hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-17 13:04:02 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,865 Commits 1,741 Branches 165 Tags
0724c22f28ea54c293db8cbcdaff6dda51a4d468
Commit Graph

86865 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jeroen Ketema
0724c22f28 Merge pull request #21702 from jketema/conv-string 
C++: Use new `getConvSpecString` instead of `getConvSpecOffset` and `substring`
 2026-04-14 10:00:51 +02:00
Jeroen Ketema
26715fc95c C++: Rename rst to convSpec 2026-04-14 08:03:51 +02:00
Tom Hvitved
f6fb613962 Merge pull request #21700 from hvitved/js/fastify-per-route-rate-limiting 
JS: Recognize Fastify per-route rate limiting
 2026-04-13 17:28:34 +02:00
Jeroen Ketema
e0ce5bcf40 Merge pull request #21699 from jketema/join-fix 
C++: Fix `isCompiledAsC` join order
 2026-04-13 16:03:38 +02:00
Jeroen Ketema
19c4b2ff8f C++: Use getConvSpecString instead of getConvSpecOffset and substring 2026-04-13 15:44:41 +02:00
Taus
81468daf9c Merge pull request #21603 from github/tausbn/python-port-use-of-exit 
Python: Port UseOfExit.ql
 2026-04-13 13:20:29 +02:00
Taus
720ea702fe Merge pull request #21602 from github/tausbn/python-port-modification-of-locals 
Python: Port ModificationOfLocals.ql
 2026-04-13 13:19:40 +02:00
Taus
36bbc8ca14 Merge pull request #21601 from github/tausbn/python-port-unused-exception-object 
Python: Port UnusedExceptionObject.ql
 2026-04-13 13:19:12 +02:00
Taus
cc9bc746a1 Merge pull request #21597 from github/tausbn/python-port-unreachable-code 
Python: Port UnreachableCode.ql
 2026-04-13 13:17:59 +02:00
Tom Hvitved
fcfb8c9c6b Add change note 2026-04-13 12:22:30 +02:00
Tom Hvitved
7a48409e38 JS: Recognize Fastify per-route rate limiting 2026-04-13 11:31:34 +02:00
Tom Hvitved
fef582c858 JS: Add test case for Fastify per-route rate limiting 2026-04-13 11:24:41 +02:00
Jeroen Ketema
bee39c9d51 C++: Fix isCompiledAsC join order 
Before on Abseil Windows for `cpp/too-few-arguments:`:
```
Pipeline standard for TooFewArguments::isCompiledAsC/1#52fe29e8@994f9bgp was evaluated in 12 iterations totaling 2ms (delta sizes total: 50).
        1198778   ~3%    {1} r1 = JOIN `TooFewArguments::isCompiledAsC/1#52fe29e8#prev_delta` WITH `Element::Element.getFile/0#2b8c8740_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1
             83  ~26%    {1}    | JOIN WITH includes ON FIRST 1 OUTPUT Rhs.1
             50   ~4%    {1}    | AND NOT `TooFewArguments::isCompiledAsC/1#52fe29e8#prev`(FIRST 1)
                         return r1
```

After:
```
Pipeline standard for #File::File.getAnIncludedFile/0#dispred#e8d44cd1Plus#bf@b8d290i6 was evaluated in 11 iterations totaling 0ms (delta sizes total: 43).
        47   ~0%    {2} r1 = SCAN `#File::File.getAnIncludedFile/0#dispred#e8d44cd1Plus#bf#prev_delta` OUTPUT In.1, In.0
        78  ~28%    {2}    | JOIN WITH `File::File.getAnIncludedFile/0#dispred#e8d44cd1` ON FIRST 1 OUTPUT Lhs.1, Rhs.1
        43   ~0%    {2}    | AND NOT `#File::File.getAnIncludedFile/0#dispred#e8d44cd1Plus#bf#prev`(FIRST 2)
                    return r1

[2026-04-13 11:05:25] Evaluated non-recursive predicate TooFewArguments::isCompiledAsC/1#52fe29e8@4a3eb9jk in 0ms (size: 49).
Evaluated relational algebra for predicate TooFewArguments::isCompiledAsC/1#52fe29e8@4a3eb9jk with tuple counts:
         1   ~0%    {3} r1 = CONSTANT(unique int, unique string, unique string)[1,"compiled as c","1"]
         1   ~0%    {1}    | JOIN WITH #fileannotationsMerge_1230#join_rhs ON FIRST 3 OUTPUT Rhs.3

        48   ~0%    {1} r2 = JOIN r1 WITH `#File::File.getAnIncludedFile/0#dispred#e8d44cd1Plus#bf` ON FIRST 1 OUTPUT Rhs.1

        49   ~0%    {1} r3 = r1 UNION r2
                    return r3
```
 2026-04-13 11:13:52 +02:00
Geoffrey White
ae85ada669 Merge pull request #21634 from geoffw0/compwidertype2 
C++: Upgrade cpp/comparison-with-wider-type to high precision
 2026-04-10 16:08:11 +01:00
Taus
6078df524b Merge pull request #21683 from github/tausbn/python-add-extractor-pack-build-script 
Python: Add `create-extractor-pack.sh` for Python
 2026-04-10 15:16:54 +02:00
Jeroen Ketema
888d392040 Merge pull request #21636 from jketema/actions-perm 
Actions: Correctly check reusable workflow permissions in `actions/missing-workflow-permissions`
 2026-04-10 15:02:36 +02:00
Geoffrey White
b9226a359a Merge pull request #21633 from geoffw0/intmultlong2 
C++: Upgrade cpp/integer-multiplication-cast-to-long to high precision
 2026-04-10 14:02:34 +01:00
Geoffrey White
814c0ae7a8 Merge pull request #21632 from geoffw0/wrongtype2 
C++: Upgrade cpp/wrong-type-format-argument to high precision
 2026-04-10 14:01:07 +01:00
Geoffrey White
9ea33bc5bb Merge pull request #21553 from geoffw0/implicitfn 
C++: Disable cpp/implicit-function-declaration on build mode none databases
 2026-04-10 14:00:06 +01:00
Geoffrey White
bcf612e6fe Merge branch 'main' into compwidertype2 2026-04-10 13:58:35 +01:00
Anders Schack-Mulligen
dfa8d72dd3 Merge pull request #21685 from aschackmull/csharp/unbind-new 
C#: Replace old-style unbind with pragmas.
 2026-04-10 13:55:01 +02:00
Geoffrey White
bcdbf141bc Merge pull request #21671 from geoffw0/neutralperf 
Rust: Fix performance issue with additionalExternalFile
 2026-04-10 12:08:27 +01:00
Paolo Tranquilli
7de8ce961c Merge pull request #21677 from github/dependabot/bazel/gazelle-0.50.0 
Bump gazelle from 0.47.0 to 0.50.0
 2026-04-10 10:07:25 +02:00
Michael Nebel
66278fcd10 Merge pull request #21690 from samchang-msft/update-net10-support 
Support added in Jan 2026
 2026-04-10 08:40:29 +02:00
Sam Chang
7883fab44f Qualify the limited support for .NET 10 and C# 14 2026-04-09 12:06:54 -07:00
Sam Chang
38440d96b8 Support added in Jan 2026 2026-04-09 10:48:08 -07:00
Anders Schack-Mulligen
cf4ab1d106 C#: Replace old-style unbind with pragmas. 2026-04-09 15:57:19 +02:00
Taus
d622dabf3e Python: Add create-extractor-pack.sh for Python 
This allows us to build and test the extractor (for actual QL extraction
-- not just the extractor unit tests) entirely from within the
`github/codeql` repo, just as we do with Ruby. All that's needed is a
`--search-path` argument that points to the repo root.
 2026-04-09 13:06:45 +00:00
Tom Hvitved
33cc887be0 Merge pull request #21592 from hvitved/dataflow/source-call-context-type-flow 
Data flow: Add hook for preventing lambda dispatch in source call contexts
 2026-04-09 13:44:42 +02:00
Geoffrey White
e72c116664 Rust: Proposed improved solution. 2026-04-09 11:18:25 +01:00
Tom Hvitved
d704b753c8 Fix CP in typeFlowParamType 
Forgot to link `p` with `c` using `nodeEnclosingCallable(p, c)`.
 2026-04-09 09:19:55 +02:00
dependabot[bot]
7833a0a2e8 Bump gazelle from 0.47.0 to 0.50.0 
Bumps [gazelle](https://github.com/bazel-contrib/bazel-gazelle) from 0.47.0 to 0.50.0.
- [Release notes](https://github.com/bazel-contrib/bazel-gazelle/releases)
- [Commits](https://github.com/bazel-contrib/bazel-gazelle/compare/v0.47.0...v0.50.0)

---
updated-dependencies:
- dependency-name: gazelle
  dependency-version: 0.50.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-09 03:08:02 +00:00
Geoffrey White
95681bfad4 Rust: Fix performance issue with File.fromSource. 2026-04-08 15:04:03 +01:00
Kristen Newbury
fb0ee5b987 Merge pull request #21640 from knewbury01/knewbury01/adjust-actions-queries-alerts 
Adjust alert messages CWE-829/ArtifactPoisoning[Critical|Medium]
 2026-04-08 09:44:00 -04:00
Kristen Newbury
7b7411f7df Change alert location CWE-829/ArtifactPoisoning queries 2026-04-08 08:57:45 -04:00
Taus
e3688444d7 Python: Also exclude class scope 
Changing the `locals()` dictionary actually _does_ change the attributes
of the class being defined, so we shouldn't alert in this case.
 2026-04-07 23:46:03 +02:00
Taus
8d79248ea7 Python: Port ModificationOfLocals.ql 2026-04-07 23:46:03 +02:00
Taus
16683aee0e Merge pull request #21590 from github/tausbn/python-improve-bind-all-interfaces-query 
Python: Improve "bind all interfaces" query
 2026-04-07 17:59:48 +02:00
Jeroen Ketema
e7d3eedc80 Merge pull request #21661 from jketema/autoconf 
C++: Add heuristic for GNU autoconf config files
 2026-04-07 15:38:06 +02:00
Taus
4cb238f1af Merge pull request #21598 from github/tausbn/python-port-should-use-with 
Python: Port ShouldUseWithStatement.ql
 2026-04-07 14:16:41 +02:00
Geoffrey White
201af3fffc C++: Update code scanning suite .expected. 2026-04-07 12:59:31 +01:00
Geoffrey White
f2292643a3 C++: Update code scanning suite .expected. 2026-04-07 12:53:53 +01:00
Geoffrey White
3769a8a482 C++: Update code scanning suite .expected. 2026-04-07 12:51:56 +01:00
Mathias Vorreiter Pedersen
5e145aa27d Merge pull request #21631 from MathiasVP/expose-fwd-stage-1 
Dataflow: Expose stage 1's `fwdFlow`
 2026-04-07 11:29:56 +01:00
Mathias Vorreiter Pedersen
e06294bcb4 Shared: Respond to review comments. 2026-04-07 11:11:04 +01:00
Idriss Riouak
39f92e992a Merge pull request #21494 from github/idrissrio/java/jdk26 
Java: Accept new test results after JDK 26 extractor upgrade
 2026-04-07 12:03:36 +02:00
Tom Hvitved
0d4524f8f3 Address review comments 2026-04-07 11:40:10 +02:00
Tom Hvitved
1e1a8732a3 Data flow: Add hook for preventing lambda dispatch in source call contexts 2026-04-07 11:40:08 +02:00
Tom Hvitved
eb64fcd208 C#: Add test that shows unintended flow summary generation 2026-04-07 11:40:07 +02:00
Jeroen Ketema
04cfd37f53 C++: Fix comments in tests 2026-04-07 10:52:12 +02:00