hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-14 19:29:28 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,814 Commits 1,758 Branches 167 Tags
f3b27a56b1422ee584cd9c8a712ea99250d816e6
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Asger F f3b27a56b1 TypeScript-Go wrapper: binary AST decoder, JSON converter, and tokenizer 
Implement the core components for translating tsgo's binary AST format
into the JSON format expected by the Java extractor:

- decoder.go: Binary AST format parser with random-access node accessors
  (kind, pos, end, flags, children, strings, extended data)
- converter.go: Walks decoded AST and produces JSON matching Node.js
  wrapper output (augmented , , , ,
  isTypeOnly, HeritageClause token, TypeOperator operator)
- childprops.go: Maps ~100 SyntaxKind names to ordered child property
  name lists for correct bitmask-to-property assignment
- scanner.go: TypeScript tokenizer producing  array with rescan
  support for regex, template, and greater-than disambiguation

Update metadata.go with correct TS7 SyntaxKind iota values and export
metadata functions. Wire decoder+converter through TsgoParser.Parse().

Validation test passes: all 421 diffs are expected TS5-vs-TS7 numeric
kind/flags/token/operator value differences. Zero structural diffs.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-04-10 14:36:00 +02:00
.devcontainer
Add reference to official codeql system requirements doc
2025-03-17 15:57:32 +01:00
.github
Merge pull request #21510 from hvitved/ci/remove-ruby-checks
2026-03-21 08:04:17 +01:00
.vscode
Change note creation script uses EDITOR environment variable
2025-02-11 14:04:46 +01:00
actions
Change alert location CWE-829/ArtifactPoisoning queries
2026-04-08 08:57:45 -04:00
change-notes
spelling: triggered
2022-10-20 08:21:02 -04:00
config
C#: Clean up.
2026-03-16 08:51:51 +01:00
cpp
C++: Fix comments in tests
2026-04-07 10:52:12 +02:00
csharp
Merge pull request #21592 from hvitved/dataflow/source-call-context-type-flow
2026-04-09 13:44:42 +02:00
docs
Qualify the limited support for .NET 10 and C# 14
2026-04-09 12:06:54 -07:00
go
Add tests for multiple Git sources and GoProxy servers in registry config parsing
2026-04-02 10:12:48 -05:00
java
Java: Accept new test results for JDK 26
2026-04-07 09:28:25 +02:00
javascript
TypeScript-Go wrapper: binary AST decoder, JSON converter, and tokenizer
2026-04-10 14:36:00 +02:00
misc
Merge branch 'main' of https://github.com/github/codeql into post-release-prep/codeql-cli-2.25.1
2026-03-30 10:51:12 +02:00
python
Merge pull request #21590 from github/tausbn/python-improve-bind-all-interfaces-query
2026-04-07 17:59:48 +02:00
ql
QL4QL: Allow Impl classes to implement getAPrimaryQLClass with non Impl suffix.
2026-02-09 16:53:43 +01:00
ruby
Merge branch 'main' of https://github.com/github/codeql into post-release-prep/codeql-cli-2.25.1
2026-03-30 10:51:12 +02:00
rust
Merge pull request #21206 from hvitved/rust/type-inference-closure-param-context-typed
2026-04-07 09:17:30 +02:00
shared
Merge pull request #21592 from hvitved/dataflow/source-call-context-type-flow
2026-04-09 13:44:42 +02:00
swift
Vendor PicoSHA2 into LFS
2026-04-01 14:31:01 +02:00
.bazelrc
fix: disable Android SDK auto-detection for Bazel 9 compatibility
2026-02-10 13:44:07 +01:00
.bazelrc.internal
Bazel: bump python version to 3.12
2025-03-19 15:14:13 +01:00
.bazelversion
chore: upgrade Bazel to 9.0.0
2026-02-10 13:44:04 +01:00
.clang-format
Swift: update formatting to clang-format 17.0.6
2024-01-25 13:58:14 +01:00
.editorconfig
Normalize all text files to LF
2018-09-23 16:24:31 -07:00
.git-blame-ignore-revs
Ignore auto-format commits in git blame.
2023-03-10 15:08:49 +01:00
.gitattributes
Ripunzip: use releases from github
2025-11-18 17:23:59 +01:00
.gitignore
Add .orig files to .gitignore.
2025-09-25 14:03:39 +01:00
.lfsconfig
Explain .lfsconfig choice in the comment
2024-06-04 14:27:08 +02:00
.lgtm.yml
codeql-go merge prep: integrate go/ into codeql
2022-05-20 10:22:47 -07:00
.pre-commit-config.yaml
Kotlin: reinstante trailing whitespace
2026-03-26 14:59:49 +01:00
BUILD.bazel
Rust: Vendor 3rdparty dependencies.
2024-11-13 13:22:14 +01:00
Cargo.lock
Cargo: upgrade dependencies
2025-09-30 10:21:17 +02:00
Cargo.toml
Bazel: upgrade rules_rust
2025-10-23 10:49:51 +02:00
CODE_OF_CONDUCT.md
Update code of conduct in line with GH
2020-04-23 10:19:13 +01:00
CODEOWNERS
CODEOWNERS: Add Go-related folders for extractor and autobuilder
2025-11-06 11:12:53 +01:00
codeql-workspace.yml
Move list of immutable actions into internal model pack for now.
2025-02-27 11:48:27 -05:00
conftest.py
Swift: add unit tests to code generation
2022-04-27 08:24:11 +02:00
CONTRIBUTING.md
Deprecate the CodeQL for VS Code docs in favour of docs.github.com version
2024-04-25 07:59:33 +00:00
defs.bzl
Bazel: code reorganization
2022-04-12 12:40:59 +02:00
LICENSE
Update license; remove redundant Go qlpack license.
2025-02-06 10:23:37 +00:00
MODULE.bazel
Bump gazelle from 0.47.0 to 0.50.0
2026-04-09 03:08:02 +00:00
README.md
Update README.md
2024-05-07 13:09:08 +01:00
rust-toolchain.toml
Cargo: align rust toolchain version with internal repository
2025-08-11 16:45:47 +02:00

README.md

CodeQL

This open source repository contains the standard CodeQL libraries and queries that power GitHub Advanced Security and the other application security products that GitHub makes available to its customers worldwide.

How do I learn CodeQL and run queries?

There is extensive documentation about the CodeQL language, writing CodeQL using the CodeQL extension for Visual Studio Code and using the CodeQL CLI.

Contributing

We welcome contributions to our standard library and standard checks. Do you have an idea for a new check, or how to improve an existing query? Then please go ahead and open a pull request! Before you do, though, please take the time to read our contributing guidelines. You can also consult our style guides to learn how to format your code for consistency and clarity, how to write query metadata, and how to write query help documentation for your query.

For information on contributing to CodeQL documentation, see the "contributing guide" for docs.

License

The code in this repository is licensed under the MIT License by GitHub.

The CodeQL CLI (including the CodeQL engine) is hosted in a different repository and is licensed separately. If you'd like to use the CodeQL CLI to analyze closed-source code, you will need a separate commercial license; please contact us for further help.

Visual Studio Code integration

If you use Visual Studio Code to work in this repository, there are a few integration features to make development easier.

CodeQL for Visual Studio Code

You can install the CodeQL for Visual Studio Code extension to get syntax highlighting, IntelliSense, and code navigation for the QL language, as well as unit test support for testing CodeQL libraries and queries.

Tasks

The .vscode/tasks.json file defines custom tasks specific to working in this repository. To invoke one of these tasks, select the Terminal | Run Task... menu option, and then select the desired task from the dropdown. You can also invoke the Tasks: Run Task command from the command palette.

Description
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
codeqlgithub-advanced-securitygithub-security-labsemmle-qlworks-with-codespaces
Readme MIT 19 GiB
Languages
CodeQL 32.3%
Kotlin 27.3%
C# 17%
Java 7.6%
Python 4.6%
Other 11%