hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-27 14:16:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,941 Commits 1,673 Branches 157 Tags
a55b43b67e2aebb466ff74372875cf61ee3fff55
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Taus a55b43b67e Python: Use LocalSourceNode throughout step 
This commit does a lot of stuff all at once, so here are the main
highlights:

In `TypeTracker.qll`, we change `StepSummary::step` to step only between
source nodes. Because reads and writes of global variables happen in two
different (jump) steps, this requires the intermediate
`ModuleVariableNode` to _also_ be a `LocalSourceNode`, and we therefore
modify the charpred for that class accordingly. (This also means
changing a few of the tests to account for these new source nodes.)

In addition, we change `TypeTracker::step` to likewise step between
local source nodes.

Next, to enable the use of the `track` convenience method on nodes, we
add some pragmas to `TypeTracker::step` that prevent bad joins from
occurring. With this, we can eliminate all of the manual type tracker
join predicates.

Next, we observe that because `StepSummary::step` now uses `flowsTo`, it
automatically encapsulates all local-flow steps. In particular this
means we do not have to use `typePreservingStep` in `smallstep`, but can
use `jumpStep` directly. A similar observation applies to
`TypeTracker::smallstep`.

Having done this, we no longer need `typePreservingStep`, so we get rid
of it.
2021-04-20 12:59:33 +00:00
.devcontainer
Update devcontainer memory settings
2020-09-02 12:04:34 -07:00
.github
Actions: Change staleness calculation
2021-04-15 10:14:13 -07:00
.vscode
Apply suggestions from code review
2021-03-11 15:57:44 +01:00
change-notes
Python: Update change notes for 1.26
2020-12-02 14:01:46 +01:00
config
Java: Adopt shared flow summary library and refactor data-flow nodes.
2021-04-09 16:57:03 +02:00
cpp
Merge pull request #5723 from MathiasVP/cleanup-smart-ptr-model
2021-04-20 13:25:02 +02:00
csharp
Merge pull request #5695 from hvitved/csharp/dispose-not-called-on-exc-perf
2021-04-20 11:52:18 +02:00
docs
Update supported C#/.NET versions
2021-04-16 09:15:43 +02:00
java
Merge pull request #5611 from github/yo-h/java16
2021-04-19 15:12:23 -04:00
javascript
fix bad join order in Xss.qll
2021-04-19 13:17:49 +02:00
misc
- Add pre-commit hook script to misc/scripts
2021-01-05 13:47:30 +01:00
python
Python: Use LocalSourceNode throughout step
2021-04-20 12:59:33 +00:00
.codeqlmanifest.json
Add qlpack.yml files for example queries
2020-07-29 16:57:04 +02:00
.editorconfig
Normalize all text files to LF
2018-09-23 16:24:31 -07:00
.gitattributes
.gitattributes: PDB files are binary
2019-03-13 10:42:28 +00:00
.gitignore
add .venv/ to .gitignore
2021-01-22 14:44:18 +01:00
.lgtm.yml
JS: Exclude test cases from extraction
2019-05-07 14:36:35 +01:00
CODE_OF_CONDUCT.md
Update code of conduct in line with GH
2020-04-23 10:19:13 +01:00
CODEOWNERS
Add @codeql-go as code owners for the shared data-flow library files
2021-03-02 10:39:47 +00:00
CONTRIBUTING.md
Fix dead link in CONTRIBUTING.md
2021-03-11 13:36:19 +01:00
LICENSE
Relicense under MIT
2020-04-07 12:03:26 +01:00
README.md
Docs: Rename default branch
2020-08-14 12:03:00 +01:00

README.md

CodeQL

This open source repository contains the standard CodeQL libraries and queries that power LGTM and the other CodeQL products that GitHub makes available to its customers worldwide. For the queries, libraries, and extractor that power Go analysis, visit the CodeQL for Go repository.

How do I learn CodeQL and run queries?

There is extensive documentation on getting started with writing CodeQL. You can use the interactive query console on LGTM.com or the CodeQL for Visual Studio Code extension to try out your queries on any open source project that's currently being analyzed.

Contributing

We welcome contributions to our standard library and standard checks. Do you have an idea for a new check, or how to improve an existing query? Then please go ahead and open a pull request! Before you do, though, please take the time to read our contributing guidelines. You can also consult our style guides to learn how to format your code for consistency and clarity, how to write query metadata, and how to write query help documentation for your query.

License

The code in this repository is licensed under the MIT License by GitHub.

Visual Studio Code integration

If you use Visual Studio Code to work in this repository, there are a few integration features to make development easier.

CodeQL for Visual Studio Code

You can install the CodeQL for Visual Studio Code extension to get syntax highlighting, IntelliSense, and code navigation for the QL language, as well as unit test support for testing CodeQL libraries and queries.

Tasks

The .vscode/tasks.json file defines custom tasks specific to working in this repository. To invoke one of these tasks, select the Terminal | Run Task... menu option, and then select the desired task from the dropdown. You can also invoke the Tasks: Run Task command from the command palette.

Description
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
codeqlgithub-advanced-securitygithub-security-labsemmle-qlworks-with-codespaces
Readme MIT 15 GiB
Languages
CodeQL 31.7%
Kotlin 27.1%
C# 16.4%
Java 7.5%
Python 4.5%
Other 12.6%