hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
80,824 Commits 1,671 Branches 157 Tags
ginsbach/EnableJavaOverlayCompilation
Commit Graph

80824 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Joe Farebrother
4cbaeb10e9 Merge pull request #19641 from joefarebrother/python-qual-file-not-closed 
Python: Improve performance of FileNotClosed query by using basic block reachability
 2025-06-26 23:35:38 +01:00
Jeroen Ketema
0996e6083e C++: Pretty print MaD ids in test output 2025-06-26 23:38:32 +02:00
REDMOND\brodes
0aee4f76f9 Crypto: Minor change to force CI/CD checks to restart, prior ql check failures do not make sense. 2025-06-26 16:35:01 -04:00
REDMOND\brodes
dc8d22a468 Crypto: Fix JCA to account for new key gen instance API in model.qll. 2025-06-26 15:48:10 -04:00
REDMOND\brodes
505d8806c7 Crypto: Add key input support for the graph for key generation operations. 2025-06-26 11:51:49 -04:00
Taus
cd0e46314c Python: Add change note 2025-06-26 15:36:02 +00:00
Taus
ad53518644 Python: Regenerate parser files 2025-06-26 15:34:44 +00:00
Taus
e04821e9e3 Python: Allow use of match as an identifier 
This previously only worked in certain circumstances. In particular,
assignments such as `match[1] = ...` or even just `match[1]` would fail
to parse correctly.

Fixing this turned out to be less trivial than anticipated. Consider the
fact that
```
match [1]: case (...)
```
can either look the start of a `match` statement, or it could be a type
ascription, ascribing the value of `case(...)` (a call) to the item at
index 1 of `match`.

To fix this, then, we give `match` the identifier and `match` the
statement the same precendence in the grammar, and additionally also
mark a conflict between `match_statement` and `primary_expression`. This
causes the conflict to be resolved dynamically, and seems to do the
right thing in all cases.
 2025-06-26 15:33:00 +00:00
Nicolas Will
c54e68c855 Merge branch 'main' into pr/19880 2025-06-26 16:47:38 +02:00
Jeroen Ketema
ec09d36667 Merge pull request #19832 from ebickle/feature/oracle-model 
C++:  Support SQL Injection sinks for Oracle Call Interface (OCI)
 2025-06-26 16:33:55 +02:00
Nicolas Will
0a97357216 Merge pull request #19814 from bdrodes/codescanning_fixes_cpp 
Crypto: Fix QL-for-QL alerts and refactor type standardization
 2025-06-26 16:33:19 +02:00
Paolo Tranquilli
4799861225 Merge branch 'redsun82/codegen-new-parent-child' into redsun82/rust-item-reorg 2025-06-26 16:29:42 +02:00
Owen Mansel-Chan
2ed451c9e3 Reformat references 2025-06-26 15:20:07 +01:00
Owen Mansel-Chan
10bb88825e Add full stop at the end of each reference 2025-06-26 15:20:06 +01:00
Owen Mansel-Chan
297cdb53aa Update guide to specify a full stop at the end of each reference 2025-06-26 15:20:04 +01:00
Eric Bickle
1142efbc03 Merge branch 'main' into feature/oracle-model 2025-06-26 06:48:40 -07:00
Eric Bickle
3083bdb0b4 C++: Update MaD line numbers in flow.expected 2025-06-26 06:47:24 -07:00
Owen Mansel-Chan
9f0f40d6ce Add "Correct Usage" and "Incorrect Usage" headings 2025-06-26 14:40:49 +01:00
Owen Mansel-Chan
9521994adc Fix format of markdown query help files 2025-06-26 14:40:07 +01:00
Tom Hvitved
9a48459951 Add change note 2025-06-26 15:14:08 +02:00
Nicolas Will
652e7ba15b Merge branch 'main' into codescanning_fixes_cpp 2025-06-26 14:54:36 +02:00
Michael Nebel
37b3ca036a Python: Freeze the quality queries in the security-and-quality suite. 2025-06-26 14:45:05 +02:00
Michael Nebel
d926a6a47d Go: Freeze the quality queries in the security-and-quality suite. 2025-06-26 14:35:21 +02:00
Michael Nebel
7fecf7466f Ruby: Freeze the quality queries in the security-and-quality suite. 2025-06-26 14:26:28 +02:00
Michael Nebel
145ada53f2 C#/Java/JavaScript: Re-factor query suites to use the new selector. 2025-06-26 14:19:27 +02:00
Nick Rolfe
5a176d6fbd Merge pull request #19878 from github/nickrolfe/ql-overlay 
Ruby/Rust/QL: simplify generation of overlay-related tables/predicates
 2025-06-26 08:10:10 -04:00
Michael Nebel
3efbed56b0 Shared: Modify the frozen selector to only include security queries. 2025-06-26 14:09:43 +02:00
Michael Nebel
1fbf3a39fb Shared: Add a copy of the security-and-quality selector. 2025-06-26 14:05:46 +02:00
Tom Hvitved
b70aa804e5 Rust: Cache DataFlow::Node.{toString,getLocation} 2025-06-26 13:49:37 +02:00
Nora Dimitrijević
89f1ee0301 Ruby: add meta/TaintedNodes.ql test 2025-06-26 13:22:07 +02:00
Nora Dimitrijević
e0b3a2c5f9 Java: convert ArbitraryApkInstallation test to .qlref 2025-06-26 13:22:05 +02:00
Kasper Svendsen
712e64e4a8 Overlay: Add overlay annotations to shared Guards library 2025-06-26 13:19:49 +02:00
Kasper Svendsen
9d2dd782d9 Merge remote-tracking branch 'github/main' into kaspersv/overlay-java-annotations 2025-06-26 13:18:25 +02:00
Jeroen Ketema
a5737dded3 Merge branch 'main' into feature/oracle-model 2025-06-26 12:48:55 +02:00
Tamás Vajk
ae36f94d5e Merge pull request #19844 from tamasvajk/tamasvajk/threadpoolexecutor 
Java: Add `java/javautilconcurrentscheduledthreadpoolexecutor` query for zero thread pool size
 2025-06-26 12:36:09 +02:00
Paolo Tranquilli
de72e68d2c Merge branch 'main' into redsun82/codegen-new-parent-child 2025-06-26 12:14:53 +02:00
Paolo Tranquilli
afc78ced50 Merge pull request #19874 from github/redsun82/codegen-use-one-test-file 
Codegen: use one generated test file per directory
 2025-06-26 11:59:40 +02:00
Anders Schack-Mulligen
321a4afd5c Merge pull request #19883 from aschackmull/java/fix-assert-cfg 
Java: Fix assert CFG by properly tagging the false successor.
 2025-06-26 11:43:27 +02:00
Tamas Vajk
1bd543a8a2 Improve readability of the ID 2025-06-26 11:36:32 +02:00
Kasper Svendsen
64f27e2adf Java: Add abstraction for discardable locatables 2025-06-26 11:35:37 +02:00
Tamás Vajk
1e0dd2a935 Apply suggestion from @michaelnebel 
Co-authored-by: Michael Nebel <michaelnebel@github.com>
 2025-06-26 11:34:43 +02:00
Anders Schack-Mulligen
7750f1244c Merge pull request #19884 from aschackmull/guards/eqtest-refactor 
Guards: Refactor EqualityTest interface.
 2025-06-26 11:04:55 +02:00
Anders Schack-Mulligen
c091fc585b Java: Account for AssertionError possibly not being extracted. 2025-06-26 11:03:59 +02:00
Anders Schack-Mulligen
326f2b0498 Java: Accept qltest change showing FP removal. 2025-06-26 11:03:39 +02:00
Anders Schack-Mulligen
f07d9dda39 Guards: Refactor EqualityTest interface. 2025-06-26 10:26:40 +02:00
Jeroen Ketema
b16e710d3b Merge pull request #19870 from jketema/jketema/stats 
C++: Update stats file after DCA and extractor changes
 2025-06-26 10:21:35 +02:00
Anders Schack-Mulligen
1d4c8197ec Java: Fix assert CFG by properly tagging the false successor. 2025-06-26 10:18:14 +02:00
Jonas Jensen
fc2b18ae8a Java: Diff-informed CleartextStorageCookie.ql 
This query shares implementation with several other queries about
cleartext storage, but it's the only one of them that's in the
code-scanning suite. The sharing mechanism remains the same as before,
but now each query has to override `getASelectedLocation` to become
diff-informed.

Two other data-flow configurations are used in this query, but they
can't easily be made diff-informed.
 2025-06-26 09:31:11 +02:00
Paolo Tranquilli
9a8ef3acf7 Merge branch 'main' into redsun82/codegen-new-parent-child 2025-06-26 09:30:41 +02:00
Vasco-jofra
8a7516528d Update formatting 2025-06-26 09:29:07 +02:00