hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
81,885 Commits 1,671 Branches 157 Tags
alexet/all-overlay-ql-changes
Commit Graph

9381 Commits

Author SHA1 Message Date
github-actions[bot]
42e3d31c49 Post-release preparation for codeql-cli-2.22.4 2025-08-18 14:42:42 +00:00
github-actions[bot]
90d29994c8 Release preparation for version 2.22.4 2025-08-18 14:06:09 +00:00
Nora Dimitrijević
4199859eaa Merge pull request #20079 from d10c/d10c/diff-informed-phase-3-python 
Python: Diff-informed queries: phase 3 (non-trivial locations)
 2025-08-18 09:33:57 +02:00
github-actions[bot]
fb4b0aac53 Post-release preparation for codeql-cli-2.22.3 2025-08-04 17:18:08 +00:00
github-actions[bot]
fd82aeb1f8 Release preparation for version 2.22.3 2025-08-04 15:47:57 +00:00
Joe Farebrother
b1ee795225 Merge pull request #20086 from joefarebrother/python-qual-raise-not-implemented 
Python: Modernise raise-not-implemented query
 2025-07-24 13:18:21 +01:00
Joe Farebrother
97cf15affc Merge pull request #20052 from joefarebrother/python-qual-minor-doc-updates 
Python: Minor documantation updates to several quality queries
 2025-07-24 09:38:07 +01:00
Joe Farebrother
a8cc14493f Fix typo - add . 
Co-authored-by: Napalys Klicius <napalys@github.com>
 2025-07-24 09:35:05 +01:00
Geoffrey White
4f6b698ca3 Merge branch 'main' into moresensitive2 2025-07-23 08:50:25 +01:00
github-actions[bot]
37cc78255a Post-release preparation for codeql-cli-2.22.2 2025-07-22 14:22:20 +00:00
github-actions[bot]
997547b8ef Release preparation for version 2.22.2 2025-07-22 14:04:14 +00:00
Nick Rolfe
825c813095 Revert "Release preparation for version 2.22.2" 2025-07-22 14:33:45 +01:00
github-actions[bot]
c8632b70b7 Release preparation for version 2.22.2 2025-07-21 16:45:45 +00:00
Nick Rolfe
ad9b637bec Revert "Merge pull request #19994 from github/post-release-prep/codeql-cli-2.22.2" 
This reverts commit e5b4a15e35, reversing
changes made to 33e63109bb.
 2025-07-21 15:18:59 +01:00
Joe Farebrother
8ccb2ed059 Merge remote-tracking branch 'origin/python-qual-raise-not-implemented' into python-qual-raise-not-implemented 2025-07-18 10:05:40 +01:00
Joe Farebrother
6d33a7ec70 Update test output 2025-07-17 22:25:18 +01:00
Joe Farebrother
f2dd96ecf4 Update python/ql/src/Exceptions/NotImplementedIsNotAnException.qhelp 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-07-17 22:08:01 +01:00
Joe Farebrother
57f1d07b2b Undo module deprecation (used by another quality query) 2025-07-17 21:54:55 +01:00
Nora Dimitrijević
20030d56a5 [DIFF-INFORMED] Python: (Possible)TimingAttackAgainstHash 2025-07-17 14:40:31 +02:00
Nora Dimitrijević
9408a96ba5 [TEST] Python: TimingAttackAgainstHash: add qlref test to existing source (TODO: add source with true positive) 2025-07-17 14:40:29 +02:00
Joe Farebrother
680e31dc48 Modernize raise-not-implemented 2025-07-17 10:02:00 +01:00
Joe Farebrother
0f5be2d096 Update python/ql/src/Expressions/DuplicateKeyInDictionaryLiteral.py 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-07-15 13:33:57 +01:00
Joe Farebrother
909f57261c Minor doc updates; updating python 2 references to python 3 and updating grammar 2025-07-15 13:26:46 +01:00
Joe Farebrother
7a7db0efe8 Update unsupported format character documentaion, fix outdated reference link 2025-07-15 10:42:25 +01:00
Joe Farebrother
df5f76872f Update docs for duplicate-key-in-dict-literal to relate. to python 3 2025-07-15 10:18:29 +01:00
Jeroen Ketema
cbde11ddc9 Properly share ConceptsShared.qll 2025-07-14 16:30:45 +02:00
Geoffrey White
918700ff6f Merge branch 'main' into moresensitive2 2025-07-14 11:58:08 +01:00
Geoffrey White
30c6082b5d Sync identical files. 2025-07-14 11:45:34 +01:00
Jeroen Ketema
f07d8ee493 Remove duplicate copies of CryptoAlgorithms and CryptoAlgorithmNames 2025-07-14 11:39:06 +02:00
Jeroen Ketema
f4ba2e1fd0 Properly share CryptoAlgorithms and CryptoAlgorithmNames 2025-07-14 11:39:00 +02:00
Jeroen Ketema
c582a9ccd6 Remove duplicate copies of SensitiveDataHeuristics 2025-07-14 11:38:52 +02:00
Jeroen Ketema
8b828cecf1 Use shared SensitiveDataHeuristics 2025-07-14 11:38:47 +02:00
Taus
c6c6a857df Python: Add tests 
Also fixes an issue with the return type annotations that caused these
to not work properly.

Currently, annotated assignments don't work properly, due to the fact
that our flow relation doesn't consider flow going to the "type" part of
an annotated assignment. This means that in `x : Foo`, we do correctly
note that `x` is annotated with `Foo`, but we have no idea what `Foo`
is, since it has no incoming flow.

To fix this we should probably just extend the flow relation, but this
may need to be done with some care, so I have left it as future work.
 2025-07-11 12:03:14 +00:00
Taus
2c45550a9f Python: Add change note 
Co-authored-by: Napalys Klicius <napalys@github.com>
 2025-07-11 12:03:14 +00:00
Taus
d1cf7f0624 Python: Support type annotations in call graph 
Adds support for tracking instances via type annotations. Also adds a
convenience method to the newly added `Annotation` class,
`getAnnotatedExpression`, that returns the expression that is annotated
with the given type. For return annotations this is any value returned
from the annotated function in question.

Co-authored-by: Napalys Klicius <napalys@github.com>
 2025-07-11 12:03:14 +00:00
Geoffrey White
8f6f9f4359 Add change notes. 2025-07-11 11:54:59 +01:00
Geoffrey White
123458fd21 Sync identical files. 2025-07-10 18:10:24 +01:00
Jonas Jensen
5a1246a586 Merge remote-tracking branch 'upstream/main' into approximate-related-location 2025-07-09 10:10:20 +02:00
github-actions[bot]
24a0ac1223 Post-release preparation for codeql-cli-2.22.2 2025-07-07 18:15:04 +00:00
github-actions[bot]
f12daefabe Release preparation for version 2.22.2 2025-07-07 14:00:26 +00:00
Asger F
4a2d795076 Shared: Make approximate location filtering the default behaviour 2025-07-02 14:41:02 +02:00
Asger F
a46b5f9529 Python: enable diff-informedness for poly redos using approximate related locations 2025-07-02 14:39:42 +02:00
Michael Nebel
233b54c7fa Merge pull request #19891 from michaelnebel/michaelnebel/freezemoresuites 
Go/Ruby/Python: Freeze quality queries in `security-and-quality`.
 2025-07-01 09:04:19 +02:00
Taus
184dd5bf10 Merge pull request #19895 from github/tausbn/python-fix-match-as-identifier 
Python: Allow use of `match` as an identifier
 2025-06-30 16:24:23 +02:00
Kasper Svendsen
da1b99b921 Merge pull request #19779 from github/kaspersv/overlay-java-annotations 
Overlay: Add overlay annotations to Java & shared libraries
 2025-06-27 08:26:33 +02:00
Joe Farebrother
4cbaeb10e9 Merge pull request #19641 from joefarebrother/python-qual-file-not-closed 
Python: Improve performance of FileNotClosed query by using basic block reachability
 2025-06-26 23:35:38 +01:00
Taus
cd0e46314c Python: Add change note 2025-06-26 15:36:02 +00:00
Taus
ad53518644 Python: Regenerate parser files 2025-06-26 15:34:44 +00:00
Taus
e04821e9e3 Python: Allow use of match as an identifier 
This previously only worked in certain circumstances. In particular,
assignments such as `match[1] = ...` or even just `match[1]` would fail
to parse correctly.

Fixing this turned out to be less trivial than anticipated. Consider the
fact that
```
match [1]: case (...)
```
can either look the start of a `match` statement, or it could be a type
ascription, ascribing the value of `case(...)` (a call) to the item at
index 1 of `match`.

To fix this, then, we give `match` the identifier and `match` the
statement the same precendence in the grammar, and additionally also
mark a conflict between `match_statement` and `primary_expression`. This
causes the conflict to be resolved dynamically, and seems to do the
right thing in all cases.
 2025-06-26 15:33:00 +00:00
Michael Nebel
37b3ca036a Python: Freeze the quality queries in the security-and-quality suite. 2025-06-26 14:45:05 +02:00