hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 02:13:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,658 Commits 1,671 Branches 157 Tags
rust-ti-implementing-type-method
Commit Graph

78658 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Taus
68668b8e22 Python: Fix grammar in change note 2025-03-27 23:23:29 +01:00
Asger F
2460874f47 JS: Add bogus model for testing 2025-03-27 20:13:27 +01:00
Arthur Baars
7fc7b7cc04 Rust: fix CleartextLogging query 2025-03-27 18:38:57 +00:00
Arthur Baars
6dff6826f0 Revert "Rust: accept test changes for now" 
This reverts commit bf32acc198.
 2025-03-27 18:33:00 +00:00
Owen Mansel-Chan
dc242da4be Merge pull request #19090 from owen-mc/review/egregius313/18902 
Go: Add `database` source models for the `squirrel` package (#2)
 2025-03-27 15:54:25 +00:00
Joe Farebrother
2fd9b16736 Attempt performance improvement for fileLocalFlow 2025-03-27 15:45:38 +00:00
Napalys Klicius
32369dab7d Merge pull request #19124 from Napalys/js/hapi_upgrade 
JS: Support for newer version of `Hapi` - `@hapi/hapi`
 2025-03-27 16:42:51 +01:00
Taus
980c7d83da Python: Add change note 2025-03-27 15:33:00 +00:00
Taus
f601f4ad9b Python: Update test expectations 
As we're no longer tracking tuples across function boundaries, we lose
the result that related to this setup (which, as the preceding commit
explains, lead to a lot of false positives).
 2025-03-27 15:31:28 +00:00
Taus
2dcd7895ec Python: Modernise py/mixed-tuple-returns 
Removes the dependence on points-to in favour of an approach based on
(local) data-flow.

I first tried a version that used type tracking, as this more accurately
mimics the behaviour of the old query. However, I soon discovered that
there were _many_ false positives in this setup. The main bad pattern I
saw was a helper function somewhere deep inside the code that both
receives and returns an argument that can be tuples with different sizes
and origins. In this case, global flow produces something akin to a
cartesian product of "n-tuples that flow into the function" and
"m-tuples that flow into the function" where m < n.

To combat this, I decided to instead focus on only flow _within_ a given
function (and so local data-flow was sufficient).

Additionally, another class of false positives I saw was cases where the
return type actually witnessed that the function in question could
return tuples of varying sizes. In this case it seems reasonable to not
flag these instances, since they are already (presumably) being checked
by a type checker.

More generally, if you've annotated the return type of the function with
anything (not just `Tuple[...]`), then there's probably little need to
flag it.
 2025-03-27 15:27:42 +00:00
Tamas Vajk
42278eb6cf Add imports for specific jump nodes 2025-03-27 16:07:09 +01:00
Tom Hvitved
f6ac82aff0 Rust: Add more path resolution tests 2025-03-27 15:54:57 +01:00
Paolo Tranquilli
cf63dae608 Merge branch 'main' into redsun82/codegen-rename-dbscheme 2025-03-27 15:12:16 +01:00
Owen Mansel-Chan
8bc70be3c7 Address review comments 2025-03-27 13:53:09 +00:00
Asger F
e52bea630a JS: Add caveat about precision issue 2025-03-27 14:27:00 +01:00
Simon Friis Vindum
e2ed848dbb Merge pull request #19130 from paldepind/rust-type-alias-string 
Rust: Implement toString on type aliases and add docs
 2025-03-27 14:22:46 +01:00
Asger F
ed50343cc2 Merge pull request #19077 from asgerf/js/jsdoc-name-tokens 
JS: Separate JSDoc qualified names into individual identifiers
 2025-03-27 14:22:11 +01:00
Asger F
7de6a1e1c5 JS: Add documentation and example 2025-03-27 14:21:06 +01:00
Asger F
13d2453a45 JS: Add GuardedRouteHandler access path component 2025-03-27 13:59:41 +01:00
Geoffrey White
9ae271a7d1 Rust: Fix incidentally affected test merge conflict. 2025-03-27 12:55:36 +00:00
Geoffrey White
4e496fe7b2 Rust: Lets just not model 'drop' incorrectly, for now. 2025-03-27 12:25:08 +00:00
Napalys Klicius
e69929ebc6 Update javascript/ql/lib/change-notes/2025-03-26-hana-db-client.md 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2025-03-27 13:01:09 +01:00
Simon Friis Vindum
533fdcf332 Rust: Remove unnecessary seperator 2025-03-27 12:56:54 +01:00
Napalys Klicius
fdea22fbc3 Merge pull request #19129 from Napalys/js/readfile_async 
JS: Add support for `async` `readFile`
 2025-03-27 12:34:39 +01:00
Napalys Klicius
261d28a591 Merge pull request #19099 from Napalys/js/axios_missing_methods 
JS: Added support for missing `axios` methods
 2025-03-27 12:03:11 +01:00
Asger F
441ca1c862 JS: Change compatibility of upgrade script to partial 2025-03-27 11:54:01 +01:00
Asger F
86ae8012be Expand downgrade script 2025-03-27 11:52:11 +01:00
Asger F
cccea919b4 JS: Update stats file 2025-03-27 11:52:10 +01:00
Asger F
ab1f929228 JS: Add downgrade script 2025-03-27 11:52:08 +01:00
Asger F
02ee8cfe2d JS: Add upgrade script 2025-03-27 11:51:27 +01:00
Asger F
da269c6fb1 JS: More test updates 2025-03-27 11:51:25 +01:00
Asger F
50202d574f JS: Update some deprecated calls to getName() 2025-03-27 11:51:24 +01:00
Asger F
c8817d9667 JS: Parse with proper locations 2025-03-27 11:51:23 +01:00
Asger F
cc2bec0808 JS: Ensure correct value is used in parseNameExpression() 
The call to expect() below here updates 'token' and 'value' to that of the NEXT token (not the name).

The code happened to work because the 'value' field is only updated if a token with a relevant value is found. E.g. if a name token could be followed by another name, then we would have seen the wrong name here.
 2025-03-27 11:51:21 +01:00
Asger F
6868f66108 JS: Restrict size of hasNameParts 
Test updates look OK. Some intermediate results are omitted but the
qualified name of the final type names are still present.
 2025-03-27 11:51:20 +01:00
Asger F
b1554443d8 JS: Update TRAP output 2025-03-27 11:51:19 +01:00
Asger F
328bf753b4 JS: Benign test updates 2025-03-27 11:51:17 +01:00
Asger F
fa53ff9f3e JS: Update extractor version string 2025-03-27 11:51:16 +01:00
Asger F
3a6089740e JS: Separate JSDoc qualified names into individual identifiers 2025-03-27 11:51:14 +01:00
Asger F
c61454b5ca JS: Remove unused 'spec' field 2025-03-27 11:51:13 +01:00
Simon Friis Vindum
0d75054955 Rust: Implement toString on type aliases and add docs 2025-03-27 11:34:39 +01:00
Michael B. Gale
2aee47b257 Merge pull request #18850 from github/mbg/csharp/inject-proxy-urls 
C#: Automatically use configured private registry feeds
 2025-03-27 10:11:05 +00:00
Geoffrey White
8598d619f2 Rust: Add a test case involving a Drop method. 2025-03-27 09:39:25 +00:00
Arthur Baars
9dd7b20db7 Merge pull request #18960 from github/aibaars/rust-tainted-path 
Rust: TaintedPath query
 2025-03-27 10:37:36 +01:00
Tamas Vajk
d824d24c49 Improve code quality 2025-03-27 10:31:48 +01:00
Napalys Klicius
d771a91c9c Update javascript/ql/lib/change-notes/2025-03-26-async-fileRead.md 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2025-03-27 10:21:23 +01:00
Geoffrey White
d1a0237e87 Rust: Correct a few details in the test. 2025-03-27 09:20:25 +00:00
Michael Nebel
0a0ec180ec Merge pull request #19114 from michaelnebel/csharp/modelgenparammodifiers 
C#: Correct printing of returns via out/ref parameters in model generation.
 2025-03-27 10:03:27 +01:00
Tamás Vajk
3fbfc41814 Merge pull request #18974 from tamasvajk/tamasvajk/rename-ccr-suite-quality 
Rename the CCR query suite to code-quality
 2025-03-27 10:01:48 +01:00
Tamas Vajk
b5684fd5b2 Change ccr suite name to code-quality in python script 2025-03-27 08:36:53 +01:00