hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,161 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.6
Commit Graph

84161 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Napalys Klicius
7cbaa114a3 Merge pull request #20296 from Napalys/js/remote-property-injection-update 
JS: Detect property injection via object enumeration patterns
 2025-09-03 14:38:24 +02:00
Napalys Klicius
8fc81f4263 Merge branch 'main' into js/remote-property-injection-update 2025-09-03 14:02:19 +02:00
Taus
f6732a927b Python: Bump extractor version 2025-09-03 11:56:54 +00:00
Taus
13a93c7e32 Python: Add suggestions from Copilot 2025-09-03 11:55:49 +00:00
Simon Friis Vindum
e610465ee8 Rust: Suppress type inference inconsistency that can be explained by path resolution 2025-09-03 12:53:30 +02:00
Michael Nebel
a9baf34629 Merge pull request #20324 from michaelnebel/actions/ql4ql 
Actions: Fix some Ql4Ql violations.
 2025-09-03 12:29:06 +02:00
Tom Hvitved
f2b8ac127f Merge pull request #20351 from hvitved/rust/summarized-callable-location 
Rust: Assign locations to all `DataFlowCallable`s
 2025-09-03 12:24:37 +02:00
Joe Farebrother
71dec0b23e Fix typos 2025-09-03 11:22:46 +01:00
Joe Farebrother
9fa630faf5 Add comments documenting helper predicates, and add call resolve condition to callMatchesSignature to avoid cartesian product 2025-09-03 11:00:59 +01:00
Tom Hvitved
dff5ed7d29 Rust: Assign locations to all DataFlowCallables 2025-09-03 11:21:57 +02:00
Joe Farebrother
cd6a151d9b Add missing predicate + update test output 2025-09-03 09:48:07 +01:00
Michael Nebel
fb1387340f Merge pull request #20349 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2025-09-03 08:24:00 +02:00
Michael Nebel
83d53baf82 C++: Fix some Ql4Ql violations. 2025-09-03 08:19:18 +02:00
Michael Nebel
462d639627 C++: Fix some Ql4Ql violations. 2025-09-03 08:13:20 +02:00
github-actions[bot]
9f31f02c12 Add changed framework coverage reports 2025-09-03 00:21:42 +00:00
Joe Farebrother
2dcf3c7c45 Remove erronous private 2025-09-02 22:16:41 +01:00
Asger F
1ea843f23c Merge pull request #20323 from asgerf/js/remove-totalorder 
JS: Remove totalorder()
 2025-09-02 22:08:33 +02:00
idrissrio
5d2268fa80 Java: accept new test results after extractor update 2025-09-02 20:19:38 +02:00
Jeroen Ketema
ab3ad20a1e Merge pull request #20319 from jketema/ir-vla-sizeof 
C++: Support `sizeof` VLAs in the IR
 2025-09-02 17:29:18 +02:00
Jeroen Ketema
8de1ed0d85 C++: Address review comments 2025-09-02 17:03:48 +02:00
Simon Friis Vindum
de8e535c3a Rust: Move predicates up to right before first usage 2025-09-02 16:34:03 +02:00
Simon Friis Vindum
1b683f6359 Rust: Infer certain type for self shorthand 2025-09-02 16:30:21 +02:00
Simon Friis Vindum
f7201023de Rust: Add annotations to type inference tests 2025-09-02 16:24:40 +02:00
Simon Friis Vindum
17d23a9b78 Merge pull request #20343 from paldepind/rust/certain-type-inline-expectation 
Rust: Change inline expectation annotation for inferred certain types
 2025-09-02 15:07:41 +02:00
Taus
bda522052b Python: Update bazel dependencies 2025-09-02 12:51:36 +00:00
Taus
9802ad77dc Python: Update types_new.py and test output 2025-09-02 12:41:57 +00:00
Taus
235822d782 Python: Improve handling of syntax errors 
Rather than relying on matching arbitrary nodes inside tree-sitter-graph
and then checking whether they are of type ERROR or MISSING (which seems
to have stopped working in later versions of tree-sitter), we now
explicitly go through the tree-sitter tree, locating all of the error
and missing nodes along the way. We then add these on to the graph
output in the same format as was previously produced by
tree-sitter-graph.

Note that it's very likely that some of the syntax errors will move
around a bit as a consequence of this change. In general, we don't
expect syntax errors to have stable locations, as small changes in the
grammar can cause an error to appear in a different position, even if
the underlying (erroneous) code has not changed.
 2025-09-02 12:41:57 +00:00
Taus
b108d47b26 Python: Update parser test output 
It seems that with a newer version of tree-sitter, we no longer parse
the (not actually valid!) syntax `Spam[**P2]` as if the `**` is an
exponentiation operation (with a missing left operand).
 2025-09-02 12:41:55 +00:00
Taus
5fb28b9f6d Python: Update bazel dependencies 2025-09-02 12:41:48 +00:00
Taus
76f15a890c Python: Update tree-sitter dependency 
Updates the Python extractor to depend on version 0.24.7 of tree-sitter
(and 0.12.0 of tree-sitter-graph).

A few changes were needed in order to make the code build and run after
updating the dependencies:

- In `main.rs`, the `Language` parameter is now passed as a reference.
- In `python.tsg`, many queries had captures that were not actually used
in the body of the stanza. This is no longer allowed (unless the
captures start with an underscore), as it may indicate an error. To fix
this, I added underscores in the appropriate places (and verified that
none of these unused captures were in fact bugs).
 2025-09-02 12:40:20 +00:00
Michael Nebel
31852985e5 Merge pull request #20335 from michaelnebel/shared/ql4ql 
Shared and Sync: Fix some Ql4Ql violations.
 2025-09-02 14:37:34 +02:00
Arthur Baars
0bb7fdccf6 Merge pull request #20347 from github/post-release-prep/codeql-cli-2.23.0 
Post-release preparation for codeql-cli-2.23.0
 2025-09-02 14:14:03 +02:00
Anders Schack-Mulligen
f833fe0e6e Merge pull request #20300 from aschackmull/cfg/successortype 
Shared: Add a shared SuccessorType implementation
 2025-09-02 14:09:35 +02:00
Michael Nebel
d3d737b383 Merge pull request #20330 from michaelnebel/python/ql4ql 
Python: Fix some Ql4Ql violations.
 2025-09-02 14:01:54 +02:00
Michael Nebel
9d521e9cb6 Merge pull request #20333 from michaelnebel/rust/ql4ql 
Rust: Fix some Ql4Ql violations.
 2025-09-02 14:00:47 +02:00
Michael Nebel
7490d8ddd2 Shared and Sync: Fix some Ql4Ql violations. 2025-09-02 13:54:22 +02:00
github-actions[bot]
e8a2600a0c Post-release preparation for codeql-cli-2.23.0 2025-09-02 11:46:23 +00:00
Simon Friis Vindum
8a92b2d611 Rust: Change inline expectation annotation for certain inferred types 2025-09-02 13:44:06 +02:00
Michael Nebel
6f5da528a4 Update rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll 
Co-authored-by: Simon Friis Vindum <paldepind@github.com>
 2025-09-02 13:34:23 +02:00
Michael Nebel
464d8b13a8 Rust: Address review comments. 2025-09-02 13:33:51 +02:00
Jeroen Ketema
9431b0c754 C++: Add change note for new VlaDeclStmt predicates 2025-09-02 13:17:26 +02:00
Arthur Baars
28f02c07d7 Merge pull request #20346 from github/release-prep/2.23.0 
Release preparation for version 2.23.0
codeql-cli/v2.23.0 		2025-09-02 13:13:45 +02:00
github-actions[bot]
0bfa93828b Release preparation for version 2.23.0 2025-09-02 11:09:32 +00:00
Michael Nebel
90caded4fe Apply suggestion from @aschackmull 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2025-09-02 13:08:31 +02:00
Joe Farebrother
318d1cd392 Increase precision in detecting call matches signature 2025-09-02 12:02:08 +01:00
Jeroen Ketema
f4df3881f8 C++: Handle *& sequences in sizeof VLA expressions 2025-09-02 12:29:24 +02:00
Jeroen Ketema
438cc961da C++: Document TranslatedSizeofExpr 2025-09-02 12:29:21 +02:00
Jeroen Ketema
8a7553232f C++: Add more sizeof VLA tests 2025-09-02 12:29:19 +02:00
Jeroen Ketema
f68d3477d4 C++: Output necessary conversions in the sizeof VLA IR 2025-09-02 12:29:17 +02:00
Jeroen Ketema
f0f66c6d58 C++: Minor refactor 
* Introduce new instruction tag for the base size
* Introduce some convenience predicates on `VlaDeclStmt`
 2025-09-02 12:29:15 +02:00