hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-01 08:42:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,784 Commits 1,673 Branches 157 Tags
7d79be71d1fbac90c30482142a33b48388da9eff
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Robert Marsh 7d79be71d1 C++: taint tracking conf in DefaultTaintTracking 
Switch from using additional flow steps with a DataFlow::Configuration
in DefaultTaintTracking to using a TaintTracking::Configuration. This
makes future improvements to TaintTracking::Configuration reflected in
DefaultTaintTracking without further effort. It also removes the
predictability constraint in DefaultTaintTracking, which increases the
number of results, with both new true positives and new false positives.
Those may need to be addressed on a per-query basis.

There are some additional regressions from losing pointer/object
conflation for arguments. Those can be worked around by adding that
conflation to TaintTracking::Configuration until precise indirect
parameter flow is ready.
2020-11-09 13:00:55 -08:00
.devcontainer
Update devcontainer memory settings
2020-09-02 12:04:34 -07:00
.github
Exclude JS tests from code scanning
2020-10-06 08:46:43 +01:00
.vscode
Fix the name of the vscode extension recommendation
2020-10-01 14:40:45 +01:00
change-notes
Merge pull request #4564 from asgerf/js/react-hooks
2020-10-30 21:00:31 +00:00
config
Python: Update identical-files.json
2020-11-02 23:25:58 +01:00
cpp
C++: taint tracking conf in DefaultTaintTracking
2020-11-09 13:00:55 -08:00
csharp
Merge pull request #4604 from criemen/ir-block-sort-order
2020-11-04 18:22:23 -05:00
docs
Merge pull request #3974 from owen-mc/docs/query-classification-and-display
2020-10-22 10:01:19 +01:00
java
Merge pull request #4512 from luchua-bc/sensitive-broadcast
2020-11-04 10:47:48 +01:00
javascript
Merge pull request #4564 from asgerf/js/react-hooks
2020-10-30 21:00:31 +00:00
misc
Python script to generate lists of code scanning queries in CSV format (#4177)
2020-09-10 12:25:02 -07:00
python
Merge pull request #4608 from RasmusWL/patch-1
2020-11-04 16:08:30 +01:00
.codeqlmanifest.json
Add qlpack.yml files for example queries
2020-07-29 16:57:04 +02:00
.editorconfig
Normalize all text files to LF
2018-09-23 16:24:31 -07:00
.gitattributes
.gitattributes: PDB files are binary
2019-03-13 10:42:28 +00:00
.gitignore
Add a VS Code task to run sync-files.py
2020-04-23 16:58:34 -04:00
.lgtm.yml
JS: Exclude test cases from extraction
2019-05-07 14:36:35 +01:00
CODE_OF_CONDUCT.md
Update code of conduct in line with GH
2020-04-23 10:19:13 +01:00
CODEOWNERS
Update requirements for docs review
2020-05-05 13:25:19 +01:00
CONTRIBUTING.md
Update CONTRIBUTING.md
2020-06-10 12:02:24 +01:00
LICENSE
Relicense under MIT
2020-04-07 12:03:26 +01:00
README.md
Docs: Rename default branch
2020-08-14 12:03:00 +01:00

README.md

CodeQL

This open source repository contains the standard CodeQL libraries and queries that power LGTM and the other CodeQL products that GitHub makes available to its customers worldwide. For the queries, libraries, and extractor that power Go analysis, visit the CodeQL for Go repository.

How do I learn CodeQL and run queries?

There is extensive documentation on getting started with writing CodeQL. You can use the interactive query console on LGTM.com or the CodeQL for Visual Studio Code extension to try out your queries on any open source project that's currently being analyzed.

Contributing

We welcome contributions to our standard library and standard checks. Do you have an idea for a new check, or how to improve an existing query? Then please go ahead and open a pull request! Before you do, though, please take the time to read our contributing guidelines. You can also consult our style guides to learn how to format your code for consistency and clarity, how to write query metadata, and how to write query help documentation for your query.

License

The code in this repository is licensed under the MIT License by GitHub.

Visual Studio Code integration

If you use Visual Studio Code to work in this repository, there are a few integration features to make development easier.

CodeQL for Visual Studio Code

You can install the CodeQL for Visual Studio Code extension to get syntax highlighting, IntelliSense, and code navigation for the QL language, as well as unit test support for testing CodeQL libraries and queries.

Tasks

The .vscode/tasks.json file defines custom tasks specific to working in this repository. To invoke one of these tasks, select the Terminal | Run Task... menu option, and then select the desired task from the dropdown. You can also invoke the Tasks: Run Task command from the command palette.

Description
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
codeqlgithub-advanced-securitygithub-security-labsemmle-qlworks-with-codespaces
Readme MIT 15 GiB
Languages
CodeQL 31.7%
Kotlin 27.1%
C# 16.4%
Java 7.5%
Python 4.5%
Other 12.6%