hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,658 Commits 1,672 Branches 157 Tags
rust-ti-implementing-type-method
Commit Graph

78658 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Anders Schack-Mulligen
3508ca89e6 Java: Restrict SSA reads to the reachable CFG. 2025-03-07 11:13:53 +01:00
Anders Schack-Mulligen
b1e53f5816 Rust: Accept consistency failure. 2025-03-07 11:11:49 +01:00
Jeroen Ketema
87ee191409 Merge pull request #18928 from jketema/desc 
C++: Improve query description and fix alignment of the text
 2025-03-07 10:47:31 +01:00
Michael Nebel
c9796ee297 C#: Add cs/call-to-object-tostring to the CCR query suite. 2025-03-07 09:52:08 +01:00
Michael Nebel
82b7a19df1 Merge pull request #18894 from michaelnebel/csharp/garbagetypes 
C#: Handle some BMN garbage types.
 2025-03-07 09:19:48 +01:00
Napalys
e0f20b2bd1 Add RegExpIntersection class to support intersection terms in regex 2025-03-07 08:58:19 +01:00
Simon Friis Vindum
fc186eb136 Include -r flag to code when creating change note 
Co-authored-by: Taus <tausbn@github.com>
 2025-03-07 08:47:21 +01:00
Napalys
9cc26208d4 Add test cases for v flag operators in RegExp library-tests. 2025-03-07 08:32:10 +01:00
Jon Janego
468c12e656 Merge pull request #18944 from github/changedocs-2.20.6 
Changedocs for 2.20.6
 2025-03-06 17:31:59 -06:00
Andrew Eisenberg
2a0e133768 Move UnversionedImmutableAction.ql to experimental 
This query will give too many false positives for users until
immutable actions is released.
 2025-03-06 15:08:02 -08:00
Jon Janego
b742ed21db Merge branch 'rc/3.17' into changedocs-2.20.6 2025-03-06 16:51:25 -06:00
Jon Janego
65d5e527c0 Apply suggestions from code review 
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
 2025-03-06 16:46:57 -06:00
Jon Janego
da7b9b7c20 rearranging golang 1.24 support 2025-03-06 15:32:48 -06:00
Jon Janego
3652a45a97 Update codeql-cli-2.20.4.rst 2025-03-06 15:10:42 -06:00
Jon Janego
1385de223f Update codeql-cli-2.20.4.rst 2025-03-06 15:10:11 -06:00
Jon Janego
2b818e3a4f Update codeql-cli-2.19.4.rst 2025-03-06 15:04:55 -06:00
Jon Janego
fc6794f6df adding 2.20.6 sitedocs 2025-03-06 14:12:54 -06:00
Tom Hvitved
5c3f21b20c Merge pull request #18937 from hvitved/rust/fix-bad-joins 
Rust: Fix bad joins
 2025-03-06 19:11:31 +01:00
Napalys
c12c12c416 Added modeling for react-relay functions that retrieve data. 2025-03-06 18:30:21 +01:00
Napalys
5a1991bb69 Added test cases for react-relay functions that retrieve data 2025-03-06 18:10:27 +01:00
Napalys
89040d0d06 Added missing response and request MaD source kinds. 2025-03-06 18:10:25 +01:00
Napalys
0166e76cca Add change note 2025-03-06 18:10:24 +01:00
Napalys
1443f314a1 Added react-relay useFragment as threat model source. 2025-03-06 18:10:23 +01:00
Napalys
1e3b8625e6 Added a test case where useFragment from react-relay should be marked as a source but isn't 2025-03-06 18:10:21 +01:00
Michael B. Gale
16e84d0ad0 Merge pull request #18929 from github/mbg/go/filter-more-vendor-dirs 
Go: Support more dependency managers in `IsGolangVendorDirectory`
 2025-03-06 16:10:18 +00:00
Michael B. Gale
b872c60e1c Go: Support more dependency managers in IsGolangVendorDirectory 2025-03-06 15:40:44 +00:00
Anders Schack-Mulligen
da579c27fc Merge pull request #18934 from aschackmull/ssa/refactor5 
SSA: Replace the Guards interface in the SSA data flow integration.
 2025-03-06 15:11:52 +01:00
Taus
6546bb1b1d Merge branch 'main' into tausbn/python-fix-match-pruning-logic 2025-03-06 14:37:58 +01:00
Anders Schack-Mulligen
97a3411c0c Ruby: Accept test output. 2025-03-06 13:58:14 +01:00
Michael Nebel
61c043fd4a Merge pull request #18935 from michaelnebel/csharp/useless-if-statement 
C#: Fewer alerts in `cs/useless-if-statement`.
 2025-03-06 13:53:20 +01:00
Taus
a9ab39da1b Merge pull request #18448 from github/tausbn/python-add-type-annotation-metrics-query 
Python: Add metrics query for type annotations
 2025-03-06 13:52:26 +01:00
Anders Schack-Mulligen
5e722eecf7 Ruby: Push in casts to Definition to delete the then unused DefinitionExt. 2025-03-06 13:31:31 +01:00
Anders Schack-Mulligen
9e6bdbbcbb SSA: Don't add phi-reads for frontiers of uncertain reads. 2025-03-06 12:47:38 +01:00
Anders Schack-Mulligen
947a85ed28 Java: Enable SSA consistency queries. 2025-03-06 12:47:38 +01:00
Anders Schack-Mulligen
d95114fb1d SSA: Extend consistency queries. 2025-03-06 12:47:37 +01:00
Michael Nebel
fb3ce464be C#: Address review comments. 2025-03-06 11:48:35 +01:00
Michael B. Gale
7e984ad48e Merge pull request #18938 from github/dependabot/go_modules/go/extractor/extractor-dependencies-94582fc3a1 
Bump the extractor-dependencies group in /go/extractor with 2 updates
 2025-03-06 10:47:50 +00:00
Owen Mansel-Chan
7b2912376b Add failing test for os.File.Sync with defered Close calls 2025-03-06 10:14:28 +00:00
Owen Mansel-Chan
cbe7edd9c6 Merge pull request #18907 from teuron/cwe-925 
[CWE-925] Intent verification is only needed on non-empty onReceive methods.
 2025-03-06 10:00:05 +00:00
Joe Farebrother
2692b8fa9f Merge pull request #18936 from joefarebrother/python-add-not-named-self-cls-ccr 
Python: Include `py/not-named-self` and `py/not-named-cls` in the CCR suite
 2025-03-06 09:51:14 +00:00
Owen Mansel-Chan
0c091ffe31 Merge pull request #18920 from owen-mc/go/mad/improve-sync-models 
Go: Do not track taint into a `sync.Map` via the key of a key-value pair
 2025-03-06 09:40:49 +00:00
Lukas Abfalterer
32e1589745 Update java/ql/src/change-notes/2025-03-03-fix-improper-intent-verification-query.md 
Co-authored-by: Edward Minnix III <egregius313@github.com>
 2025-03-06 09:57:16 +01:00
Tom Hvitved
ec063d0dbd Rust: Fix bad joins 
```
Evaluated relational algebra for predicate _Synth::Synth::TFormatArgument#5cbf2ffd_63#join_rhs__Format::Format.getArgumentRef/0#dispred#38d664c__#antijoin_rhs@889ee4br with tuple counts:
           11356  ~0%    {5} r1 = JOIN `_Format::Format.getArgumentRef/0#dispred#38d664cb_Format::Format.getParent/0#dispred#f6ec3e8b_10#joi__#shared` WITH Synth::Synth::TFormatArgument#5cbf2ffd_63#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3, Lhs.0
        19631351  ~0%    {6}    | JOIN WITH name_texts_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3, Lhs.4, Lhs.0
           45933  ~0%    {6}    | JOIN WITH format_args_arg_names_10#join_rhs ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Lhs.2, Lhs.3, Lhs.4, Lhs.5
             747  ~0%    {5}    | JOIN WITH format_args_expr_args_02#join_rhs ON FIRST 2 OUTPUT Lhs.0, Lhs.2, Lhs.3, Lhs.4, Lhs.5
                         return r1

Evaluated relational algebra for predicate __Format::Format.getParent/0#dispred#f6ec3e8b_FormatArgument::FormatArgument.getParent/0#dispred#864__#antijoin_rhs@01d9d70k with tuple counts:
        19631351  ~1%    {6} r1 = JOIN `_Format::Format.getParent/0#dispred#f6ec3e8b_FormatArgument::FormatArgument.getParent/0#dispred#8641__#shared` WITH name_texts_10#join_rhs ON FIRST 1 OUTPUT Lhs.4, Lhs.0, Lhs.1, Lhs.2, Lhs.3, Rhs.1
         5173010  ~0%    {7}    | JOIN WITH format_args_expr_args ON FIRST 1 OUTPUT Rhs.2, Lhs.5, Lhs.1, Lhs.2, Lhs.3, Lhs.4, Lhs.0
             747  ~0%    {5}    | JOIN WITH format_args_arg_names ON FIRST 2 OUTPUT Lhs.2, Lhs.3, Lhs.4, Lhs.5, Lhs.6
                         return r1

Evaluated relational algebra for predicate _NamedFormatArgument::NamedFormatArgument#18940f8e__Format::Format.getParent/0#dispred#f6ec3e8b_10#j__#antijoin_rhs@dafbd6hr with tuple counts:
           11356  ~0%    {5} r1 = JOIN `_Format::Format.getParent/0#dispred#f6ec3e8b_10#join_rhs_FormatArgument::FormatArgument.getParent/0#__#shared` WITH NamedFormatArgument::NamedFormatArgument#18940f8e ON FIRST 1 OUTPUT Rhs.4, Lhs.1, Lhs.2, Lhs.3, Lhs.0
        19631351  ~0%    {6}    | JOIN WITH name_texts_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3, Lhs.4, Lhs.0
           45933  ~0%    {6}    | JOIN WITH format_args_arg_names_10#join_rhs ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Lhs.2, Lhs.3, Lhs.4, Lhs.5
             747  ~0%    {5}    | JOIN WITH format_args_expr_args_02#join_rhs ON FIRST 2 OUTPUT Lhs.0, Lhs.2, Lhs.3, Lhs.4, Lhs.5
                         return r1

```
 2025-03-06 09:02:42 +01:00
dependabot[bot]
1037626a28 Bump the extractor-dependencies group in /go/extractor with 2 updates 
Bumps the extractor-dependencies group in /go/extractor with 2 updates: [golang.org/x/mod](https://github.com/golang/mod) and [golang.org/x/tools](https://github.com/golang/tools).


Updates `golang.org/x/mod` from 0.23.0 to 0.24.0
- [Commits](https://github.com/golang/mod/compare/v0.23.0...v0.24.0)

Updates `golang.org/x/tools` from 0.30.0 to 0.31.0
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.30.0...v0.31.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
- dependency-name: golang.org/x/tools
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-03-06 04:02:51 +00:00
Owen Mansel-Chan
63bfa36be8 Convert to inline expectations test 2025-03-05 21:39:04 +00:00
Ed Minnix
ca14c5722d Add likely XSS case to integration tests 2025-03-05 12:40:26 -05:00
Ed Minnix
e2f0a61f89 Add XSS test to integration tests 2025-03-05 12:40:02 -05:00
Ed Minnix
a0fe7d6a1a Remove unused line 2025-03-05 11:04:41 -05:00
Joe Farebrother
a06de21f45 Python: Include py/not-named-self and py/not-named-cls in the CCR suite. 2025-03-05 15:13:20 +00:00
Michael Nebel
c73eeec814 C#: Add change note. 2025-03-05 15:33:02 +01:00