Skip to content

Commit 1762b4f

Browse files
committed
QL: Merge branch 'main' into mathiasvp/superfluous-exists
2 parents c21df48 + 2cedddf commit 1762b4f

4,684 files changed

Lines changed: 716039 additions & 35 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.
Lines changed: 160 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,160 @@
1+
name: "CodeQL"
2+
3+
on:
4+
workflow_dispatch:
5+
push:
6+
branches: [ main ]
7+
pull_request:
8+
# The branches below must be a subset of the branches above
9+
branches: [ main ]
10+
schedule:
11+
- cron: '21 18 * * 5'
12+
13+
jobs:
14+
15+
# XXX this is mostly an inlined copy of the 'build' job in build.yml
16+
build_extractor_pack:
17+
strategy:
18+
matrix:
19+
os: [ubuntu-latest]
20+
21+
runs-on: ${{ matrix.os }}
22+
23+
steps:
24+
- uses: actions/checkout@v2
25+
- uses: actions/cache@v2
26+
with:
27+
path: |
28+
~/.cargo/registry
29+
~/.cargo/git
30+
target
31+
key: ${{ runner.os }}-rust-cargo-${{ hashFiles('**/Cargo.lock') }}
32+
- name: Check formatting
33+
run: cargo fmt --all -- --check
34+
- name: Build
35+
run: cargo build --verbose
36+
- name: Run tests
37+
run: cargo test --verbose
38+
- name: Release build
39+
run: cargo build --release
40+
- name: Generate dbscheme
41+
run: target/release/ql-generator
42+
- uses: actions/upload-artifact@v2
43+
with:
44+
name: ql.dbscheme
45+
path: ql/src/ql.dbscheme
46+
- uses: actions/upload-artifact@v2
47+
with:
48+
name: TreeSitter.qll
49+
path: ql/src/codeql_ql/ast/internal/TreeSitter.qll
50+
- uses: actions/upload-artifact@v2
51+
with:
52+
name: extractor-${{ matrix.os }}
53+
path: |
54+
target/release/ql-extractor
55+
retention-days: 1
56+
# XXX this is mostly an inlined copy of the 'package' job in build.yml
57+
- run: |
58+
mkdir -p ${PACK_DIR}
59+
env:
60+
PACK_DIR: ${{ runner.temp }}/pack
61+
62+
- name: Pack
63+
working-directory: ${{ runner.temp }}/pack
64+
run: |
65+
mkdir -p ql
66+
cp -r "${CHECKOUT}/codeql-extractor.yml" "${CHECKOUT}/tools" "${CHECKOUT}/ql/src/ql.dbscheme" "${CHECKOUT}/ql/src/ql.dbscheme.stats" ql/
67+
mkdir -p ql/tools/linux64
68+
cp "${CHECKOUT}/target/release/ql-extractor" ql/tools/linux64/extractor
69+
chmod +x ql/tools/linux64/extractor
70+
zip -rq codeql-ql.zip ql
71+
env:
72+
CHECKOUT: ${{ github.workspace }}
73+
74+
- uses: actions/upload-artifact@v2
75+
with:
76+
name: extractor-pack
77+
path: ${{ runner.temp }}/pack/codeql-ql.zip
78+
retention-days: 1
79+
80+
analyze:
81+
name: Analyze
82+
needs: build_extractor_pack
83+
84+
runs-on: ubuntu-latest
85+
86+
permissions:
87+
actions: read
88+
contents: read
89+
security-events: write
90+
91+
steps:
92+
- name: Download pack
93+
uses: actions/download-artifact@v2
94+
with:
95+
name: extractor-pack
96+
path: ${{ runner.temp }}/extractor-pack-artifact
97+
98+
- name: Unzip pack
99+
run: |
100+
set -x
101+
mkdir "${PACKTMP}"
102+
cd "${PACKTMP}"
103+
unzip "${PACKARTIFACT}/*.zip" -d unzipped
104+
cp -r unzipped/ql "${PACK}"
105+
env:
106+
PACKTMP: ${{ runner.temp }}/extractor-pack-artifact.tmp
107+
PACKARTIFACT: ${{ runner.temp }}/extractor-pack-artifact
108+
PACK: ${{ runner.temp }}/extractor-pack
109+
110+
- name: Checkout repository
111+
uses: actions/checkout@v2
112+
113+
- name: Make config file
114+
run: |
115+
set -x
116+
echo "name: CodeQL config for QL" >> "${CONFIG_FILE}"
117+
echo "" >> "${CONFIG_FILE}"
118+
echo "disable-default-queries: true" >> "${CONFIG_FILE}"
119+
echo "" >> "${CONFIG_FILE}"
120+
echo "queries: " >> "${CONFIG_FILE}"
121+
echo " - name: Standard queries" >> "${CONFIG_FILE}"
122+
echo " uses: ${SUITE}" >> "${CONFIG_FILE}"
123+
cat "${CONFIG_FILE}"
124+
env:
125+
SUITE: ./ql/src/codeql-suites/ql-code-scanning.qls
126+
CONFIG_FILE: ./.custom-codeql-actions-config.yml
127+
128+
- name: Hack codeql-action options
129+
run: |
130+
JSON=$(jq -nc --arg pack "${PACK}" '.resolve.extractor=["--search-path", $pack] | .database.init=["--search-path", $pack]')
131+
echo "CODEQL_ACTION_EXTRA_OPTIONS=${JSON}" >> ${GITHUB_ENV}
132+
env:
133+
PACK: ${{ runner.temp }}/extractor-pack
134+
135+
- name: Initialize CodeQL
136+
uses: github/codeql-action/init@esbena/ql
137+
with:
138+
languages: ql
139+
db-location: ${{ runner.temp }}/db
140+
config-file: ./.custom-codeql-actions-config.yml
141+
142+
- name: Perform CodeQL Analysis
143+
uses: github/codeql-action/analyze@esbena/ql
144+
with:
145+
results: ${{ runner.temp }}/results
146+
add-snippets: true
147+
148+
- name: Upload db
149+
uses: actions/upload-artifact@v2
150+
with:
151+
name: db
152+
path: ${{ runner.temp }}/db
153+
retention-days: 1
154+
155+
- name: Upload results
156+
uses: actions/upload-artifact@v2
157+
with:
158+
name: results
159+
path: ${{ runner.temp }}/results
160+
retention-days: 1

Cargo.lock

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

extractor/Cargo.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ edition = "2018"
1010
flate2 = "1.0"
1111
node-types = { path = "../node-types" }
1212
tree-sitter = "0.19"
13-
tree-sitter-ql = { git = "https://github.com/tausbn/tree-sitter-ql.git", rev = "577c43d96c93915bd7ae9c2765d11be8db102952" }
13+
tree-sitter-ql = { git = "https://github.com/tausbn/tree-sitter-ql.git", rev = "36bdc0eae196f9833182ce3f8932be63534121b3" }
1414
clap = "2.33"
1515
tracing = "0.1"
1616
tracing-subscriber = { version = "0.2", features = ["env-filter"] }

generator/Cargo.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,4 +10,4 @@ edition = "2018"
1010
node-types = { path = "../node-types" }
1111
tracing = "0.1"
1212
tracing-subscriber = { version = "0.2", features = ["env-filter"] }
13-
tree-sitter-ql = { git = "https://github.com/tausbn/tree-sitter-ql.git", rev = "577c43d96c93915bd7ae9c2765d11be8db102952" }
13+
tree-sitter-ql = { git = "https://github.com/tausbn/tree-sitter-ql.git", rev = "36bdc0eae196f9833182ce3f8932be63534121b3" }

ql/src/codeql-suites/ql-all.qls

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
- description: All Code Scanning queries for QL
2+
- queries: .
3+
- include:
4+
kind:
5+
- problem
6+
- path-problem
7+
- alert
8+
- path-alert
Lines changed: 17 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,18 @@
11
- description: Standard Code Scanning queries for QL
2-
- qlpack: codeql-ql
3-
- apply: code-scanning-selectors.yml
4-
from: codeql-suite-helpers
2+
- queries: .
3+
- include:
4+
kind:
5+
- problem
6+
- path-problem
7+
- alert
8+
- path-alert
9+
precision:
10+
- high
11+
- very-high
12+
problem.severity:
13+
- error
14+
- warning
15+
- exclude:
16+
deprecated: //
17+
- exclude:
18+
query path: /^experimental\/.*/

ql/src/codeql-suites/ql-lgtm-full.qls

Lines changed: 0 additions & 11 deletions
This file was deleted.

ql/src/codeql-suites/ql-lgtm.qls

Lines changed: 0 additions & 4 deletions
This file was deleted.

ql/src/codeql-suites/ql-security-and-quality.qls

Lines changed: 0 additions & 4 deletions
This file was deleted.

ql/src/codeql-suites/ql-security-extended.qls

Lines changed: 0 additions & 4 deletions
This file was deleted.

0 commit comments

Comments
 (0)