@ -84,8 +79,16 @@ jobs:
|
|||||||
- name: Run tests
|
- name: Run tests
|
||||||
if: steps.cache-extractor.outputs.cache-hit != 'true'
|
if: steps.cache-extractor.outputs.cache-hit != 'true'
|
||||||
run: cd extractor && cargo test --verbose
|
run: cd extractor && cargo test --verbose
|
||||||
- name: Release build
|
# On linux, build the extractor via cross in a centos7 container.
|
||||||
if: steps.cache-extractor.outputs.cache-hit != 'true'
|
# This ensures we don't depend on glibc > 2.17.
|
||||||
|
- name: Release build (linux)
|
||||||
|
if: steps.cache-extractor.outputs.cache-hit != 'true' && runner.os == 'Linux'
|
||||||
|
run: |
|
||||||
|
cd extractor
|
||||||
|
cross build --release
|
||||||
|
mv target/x86_64-unknown-linux-gnu/release/codeql-extractor-ruby target/release/
|
||||||
|
- name: Release build (windows and macos)
|
||||||
|
if: steps.cache-extractor.outputs.cache-hit != 'true' && runner.os != 'Linux'
|
||||||
run: cd extractor && cargo build --release
|
run: cd extractor && cargo build --release
|
||||||
- name: Generate dbscheme
|
- name: Generate dbscheme
|
||||||
if: ${{ matrix.os == 'ubuntu-latest' && steps.cache-extractor.outputs.cache-hit != 'true'}}
|
if: ${{ matrix.os == 'ubuntu-latest' && steps.cache-extractor.outputs.cache-hit != 'true'}}
|
||||||
@@ -108,16 +111,15 @@ jobs:
|
|||||||
ruby/extractor/target/release/codeql-extractor-ruby.exe
|
ruby/extractor/target/release/codeql-extractor-ruby.exe
|
||||||
retention-days: 1
|
retention-days: 1
|
||||||
compile-queries:
|
compile-queries:
|
||||||
if: github.repository_owner == 'github'
|
|
||||||
runs-on: ubuntu-latest-xl
|
runs-on: ubuntu-latest-xl
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v3
|
||||||
- name: Fetch CodeQL
|
- name: Fetch CodeQL
|
||||||
uses: ./.github/actions/fetch-codeql
|
uses: ./.github/actions/fetch-codeql
|
||||||
- name: Cache compilation cache
|
- name: Cache compilation cache
|
||||||
id: query-cache
|
id: query-cache
|
||||||
uses: ./.github/actions/cache-query-compilation
|
uses: ./.github/actions/cache-query-compilation
|
||||||
with:
|
with:
|
||||||
key: ruby-build
|
key: ruby-build
|
||||||
- name: Build Query Pack
|
- name: Build Query Pack
|
||||||
run: |
|
run: |
|
||||||
@@ -143,7 +145,7 @@ jobs:
|
|||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
needs: [build, compile-queries]
|
needs: [build, compile-queries]
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v3
|
||||||
- uses: actions/download-artifact@v3
|
- uses: actions/download-artifact@v3
|
||||||
with:
|
with:
|
||||||
name: ruby.dbscheme
|
name: ruby.dbscheme
|
||||||
@@ -204,7 +206,7 @@ jobs:
|
|||||||
runs-on: ${{ matrix.os }}
|
runs-on: ${{ matrix.os }}
|
||||||
needs: [package]
|
needs: [package]
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v3
|
||||||
- name: Fetch CodeQL
|
- name: Fetch CodeQL
|
||||||
uses: ./.github/actions/fetch-codeql
|
uses: ./.github/actions/fetch-codeql
|
||||||
|
|
||||||
@@ -229,3 +231,54 @@ jobs:
|
|||||||
shell: bash
|
shell: bash
|
||||||
run: |
|
run: |
|
||||||
codeql database analyze --search-path "${{ runner.temp }}/ruby-bundle" --format=sarifv2.1.0 --output=out.sarif ../database ruby-code-scanning.qls
|
codeql database analyze --search-path "${{ runner.temp }}/ruby-bundle" --format=sarifv2.1.0 --output=out.sarif ../database ruby-code-scanning.qls
|
||||||
|
|
||||||
|
# This is a copy of the 'test' job that runs in a centos7 container.
|
||||||
|
# This tests that the extractor works correctly on systems with an old glibc.
|
||||||
|
test-centos7:
|
||||||
|
defaults:
|
||||||
|
run:
|
||||||
|
working-directory: ${{ github.workspace }}
|
||||||
|
strategy:
|
||||||
|
fail-fast: false
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
container:
|
||||||
|
image: centos:centos7
|
||||||
|
env:
|
||||||
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
needs: [package]
|
||||||
|
steps:
|
||||||
|
- name: Install gh cli
|
||||||
|
run: |
|
||||||
|
yum-config-manager --add-repo https://cli.github.com/packages/rpm/gh-cli.repo
|
||||||
|
# fetch-codeql requires unzip and jq
|
||||||
|
# jq is available in epel-release (https://docs.fedoraproject.org/en-US/epel/)
|
||||||
|
yum install -y gh unzip epel-release
|
||||||
|
yum install -y jq
|
||||||
|
- uses: actions/checkout@v3
|
||||||
|
- name: Fetch CodeQL
|
||||||
|
uses: ./.github/actions/fetch-codeql
|
||||||
|
|
||||||
|
# Due to a bug in Actions, we can't use runner.temp in the run blocks here.
|
||||||
|
# https://github.com/actions/runner/issues/2185
|
||||||
|
|
||||||
|
- name: Download Ruby bundle
|
||||||
|
uses: actions/download-artifact@v3
|
||||||
|
with:
|
||||||
|
name: codeql-ruby-bundle
|
||||||
|
path: ${{ runner.temp }}
|
||||||
|
- name: Unzip Ruby bundle
|
||||||
|
shell: bash
|
||||||
|
run: unzip -q -d "$RUNNER_TEMP"/ruby-bundle "$RUNNER_TEMP"/codeql-ruby-bundle.zip
|
||||||
|
|
||||||
|
- name: Run QL test
|
||||||
|
shell: bash
|
||||||
|
run: |
|
||||||
|
codeql test run --search-path "$RUNNER_TEMP"/ruby-bundle --additional-packs "$RUNNER_TEMP"/ruby-bundle ruby/ql/test/library-tests/ast/constants/
|
||||||
|
- name: Create database
|
||||||
|
shell: bash
|
||||||
|
run: |
|
||||||
|
codeql database create --search-path "$RUNNER_TEMP"/ruby-bundle --language ruby --source-root ruby/ql/test/library-tests/ast/constants/ ../database
|
||||||
|
- name: Analyze database
|
||||||
|
shell: bash
|
||||||
|
run: |
|
||||||
|
codeql database analyze --search-path "$RUNNER_TEMP"/ruby-bundle --format=sarifv2.1.0 --output=out.sarif ../database ruby-code-scanning.qls
|
||||||
|
|||||||
9
.github/workflows/ruby-dataset-measure.yml
vendored
9
.github/workflows/ruby-dataset-measure.yml
vendored
@@ -17,9 +17,6 @@ on:
|
|||||||
- .github/workflows/ruby-dataset-measure.yml
|
- .github/workflows/ruby-dataset-measure.yml
|
||||||
workflow_dispatch:
|
workflow_dispatch:
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
measure:
|
measure:
|
||||||
env:
|
env:
|
||||||
@@ -30,14 +27,14 @@ jobs:
|
|||||||
repo: [rails/rails, discourse/discourse, spree/spree, ruby/ruby]
|
repo: [rails/rails, discourse/discourse, spree/spree, ruby/ruby]
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v3
|
||||||
|
|
||||||
- uses: ./.github/actions/fetch-codeql
|
- uses: ./.github/actions/fetch-codeql
|
||||||
|
|
||||||
- uses: ./ruby/actions/create-extractor-pack
|
- uses: ./ruby/actions/create-extractor-pack
|
||||||
|
|
||||||
- name: Checkout ${{ matrix.repo }}
|
- name: Checkout ${{ matrix.repo }}
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v3
|
||||||
with:
|
with:
|
||||||
repository: ${{ matrix.repo }}
|
repository: ${{ matrix.repo }}
|
||||||
path: ${{ github.workspace }}/repo
|
path: ${{ github.workspace }}/repo
|
||||||
@@ -62,7 +59,7 @@ jobs:
|
|||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
needs: measure
|
needs: measure
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v3
|
||||||
- uses: actions/download-artifact@v3
|
- uses: actions/download-artifact@v3
|
||||||
with:
|
with:
|
||||||
name: measurements
|
name: measurements
|
||||||
|
|||||||
9
.github/workflows/ruby-qltest.yml
vendored
9
.github/workflows/ruby-qltest.yml
vendored
@@ -14,7 +14,6 @@ on:
|
|||||||
pull_request:
|
pull_request:
|
||||||
paths:
|
paths:
|
||||||
- "ruby/**"
|
- "ruby/**"
|
||||||
- "shared/**"
|
|
||||||
- .github/workflows/ruby-qltest.yml
|
- .github/workflows/ruby-qltest.yml
|
||||||
- .github/actions/fetch-codeql/action.yml
|
- .github/actions/fetch-codeql/action.yml
|
||||||
- codeql-workspace.yml
|
- codeql-workspace.yml
|
||||||
@@ -29,14 +28,11 @@ defaults:
|
|||||||
run:
|
run:
|
||||||
working-directory: ruby
|
working-directory: ruby
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
qlupgrade:
|
qlupgrade:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v3
|
||||||
- uses: ./.github/actions/fetch-codeql
|
- uses: ./.github/actions/fetch-codeql
|
||||||
- name: Check DB upgrade scripts
|
- name: Check DB upgrade scripts
|
||||||
run: |
|
run: |
|
||||||
@@ -53,12 +49,11 @@ jobs:
|
|||||||
xargs codeql execute upgrades testdb
|
xargs codeql execute upgrades testdb
|
||||||
diff -q testdb/ruby.dbscheme downgrades/initial/ruby.dbscheme
|
diff -q testdb/ruby.dbscheme downgrades/initial/ruby.dbscheme
|
||||||
qltest:
|
qltest:
|
||||||
if: github.repository_owner == 'github'
|
|
||||||
runs-on: ubuntu-latest-xl
|
runs-on: ubuntu-latest-xl
|
||||||
strategy:
|
strategy:
|
||||||
fail-fast: false
|
fail-fast: false
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v3
|
||||||
- uses: ./.github/actions/fetch-codeql
|
- uses: ./.github/actions/fetch-codeql
|
||||||
- uses: ./ruby/actions/create-extractor-pack
|
- uses: ./ruby/actions/create-extractor-pack
|
||||||
- name: Cache compilation cache
|
- name: Cache compilation cache
|
||||||
|
|||||||
42
.github/workflows/swift.yml
vendored
42
.github/workflows/swift.yml
vendored
@@ -16,7 +16,6 @@ on:
|
|||||||
branches:
|
branches:
|
||||||
- main
|
- main
|
||||||
- rc/*
|
- rc/*
|
||||||
- codeql-cli-*
|
|
||||||
push:
|
push:
|
||||||
paths:
|
paths:
|
||||||
- "swift/**"
|
- "swift/**"
|
||||||
@@ -31,79 +30,62 @@ on:
|
|||||||
branches:
|
branches:
|
||||||
- main
|
- main
|
||||||
- rc/*
|
- rc/*
|
||||||
- codeql-cli-*
|
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
# not using a matrix as you cannot depend on a specific job in a matrix, and we want to start linux checks
|
# not using a matrix as you cannot depend on a specific job in a matrix, and we want to start linux checks
|
||||||
# without waiting for the macOS build
|
# without waiting for the macOS build
|
||||||
build-and-test-macos:
|
build-and-test-macos:
|
||||||
if: github.repository_owner == 'github'
|
|
||||||
runs-on: macos-12-xl
|
runs-on: macos-12-xl
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v3
|
||||||
- uses: ./swift/actions/build-and-test
|
- uses: ./swift/actions/build-and-test
|
||||||
build-and-test-linux:
|
build-and-test-linux:
|
||||||
if: github.repository_owner == 'github'
|
|
||||||
runs-on: ubuntu-latest-xl
|
runs-on: ubuntu-latest-xl
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v3
|
||||||
- uses: ./swift/actions/build-and-test
|
- uses: ./swift/actions/build-and-test
|
||||||
qltests-linux:
|
qltests-linux:
|
||||||
if: github.repository_owner == 'github'
|
|
||||||
needs: build-and-test-linux
|
needs: build-and-test-linux
|
||||||
runs-on: ubuntu-latest-xl
|
runs-on: ubuntu-latest-xl
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v3
|
||||||
- uses: ./swift/actions/run-ql-tests
|
- uses: ./swift/actions/run-ql-tests
|
||||||
qltests-macos:
|
qltests-macos:
|
||||||
if: ${{ github.repository_owner == 'github' && github.event_name == 'pull_request' }}
|
if : ${{ github.event_name == 'pull_request' }}
|
||||||
needs: build-and-test-macos
|
needs: build-and-test-macos
|
||||||
runs-on: macos-12-xl
|
runs-on: macos-12-xl
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v3
|
||||||
- uses: ./swift/actions/run-ql-tests
|
- uses: ./swift/actions/run-ql-tests
|
||||||
integration-tests-linux:
|
integration-tests-linux:
|
||||||
if: github.repository_owner == 'github'
|
|
||||||
needs: build-and-test-linux
|
needs: build-and-test-linux
|
||||||
runs-on: ubuntu-latest-xl
|
runs-on: ubuntu-latest-xl
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v3
|
||||||
- uses: ./swift/actions/run-integration-tests
|
- uses: ./swift/actions/run-integration-tests
|
||||||
integration-tests-macos:
|
integration-tests-macos:
|
||||||
if: ${{ github.repository_owner == 'github' && github.event_name == 'pull_request' }}
|
if : ${{ github.event_name == 'pull_request' }}
|
||||||
needs: build-and-test-macos
|
needs: build-and-test-macos
|
||||||
runs-on: macos-12-xl
|
runs-on: macos-12-xl
|
||||||
timeout-minutes: 60
|
timeout-minutes: 60
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v3
|
||||||
- uses: ./swift/actions/run-integration-tests
|
- uses: ./swift/actions/run-integration-tests
|
||||||
clang-format:
|
|
||||||
if : ${{ github.event_name == 'pull_request' }}
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v4
|
|
||||||
- uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507
|
|
||||||
name: Check that python code is properly formatted
|
|
||||||
with:
|
|
||||||
extra_args: clang-format --all-files
|
|
||||||
codegen:
|
codegen:
|
||||||
if : ${{ github.event_name == 'pull_request' }}
|
if : ${{ github.event_name == 'pull_request' }}
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v3
|
||||||
- uses: bazelbuild/setup-bazelisk@v2
|
- uses: bazelbuild/setup-bazelisk@v2
|
||||||
- uses: actions/setup-python@v4
|
- uses: actions/setup-python@v4
|
||||||
with:
|
with:
|
||||||
python-version-file: 'swift/.python-version'
|
python-version-file: 'swift/.python-version'
|
||||||
- uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507
|
- uses: pre-commit/action@v3.0.0
|
||||||
name: Check that python code is properly formatted
|
name: Check that python code is properly formatted
|
||||||
with:
|
with:
|
||||||
extra_args: autopep8 --all-files
|
extra_args: autopep8 --all-files
|
||||||
- uses: ./.github/actions/fetch-codeql
|
- uses: ./.github/actions/fetch-codeql
|
||||||
- uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507
|
- uses: pre-commit/action@v3.0.0
|
||||||
name: Check that QL generated code was checked in
|
name: Check that QL generated code was checked in
|
||||||
with:
|
with:
|
||||||
extra_args: swift-codegen --all-files
|
extra_args: swift-codegen --all-files
|
||||||
@@ -118,6 +100,6 @@ jobs:
|
|||||||
if : ${{ github.event_name == 'pull_request' }}
|
if : ${{ github.event_name == 'pull_request' }}
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v3
|
||||||
- uses: ./.github/actions/fetch-codeql
|
- uses: ./.github/actions/fetch-codeql
|
||||||
- uses: ./swift/actions/database-upgrade-scripts
|
- uses: ./swift/actions/database-upgrade-scripts
|
||||||
|
|||||||
7
.github/workflows/sync-files.yml
vendored
7
.github/workflows/sync-files.yml
vendored
@@ -10,16 +10,11 @@ on:
|
|||||||
- main
|
- main
|
||||||
- 'rc/*'
|
- 'rc/*'
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
sync:
|
sync:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v3
|
||||||
- name: Check synchronized files
|
- name: Check synchronized files
|
||||||
run: python config/sync-files.py
|
run: python config/sync-files.py
|
||||||
- name: Check dbscheme fragments
|
|
||||||
run: python config/sync-dbscheme-fragments.py
|
|
||||||
|
|
||||||
|
|||||||
49
.github/workflows/tree-sitter-extractor-test.yml
vendored
49
.github/workflows/tree-sitter-extractor-test.yml
vendored
@@ -1,49 +0,0 @@
|
|||||||
name: Test tree-sitter-extractor
|
|
||||||
|
|
||||||
on:
|
|
||||||
push:
|
|
||||||
paths:
|
|
||||||
- "shared/tree-sitter-extractor/**"
|
|
||||||
- .github/workflows/tree-sitter-extractor-test.yml
|
|
||||||
branches:
|
|
||||||
- main
|
|
||||||
- "rc/*"
|
|
||||||
pull_request:
|
|
||||||
paths:
|
|
||||||
- "shared/tree-sitter-extractor/**"
|
|
||||||
- .github/workflows/tree-sitter-extractor-test.yml
|
|
||||||
branches:
|
|
||||||
- main
|
|
||||||
- "rc/*"
|
|
||||||
|
|
||||||
env:
|
|
||||||
CARGO_TERM_COLOR: always
|
|
||||||
|
|
||||||
defaults:
|
|
||||||
run:
|
|
||||||
working-directory: shared/tree-sitter-extractor
|
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
test:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v4
|
|
||||||
- name: Check formatting
|
|
||||||
run: cargo fmt --all -- --check
|
|
||||||
- name: Run tests
|
|
||||||
run: cargo test --verbose
|
|
||||||
fmt:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v4
|
|
||||||
- name: Check formatting
|
|
||||||
run: cargo fmt --check
|
|
||||||
clippy:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v4
|
|
||||||
- name: Run clippy
|
|
||||||
run: cargo clippy -- --no-deps -D warnings -A clippy::new_without_default -A clippy::too_many_arguments
|
|
||||||
5
.github/workflows/validate-change-notes.yml
vendored
5
.github/workflows/validate-change-notes.yml
vendored
@@ -15,15 +15,12 @@ on:
|
|||||||
- ".github/workflows/validate-change-notes.yml"
|
- ".github/workflows/validate-change-notes.yml"
|
||||||
- ".github/actions/fetch-codeql/action.yml"
|
- ".github/actions/fetch-codeql/action.yml"
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
check-change-note:
|
check-change-note:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout repository
|
- name: Checkout repository
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v3
|
||||||
|
|
||||||
- name: Setup CodeQL
|
- name: Setup CodeQL
|
||||||
uses: ./.github/actions/fetch-codeql
|
uses: ./.github/actions/fetch-codeql
|
||||||
|
|||||||
3
.gitignore
vendored
3
.gitignore
vendored
@@ -39,9 +39,6 @@
|
|||||||
# local bazel options
|
# local bazel options
|
||||||
/local.bazelrc
|
/local.bazelrc
|
||||||
|
|
||||||
# generated cmake directory
|
|
||||||
/.bazel-cmake
|
|
||||||
|
|
||||||
# CLion project files
|
# CLion project files
|
||||||
/.clwb
|
/.clwb
|
||||||
|
|
||||||
|
|||||||
@@ -5,14 +5,15 @@ repos:
|
|||||||
rev: v3.2.0
|
rev: v3.2.0
|
||||||
hooks:
|
hooks:
|
||||||
- id: trailing-whitespace
|
- id: trailing-whitespace
|
||||||
exclude: /test/.*$(?<!\.ql)(?<!\.qll)(?<!\.qlref)|.*\.patch
|
exclude: /test/.*$(?<!\.ql)(?<!\.qll)(?<!\.qlref)
|
||||||
- id: end-of-file-fixer
|
- id: end-of-file-fixer
|
||||||
exclude: /test/.*$(?<!\.ql)(?<!\.qll)(?<!\.qlref)|.*\.patch
|
exclude: /test/.*$(?<!\.ql)(?<!\.qll)(?<!\.qlref)
|
||||||
|
|
||||||
- repo: https://github.com/pre-commit/mirrors-clang-format
|
- repo: https://github.com/pre-commit/mirrors-clang-format
|
||||||
rev: v17.0.6
|
rev: v13.0.1
|
||||||
hooks:
|
hooks:
|
||||||
- id: clang-format
|
- id: clang-format
|
||||||
|
files: ^swift/.*\.(h|c|cpp)$
|
||||||
|
|
||||||
- repo: https://github.com/pre-commit/mirrors-autopep8
|
- repo: https://github.com/pre-commit/mirrors-autopep8
|
||||||
rev: v1.6.0
|
rev: v1.6.0
|
||||||
@@ -20,11 +21,6 @@ repos:
|
|||||||
- id: autopep8
|
- id: autopep8
|
||||||
files: ^misc/codegen/.*\.py
|
files: ^misc/codegen/.*\.py
|
||||||
|
|
||||||
- repo: https://github.com/warchant/pre-commit-buildifier
|
|
||||||
rev: 0.0.2
|
|
||||||
hooks:
|
|
||||||
- id: buildifier
|
|
||||||
|
|
||||||
- repo: local
|
- repo: local
|
||||||
hooks:
|
hooks:
|
||||||
- id: codeql-format
|
- id: codeql-format
|
||||||
|
|||||||
18
.vscode/tasks.json
vendored
18
.vscode/tasks.json
vendored
@@ -22,22 +22,6 @@
|
|||||||
"command": "${config:python.pythonPath}",
|
"command": "${config:python.pythonPath}",
|
||||||
},
|
},
|
||||||
"problemMatcher": []
|
"problemMatcher": []
|
||||||
},
|
|
||||||
{
|
|
||||||
"label": "Accept .expected changes from CI",
|
|
||||||
"type": "process",
|
|
||||||
// Non-Windows OS will usually have Python 3 already installed at /usr/bin/python3.
|
|
||||||
"command": "python3",
|
|
||||||
"args": [
|
|
||||||
"misc/scripts/accept-expected-changes-from-ci.py"
|
|
||||||
],
|
|
||||||
"group": "build",
|
|
||||||
"windows": {
|
|
||||||
// On Windows, use whatever Python interpreter is configured for this workspace. The default is
|
|
||||||
// just `python`, so if Python is already on the path, this will find it.
|
|
||||||
"command": "${config:python.pythonPath}",
|
|
||||||
},
|
|
||||||
"problemMatcher": []
|
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
@@ -8,8 +8,7 @@
|
|||||||
/swift/ @github/codeql-swift
|
/swift/ @github/codeql-swift
|
||||||
/misc/codegen/ @github/codeql-swift
|
/misc/codegen/ @github/codeql-swift
|
||||||
/java/kotlin-extractor/ @github/codeql-kotlin
|
/java/kotlin-extractor/ @github/codeql-kotlin
|
||||||
/java/ql/test-kotlin1/ @github/codeql-kotlin
|
/java/kotlin-explorer/ @github/codeql-kotlin
|
||||||
/java/ql/test-kotlin2/ @github/codeql-kotlin
|
|
||||||
|
|
||||||
# ML-powered queries
|
# ML-powered queries
|
||||||
/javascript/ql/experimental/adaptivethreatmodeling/ @github/codeql-ml-powered-queries-reviewers
|
/javascript/ql/experimental/adaptivethreatmodeling/ @github/codeql-ml-powered-queries-reviewers
|
||||||
@@ -25,7 +24,6 @@
|
|||||||
|
|
||||||
# Bazel (excluding BUILD.bazel files)
|
# Bazel (excluding BUILD.bazel files)
|
||||||
WORKSPACE.bazel @github/codeql-ci-reviewers
|
WORKSPACE.bazel @github/codeql-ci-reviewers
|
||||||
MODULE.bazel @github/codeql-ci-reviewers
|
|
||||||
.bazelversion @github/codeql-ci-reviewers
|
.bazelversion @github/codeql-ci-reviewers
|
||||||
.bazelrc @github/codeql-ci-reviewers
|
.bazelrc @github/codeql-ci-reviewers
|
||||||
**/*.bzl @github/codeql-ci-reviewers
|
**/*.bzl @github/codeql-ci-reviewers
|
||||||
@@ -42,7 +40,3 @@ MODULE.bazel @github/codeql-ci-reviewers
|
|||||||
/.github/workflows/ql-for-ql-* @github/codeql-ql-for-ql-reviewers
|
/.github/workflows/ql-for-ql-* @github/codeql-ql-for-ql-reviewers
|
||||||
/.github/workflows/ruby-* @github/codeql-ruby
|
/.github/workflows/ruby-* @github/codeql-ruby
|
||||||
/.github/workflows/swift.yml @github/codeql-swift
|
/.github/workflows/swift.yml @github/codeql-swift
|
||||||
|
|
||||||
# Misc
|
|
||||||
/misc/scripts/accept-expected-changes-from-ci.py @RasmusWL
|
|
||||||
/misc/scripts/generate-code-scanning-query-list.py @RasmusWL
|
|
||||||
|
|||||||
@@ -14,16 +14,14 @@ If you have an idea for a query that you would like to share with other CodeQL u
|
|||||||
|
|
||||||
1. **Directory structure**
|
1. **Directory structure**
|
||||||
|
|
||||||
There are eight language-specific query directories in this repository:
|
There are six language-specific query directories in this repository:
|
||||||
|
|
||||||
* C/C++: `cpp/ql/src`
|
* C/C++: `cpp/ql/src`
|
||||||
* C#: `csharp/ql/src`
|
* C#: `csharp/ql/src`
|
||||||
* Go: `go/ql/src`
|
* Java: `java/ql/src`
|
||||||
* Java/Kotlin: `java/ql/src`
|
|
||||||
* JavaScript: `javascript/ql/src`
|
* JavaScript: `javascript/ql/src`
|
||||||
* Python: `python/ql/src`
|
* Python: `python/ql/src`
|
||||||
* Ruby: `ruby/ql/src`
|
* Ruby: `ruby/ql/src`
|
||||||
* Swift: `swift/ql/src`
|
|
||||||
|
|
||||||
Each language-specific directory contains further subdirectories that group queries based on their `@tags` or purpose.
|
Each language-specific directory contains further subdirectories that group queries based on their `@tags` or purpose.
|
||||||
- Experimental queries and libraries are stored in the `experimental` subdirectory within each language-specific directory in the [CodeQL repository](https://github.com/github/codeql). For example, experimental Java queries and libraries are stored in `java/ql/src/experimental` and any corresponding tests in `java/ql/test/experimental`.
|
- Experimental queries and libraries are stored in the `experimental` subdirectory within each language-specific directory in the [CodeQL repository](https://github.com/github/codeql). For example, experimental Java queries and libraries are stored in `java/ql/src/experimental` and any corresponding tests in `java/ql/test/experimental`.
|
||||||
|
|||||||
53
MODULE.bazel
53
MODULE.bazel
@@ -1,53 +0,0 @@
|
|||||||
module(
|
|
||||||
name = "codeql",
|
|
||||||
version = "0.0",
|
|
||||||
)
|
|
||||||
|
|
||||||
# this points to our internal repository when `codeql` is checked out as a submodule thereof
|
|
||||||
# when building things from `codeql` independently this is stubbed out in `.bazelrc`
|
|
||||||
bazel_dep(name = "semmle_code", version = "0.0")
|
|
||||||
local_path_override(
|
|
||||||
module_name = "semmle_code",
|
|
||||||
path = "..",
|
|
||||||
)
|
|
||||||
|
|
||||||
# see https://registry.bazel.build/ for a list of available packages
|
|
||||||
|
|
||||||
bazel_dep(name = "platforms", version = "0.0.8")
|
|
||||||
bazel_dep(name = "rules_pkg", version = "0.9.1")
|
|
||||||
bazel_dep(name = "rules_nodejs", version = "6.0.3")
|
|
||||||
bazel_dep(name = "rules_python", version = "0.31.0")
|
|
||||||
bazel_dep(name = "bazel_skylib", version = "1.5.0")
|
|
||||||
bazel_dep(name = "abseil-cpp", version = "20240116.0", repo_name = "absl")
|
|
||||||
bazel_dep(name = "nlohmann_json", version = "3.11.3", repo_name = "json")
|
|
||||||
bazel_dep(name = "fmt", version = "10.0.0")
|
|
||||||
|
|
||||||
pip = use_extension("@rules_python//python/extensions:pip.bzl", "pip")
|
|
||||||
pip.parse(
|
|
||||||
hub_name = "codegen_deps",
|
|
||||||
python_version = "3.11",
|
|
||||||
requirements_lock = "//misc/codegen:requirements_lock.txt",
|
|
||||||
)
|
|
||||||
use_repo(pip, "codegen_deps")
|
|
||||||
|
|
||||||
swift_deps = use_extension("//swift/third_party:load.bzl", "swift_deps")
|
|
||||||
use_repo(
|
|
||||||
swift_deps,
|
|
||||||
"binlog",
|
|
||||||
"picosha2",
|
|
||||||
"swift_prebuilt_darwin_x86_64",
|
|
||||||
"swift_prebuilt_linux",
|
|
||||||
"swift_toolchain_linux",
|
|
||||||
"swift_toolchain_macos",
|
|
||||||
)
|
|
||||||
|
|
||||||
node = use_extension("@rules_nodejs//nodejs:extensions.bzl", "node")
|
|
||||||
node.toolchain(
|
|
||||||
name = "nodejs",
|
|
||||||
node_version = "18.15.0",
|
|
||||||
)
|
|
||||||
use_repo(node, "nodejs", "nodejs_toolchains")
|
|
||||||
|
|
||||||
register_toolchains(
|
|
||||||
"@nodejs_toolchains//:all",
|
|
||||||
)
|
|
||||||
@@ -1,2 +1,12 @@
|
|||||||
# please use MODULE.bazel to add dependencies
|
# Please notice that any bazel targets and definitions in this repository are currently experimental
|
||||||
# this empty file is required by internal repositories, don't remove it
|
# and for internal use only.
|
||||||
|
|
||||||
|
workspace(name = "codeql")
|
||||||
|
|
||||||
|
load("//misc/bazel:workspace.bzl", "codeql_workspace")
|
||||||
|
|
||||||
|
codeql_workspace()
|
||||||
|
|
||||||
|
load("//misc/bazel:workspace_deps.bzl", "codeql_workspace_deps")
|
||||||
|
|
||||||
|
codeql_workspace_deps()
|
||||||
|
|||||||
@@ -1,26 +1,23 @@
|
|||||||
provide:
|
provide:
|
||||||
- "*/ql/src/qlpack.yml"
|
- "*/ql/src/qlpack.yml"
|
||||||
- "*/ql/lib/qlpack.yml"
|
- "*/ql/lib/qlpack.yml"
|
||||||
- "*/ql/test*/qlpack.yml"
|
- "*/ql/test/qlpack.yml"
|
||||||
- "*/ql/examples/qlpack.yml"
|
- "*/ql/examples/qlpack.yml"
|
||||||
- "*/ql/consistency-queries/qlpack.yml"
|
- "*/ql/consistency-queries/qlpack.yml"
|
||||||
- "*/ql/automodel/src/qlpack.yml"
|
- "shared/*/qlpack.yml"
|
||||||
- "*/ql/automodel/test/qlpack.yml"
|
|
||||||
- "python/extractor/qlpack.yml"
|
|
||||||
- "shared/**/qlpack.yml"
|
|
||||||
- "cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/tainted/qlpack.yml"
|
- "cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/tainted/qlpack.yml"
|
||||||
- "go/ql/config/legacy-support/qlpack.yml"
|
- "go/ql/config/legacy-support/qlpack.yml"
|
||||||
- "go/build/codeql-extractor-go/codeql-extractor.yml"
|
- "go/build/codeql-extractor-go/codeql-extractor.yml"
|
||||||
- "javascript/ql/experimental/adaptivethreatmodeling/lib/qlpack.yml"
|
- "*/ql/experimental/adaptivethreatmodeling/lib/qlpack.yml"
|
||||||
# This pack is explicitly excluded from the workspace since most users
|
# This pack is explicitly excluded from the workspace since most users
|
||||||
# will want to use a version of this pack from the package cache. Internal
|
# will want to use a version of this pack from the package cache. Internal
|
||||||
# users can uncomment the following line and place a custom ML model
|
# users can uncomment the following line and place a custom ML model
|
||||||
# in the corresponding pack to test a custom ML model within their local
|
# in the corresponding pack to test a custom ML model within their local
|
||||||
# checkout.
|
# checkout.
|
||||||
# - "javascript/ql/experimental/adaptivethreatmodeling/model/qlpack.yml"
|
# - "*/ql/experimental/adaptivethreatmodeling/model/qlpack.yml"
|
||||||
- "javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/qlpack.yml"
|
- "*/ql/experimental/adaptivethreatmodeling/modelbuilding/qlpack.yml"
|
||||||
- "javascript/ql/experimental/adaptivethreatmodeling/src/qlpack.yml"
|
- "*/ql/experimental/adaptivethreatmodeling/src/qlpack.yml"
|
||||||
- "javascript/ql/experimental/adaptivethreatmodeling/test/qlpack.yml"
|
- "*/ql/experimental/adaptivethreatmodeling/test/qlpack.yml"
|
||||||
- "csharp/ql/campaigns/Solorigate/lib/qlpack.yml"
|
- "csharp/ql/campaigns/Solorigate/lib/qlpack.yml"
|
||||||
- "csharp/ql/campaigns/Solorigate/src/qlpack.yml"
|
- "csharp/ql/campaigns/Solorigate/src/qlpack.yml"
|
||||||
- "csharp/ql/campaigns/Solorigate/test/qlpack.yml"
|
- "csharp/ql/campaigns/Solorigate/test/qlpack.yml"
|
||||||
@@ -30,7 +27,6 @@ provide:
|
|||||||
- "swift/extractor-pack/codeql-extractor.yml"
|
- "swift/extractor-pack/codeql-extractor.yml"
|
||||||
- "swift/integration-tests/qlpack.yml"
|
- "swift/integration-tests/qlpack.yml"
|
||||||
- "ql/extractor-pack/codeql-extractor.yml"
|
- "ql/extractor-pack/codeql-extractor.yml"
|
||||||
- ".github/codeql/extensions/**/codeql-pack.yml"
|
|
||||||
|
|
||||||
versionPolicies:
|
versionPolicies:
|
||||||
default:
|
default:
|
||||||
|
|||||||
@@ -1,33 +0,0 @@
|
|||||||
{
|
|
||||||
"files": [
|
|
||||||
"javascript/ql/lib/semmlecode.javascript.dbscheme",
|
|
||||||
"python/ql/lib/semmlecode.python.dbscheme",
|
|
||||||
"ruby/ql/lib/ruby.dbscheme",
|
|
||||||
"ql/ql/src/ql.dbscheme"
|
|
||||||
],
|
|
||||||
"fragments": [
|
|
||||||
"/*- External data -*/",
|
|
||||||
"/*- Files and folders -*/",
|
|
||||||
"/*- Diagnostic messages -*/",
|
|
||||||
"/*- Diagnostic messages: severity -*/",
|
|
||||||
"/*- Source location prefix -*/",
|
|
||||||
"/*- Lines of code -*/",
|
|
||||||
"/*- Configuration files with key value pairs -*/",
|
|
||||||
"/*- YAML -*/",
|
|
||||||
"/*- XML Files -*/",
|
|
||||||
"/*- XML: sourceline -*/",
|
|
||||||
"/*- DEPRECATED: External defects and metrics -*/",
|
|
||||||
"/*- DEPRECATED: Snapshot date -*/",
|
|
||||||
"/*- DEPRECATED: Duplicate code -*/",
|
|
||||||
"/*- DEPRECATED: Version control data -*/",
|
|
||||||
"/*- JavaScript-specific part -*/",
|
|
||||||
"/*- Ruby dbscheme -*/",
|
|
||||||
"/*- Erb dbscheme -*/",
|
|
||||||
"/*- QL dbscheme -*/",
|
|
||||||
"/*- Dbscheme dbscheme -*/",
|
|
||||||
"/*- Yaml dbscheme -*/",
|
|
||||||
"/*- Blame dbscheme -*/",
|
|
||||||
"/*- JSON dbscheme -*/",
|
|
||||||
"/*- Python dbscheme -*/"
|
|
||||||
]
|
|
||||||
}
|
|
||||||
@@ -1,4 +1,24 @@
|
|||||||
{
|
{
|
||||||
|
"DataFlow Java/C++/C#/Go/Python/Ruby/Swift": [
|
||||||
|
"java/ql/lib/semmle/code/java/dataflow/internal/DataFlow.qll",
|
||||||
|
"cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlow.qll",
|
||||||
|
"cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlow.qll",
|
||||||
|
"csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlow.qll",
|
||||||
|
"go/ql/lib/semmle/go/dataflow/internal/DataFlow.qll",
|
||||||
|
"python/ql/lib/semmle/python/dataflow/new/internal/DataFlow.qll",
|
||||||
|
"ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlow.qll",
|
||||||
|
"swift/ql/lib/codeql/swift/dataflow/internal/DataFlow.qll"
|
||||||
|
],
|
||||||
|
"DataFlowImpl Java/C++/C#/Go/Python/Ruby/Swift": [
|
||||||
|
"java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl.qll",
|
||||||
|
"cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll",
|
||||||
|
"cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll",
|
||||||
|
"csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl.qll",
|
||||||
|
"go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl.qll",
|
||||||
|
"python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl.qll",
|
||||||
|
"ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl.qll",
|
||||||
|
"swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl.qll"
|
||||||
|
],
|
||||||
"DataFlow Java/C++/C#/Go/Python/Ruby/Swift Legacy Configuration": [
|
"DataFlow Java/C++/C#/Go/Python/Ruby/Swift Legacy Configuration": [
|
||||||
"java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl1.qll",
|
"java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl1.qll",
|
||||||
"java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl2.qll",
|
"java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl2.qll",
|
||||||
@@ -20,16 +40,41 @@
|
|||||||
"csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl3.qll",
|
"csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl3.qll",
|
||||||
"csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll",
|
"csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll",
|
||||||
"csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll",
|
"csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll",
|
||||||
|
"csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImplForContentDataFlow.qll",
|
||||||
"go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl1.qll",
|
"go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl1.qll",
|
||||||
"go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl2.qll",
|
"go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl2.qll",
|
||||||
|
"go/ql/lib/semmle/go/dataflow/internal/DataFlowImplForStringsNewReplacer.qll",
|
||||||
"python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl1.qll",
|
"python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl1.qll",
|
||||||
"python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl2.qll",
|
"python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl2.qll",
|
||||||
"python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl3.qll",
|
"python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl3.qll",
|
||||||
"python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl4.qll",
|
"python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl4.qll",
|
||||||
|
"python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImplForRegExp.qll",
|
||||||
"ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl1.qll",
|
"ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl1.qll",
|
||||||
"ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl2.qll",
|
"ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl2.qll",
|
||||||
|
"ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplForHttpClientLibraries.qll",
|
||||||
|
"ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplForPathname.qll",
|
||||||
"swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl1.qll"
|
"swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl1.qll"
|
||||||
],
|
],
|
||||||
|
"DataFlow Java/C++/C#/Go/Python/Ruby/Swift Common": [
|
||||||
|
"java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplCommon.qll",
|
||||||
|
"cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplCommon.qll",
|
||||||
|
"cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImplCommon.qll",
|
||||||
|
"csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImplCommon.qll",
|
||||||
|
"go/ql/lib/semmle/go/dataflow/internal/DataFlowImplCommon.qll",
|
||||||
|
"python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImplCommon.qll",
|
||||||
|
"ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplCommon.qll",
|
||||||
|
"swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImplCommon.qll"
|
||||||
|
],
|
||||||
|
"TaintTracking Java/C++/C#/Go/Python/Ruby/Swift": [
|
||||||
|
"cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking1/TaintTracking.qll",
|
||||||
|
"cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking1/TaintTracking.qll",
|
||||||
|
"csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking1/TaintTracking.qll",
|
||||||
|
"go/ql/lib/semmle/go/dataflow/internal/tainttracking1/TaintTracking.qll",
|
||||||
|
"java/ql/lib/semmle/code/java/dataflow/internal/tainttracking1/TaintTracking.qll",
|
||||||
|
"python/ql/lib/semmle/python/dataflow/new/internal/tainttracking1/TaintTracking.qll",
|
||||||
|
"ruby/ql/lib/codeql/ruby/dataflow/internal/tainttracking1/TaintTracking.qll",
|
||||||
|
"swift/ql/lib/codeql/swift/dataflow/internal/tainttracking1/TaintTracking.qll"
|
||||||
|
],
|
||||||
"TaintTracking Legacy Configuration Java/C++/C#/Go/Python/Ruby/Swift": [
|
"TaintTracking Legacy Configuration Java/C++/C#/Go/Python/Ruby/Swift": [
|
||||||
"cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll",
|
"cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll",
|
||||||
"cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking2/TaintTrackingImpl.qll",
|
"cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking2/TaintTrackingImpl.qll",
|
||||||
@@ -53,6 +98,23 @@
|
|||||||
"ruby/ql/lib/codeql/ruby/dataflow/internal/tainttracking1/TaintTrackingImpl.qll",
|
"ruby/ql/lib/codeql/ruby/dataflow/internal/tainttracking1/TaintTrackingImpl.qll",
|
||||||
"swift/ql/lib/codeql/swift/dataflow/internal/tainttracking1/TaintTrackingImpl.qll"
|
"swift/ql/lib/codeql/swift/dataflow/internal/tainttracking1/TaintTrackingImpl.qll"
|
||||||
],
|
],
|
||||||
|
"DataFlow Java/C++/C#/Python/Ruby/Swift Consistency checks": [
|
||||||
|
"java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplConsistency.qll",
|
||||||
|
"cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplConsistency.qll",
|
||||||
|
"cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImplConsistency.qll",
|
||||||
|
"csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImplConsistency.qll",
|
||||||
|
"python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImplConsistency.qll",
|
||||||
|
"ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplConsistency.qll",
|
||||||
|
"swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImplConsistency.qll"
|
||||||
|
],
|
||||||
|
"DataFlow Java/C#/Go/Ruby/Python/Swift Flow Summaries": [
|
||||||
|
"java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll",
|
||||||
|
"csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll",
|
||||||
|
"go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll",
|
||||||
|
"ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImpl.qll",
|
||||||
|
"python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImpl.qll",
|
||||||
|
"swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImpl.qll"
|
||||||
|
],
|
||||||
"SsaReadPosition Java/C#": [
|
"SsaReadPosition Java/C#": [
|
||||||
"java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/SsaReadPositionCommon.qll",
|
"java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/SsaReadPositionCommon.qll",
|
||||||
"csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/SsaReadPositionCommon.qll"
|
"csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/SsaReadPositionCommon.qll"
|
||||||
@@ -88,46 +150,123 @@
|
|||||||
"IR Instruction": [
|
"IR Instruction": [
|
||||||
"cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Instruction.qll",
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Instruction.qll",
|
||||||
"cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll",
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll",
|
||||||
"cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll"
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll",
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/raw/Instruction.qll",
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/unaliased_ssa/Instruction.qll"
|
||||||
],
|
],
|
||||||
"IR IRBlock": [
|
"IR IRBlock": [
|
||||||
"cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRBlock.qll",
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRBlock.qll",
|
||||||
"cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRBlock.qll",
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRBlock.qll",
|
||||||
"cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRBlock.qll"
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRBlock.qll",
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/raw/IRBlock.qll",
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/unaliased_ssa/IRBlock.qll"
|
||||||
],
|
],
|
||||||
"IR IRVariable": [
|
"IR IRVariable": [
|
||||||
"cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRVariable.qll",
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRVariable.qll",
|
||||||
"cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRVariable.qll",
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRVariable.qll",
|
||||||
"cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRVariable.qll"
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRVariable.qll",
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/raw/IRVariable.qll",
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/unaliased_ssa/IRVariable.qll"
|
||||||
],
|
],
|
||||||
"IR IRFunction": [
|
"IR IRFunction": [
|
||||||
"cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRFunction.qll",
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRFunction.qll",
|
||||||
"cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRFunction.qll",
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRFunction.qll",
|
||||||
"cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRFunction.qll"
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRFunction.qll",
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/raw/IRFunction.qll",
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/unaliased_ssa/IRFunction.qll"
|
||||||
],
|
],
|
||||||
"IR Operand": [
|
"IR Operand": [
|
||||||
"cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Operand.qll",
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Operand.qll",
|
||||||
"cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Operand.qll",
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Operand.qll",
|
||||||
"cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Operand.qll"
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Operand.qll",
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/raw/Operand.qll",
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/unaliased_ssa/Operand.qll"
|
||||||
|
],
|
||||||
|
"IR IRType": [
|
||||||
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/IRType.qll",
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/IRType.qll"
|
||||||
|
],
|
||||||
|
"IR IRConfiguration": [
|
||||||
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/IRConfiguration.qll",
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/IRConfiguration.qll"
|
||||||
|
],
|
||||||
|
"IR UseSoundEscapeAnalysis": [
|
||||||
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/UseSoundEscapeAnalysis.qll",
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/UseSoundEscapeAnalysis.qll"
|
||||||
|
],
|
||||||
|
"IR IRFunctionBase": [
|
||||||
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/IRFunctionBase.qll",
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/internal/IRFunctionBase.qll"
|
||||||
|
],
|
||||||
|
"IR Operand Tag": [
|
||||||
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/OperandTag.qll",
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/internal/OperandTag.qll"
|
||||||
|
],
|
||||||
|
"IR TInstruction": [
|
||||||
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/TInstruction.qll",
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/internal/TInstruction.qll"
|
||||||
|
],
|
||||||
|
"IR TIRVariable": [
|
||||||
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/TIRVariable.qll",
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/internal/TIRVariable.qll"
|
||||||
],
|
],
|
||||||
"IR IR": [
|
"IR IR": [
|
||||||
"cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IR.qll",
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IR.qll",
|
||||||
"cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IR.qll",
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IR.qll",
|
||||||
"cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IR.qll"
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IR.qll",
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/raw/IR.qll",
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/unaliased_ssa/IR.qll"
|
||||||
],
|
],
|
||||||
"IR IRConsistency": [
|
"IR IRConsistency": [
|
||||||
"cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRConsistency.qll",
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRConsistency.qll",
|
||||||
"cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRConsistency.qll",
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRConsistency.qll",
|
||||||
"cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRConsistency.qll"
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRConsistency.qll",
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/raw/IRConsistency.qll",
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/unaliased_ssa/IRConsistency.qll"
|
||||||
],
|
],
|
||||||
"IR PrintIR": [
|
"IR PrintIR": [
|
||||||
"cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/PrintIR.qll",
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/PrintIR.qll",
|
||||||
"cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/PrintIR.qll",
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/PrintIR.qll",
|
||||||
"cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/PrintIR.qll"
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/PrintIR.qll",
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/raw/PrintIR.qll",
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/unaliased_ssa/PrintIR.qll"
|
||||||
|
],
|
||||||
|
"IR IntegerConstant": [
|
||||||
|
"cpp/ql/lib/semmle/code/cpp/ir/internal/IntegerConstant.qll",
|
||||||
|
"csharp/ql/src/experimental/ir/internal/IntegerConstant.qll"
|
||||||
|
],
|
||||||
|
"IR IntegerInteval": [
|
||||||
|
"cpp/ql/lib/semmle/code/cpp/ir/internal/IntegerInterval.qll",
|
||||||
|
"csharp/ql/src/experimental/ir/internal/IntegerInterval.qll"
|
||||||
|
],
|
||||||
|
"IR IntegerPartial": [
|
||||||
|
"cpp/ql/lib/semmle/code/cpp/ir/internal/IntegerPartial.qll",
|
||||||
|
"csharp/ql/src/experimental/ir/internal/IntegerPartial.qll"
|
||||||
|
],
|
||||||
|
"IR Overlap": [
|
||||||
|
"cpp/ql/lib/semmle/code/cpp/ir/internal/Overlap.qll",
|
||||||
|
"csharp/ql/src/experimental/ir/internal/Overlap.qll"
|
||||||
|
],
|
||||||
|
"IR EdgeKind": [
|
||||||
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/EdgeKind.qll",
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/EdgeKind.qll"
|
||||||
|
],
|
||||||
|
"IR MemoryAccessKind": [
|
||||||
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/MemoryAccessKind.qll",
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/MemoryAccessKind.qll"
|
||||||
|
],
|
||||||
|
"IR TempVariableTag": [
|
||||||
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/TempVariableTag.qll",
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/TempVariableTag.qll"
|
||||||
|
],
|
||||||
|
"IR Opcode": [
|
||||||
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/Opcode.qll",
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/Opcode.qll"
|
||||||
],
|
],
|
||||||
"IR SSAConsistency": [
|
"IR SSAConsistency": [
|
||||||
"cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConsistency.qll",
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConsistency.qll",
|
||||||
"cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConsistency.qll"
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConsistency.qll",
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/SSAConsistency.qll"
|
||||||
],
|
],
|
||||||
"C++ IR InstructionImports": [
|
"C++ IR InstructionImports": [
|
||||||
"cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/InstructionImports.qll",
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/InstructionImports.qll",
|
||||||
@@ -175,7 +314,8 @@
|
|||||||
],
|
],
|
||||||
"SSA AliasAnalysis": [
|
"SSA AliasAnalysis": [
|
||||||
"cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/AliasAnalysis.qll",
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/AliasAnalysis.qll",
|
||||||
"cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasAnalysis.qll"
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasAnalysis.qll",
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/AliasAnalysis.qll"
|
||||||
],
|
],
|
||||||
"SSA PrintAliasAnalysis": [
|
"SSA PrintAliasAnalysis": [
|
||||||
"cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/PrintAliasAnalysis.qll",
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/PrintAliasAnalysis.qll",
|
||||||
@@ -190,28 +330,44 @@
|
|||||||
"cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/gvn/internal/ValueNumberingImports.qll",
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/gvn/internal/ValueNumberingImports.qll",
|
||||||
"cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/gvn/internal/ValueNumberingImports.qll"
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/gvn/internal/ValueNumberingImports.qll"
|
||||||
],
|
],
|
||||||
|
"IR SSA SimpleSSA": [
|
||||||
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SimpleSSA.qll",
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/SimpleSSA.qll"
|
||||||
|
],
|
||||||
|
"IR AliasConfiguration (unaliased_ssa)": [
|
||||||
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/AliasConfiguration.qll",
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/AliasConfiguration.qll"
|
||||||
|
],
|
||||||
"IR SSA SSAConstruction": [
|
"IR SSA SSAConstruction": [
|
||||||
"cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll",
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll",
|
||||||
"cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstruction.qll"
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstruction.qll",
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll"
|
||||||
],
|
],
|
||||||
"IR SSA PrintSSA": [
|
"IR SSA PrintSSA": [
|
||||||
"cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/PrintSSA.qll",
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/PrintSSA.qll",
|
||||||
"cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/PrintSSA.qll"
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/PrintSSA.qll",
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/PrintSSA.qll"
|
||||||
],
|
],
|
||||||
"IR ValueNumberInternal": [
|
"IR ValueNumberInternal": [
|
||||||
"cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/gvn/internal/ValueNumberingInternal.qll",
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/gvn/internal/ValueNumberingInternal.qll",
|
||||||
"cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/gvn/internal/ValueNumberingInternal.qll",
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/gvn/internal/ValueNumberingInternal.qll",
|
||||||
"cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/gvn/internal/ValueNumberingInternal.qll"
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/gvn/internal/ValueNumberingInternal.qll",
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/raw/gvn/internal/ValueNumberingInternal.qll",
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/unaliased_ssa/gvn/internal/ValueNumberingInternal.qll"
|
||||||
],
|
],
|
||||||
"C++ IR ValueNumber": [
|
"C++ IR ValueNumber": [
|
||||||
"cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/gvn/ValueNumbering.qll",
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/gvn/ValueNumbering.qll",
|
||||||
"cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/gvn/ValueNumbering.qll",
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/gvn/ValueNumbering.qll",
|
||||||
"cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/gvn/ValueNumbering.qll"
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/gvn/ValueNumbering.qll",
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/raw/gvn/ValueNumbering.qll",
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/unaliased_ssa/gvn/ValueNumbering.qll"
|
||||||
],
|
],
|
||||||
"C++ IR PrintValueNumbering": [
|
"C++ IR PrintValueNumbering": [
|
||||||
"cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/gvn/PrintValueNumbering.qll",
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/gvn/PrintValueNumbering.qll",
|
||||||
"cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/gvn/PrintValueNumbering.qll",
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/gvn/PrintValueNumbering.qll",
|
||||||
"cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/gvn/PrintValueNumbering.qll"
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/gvn/PrintValueNumbering.qll",
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/raw/gvn/PrintValueNumbering.qll",
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/unaliased_ssa/gvn/PrintValueNumbering.qll"
|
||||||
],
|
],
|
||||||
"C++ IR ConstantAnalysis": [
|
"C++ IR ConstantAnalysis": [
|
||||||
"cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/constant/ConstantAnalysis.qll",
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/constant/ConstantAnalysis.qll",
|
||||||
@@ -239,6 +395,38 @@
|
|||||||
"cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/reachability/PrintDominance.qll",
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/reachability/PrintDominance.qll",
|
||||||
"cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/reachability/PrintDominance.qll"
|
"cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/reachability/PrintDominance.qll"
|
||||||
],
|
],
|
||||||
|
"C# IR InstructionImports": [
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/raw/internal/InstructionImports.qll",
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/InstructionImports.qll"
|
||||||
|
],
|
||||||
|
"C# IR IRImports": [
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/raw/internal/IRImports.qll",
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/IRImports.qll"
|
||||||
|
],
|
||||||
|
"C# IR IRBlockImports": [
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/raw/internal/IRBlockImports.qll",
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/IRBlockImports.qll"
|
||||||
|
],
|
||||||
|
"C# IR IRFunctionImports": [
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/raw/internal/IRFunctionImports.qll",
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/IRFunctionImports.qll"
|
||||||
|
],
|
||||||
|
"C# IR IRVariableImports": [
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/raw/internal/IRVariableImports.qll",
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/IRVariableImports.qll"
|
||||||
|
],
|
||||||
|
"C# IR OperandImports": [
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/raw/internal/OperandImports.qll",
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/OperandImports.qll"
|
||||||
|
],
|
||||||
|
"C# IR PrintIRImports": [
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/raw/internal/PrintIRImports.qll",
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/PrintIRImports.qll"
|
||||||
|
],
|
||||||
|
"C# IR ValueNumberingImports": [
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/raw/gvn/internal/ValueNumberingImports.qll",
|
||||||
|
"csharp/ql/src/experimental/ir/implementation/unaliased_ssa/gvn/internal/ValueNumberingImports.qll"
|
||||||
|
],
|
||||||
"C# ControlFlowReachability": [
|
"C# ControlFlowReachability": [
|
||||||
"csharp/ql/lib/semmle/code/csharp/dataflow/internal/ControlFlowReachability.qll",
|
"csharp/ql/lib/semmle/code/csharp/dataflow/internal/ControlFlowReachability.qll",
|
||||||
"csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/ControlFlowReachability.qll"
|
"csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/ControlFlowReachability.qll"
|
||||||
@@ -255,6 +443,7 @@
|
|||||||
"cpp/ql/lib/semmle/code/cpp/XML.qll",
|
"cpp/ql/lib/semmle/code/cpp/XML.qll",
|
||||||
"csharp/ql/lib/semmle/code/csharp/XML.qll",
|
"csharp/ql/lib/semmle/code/csharp/XML.qll",
|
||||||
"java/ql/lib/semmle/code/xml/XML.qll",
|
"java/ql/lib/semmle/code/xml/XML.qll",
|
||||||
|
"javascript/ql/lib/semmle/javascript/XML.qll",
|
||||||
"python/ql/lib/semmle/python/xml/XML.qll"
|
"python/ql/lib/semmle/python/xml/XML.qll"
|
||||||
],
|
],
|
||||||
"DuplicationProblems.inc.qhelp": [
|
"DuplicationProblems.inc.qhelp": [
|
||||||
@@ -304,6 +493,13 @@
|
|||||||
"java/ql/src/experimental/Security/CWE/CWE-400/LocalThreadResourceAbuse.qhelp",
|
"java/ql/src/experimental/Security/CWE/CWE-400/LocalThreadResourceAbuse.qhelp",
|
||||||
"java/ql/src/experimental/Security/CWE/CWE-400/ThreadResourceAbuse.qhelp"
|
"java/ql/src/experimental/Security/CWE/CWE-400/ThreadResourceAbuse.qhelp"
|
||||||
],
|
],
|
||||||
|
"IDE Contextual Queries": [
|
||||||
|
"cpp/ql/lib/IDEContextual.qll",
|
||||||
|
"csharp/ql/lib/IDEContextual.qll",
|
||||||
|
"java/ql/lib/IDEContextual.qll",
|
||||||
|
"javascript/ql/lib/IDEContextual.qll",
|
||||||
|
"python/ql/lib/analysis/IDEContextual.qll"
|
||||||
|
],
|
||||||
"CryptoAlgorithms Python/JS/Ruby": [
|
"CryptoAlgorithms Python/JS/Ruby": [
|
||||||
"javascript/ql/lib/semmle/javascript/security/CryptoAlgorithms.qll",
|
"javascript/ql/lib/semmle/javascript/security/CryptoAlgorithms.qll",
|
||||||
"python/ql/lib/semmle/python/concepts/CryptoAlgorithms.qll",
|
"python/ql/lib/semmle/python/concepts/CryptoAlgorithms.qll",
|
||||||
@@ -317,8 +513,25 @@
|
|||||||
"SensitiveDataHeuristics Python/JS": [
|
"SensitiveDataHeuristics Python/JS": [
|
||||||
"javascript/ql/lib/semmle/javascript/security/internal/SensitiveDataHeuristics.qll",
|
"javascript/ql/lib/semmle/javascript/security/internal/SensitiveDataHeuristics.qll",
|
||||||
"python/ql/lib/semmle/python/security/internal/SensitiveDataHeuristics.qll",
|
"python/ql/lib/semmle/python/security/internal/SensitiveDataHeuristics.qll",
|
||||||
"ruby/ql/lib/codeql/ruby/security/internal/SensitiveDataHeuristics.qll",
|
"ruby/ql/lib/codeql/ruby/security/internal/SensitiveDataHeuristics.qll"
|
||||||
"swift/ql/lib/codeql/swift/security/internal/SensitiveDataHeuristics.qll"
|
],
|
||||||
|
"CFG": [
|
||||||
|
"csharp/ql/lib/semmle/code/csharp/controlflow/internal/ControlFlowGraphImplShared.qll",
|
||||||
|
"ruby/ql/lib/codeql/ruby/controlflow/internal/ControlFlowGraphImplShared.qll",
|
||||||
|
"swift/ql/lib/codeql/swift/controlflow/internal/ControlFlowGraphImplShared.qll"
|
||||||
|
],
|
||||||
|
"TypeTracker": [
|
||||||
|
"python/ql/lib/semmle/python/dataflow/new/internal/TypeTracker.qll",
|
||||||
|
"ruby/ql/lib/codeql/ruby/typetracking/TypeTracker.qll"
|
||||||
|
],
|
||||||
|
"AccessPathSyntax": [
|
||||||
|
"csharp/ql/lib/semmle/code/csharp/dataflow/internal/AccessPathSyntax.qll",
|
||||||
|
"go/ql/lib/semmle/go/dataflow/internal/AccessPathSyntax.qll",
|
||||||
|
"java/ql/lib/semmle/code/java/dataflow/internal/AccessPathSyntax.qll",
|
||||||
|
"javascript/ql/lib/semmle/javascript/frameworks/data/internal/AccessPathSyntax.qll",
|
||||||
|
"ruby/ql/lib/codeql/ruby/dataflow/internal/AccessPathSyntax.qll",
|
||||||
|
"python/ql/lib/semmle/python/dataflow/new/internal/AccessPathSyntax.qll",
|
||||||
|
"swift/ql/lib/codeql/swift/dataflow/internal/AccessPathSyntax.qll"
|
||||||
],
|
],
|
||||||
"IncompleteUrlSubstringSanitization": [
|
"IncompleteUrlSubstringSanitization": [
|
||||||
"javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.qll",
|
"javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.qll",
|
||||||
@@ -339,6 +552,26 @@
|
|||||||
"ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModelsExtensions.qll",
|
"ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModelsExtensions.qll",
|
||||||
"python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModelsExtensions.qll"
|
"python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModelsExtensions.qll"
|
||||||
],
|
],
|
||||||
|
"TaintedFormatStringQuery Ruby/JS": [
|
||||||
|
"javascript/ql/lib/semmle/javascript/security/dataflow/TaintedFormatStringQuery.qll",
|
||||||
|
"ruby/ql/lib/codeql/ruby/security/TaintedFormatStringQuery.qll"
|
||||||
|
],
|
||||||
|
"TaintedFormatStringCustomizations Ruby/JS": [
|
||||||
|
"javascript/ql/lib/semmle/javascript/security/dataflow/TaintedFormatStringCustomizations.qll",
|
||||||
|
"ruby/ql/lib/codeql/ruby/security/TaintedFormatStringCustomizations.qll"
|
||||||
|
],
|
||||||
|
"HttpToFileAccessQuery JS/Ruby": [
|
||||||
|
"javascript/ql/lib/semmle/javascript/security/dataflow/HttpToFileAccessQuery.qll",
|
||||||
|
"ruby/ql/lib/codeql/ruby/security/HttpToFileAccessQuery.qll"
|
||||||
|
],
|
||||||
|
"HttpToFileAccessCustomizations JS/Ruby": [
|
||||||
|
"javascript/ql/lib/semmle/javascript/security/dataflow/HttpToFileAccessCustomizations.qll",
|
||||||
|
"ruby/ql/lib/codeql/ruby/security/HttpToFileAccessCustomizations.qll"
|
||||||
|
],
|
||||||
|
"Typo database": [
|
||||||
|
"javascript/ql/src/Expressions/TypoDatabase.qll",
|
||||||
|
"ql/ql/src/codeql_ql/style/TypoDatabase.qll"
|
||||||
|
],
|
||||||
"Swift declarations test file": [
|
"Swift declarations test file": [
|
||||||
"swift/ql/test/extractor-tests/declarations/declarations.swift",
|
"swift/ql/test/extractor-tests/declarations/declarations.swift",
|
||||||
"swift/ql/test/library-tests/ast/declarations.swift"
|
"swift/ql/test/library-tests/ast/declarations.swift"
|
||||||
@@ -366,9 +599,5 @@
|
|||||||
"EncryptionKeySizes Python/Java": [
|
"EncryptionKeySizes Python/Java": [
|
||||||
"python/ql/lib/semmle/python/security/internal/EncryptionKeySizes.qll",
|
"python/ql/lib/semmle/python/security/internal/EncryptionKeySizes.qll",
|
||||||
"java/ql/lib/semmle/code/java/security/internal/EncryptionKeySizes.qll"
|
"java/ql/lib/semmle/code/java/security/internal/EncryptionKeySizes.qll"
|
||||||
],
|
|
||||||
"Python model summaries test extension": [
|
|
||||||
"python/ql/test/experimental/dataflow/model-summaries/InlineTaintTest.ext.yml",
|
|
||||||
"python/ql/test/experimental/dataflow/model-summaries/NormalDataflowTest.ext.yml"
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
@@ -1,86 +0,0 @@
|
|||||||
#!/usr/bin/env python3
|
|
||||||
|
|
||||||
import argparse
|
|
||||||
import json
|
|
||||||
import os
|
|
||||||
import pathlib
|
|
||||||
import re
|
|
||||||
|
|
||||||
|
|
||||||
def make_groups(blocks):
|
|
||||||
groups = {}
|
|
||||||
for block in blocks:
|
|
||||||
groups.setdefault("".join(block["lines"]), []).append(block)
|
|
||||||
return list(groups.values())
|
|
||||||
|
|
||||||
|
|
||||||
def validate_fragments(fragments):
|
|
||||||
ok = True
|
|
||||||
for header, blocks in fragments.items():
|
|
||||||
groups = make_groups(blocks)
|
|
||||||
if len(groups) > 1:
|
|
||||||
ok = False
|
|
||||||
print("Warning: dbscheme fragments with header '{}' are different for {}".format(header, ["{}:{}:{}".format(
|
|
||||||
group[0]["file"], group[0]["start"], group[0]["end"]) for group in groups]))
|
|
||||||
return ok
|
|
||||||
|
|
||||||
|
|
||||||
def main():
|
|
||||||
script_path = os.path.realpath(__file__)
|
|
||||||
script_dir = os.path.dirname(script_path)
|
|
||||||
parser = argparse.ArgumentParser(
|
|
||||||
prog=os.path.basename(script_path),
|
|
||||||
description='Sync dbscheme fragments across files.'
|
|
||||||
)
|
|
||||||
parser.add_argument('files', metavar='dbscheme_file', type=pathlib.Path, nargs='*', default=[],
|
|
||||||
help='dbscheme files to check')
|
|
||||||
args = parser.parse_args()
|
|
||||||
|
|
||||||
with open(os.path.join(script_dir, "dbscheme-fragments.json"), "r") as f:
|
|
||||||
config = json.load(f)
|
|
||||||
|
|
||||||
fragment_headers = set(config["fragments"])
|
|
||||||
fragments = {}
|
|
||||||
ok = True
|
|
||||||
for file in args.files + config["files"]:
|
|
||||||
with open(os.path.join(os.path.dirname(script_dir), file), "r") as dbscheme:
|
|
||||||
header = None
|
|
||||||
line_number = 1
|
|
||||||
block = {"file": file, "start": line_number,
|
|
||||||
"end": None, "lines": []}
|
|
||||||
|
|
||||||
def end_block():
|
|
||||||
block["end"] = line_number - 1
|
|
||||||
if len(block["lines"]) > 0:
|
|
||||||
if header is None:
|
|
||||||
if re.match(r'(?m)\A(\s|//.*$|/\*(\**[^\*])*\*+/)*\Z', "".join(block["lines"])):
|
|
||||||
# Ignore comments at the beginning of the file
|
|
||||||
pass
|
|
||||||
else:
|
|
||||||
ok = False
|
|
||||||
print("Warning: dbscheme fragment without header: {}:{}:{}".format(
|
|
||||||
block["file"], block["start"], block["end"]))
|
|
||||||
else:
|
|
||||||
fragments.setdefault(header, []).append(block)
|
|
||||||
for line in dbscheme:
|
|
||||||
m = re.match(r"^\/\*-.*-\*\/$", line)
|
|
||||||
if m:
|
|
||||||
end_block()
|
|
||||||
header = line.strip()
|
|
||||||
if header not in fragment_headers:
|
|
||||||
ok = False
|
|
||||||
print("Warning: unknown header for dbscheme fragment: '{}': {}:{}".format(
|
|
||||||
header, file, line_number))
|
|
||||||
block = {"file": file, "start": line_number,
|
|
||||||
"end": None, "lines": []}
|
|
||||||
block["lines"].append(line)
|
|
||||||
line_number += 1
|
|
||||||
block["lines"].append('\n')
|
|
||||||
line_number += 1
|
|
||||||
end_block()
|
|
||||||
if not ok or not validate_fragments(fragments):
|
|
||||||
exit(1)
|
|
||||||
|
|
||||||
|
|
||||||
if __name__ == "__main__":
|
|
||||||
main()
|
|
||||||
@@ -1,17 +1,12 @@
|
|||||||
load("@rules_pkg//:mappings.bzl", "pkg_filegroup")
|
|
||||||
|
|
||||||
package(default_visibility = ["//visibility:public"])
|
package(default_visibility = ["//visibility:public"])
|
||||||
|
|
||||||
|
load("@rules_pkg//:mappings.bzl", "pkg_filegroup")
|
||||||
|
|
||||||
alias(
|
alias(
|
||||||
name = "dbscheme",
|
name = "dbscheme",
|
||||||
actual = "//cpp/ql/lib:dbscheme",
|
actual = "//cpp/ql/lib:dbscheme",
|
||||||
)
|
)
|
||||||
|
|
||||||
alias(
|
|
||||||
name = "dbscheme-stats",
|
|
||||||
actual = "//cpp/ql/lib:dbscheme-stats",
|
|
||||||
)
|
|
||||||
|
|
||||||
pkg_filegroup(
|
pkg_filegroup(
|
||||||
name = "db-files",
|
name = "db-files",
|
||||||
srcs = [
|
srcs = [
|
||||||
|
|||||||
@@ -145,9 +145,9 @@ namespace Semmle.Autobuild.Cpp.Tests
|
|||||||
|
|
||||||
bool IBuildActions.IsMacOs() => IsMacOs;
|
bool IBuildActions.IsMacOs() => IsMacOs;
|
||||||
|
|
||||||
public bool IsRunningOnAppleSilicon { get; set; }
|
public bool IsArm { get; set; }
|
||||||
|
|
||||||
bool IBuildActions.IsRunningOnAppleSilicon() => IsRunningOnAppleSilicon;
|
bool IBuildActions.IsArm() => IsArm;
|
||||||
|
|
||||||
string IBuildActions.PathCombine(params string[] parts)
|
string IBuildActions.PathCombine(params string[] parts)
|
||||||
{
|
{
|
||||||
@@ -326,8 +326,8 @@ namespace Semmle.Autobuild.Cpp.Tests
|
|||||||
public void TestCppAutobuilderSuccess()
|
public void TestCppAutobuilderSuccess()
|
||||||
{
|
{
|
||||||
Actions.RunProcess[@"cmd.exe /C nuget restore C:\Project\test.sln -DisableParallelProcessing"] = 1;
|
Actions.RunProcess[@"cmd.exe /C nuget restore C:\Project\test.sln -DisableParallelProcessing"] = 1;
|
||||||
Actions.RunProcess[@"cmd.exe /C scratch\.nuget\nuget.exe restore C:\Project\test.sln -DisableParallelProcessing"] = 0;
|
Actions.RunProcess[@"cmd.exe /C C:\Project\.nuget\nuget.exe restore C:\Project\test.sln -DisableParallelProcessing"] = 0;
|
||||||
Actions.RunProcess[@"cmd.exe /C CALL ^""C:\Program^ Files^ ^(x86^)\Microsoft^ Visual^ Studio^ 14.0\VC\vcvarsall.bat^"" && set Platform=&& type NUL && msbuild C:\Project\test.sln /t:rebuild /p:Platform=""x86"" /p:Configuration=""Release"""] = 0;
|
Actions.RunProcess[@"cmd.exe /C CALL ^""C:\Program Files ^(x86^)\Microsoft Visual Studio 14.0\VC\vcvarsall.bat^"" && set Platform=&& type NUL && msbuild C:\Project\test.sln /t:rebuild /p:Platform=""x86"" /p:Configuration=""Release"""] = 0;
|
||||||
Actions.RunProcessOut[@"C:\Program Files (x86)\Microsoft Visual Studio\Installer\vswhere.exe -prerelease -legacy -property installationPath"] = "";
|
Actions.RunProcessOut[@"C:\Program Files (x86)\Microsoft Visual Studio\Installer\vswhere.exe -prerelease -legacy -property installationPath"] = "";
|
||||||
Actions.RunProcess[@"C:\Program Files (x86)\Microsoft Visual Studio\Installer\vswhere.exe -prerelease -legacy -property installationPath"] = 1;
|
Actions.RunProcess[@"C:\Program Files (x86)\Microsoft Visual Studio\Installer\vswhere.exe -prerelease -legacy -property installationPath"] = 1;
|
||||||
Actions.RunProcess[@"C:\Program Files (x86)\Microsoft Visual Studio\Installer\vswhere.exe -prerelease -legacy -property installationVersion"] = 0;
|
Actions.RunProcess[@"C:\Program Files (x86)\Microsoft Visual Studio\Installer\vswhere.exe -prerelease -legacy -property installationVersion"] = 0;
|
||||||
@@ -337,11 +337,10 @@ namespace Semmle.Autobuild.Cpp.Tests
|
|||||||
Actions.FileExists[@"C:\Program Files (x86)\Microsoft Visual Studio 11.0\VC\vcvarsall.bat"] = true;
|
Actions.FileExists[@"C:\Program Files (x86)\Microsoft Visual Studio 11.0\VC\vcvarsall.bat"] = true;
|
||||||
Actions.FileExists[@"C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\vcvarsall.bat"] = true;
|
Actions.FileExists[@"C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\vcvarsall.bat"] = true;
|
||||||
Actions.FileExists[@"C:\Program Files (x86)\Microsoft Visual Studio\Installer\vswhere.exe"] = true;
|
Actions.FileExists[@"C:\Program Files (x86)\Microsoft Visual Studio\Installer\vswhere.exe"] = true;
|
||||||
Actions.GetEnvironmentVariable["CODEQL_EXTRACTOR_CPP_SCRATCH_DIR"] = "scratch";
|
|
||||||
Actions.EnumerateFiles[@"C:\Project"] = "foo.cs\ntest.slx";
|
Actions.EnumerateFiles[@"C:\Project"] = "foo.cs\ntest.slx";
|
||||||
Actions.EnumerateDirectories[@"C:\Project"] = "";
|
Actions.EnumerateDirectories[@"C:\Project"] = "";
|
||||||
Actions.CreateDirectories.Add(@"scratch\.nuget");
|
Actions.CreateDirectories.Add(@"C:\Project\.nuget");
|
||||||
Actions.DownloadFiles.Add(("https://dist.nuget.org/win-x86-commandline/latest/nuget.exe", @"scratch\.nuget\nuget.exe"));
|
Actions.DownloadFiles.Add(("https://dist.nuget.org/win-x86-commandline/latest/nuget.exe", @"C:\Project\.nuget\nuget.exe"));
|
||||||
|
|
||||||
var autobuilder = CreateAutoBuilder(true);
|
var autobuilder = CreateAutoBuilder(true);
|
||||||
var solution = new TestSolution(@"C:\Project\test.sln");
|
var solution = new TestSolution(@"C:\Project\test.sln");
|
||||||
|
|||||||
@@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
<PropertyGroup>
|
<PropertyGroup>
|
||||||
<OutputType>Exe</OutputType>
|
<OutputType>Exe</OutputType>
|
||||||
<TargetFramework>net8.0</TargetFramework>
|
<TargetFramework>net7.0</TargetFramework>
|
||||||
<GenerateAssemblyInfo>false</GenerateAssemblyInfo>
|
<GenerateAssemblyInfo>false</GenerateAssemblyInfo>
|
||||||
<RuntimeIdentifiers>win-x64;linux-x64;osx-x64</RuntimeIdentifiers>
|
<RuntimeIdentifiers>win-x64;linux-x64;osx-x64</RuntimeIdentifiers>
|
||||||
<Nullable>enable</Nullable>
|
<Nullable>enable</Nullable>
|
||||||
@@ -11,12 +11,12 @@
|
|||||||
<ItemGroup>
|
<ItemGroup>
|
||||||
<PackageReference Include="System.IO.FileSystem" Version="4.3.0" />
|
<PackageReference Include="System.IO.FileSystem" Version="4.3.0" />
|
||||||
<PackageReference Include="System.IO.FileSystem.Primitives" Version="4.3.0" />
|
<PackageReference Include="System.IO.FileSystem.Primitives" Version="4.3.0" />
|
||||||
<PackageReference Include="xunit" Version="2.6.2" />
|
<PackageReference Include="xunit" Version="2.4.2" />
|
||||||
<PackageReference Include="xunit.runner.visualstudio" Version="2.5.4">
|
<PackageReference Include="xunit.runner.visualstudio" Version="2.4.5">
|
||||||
<PrivateAssets>all</PrivateAssets>
|
<PrivateAssets>all</PrivateAssets>
|
||||||
<IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
|
<IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
|
||||||
</PackageReference>
|
</PackageReference>
|
||||||
<PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.8.0" />
|
<PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.4.0" />
|
||||||
</ItemGroup>
|
</ItemGroup>
|
||||||
|
|
||||||
<ItemGroup>
|
<ItemGroup>
|
||||||
|
|||||||
@@ -1,7 +1,5 @@
|
|||||||
using System;
|
using System;
|
||||||
|
|
||||||
using Semmle.Autobuild.Shared;
|
using Semmle.Autobuild.Shared;
|
||||||
using Semmle.Util;
|
|
||||||
|
|
||||||
namespace Semmle.Autobuild.Cpp
|
namespace Semmle.Autobuild.Cpp
|
||||||
{
|
{
|
||||||
|
|||||||
@@ -1,7 +1,7 @@
|
|||||||
<Project Sdk="Microsoft.NET.Sdk">
|
<Project Sdk="Microsoft.NET.Sdk">
|
||||||
|
|
||||||
<PropertyGroup>
|
<PropertyGroup>
|
||||||
<TargetFramework>net8.0</TargetFramework>
|
<TargetFramework>net7.0</TargetFramework>
|
||||||
<AssemblyName>Semmle.Autobuild.Cpp</AssemblyName>
|
<AssemblyName>Semmle.Autobuild.Cpp</AssemblyName>
|
||||||
<RootNamespace>Semmle.Autobuild.Cpp</RootNamespace>
|
<RootNamespace>Semmle.Autobuild.Cpp</RootNamespace>
|
||||||
<ApplicationIcon />
|
<ApplicationIcon />
|
||||||
@@ -17,7 +17,7 @@
|
|||||||
</ItemGroup>
|
</ItemGroup>
|
||||||
|
|
||||||
<ItemGroup>
|
<ItemGroup>
|
||||||
<PackageReference Include="Microsoft.Build" Version="17.8.3" />
|
<PackageReference Include="Microsoft.Build" Version="17.3.2" />
|
||||||
</ItemGroup>
|
</ItemGroup>
|
||||||
|
|
||||||
<ItemGroup>
|
<ItemGroup>
|
||||||
|
|||||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@@ -1,3 +0,0 @@
|
|||||||
description: Expose whether a function was prototyped or not
|
|
||||||
compatibility: backwards
|
|
||||||
function_prototyped.rel: delete
|
|
||||||
@@ -1,19 +0,0 @@
|
|||||||
class Element extends @element {
|
|
||||||
string toString() { none() }
|
|
||||||
}
|
|
||||||
|
|
||||||
class Expr extends @expr {
|
|
||||||
string toString() { none() }
|
|
||||||
}
|
|
||||||
|
|
||||||
class Stmt extends @stmt {
|
|
||||||
string toString() { none() }
|
|
||||||
}
|
|
||||||
|
|
||||||
predicate isStmtWithInitializer(Stmt stmt) { exists(int kind | stmts(stmt, kind, _) | kind = 29) }
|
|
||||||
|
|
||||||
from Expr child, int index, int index_new, Element parent
|
|
||||||
where
|
|
||||||
exprparents(child, index, parent) and
|
|
||||||
if isStmtWithInitializer(parent) then index_new = index - 1 else index_new = index
|
|
||||||
select child, index_new, parent
|
|
||||||
@@ -1,9 +0,0 @@
|
|||||||
class Stmt extends @stmt {
|
|
||||||
string toString() { none() }
|
|
||||||
}
|
|
||||||
|
|
||||||
from Stmt f, Stmt i
|
|
||||||
where
|
|
||||||
for_initialization(f, i) and
|
|
||||||
f instanceof @stmt_for
|
|
||||||
select f, i
|
|
||||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@@ -1,20 +0,0 @@
|
|||||||
class Element extends @element {
|
|
||||||
string toString() { none() }
|
|
||||||
}
|
|
||||||
|
|
||||||
class Stmt extends @stmt {
|
|
||||||
string toString() { none() }
|
|
||||||
}
|
|
||||||
|
|
||||||
predicate isStmtWithInitializer(Stmt stmt) { exists(int kind | stmts(stmt, kind, _) | kind = 29) }
|
|
||||||
|
|
||||||
from Stmt child, int index, int index_new, Element parent
|
|
||||||
where
|
|
||||||
stmtparents(child, index, parent) and
|
|
||||||
(
|
|
||||||
not isStmtWithInitializer(parent)
|
|
||||||
or
|
|
||||||
index > 0
|
|
||||||
) and
|
|
||||||
if isStmtWithInitializer(parent) then index_new = index - 1 else index_new = index
|
|
||||||
select child, index_new, parent
|
|
||||||
@@ -1,5 +0,0 @@
|
|||||||
description: Support C++20 range-based for initializers
|
|
||||||
compatibility: partial
|
|
||||||
exprparents.rel: run exprparents.qlo
|
|
||||||
stmtparents.rel: run stmtparents.qlo
|
|
||||||
for_initialization.rel: run for_initialization.qlo
|
|
||||||
@@ -1,11 +0,0 @@
|
|||||||
class Declaration extends @declaration {
|
|
||||||
string toString() { none() }
|
|
||||||
}
|
|
||||||
|
|
||||||
class MangledName extends @mangledname {
|
|
||||||
string toString() { none() }
|
|
||||||
}
|
|
||||||
|
|
||||||
from Declaration d, MangledName n
|
|
||||||
where mangled_name(d, n, _)
|
|
||||||
select d, n
|
|
||||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@@ -1,3 +0,0 @@
|
|||||||
description: Add completness information to mangled name table
|
|
||||||
compatibility: full
|
|
||||||
mangled_name.rel: run mangled_name.qlo
|
|
||||||
@@ -1,19 +0,0 @@
|
|||||||
class BuiltinType extends @builtintype {
|
|
||||||
string toString() { none() }
|
|
||||||
}
|
|
||||||
|
|
||||||
from BuiltinType type, string name, int kind, int kind_new, int size, int sign, int alignment
|
|
||||||
where
|
|
||||||
builtintypes(type, name, kind, size, sign, alignment) and
|
|
||||||
if
|
|
||||||
type instanceof @fp16 or
|
|
||||||
type instanceof @std_bfloat16 or
|
|
||||||
type instanceof @std_float16 or
|
|
||||||
type instanceof @complex_std_float32 or
|
|
||||||
type instanceof @complex_float32x or
|
|
||||||
type instanceof @complex_std_float64 or
|
|
||||||
type instanceof @complex_float64x or
|
|
||||||
type instanceof @complex_std_float128
|
|
||||||
then kind_new = 2
|
|
||||||
else kind_new = kind
|
|
||||||
select type, name, kind_new, size, sign, alignment
|
|
||||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@@ -1,3 +0,0 @@
|
|||||||
description: Introduce new floating-point types from C23 and C++23
|
|
||||||
compatibility: backwards
|
|
||||||
builtintypes.rel: run builtintypes.qlo
|
|
||||||
@@ -1,9 +0,0 @@
|
|||||||
class Function extends @function {
|
|
||||||
string toString() { none() }
|
|
||||||
}
|
|
||||||
|
|
||||||
from Function fun, string name, int kind, int kind_new
|
|
||||||
where
|
|
||||||
functions(fun, name, kind) and
|
|
||||||
if kind = 7 or kind = 8 then kind_new = 0 else kind_new = kind
|
|
||||||
select fun, name, kind_new
|
|
||||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@@ -1,3 +0,0 @@
|
|||||||
description: Support more function types
|
|
||||||
compatibility: full
|
|
||||||
functions.rel: run functions.qlo
|
|
||||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@@ -1,2 +0,0 @@
|
|||||||
description: Removed @assignpaddexpr and @assignpsubexpr from @assign_bitwise_expr
|
|
||||||
compatibility: full
|
|
||||||
@@ -1,13 +0,0 @@
|
|||||||
class Expr extends @expr {
|
|
||||||
string toString() { none() }
|
|
||||||
}
|
|
||||||
|
|
||||||
class Location extends @location_expr {
|
|
||||||
string toString() { none() }
|
|
||||||
}
|
|
||||||
|
|
||||||
from Expr expr, int kind, int kind_new, Location loc
|
|
||||||
where
|
|
||||||
exprs(expr, kind, loc) and
|
|
||||||
if kind = 363 then kind_new = 1 else kind_new = kind
|
|
||||||
select expr, kind_new, loc
|
|
||||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@@ -1,4 +0,0 @@
|
|||||||
description: Introduce re-use expressions
|
|
||||||
compatibility: partial
|
|
||||||
expr_reuse.rel: delete
|
|
||||||
exprs.rel: run exprs.qlo
|
|
||||||
@@ -1,6 +1,5 @@
|
|||||||
description: Support C++17 if and switch initializers
|
description: Support C++17 if and switch initializers
|
||||||
compatibility: partial
|
compatibility: partial
|
||||||
constexpr_if_initialization.rel: delete
|
|
||||||
if_initialization.rel: delete
|
if_initialization.rel: delete
|
||||||
switch_initialization.rel: delete
|
switch_initialization.rel: delete
|
||||||
exprparents.rel: run exprparents.qlo
|
exprparents.rel: run exprparents.qlo
|
||||||
|
|||||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@@ -1,2 +0,0 @@
|
|||||||
description: Remove _Float128 type
|
|
||||||
compatibility: full
|
|
||||||
@@ -1,17 +0,0 @@
|
|||||||
class AttributeArg extends @attribute_arg {
|
|
||||||
string toString() { none() }
|
|
||||||
}
|
|
||||||
|
|
||||||
class Attribute extends @attribute {
|
|
||||||
string toString() { none() }
|
|
||||||
}
|
|
||||||
|
|
||||||
class Location extends @location_default {
|
|
||||||
string toString() { none() }
|
|
||||||
}
|
|
||||||
|
|
||||||
from AttributeArg arg, int kind, int kind_new, Attribute attr, int index, Location location
|
|
||||||
where
|
|
||||||
attribute_args(arg, kind, attr, index, location) and
|
|
||||||
if arg instanceof @attribute_arg_expr then kind_new = 0 else kind_new = kind
|
|
||||||
select arg, kind_new, attr, index, location
|
|
||||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@@ -1,4 +0,0 @@
|
|||||||
description: Support expression attribute arguments
|
|
||||||
compatibility: partial
|
|
||||||
attribute_arg_expr.rel: delete
|
|
||||||
attribute_args.rel: run attribute_args.qlo
|
|
||||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@@ -1,2 +0,0 @@
|
|||||||
description: Make __is_trivial a builtin operation
|
|
||||||
compatibility: full
|
|
||||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@@ -1,3 +0,0 @@
|
|||||||
description: Introduce extractor version numbers
|
|
||||||
compatibility: breaking
|
|
||||||
extractor_version.rel: delete
|
|
||||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user