codeql

mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00

Author	SHA1	Message	Date
Mathias Vorreiter Pedersen	b470dd7f00	Update ql/ql/src/queries/performance/MissingNoinline.ql Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>	2023-07-19 11:33:16 +01:00
Mathias Vorreiter Pedersen	5a15c19e4b	QL: Accept test changes.	2023-07-18 18:04:46 +01:00
Mathias Vorreiter Pedersen	3b3f374223	QL: Fix FP in 'ql/missing-noinline'.	2023-07-18 17:55:44 +01:00
dependabot[bot]	be71898a65	Bump regex from 1.9.0 to 1.9.1 in /ql Bumps [regex](https://github.com/rust-lang/regex) from 1.9.0 to 1.9.1. - [Release notes](https://github.com/rust-lang/regex/releases) - [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md) - [Commits](https://github.com/rust-lang/regex/compare/1.9.0...1.9.1) --- updated-dependencies: - dependency-name: regex dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-07-10 03:42:24 +00:00
dependabot[bot]	562270709c	Bump regex from 1.8.4 to 1.9.0 in /ql Bumps [regex](https://github.com/rust-lang/regex) from 1.8.4 to 1.9.0. - [Release notes](https://github.com/rust-lang/regex/releases) - [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md) - [Commits](https://github.com/rust-lang/regex/compare/1.8.4...1.9.0) --- updated-dependencies: - dependency-name: regex dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2023-07-06 03:24:52 +00:00
Chuan-kai Lin	ce464a7d69	Remove pragma[assume_small_delta]	2023-06-30 11:09:29 -07:00
Kasper Svendsen	c9cf0744c0	QL: Enable implicit this warnings for remaining packs	2023-06-27 12:04:29 +02:00
Tom Hvitved	104dab4b66	QL: Improve dead-code query	2023-06-22 13:37:42 +02:00
Tom Hvitved	04f388f8c4	QL: Add more dead-code tests	2023-06-22 11:30:38 +02:00
Tom Hvitved	6942925899	QL: Fix bad join ``` [2023-06-22 10:44:20] (92s) Tuple counts for Predicate#23818b54::Cached::resolveSelfClassCalls#2#ff/2@06fd3bf5 after 1m9s: 30500 ~567% {3} r1 = JOIN Ast#8e1d5bcf::ClassPredicate::getName#0#dispred#ff WITH Ast#8e1d5bcf::PredicateOrBuiltin::getArity#0#dispred#ff ON FIRST 1 OUTPUT Lhs.0 'p', Lhs.1, Rhs.1 26500 ~573% {4} r2 = JOIN r1 WITH Ast#8e1d5bcf::Class::getAClassPredicate#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.2, Lhs.0 'p', Lhs.1, Rhs.1 3059915597 ~605% {4} r3 = JOIN r2 WITH Ast#8e1d5bcf::Call::getNumberOfArguments#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1 'mc', Lhs.2, Lhs.1 'p', Lhs.3 20999389 ~701% {3} r4 = JOIN r3 WITH Ast#8e1d5bcf::MemberCall::getMemberName#0#dispred#ff ON FIRST 2 OUTPUT Lhs.0 'mc', Lhs.2 'p', Lhs.3 20995877 ~711% {4} r5 = JOIN r4 WITH Ast#8e1d5bcf::MemberCall::getBase#0#dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'p', Lhs.2, Lhs.0 'mc' 1240332 ~700% {3} r6 = JOIN r5 WITH Ast#8e1d5bcf::ThisAccess#ff ON FIRST 1 OUTPUT Lhs.3 'mc', Lhs.1 'p', Lhs.2 1236711 ~716% {4} r7 = JOIN r6 WITH Ast#8e1d5bcf::AstNode::getEnclosingPredicate#0#dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.2, Lhs.1 'p', Lhs.0 'mc' 4476 ~347% {2} r8 = JOIN r7 WITH Ast#8e1d5bcf::AstNode::getParent#0#dispred#ff ON FIRST 2 OUTPUT Lhs.3 'mc', Lhs.2 'p' return r8 ```	2023-06-22 10:53:10 +02:00
Tom Hvitved	e6e966bd22	QL: Model `final extends`	2023-06-21 10:40:12 +02:00
Tom Hvitved	0edd80001b	QL: Add tests for `AbstractClassImport.ql`	2023-06-21 10:40:12 +02:00
Tom Hvitved	59147ad674	QL: Add more tests for `MissingOverride.ql`	2023-06-20 19:30:30 +02:00
Mathias Vorreiter Pedersen	865c050226	Merge pull request #13517 from hvitved/ql/field-only-used-in-charpred-fix QL: Exclude overridden fields from `FieldOnlyUsedInCharPred.ql`	2023-06-20 16:28:23 +01:00
Tony Torralba	3c60f52a1b	Update ql/ql/src/queries/style/AndroidIdPrefix.ql Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2023-06-20 15:41:30 +02:00
Tony Torralba	c230c9f793	Consider only Java files in importsAndroidModule	2023-06-20 15:30:46 +02:00
Tom Hvitved	d296256920	QL: Exclude overridden fields from `FieldOnlyUsedInCharPred.ql`	2023-06-20 15:24:09 +02:00
Tom Hvitved	12c810c63d	QL: Add tests for `FieldOnlyUsedInCharPred.ql`	2023-06-20 15:23:08 +02:00
Tony Torralba	768478103c	Add another exception	2023-06-20 15:16:37 +02:00
Tony Torralba	818c312a56	Add exception for `java/improper-intent-verification` As suggested by @igfoo.	2023-06-20 14:50:41 +02:00
Tony Torralba	41534803e5	Refactor to use `QueryDoc` Kudos to @erik-krogh for the suggestion.	2023-06-20 14:41:57 +02:00
Tony Torralba	7837959bdf	QL: Add query to find Android queries with improper ids	2023-06-20 12:37:24 +02:00
Jeroen Ketema	9633f00ed1	QL-for-QL: Rewrite inline expectation tests to use parameterized module	2023-06-09 10:42:46 +02:00
dependabot[bot]	d38bca1e8c	Bump regex from 1.8.3 to 1.8.4 in /ql Bumps [regex](https://github.com/rust-lang/regex) from 1.8.3 to 1.8.4. - [Release notes](https://github.com/rust-lang/regex/releases) - [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md) - [Commits](https://github.com/rust-lang/regex/compare/1.8.3...1.8.4) --- updated-dependencies: - dependency-name: regex dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-06-06 04:02:46 +00:00
dependabot[bot]	75f6355bd6	Bump chrono from 0.4.25 to 0.4.26 in /ql Bumps [chrono](https://github.com/chronotope/chrono) from 0.4.25 to 0.4.26. - [Release notes](https://github.com/chronotope/chrono/releases) - [Changelog](https://github.com/chronotope/chrono/blob/main/CHANGELOG.md) - [Commits](https://github.com/chronotope/chrono/compare/v0.4.25...v0.4.26) --- updated-dependencies: - dependency-name: chrono dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-05-31 04:06:22 +00:00
dependabot[bot]	39a07d42a1	Bump chrono from 0.4.24 to 0.4.25 in /ql Bumps [chrono](https://github.com/chronotope/chrono) from 0.4.24 to 0.4.25. - [Release notes](https://github.com/chronotope/chrono/releases) - [Changelog](https://github.com/chronotope/chrono/blob/main/CHANGELOG.md) - [Commits](https://github.com/chronotope/chrono/compare/v0.4.24...v0.4.25) --- updated-dependencies: - dependency-name: chrono dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-05-30 04:03:50 +00:00
dependabot[bot]	4ab389bf1a	Bump regex from 1.8.2 to 1.8.3 in /ql Bumps [regex](https://github.com/rust-lang/regex) from 1.8.2 to 1.8.3. - [Release notes](https://github.com/rust-lang/regex/releases) - [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md) - [Commits](https://github.com/rust-lang/regex/compare/1.8.2...1.8.3) --- updated-dependencies: - dependency-name: regex dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-05-26 04:02:31 +00:00
Asger F	818753e922	Merge pull request #13265 from asgerf/rb/delete-name-clash Ruby: fix some name clashes between summarized callables	2023-05-24 11:08:56 +02:00
Asger F	5b7f69cf0a	QL4QL: Fix a warning about repeating alert location	2023-05-24 09:55:09 +02:00
Arthur Baars	e33f3a6668	Merge pull request #13154 from aibaars/sync-dbscheme-py JS/Ruby/QL/Python: sync dbscheme fragments	2023-05-23 19:14:29 +02:00
Asger F	e4e52e77f7	QL4QL: Add query to warn about name clashes between summarized callables	2023-05-23 18:01:31 +02:00
dependabot[bot]	3a39e8badf	Bump regex from 1.8.1 to 1.8.2 in /ql Bumps [regex](https://github.com/rust-lang/regex) from 1.8.1 to 1.8.2. - [Release notes](https://github.com/rust-lang/regex/releases) - [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md) - [Commits](https://github.com/rust-lang/regex/compare/1.8.1...1.8.2) --- updated-dependencies: - dependency-name: regex dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-05-23 04:14:09 +00:00
Arthur Baars	bec2b7fef9	QL/Ruby: update dbscheme stats	2023-05-22 19:37:58 +02:00
Arthur Baars	d2bc66e393	QL: switch to shared YAML extractor	2023-05-22 19:28:59 +02:00
Arthur Baars	9f83dd5c7a	Tree-sitter extractor: extract shared dbscheme fragments into 'prefix.dbscheme'	2023-05-22 19:28:51 +02:00
Harry Maclean	48f22681a5	Merge pull request #13029 from hmac/ruby-autobuilder-refactor Shared: Share autobuilder code between Ruby and QL	2023-05-12 18:24:06 +07:00
Kasper Svendsen	1af1bf8917	QL: Enable implicit this receiver warnings	2023-05-12 11:35:35 +02:00
Kasper Svendsen	3dbc0cf0b6	QL: Make implicit receivers explicit	2023-05-12 11:35:35 +02:00
Kasper Svendsen	a920c13869	Remove ql/implicit-this restriction to files with explicit this	2023-05-11 13:15:48 +02:00
Harry Maclean	9203efbdc4	Shared: Share autobuilder code between Ruby and QL	2023-05-05 07:20:14 +00:00
Harry Maclean	149722a877	Merge pull request #12881 from hmac/extractor-high-level-api Shared: High level extractor API	2023-05-04 13:57:40 +07:00
Harry Maclean	5688da145d	Shared: fix missing import	2023-04-27 07:13:59 +00:00
Harry Maclean	8a89aec220	Shared: Handle trap compression option properly Extracting the compression setting from an environment variable is the responsibility of the API consumer.	2023-04-27 05:06:57 +00:00
dependabot[bot]	738e3857e7	Bump tracing from 0.1.37 to 0.1.38 in /ql Bumps [tracing](https://github.com/tokio-rs/tracing) from 0.1.37 to 0.1.38. - [Release notes](https://github.com/tokio-rs/tracing/releases) - [Commits](https://github.com/tokio-rs/tracing/compare/tracing-0.1.37...tracing-0.1.38) --- updated-dependencies: - dependency-name: tracing dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-04-26 04:04:15 +00:00
Erik Krogh Kristensen	b0efff0110	Merge pull request #12904 from github/dependabot/cargo/ql/tracing-subscriber-0.3.17 Bump tracing-subscriber from 0.3.16 to 0.3.17 in /ql	2023-04-24 11:05:36 +02:00
dependabot[bot]	5e274c9664	Bump tracing-subscriber from 0.3.16 to 0.3.17 in /ql Bumps [tracing-subscriber](https://github.com/tokio-rs/tracing) from 0.3.16 to 0.3.17. - [Release notes](https://github.com/tokio-rs/tracing/releases) - [Commits](https://github.com/tokio-rs/tracing/compare/tracing-subscriber-0.3.16...tracing-subscriber-0.3.17) --- updated-dependencies: - dependency-name: tracing-subscriber dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-04-24 04:12:25 +00:00
dependabot[bot]	a5e919b6cb	Bump regex from 1.8.0 to 1.8.1 in /ql Bumps [regex](https://github.com/rust-lang/regex) from 1.8.0 to 1.8.1. - [Release notes](https://github.com/rust-lang/regex/releases) - [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md) - [Commits](https://github.com/rust-lang/regex/commits/1.8.1) --- updated-dependencies: - dependency-name: regex dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-04-24 04:12:06 +00:00
dependabot[bot]	149753c052	Bump regex from 1.7.3 to 1.8.0 in /ql Bumps [regex](https://github.com/rust-lang/regex) from 1.7.3 to 1.8.0. - [Release notes](https://github.com/rust-lang/regex/releases) - [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md) - [Commits](https://github.com/rust-lang/regex/commits) --- updated-dependencies: - dependency-name: regex dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2023-04-21 04:03:04 +00:00
Harry Maclean	da9a49d6e4	QL: Use high level extractor API	2023-04-20 08:07:40 +07:00
Harry Maclean	c44fbc1063	Merge pull request #12786 from hmac/merge-extractor-binaries Ruby/QL: Merge extractor binaries	2023-04-19 15:17:25 +07:00

1 2 3 4 5 ...

977 Commits