hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-14 11:19:27 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,799 Commits 1,759 Branches 167 Tags
tausbn/python-port-hashed-but-no-hash
Commit Graph

86799 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Taus
a7ba98cff7 Python: Eliminate some FPs 
Two main variants: cases where `__eq__` is not defined (which inherit
`__hash__` automatically), and frozen dataclasses.
 2026-04-09 21:35:05 +00:00
Taus
682178a370 Python: Port HashedButNoHash.ql 
This one is a bit more involved. Of note is the fact that it at present
only uses local flow when determining the origin of some value (whereas
the points-to version used global flow). It may be desirable to rewrite
this query to use global data-flow, but this should be done with some
care (as using "all unhashable objects" as the set of sources is
somewhat iffy with respect to performance). For that reason, I'm
sticking to mostly local flow (except for well behaved things like types
and built-ins).
 2026-04-08 12:18:51 +00:00
Taus
16683aee0e Merge pull request #21590 from github/tausbn/python-improve-bind-all-interfaces-query 
Python: Improve "bind all interfaces" query
 2026-04-07 17:59:48 +02:00
Jeroen Ketema
e7d3eedc80 Merge pull request #21661 from jketema/autoconf 
C++: Add heuristic for GNU autoconf config files
 2026-04-07 15:38:06 +02:00
Taus
4cb238f1af Merge pull request #21598 from github/tausbn/python-port-should-use-with 
Python: Port ShouldUseWithStatement.ql
 2026-04-07 14:16:41 +02:00
Mathias Vorreiter Pedersen
5e145aa27d Merge pull request #21631 from MathiasVP/expose-fwd-stage-1 
Dataflow: Expose stage 1's `fwdFlow`
 2026-04-07 11:29:56 +01:00
Mathias Vorreiter Pedersen
e06294bcb4 Shared: Respond to review comments. 2026-04-07 11:11:04 +01:00
Idriss Riouak
39f92e992a Merge pull request #21494 from github/idrissrio/java/jdk26 
Java: Accept new test results after JDK 26 extractor upgrade
 2026-04-07 12:03:36 +02:00
Jeroen Ketema
04cfd37f53 C++: Fix comments in tests 2026-04-07 10:52:12 +02:00
Jeroen Ketema
b19c648965 C++: Add heuristic for GNU autoconf config files 2026-04-07 10:43:15 +02:00
Michael Nebel
e259ebe258 Merge pull request #21627 from michaelnebel/csharp/cleanup 
C#: Deprecate get[L|R]Value predicates.
 2026-04-07 10:23:59 +02:00
idrissrio
6f199b90ba Java: Accept new test results for JDK 26 
Accept new ByteOrder.getEntries, List.ofLazy, and Map.ofLazy entries
in kotlin2 test expected files.
 2026-04-07 09:28:25 +02:00
idrissrio
3ccbd8032c Java: Accept new test results for JDK 26 
JDK 26 added ofLazy methods to List, Map, and Set collections.
Update expected test output to include these new methods.
 2026-04-07 09:28:23 +02:00
idrissrio
5a6eb79470 Java: Pin CWE-676 test to --release 25 
Thread.stop() was removed in JDK 26. Pin the test to --release 25.
 2026-04-07 09:28:22 +02:00
idrissrio
74b0e8c19a Java: Accept new test results after JDK 26 extractor upgrade 2026-04-07 09:28:20 +02:00
Tom Hvitved
7d184d0c7f Merge pull request #21206 from hvitved/rust/type-inference-closure-param-context-typed 
Rust: Infer argument types based on trait bounds on parameters
 2026-04-07 09:17:30 +02:00
Mario Campos
fb8b5699f2 Merge pull request #21639 from github/mario-campos/test-go-registries 
Add tests for multiple Git sources and GoProxy servers in registry config parsing
 2026-04-02 11:12:51 -05:00
Mario Campos
fb871cdfb8 Add tests for multiple Git sources and GoProxy servers in registry config parsing 2026-04-02 10:12:48 -05:00
Paolo Tranquilli
cedacc91db Merge pull request #21583 from github/redsun82/update-kotlin-2.3.20 
Kotlin: update to 2.3.20
 2026-04-02 15:58:22 +02:00
Mathias Vorreiter Pedersen
4d8b782695 Shared: Also expose dataflow stage 1's forward flow predicate. 2026-04-02 10:56:09 +01:00
Paolo Tranquilli
88a893efca Kotlin: update supported versions in documentation 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-02 08:34:22 +02:00
Paolo Tranquilli
2d76b41293 Merge pull request #21628 from github/redsun82/vendor-picosha2 
Vendor `PicoSHA2` into LFS
 2026-04-01 15:24:41 +02:00
Paolo Tranquilli
9a1156dd62 Vendor PicoSHA2 into LFS 
The upstream repo (`okdshin/PicoSHA2`) is a personal GitHub account,
at risk of suspension — the same scenario that hit `rules_antlr`.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-01 14:31:01 +02:00
Michael Nebel
6d5aff4822 C#: Add change-note. 2026-04-01 13:17:52 +02:00
Michael Nebel
9c095bc580 C#: Deprecate get[L|R]Value predicates. 2026-04-01 12:50:37 +02:00
Mathias Vorreiter Pedersen
43d002e6b5 Merge pull request #21619 from MathiasVP/more-http-remote-flow-sources 
C++: Add flow sources from Windows' `http.h`
 2026-03-31 15:44:39 +01:00
Mathias Vorreiter Pedersen
16a7e39e95 C++: Fix pointer indirection. Currently, this does not have any effect because of a conflation bug in taint-tracking. 2026-03-31 15:26:15 +01:00
Jeroen Ketema
17ab87d1fc Merge pull request #21618 from jketema/meson-silence 
C++: Add heuristics for meson configuration files
 2026-03-31 15:24:22 +02:00
Mathias Vorreiter Pedersen
dc8dc61196 C++: Fix type name. 2026-03-31 13:54:30 +01:00
Mathias Vorreiter Pedersen
ab34bd232e C++: Add change note. 2026-03-31 11:30:43 +01:00
Mathias Vorreiter Pedersen
9e97e0433e C++: Accept test changes. 2026-03-31 11:30:41 +01:00
Mathias Vorreiter Pedersen
102221d0aa C++: Add lots of taint inheriting content related to '_HTTP_REQUEST'. 2026-03-31 11:30:39 +01:00
Mathias Vorreiter Pedersen
c6d1ec5f64 C++: Add examples that need taint inheriting content. 2026-03-31 11:30:37 +01:00
Mathias Vorreiter Pedersen
21ea7ebe40 C++: Model a few more remote flow sources from 'http.h' and accept test changes. 2026-03-31 11:30:35 +01:00
Mathias Vorreiter Pedersen
18a25c5071 C++: Add tests with missing flow sources. 2026-03-31 11:30:33 +01:00
Paolo Tranquilli
1836a63122 Merge remote-tracking branch 'origin/main' into wild-crest-ql 2026-03-31 11:35:24 +02:00
Jeroen Ketema
ceec44b819 Apply suggestion from @Copilot 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-03-31 11:08:38 +02:00
Jeroen Ketema
d2839f4ee4 C++: Add change note 2026-03-31 11:02:40 +02:00
Anders Schack-Mulligen
2bde364bdd Merge pull request #21599 from aschackmull/csharp/constantcondition-simplify 
C#: Simplify the ConstantCondition query.
 2026-03-31 11:02:30 +02:00
Jeroen Ketema
5122f7cf92 C++: Add heuristics for meson configuration files 2026-03-31 11:02:26 +02:00
Jeroen Ketema
afd33e4dcd C++: Add test for meson configuration files 2026-03-31 10:23:51 +02:00
Anders Schack-Mulligen
29500c7eb7 C#: Add change note. 2026-03-31 09:38:45 +02:00
Anders Schack-Mulligen
2a54dce5cb C#: Remove redundant ConstantComparison.ql query. 2026-03-31 09:38:44 +02:00
Anders Schack-Mulligen
056be6d504 C#: Simplify the ConstantCondition query. 2026-03-31 09:38:44 +02:00
Anders Schack-Mulligen
71b38b71bf Merge pull request #21613 from aschackmull/csharp/consistent-cs-abbrev 
C#: Fix inconsistent casing of Cs/CS.
 2026-03-31 09:22:49 +02:00
Florin Coada
cd7bb54039 Merge pull request #21615 from github/codeql-spark-run-23750999202 
Update changelog documentation site for codeql-cli-2.25.1
 2026-03-30 16:09:14 +01:00
github-actions[bot]
3c78d8a737 update codeql documentation 2026-03-30 14:50:44 +00:00
Mathias Vorreiter Pedersen
b83d4e010b Merge pull request #21611 from MathiasVP/nsdmi-dataflow-3 
C++: Add dataflow through NSDMI
 2026-03-30 15:48:31 +01:00
Paolo Tranquilli
628f85aebc Kotlin: accept test changes 2026-03-30 15:35:19 +02:00
Anders Schack-Mulligen
40366042a5 C#: Fix inconsistent casing of Cs/CS. 2026-03-30 15:24:32 +02:00