codeql

mirror of https://github.com/github/codeql.git synced 2026-05-24 16:17:07 +02:00

Author	SHA1	Message	Date
Mathias Vorreiter Pedersen	0633bc7b91	Merge pull request #21862 from MathiasVP/more-fopen-models C++: Add two more `fopen`-like models.	2026-05-18 22:43:48 +01:00
Owen Mansel-Chan	ad69cfb721	Merge pull request #21838 from github/copilot/widen-regex-for-pinned-actions Align `alphaNumericRegex()` with the documented grouped SHA pattern	2026-05-18 17:35:27 +01:00
Mathias Vorreiter Pedersen	2c156994de	C++: Add two more 'fopen'-like models.	2026-05-18 14:47:11 +01:00
Michael Nebel	9b2b5971fe	Merge pull request #21846 from michaelnebel/csharp/updateextractordependencies C# 14: Update paket and dependencies.	2026-05-18 14:25:55 +02:00
Jeroen Ketema	e55edf2f1f	Merge pull request #21853 from jketema/jketema/template-constants C++: Update test results after extractor changes	2026-05-18 13:43:54 +02:00
Óscar San José	8a199f963d	Merge pull request #21692 from github/copilot/update-codeql-query-for-composite-actions Extend `actions/unpinned-tag` to analyze composite action metadata (`action.yml` / `action.yaml`)	2026-05-18 12:17:13 +02:00
Mathias Vorreiter Pedersen	fcdce550e8	Merge pull request #21857 from MathiasVP/fix-cleartext-fp C++: Fix FP on `cpp/cleartext-transmission`	2026-05-18 10:58:13 +01:00
Jeroen Ketema	76f71dd235	Merge pull request #21817 from jketema/go-version Go: Make version parsing robust in the face of custom Go builds	2026-05-18 10:45:55 +02:00
Mathias Vorreiter Pedersen	8ce601b1d7	C++: Add change notes.	2026-05-15 21:22:38 +01:00
Mathias Vorreiter Pedersen	4396e66f35	C++: Fix FP by providing an implementation of 'hasSocketInput'.	2026-05-15 21:12:34 +01:00
Mathias Vorreiter Pedersen	eda33adafd	C++: Add FP.	2026-05-15 21:07:45 +01:00
Jeroen Ketema	d47ee6bed9	C++: Update test results after extractor changes	2026-05-14 20:22:47 +02:00
Florin Coada	a84332ac15	Merge pull request #21727 from github/docs/customizing-library-models-for-rust docs: Add 'Customizing library models for Rust' documentation	2026-05-14 15:04:12 +01:00
Owen Mansel-Chan	0c274849be	Merge pull request #21842 from github/workflow/coverage/update Update CSV framework coverage reports	2026-05-13 13:48:35 +01:00
Owen Mansel-Chan	b49b8ff6bd	Give slightly more detail in change note	2026-05-13 13:47:53 +01:00
Michael Nebel	c8efc34e8b	C#: Update the generated lock, targets and bzl files.	2026-05-13 13:02:14 +02:00
Florin Coada	ab0b492429	Merge branch 'main' into docs/customizing-library-models-for-rust	2026-05-13 11:45:11 +01:00
Florin Coada	8abd3b93c9	Update docs/codeql/codeql-language-guides/customizing-library-models-for-rust.rst Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>	2026-05-13 11:44:43 +01:00
Michael Nebel	1e6570ec97	C#: Update paket to 10.3.1.	2026-05-13 10:22:45 +02:00
Asger F	cfa175357b	Merge pull request #21815 from asgerf/asgerf/missing-node-kind-error Shared: Nicer panic message if node kind is missing	2026-05-13 10:11:14 +02:00
github-actions[bot]	b0e23a73d2	Add changed framework coverage reports	2026-05-13 00:50:12 +00:00
Owen Mansel-Chan	ea29986c4f	Fix non-US english by using "parentheses" instead of "brackets" Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>	2026-05-12 22:40:03 +01:00
Owen Mansel-Chan	f58268064e	Add change note for alphanumeric regex change	2026-05-12 22:40:03 +01:00
Owen Mansel-Chan	2067113177	Update expected test output	2026-05-12 22:40:03 +01:00
copilot-swe-agent[bot]	562f415f64	Tidy Bash alphaNumericRegex comment spacing	2026-05-12 22:40:03 +01:00
copilot-swe-agent[bot]	0620d348b2	Update Bash alphaNumericRegex to match grouped quantified forms	2026-05-12 22:40:03 +01:00
copilot-swe-agent[bot]	48b1dad959	Add change note for SHA-256 pinned actions support	2026-05-12 22:40:03 +01:00
copilot-swe-agent[bot]	ef1bde7565	Widen pinned SHA regex to support SHA-256 (64-char hex) and add tests	2026-05-12 22:40:03 +01:00
Owen Mansel-Chan	0b808e1170	Merge pull request #21807 from owen-mc/java/improve-qhelp-unsafe-deserialization Shared: improve qhelp for unsafe deserialization queries	2026-05-12 22:22:49 +01:00
Taus	5508b1576f	Merge pull request #21821 from github/tausbn/unified-swift-grammar-cleanup-phase-1 unified: Swift grammar cleanup part 1	2026-05-12 16:12:09 +02:00
Taus	911e59caef	unified: regenerate files	2026-05-12 12:57:26 +00:00
Taus	ff5c0b40f1	unified: add supertypes for various kinds of declarations Hides a bunch of huge unions under (hopefully) sensible supertypes.	2026-05-12 12:57:26 +00:00
Taus	a5a1312e51	unified: regenerate files	2026-05-12 12:57:25 +00:00
Taus	2608db9fd9	unified: Prevent field bleed-through from `_if_let_binding` Same procedure as before -- we change the anonymous node to a named node, and the problem magically goes away.	2026-05-12 12:57:25 +00:00
Taus	f9e7f90896	unified: regenerate files	2026-05-12 12:57:25 +00:00
Taus	31386f566c	unified: drop `element` field on `_parenthesized_type` Same pattern we've seen many times before: a field on an anonymous node gets attached to the parent node instead. I'm not 100% sure this is the right solution, but it seemed wrong to just make `_parenthesized_type` named instead (we don't usually name parentheticals). At the very least, this cleans up the spurious navigation_expression.element and tuple_type_item.element fields.	2026-05-12 12:57:25 +00:00
Taus	e9822f67ee	unified: regenerate files	2026-05-12 12:57:25 +00:00
Taus	994b27bdbd	unified: convert _type into a named rule Because `_type` was anonymous, its body was inlined in all of the places it appeared. Because this body contained a `name` field, this field was _also_ inlined. This caused a bunch of nodes to have spurious `name` fields, and for some of them (that already had such a field) it caused that field have multiplicity greater than one. To fix this, we make the `_type` node named, which prevents the errant field from escaping.	2026-05-12 12:57:25 +00:00
Taus	a720e258ac	unified: regenerate files	2026-05-12 12:57:25 +00:00
Taus	8b977ef8e1	unified: Get rid of some `"."` bleed Adds a new type `nested_type_identifier`, which contains the choice-branch that previously allowed those tokens to bleed through into the closest parent field.	2026-05-12 12:57:25 +00:00
Taus	caa9b04ad8	unified: regenerate files	2026-05-12 12:57:25 +00:00
Taus	91a46f0340	unified: stop `"!"` bleeding through You know the drill. We just make an anonymous node named instead. In this case, however, we have to be a bit more clever about how to rewrite it. We turn the sequence of a type followed by an optional ! into a _choice_ between mere type or type followed by bang (the latter being our new named node).	2026-05-12 12:57:24 +00:00
Taus	37e1e3c879	unified: regenerate files	2026-05-12 12:57:24 +00:00
Taus	70f3fd1158	unified: make `unannotated_type` named and supertype Gets rid of a bunch of ad-hoc node type unions.	2026-05-12 12:57:24 +00:00
Taus	9abfaca98c	unified: regenerate files	2026-05-12 12:57:24 +00:00
Taus	38473f9e0b	unified: make `expression` named and a supertype Supertypes are a honking great idea. We should use more of them. This massively cleans up the node types, without polluting the AST with `expression` nodes.	2026-05-12 12:57:24 +00:00
Taus	c7c6e45254	unified: regenerate files	2026-05-12 12:57:24 +00:00
Taus	c0efc52cc7	unified: make if-condition nodes named, to stop bleed Before, the `condition` field of an if statement supposedly could contain things like parentheses and commas, due to bleeding from referenced anonymous nodes. Making the node named makes this issue go away.	2026-05-12 12:57:24 +00:00
Taus	5c16b0faf9	unified: regenerate files	2026-05-12 12:57:24 +00:00
Taus	7854a534fd	unified: stop operators bleeding through everywhere We make _referenceable_operator a named node. This prevents it from bleeding through to the _expression definition. It likely also makes the output easier to deal with, as bare operators used as arguments now have a named node wrapping them in the AST. Also removes a duplicated inclusion of _comparison_operator that served no purpose.	2026-05-12 12:57:24 +00:00

1 2 3 4 5 ...

87458 Commits