hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,658 Commits 1,672 Branches 157 Tags
rust-ti-implementing-type-method
Commit Graph

78658 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
d8c9427d3e Merge pull request #18700 from hvitved/rust/shorthand-struct 
Rust: Shorthand record construction in data flow
 2025-02-07 10:59:52 +01:00
Paolo Tranquilli
f6301b8ea8 Rust: remove unneeded and now broken bazel workaround 2025-02-07 10:59:11 +01:00
Paolo Tranquilli
75b5493c9b Bazel: update rules_rust 2025-02-07 10:43:10 +01:00
Simon Friis Vindum
5bef9c98ff Rust: Accept changes 2025-02-07 10:20:15 +01:00
Simon Friis Vindum
c9b5dab097 Rust: Add additional tests for model generation 2025-02-07 09:05:27 +01:00
Tom Hvitved
100de73066 Merge pull request #18689 from hvitved/rust/path-resolution-type-param 
Rust: Extend path resolution to cover type parameters
 2025-02-07 08:55:27 +01:00
Simon Friis Vindum
9bcfd010d4 Merge pull request #18676 from paldepind/rust-model-clone 
Rust: Model `clone`
 2025-02-07 08:37:44 +01:00
yoff
37ddaa36ad Merge pull request #18702 from github/tausbn/python-allow-comments-in-subscripts 
Python: Allow comments in subscripts
 2025-02-06 23:31:29 +01:00
yoff
381cc20cdd Merge pull request #18703 from github/tausbn/python-robustly-handle-loop-constructs 
Python: Handle loop constructs outside of loops
 2025-02-06 23:31:04 +01:00
Remco Vermeulen
3b87fb18a6 Add CCR suite to query list 2025-02-06 14:10:27 -08:00
Ed Minnix
29d03db06b Remove unneeded disjunction 2025-02-06 15:10:06 -05:00
Chad Bentz
fd404bcbcd Update actions/ql/lib/change-notes/2025-01-07-trusted-owner-ext.md 
Co-authored-by: Dave Bartolomeo <dbartol@github.com>
 2025-02-06 14:28:07 -05:00
Ian Lynagh
05180376f2 Java: Update test output 2025-02-06 18:32:46 +00:00
Tom Hvitved
707bf16d90 Rust: Shorthand record construction in data flow 2025-02-06 19:19:18 +01:00
Tom Hvitved
9bc3b0e96e Rust: Update a test to use shorthand record syntax 2025-02-06 19:19:17 +01:00
Tom Hvitved
aca70cd1ea Merge pull request #18675 from hvitved/rust/struct-tuple-field 
Rust: Implement data flow through tuple structs
 2025-02-06 19:17:53 +01:00
yoff
d7ffc3fc77 Ruby: remove test code filtering 2025-02-06 18:10:06 +01:00
yoff
74155a0214 ruby: start adding comments 
I apuse here, because the code may be simplified
 2025-02-06 18:09:38 +01:00
Dave Bartolomeo
ca7bcc9714 Add change note 2025-02-06 11:50:59 -05:00
Dave Bartolomeo
cb7aeea516 Use standard query selectors for actions-code-scanning and actions-security-extended 2025-02-06 11:34:43 -05:00
Dave Bartolomeo
74619d49b3 Update precision and severity for unpinned-tag 
This ensures that it will be in `security-extended`, but not the default suite.
 2025-02-06 11:33:17 -05:00
Dave Bartolomeo
81ff4dd81c Update severity for excessive-secrets-exposure 
This ensures that it will remain in the default suite.
 2025-02-06 11:32:32 -05:00
Dave Bartolomeo
d7259c17db Add security tag for missing-actions-permissions 
This ensures that it will remain in the default suite.
 2025-02-06 11:31:36 -05:00
Dave Bartolomeo
909de5280c Update severity and precision of a few injection queries 
These will wind up in `security-extended`, when previously they were not in any of the standard suites.
 2025-02-06 11:30:43 -05:00
Dave Bartolomeo
e2ab65ea3e Update qlref paths 2025-02-06 11:20:19 -05:00
yoff
51a2d8c72f ruby: rename query 2025-02-06 17:07:12 +01:00
yoff
d9d0d3c18b ruby: add code block 2025-02-06 16:59:23 +01:00
yoff
8aa195d838 ruby: remove comment (we can create issues) 2025-02-06 16:59:08 +01:00
Dave Bartolomeo
604dbfd0d0 Actions: Move experimental to experimental directory 
This is consistent with how other languages manage experimental queries. I've left the `experimental` tags in place.
 2025-02-06 10:54:25 -05:00
Simon Friis Vindum
b2ba5f4f38 Rust: Make imports private 2025-02-06 16:07:25 +01:00
yoff
7af8fa75e6 Apply suggestions from code review 
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
 2025-02-06 15:45:28 +01:00
Geoffrey White
78e3c89c68 Rust: Accept changes to integration tests. 2025-02-06 14:33:37 +00:00
Taus
131ec8d22f Python: Handle loop constructs outside of loops 
Observed on some test files in Nuitka/Nuitka, having `break` and
`continue` outside of loops in Python is (to Python) a syntax error, but
our parser happily accepted this broken syntax.

This then caused issues further downstream in the control-flow
construction, as it broke some invariants.

To fix this we now skip the code that would previously fail when the
invariants are broken.

Co-authored-by: yoff <yoff@github.com>
 2025-02-06 14:30:16 +00:00
Geoffrey White
bce4735062 Rust: Additional test case suggested by copilot. 2025-02-06 14:29:26 +00:00
Taus
3d25cd3bb5 Python: Add change note 2025-02-06 14:08:20 +00:00
Taus
7124e80f28 Python: Regenerate parser files 2025-02-06 14:05:40 +00:00
Taus
c5be2a3e2d Python: Allow comments in subscripts 
Once again, the interaction between anchors and extras (specifically
comments) was causing trouble.

The root of the problem was the fact that in `a[b]`, we put `b` in the
`index` field of the subscript node, whereas in `a[b,c]`, we
additionally synthesize a `Tuple` node for `b,c` (which matches the
Python AST).

To fix this, we refactored the grammar slightly so as to make that tuple
explicit, such that a subscript node either contains a single expression
or the newly added tuple node. This greatly simplifies the logic.
 2025-02-06 14:04:57 +00:00
yoff
40851aeaef Merge pull request #18687 from github/tausbn/python-print-file-path-on-context-error 
Python: Print file path when logging context errors
 2025-02-06 15:01:06 +01:00
Geoffrey White
a8a051234e Rust: Model parse. 2025-02-06 12:51:41 +00:00
Geoffrey White
d0f5aad085 Rust: Model to_string. 2025-02-06 12:51:40 +00:00
Geoffrey White
1ff7a521d5 Rust: Add a flow test for some iterator methods. 2025-02-06 12:51:34 +00:00
Anders Schack-Mulligen
57735388e0 Merge pull request #18655 from aschackmull/java/typeflow-joinorder 
TypeFlow: Improve join-order.
 2025-02-06 13:12:52 +01:00
Asger F
7f4facc864 Merge pull request #18661 from asgerf/js/hoist-in-block 
JS: Hoist function declarations to the top of a block statement
 2025-02-06 12:38:51 +01:00
Chris Smowton
269f63d6b1 Format 2025-02-06 11:36:45 +00:00
Chris Smowton
b8a720510c Use root dir license rather than removed Go license 2025-02-06 11:17:23 +00:00
Asger F
d3b9d1d89d JS: Partial SSRF does not select the sink location 2025-02-06 11:30:32 +01:00
Geoffrey White
c597818c4b Rust: Add a flow test for to_string() and parse(). 2025-02-06 10:30:27 +00:00
Asger F
7d6abb4e0a JS: Disable diff-informedness for full SSRF 
Partial SSRF uses its result in a way that prevents diff-informedness
 2025-02-06 11:30:18 +01:00
Geoffrey White
6966c96e7a Rust: Add a test case for parse on a command line arg. 2025-02-06 10:29:53 +00:00
Chris Smowton
ffc6b7abb6 Update license; remove redundant Go qlpack license. 2025-02-06 10:23:37 +00:00