hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 05:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity
10,421 Commits 1,742 Branches 166 Tags
887f85cee26d4b930c238980e8af01c484b05762
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Taus Brock-Nannestad 887f85cee2 Python: Add test for missing points-to information 
To ease the rollout of this test, currently we only report missing points-to
information for nodes that either

- appear as an argument in a call to a function named `check`, or
- appear inside a scope where the first line is annotated with a comment ending
  in "check".

The idea behind the second version is that once we have points-to running at a
level where no node inside a scope that _ought_ to have points-to is missing
this information, we can simply remove all uses of `check(...)` from inside this
scope, and annotate the entire scope with `# check`. Once this has been done for
the entire file, we can then remove all the comments and just require
_everything_ to be checked.

Note that I don't expect all nodes to have the need for points-to information.
For instance, there are nodes representing scope entry and exit, and for these
it doesn't make sense to require that they "point-to" anything. Similarly,
`NameNode` appearing in a "store" (i.e. as the left hand side of an assignment)
do not strictly need to have points-to information, although it might be more
intuitive if they did.

Thus, the `relevant_node` predicate will almost certainly need to be extended to
exclude these kinds of nodes.
2020-02-25 16:07:50 +01:00
.github
Actions: Disable labeler action.
2019-12-16 13:53:00 +01:00
change-notes
Docs: Simplify change note
2020-02-20 12:50:52 -08:00
config
C++/C#: Fix sync config file for value numbering sharing
2020-02-13 22:32:52 +01:00
cpp
Merge pull request #2890 from nickrolfe/range_based_for
2020-02-21 09:31:34 +00:00
csharp
Merge pull request #2822 from hvitved/dataflow/node-cand-simple-call-context
2020-02-21 10:02:06 +01:00
docs
Merge branch 'rc/1.23' into 123-mergeback
2020-02-19 16:36:39 +00:00
java
Merge pull request #2822 from hvitved/dataflow/node-cand-simple-call-context
2020-02-21 10:02:06 +01:00
javascript
Merge pull request #2895 from max-schaefer/js/improve-param-qldoc
2020-02-21 12:01:02 +00:00
misc
Suites: Fix suite definition.
2019-11-13 12:03:13 +00:00
python
Python: Add test for missing points-to information
2020-02-25 16:07:50 +01:00
.codeqlmanifest.json
Don't chain to ./codeql in .codeqlmanifest.json
2020-02-13 15:30:15 +01:00
.editorconfig
Normalize all text files to LF
2018-09-23 16:24:31 -07:00
.gitattributes
.gitattributes: PDB files are binary
2019-03-13 10:42:28 +00:00
.gitignore
Adds .gitignore entry for vim swap files.
2020-02-13 15:23:50 -08:00
.lgtm.yml
JS: Exclude test cases from extraction
2019-05-07 14:36:35 +01:00
CODE_OF_CONDUCT.md
Fix indentation of list item in code of conduct
2019-07-16 08:49:29 +01:00
CODEOWNERS
CODEOWNERS: Add python team
2019-11-14 16:42:12 +01:00
CONTRIBUTING.md
Docs: Update mention of "QL for Eclipse"
2019-12-17 12:33:01 +00:00
COPYRIGHT
QL code and tests for C#/C++/JavaScript.
2018-08-02 17:53:23 +01:00
LICENSE
QL code and tests for C#/C++/JavaScript.
2018-08-02 17:53:23 +01:00
README.md
Update README.md
2019-11-15 19:31:07 +01:00

README.md

CodeQL

This open source repository contains the standard CodeQL libraries and queries that power LGTM, and the other products that Semmle makes available to its customers worldwide.

How do I learn CodeQL and run queries?

There is extensive documentation on getting started with writing CodeQL. You can use the interactive query console on LGTM.com or the CodeQL for Visual Studio Code extension to try out your queries on any open source project that's currently being analyzed.

Contributing

We welcome contributions to our standard library and standard checks. Do you have an idea for a new check, or how to improve an existing query? Then please go ahead and open a pull request! Before you do, though, please take the time to read our contributing guidelines. You can also consult our style guides to learn how to format your code for consistency and clarity, how to write query metadata, and how to write query help documentation for your query.

License

The code in this repository is licensed under Apache License 2.0 by Semmle.

Description
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
codeqlgithub-advanced-securitygithub-security-labsemmle-qlworks-with-codespaces
Readme MIT 19 GiB
Languages
CodeQL 32.3%
Kotlin 27.4%
C# 17.1%
Java 7.7%
Python 4.6%
Other 10.7%