hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 08:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,445 Commits 1,741 Branches 165 Tags
0f794b57ed742e7551c50a40a56e2fb09240eb61
Commit Graph

86445 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
0f794b57ed C++: Fix the issue. 2026-03-19 13:16:16 +00:00
Geoffrey White
2e987f8d78 C++: Add test cases emulating cpp/suspicious-add-sizeof in buildless mode. 2026-03-19 13:00:58 +00:00
Taus
a99b3f2c3b Merge pull request #21459 from github/tausbn/python-fix-missing-relative-imports 
Python: Fix resolution of relative imports from namespace packages
 2026-03-16 14:59:44 +01:00
Taus
92718a98d0 Python: Add test for package inside namespace package 2026-03-16 12:41:09 +00:00
Taus
e70727524a Python: Rename prints tag to flow 
The former was a remnant of copying the setup over from
`ql/test/experimental/import-resolution/importflow.ql`.
 2026-03-16 12:37:00 +00:00
Anders Schack-Mulligen
c24b43d01e Merge pull request #21482 from aschackmull/csharp/rangeanalysis-no-split 
C#: Remove splitting-awareness from Range Analysis.
 2026-03-16 10:54:49 +01:00
Jeroen Ketema
179a4cd41a Merge pull request #21474 from jketema/jketema/swift-linux-2 
Swift: Ignore some DB-CHECK results on Linux
 2026-03-16 10:50:05 +01:00
Anders Schack-Mulligen
a929c0bf24 C#: Remove splitting-awareness from Range Analysis. 2026-03-16 09:58:14 +01:00
Anders Schack-Mulligen
427ccee3b9 Merge pull request #21473 from aschackmull/csharp/dataflow-no-split 
C#: Remove splitting-awareness from data flow.
 2026-03-16 09:33:31 +01:00
Asger F
22f16dda85 Merge pull request #21368 from asgerf/browser-sources 
JS: Add 'browser' source kinds
 2026-03-16 09:24:54 +01:00
Anders Schack-Mulligen
db0a3e38e2 C#: Accept a few irrelevant taint steps. 2026-03-16 09:09:54 +01:00
Anders Schack-Mulligen
e7edf15031 C#: Clean up. 2026-03-16 08:51:51 +01:00
Anders Schack-Mulligen
4c77e0f315 C#: Remove splitting-awareness for local expression steps. 2026-03-16 08:51:51 +01:00
Anders Schack-Mulligen
7124cd4e6e C#: Remove splitting-awareness for source-to-def steps. 2026-03-16 08:51:50 +01:00
Anders Schack-Mulligen
c076992b83 C#: Remove splitting-awareness in ObjectInitializerNode. 2026-03-16 08:51:49 +01:00
Anders Schack-Mulligen
659d8e7c90 C#: Remove splitting-awareness in argumentOf. 2026-03-16 08:51:49 +01:00
Anders Schack-Mulligen
1e8de0511b C#: Remove splitting-awareness in lambda flow. 2026-03-16 08:51:48 +01:00
Anders Schack-Mulligen
bce0a4d2a7 C#: Remove splitting-awareness for store steps. 2026-03-16 08:51:48 +01:00
Anders Schack-Mulligen
2160910d56 C#: Remove splitting-awareness for read steps. 2026-03-16 08:51:47 +01:00
Anders Schack-Mulligen
a5c8a5b5f8 C#: Remove splitting-awareness for taint steps. 2026-03-16 08:51:47 +01:00
Jeroen Ketema
f9f1d9eecc Swift: Ignore some DB-CHECK results on Linux 2026-03-13 20:06:57 +01:00
Owen Mansel-Chan
d52e9bc18c Merge pull request #21370 from github/owen-mc/go/overlay-annotations 
Go: Add overlay annotations from script
 2026-03-13 16:46:01 +00:00
Owen Mansel-Chan
b8b841cfba Add overlay[loca] in 4 more tests 2026-03-13 16:19:00 +00:00
Owen Mansel-Chan
df9f8ee386 Merge branch 'main' into owen-mc/go/overlay-annotations 2026-03-13 15:55:17 +00:00
Owen Mansel-Chan
99f4930e24 Explicitly mark DataFlowNodes.qll as overlay[local] 2026-03-13 15:23:39 +00:00
Owen Mansel-Chan
e9df9147ad Add overlay annotations in 4 PrintAst tests 2026-03-13 15:03:05 +00:00
Owen Mansel-Chan
f32f85399a Mark various files as overlay[local] 2026-03-13 15:03:02 +00:00
Jonas Jensen
c56feb7644 Go: annotate the standard library with for overlay 
This commit is auto-generated with:

    python3 config/add-overlay-annotations.py go
 2026-03-13 15:03:01 +00:00
Jonas Jensen
7ef60a8649 Update the overlay annotation script for go 
The Go libraries follow their own naming convention for "query
libraries". These need to be exempted from automatic `overlay[local?]`
annotations since otherwise it appears that too many predicates are
evaluated, possibly because of inadequate use of sentinels.
 2026-03-13 15:02:58 +00:00
Asger F
7d6e08ecf1 Merge pull request #21461 from github/asger/js-shebang-bun-tsx 
JS: Recognise bun and tsx in shebang lines
 2026-03-13 15:07:12 +01:00
Asger F
dfa6d20072 JS: Replace broken link with plain text 2026-03-13 15:05:07 +01:00
Asger F
821cc0e875 JS: Address PR review comments 
- Fix misplaced semicolons in test files (was inside comment, moved before it)
- Update QLdoc comments to reference new browser source kind names
- Update docs to list browser source kinds and fix outdated 'only remote' note

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-03-13 14:58:04 +01:00
Anders Schack-Mulligen
f11815c633 Merge pull request #21471 from aschackmull/csharp/rm-prebasicblock 
C#: Delete PreBasicBlocks.
 2026-03-13 08:54:06 +01:00
Owen Mansel-Chan
52cfd49087 Merge pull request #21469 from github/dependabot/go_modules/go/extractor/extractor-dependencies-7af763c229 
Bump the extractor-dependencies group across 1 directory with 2 updates
 2026-03-13 07:06:44 +00:00
Anders Schack-Mulligen
8c1c039edf C#: Delete PreBasicBlocks. 2026-03-13 08:00:08 +01:00
dependabot[bot]
c9e0927992 Bump the extractor-dependencies group across 1 directory with 2 updates 
Bumps the extractor-dependencies group with 2 updates in the /go/extractor directory: [golang.org/x/mod](https://github.com/golang/mod) and [golang.org/x/tools](https://github.com/golang/tools).


Updates `golang.org/x/mod` from 0.33.0 to 0.34.0
- [Commits](https://github.com/golang/mod/compare/v0.33.0...v0.34.0)

Updates `golang.org/x/tools` from 0.42.0 to 0.43.0
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.42.0...v0.43.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-version: 0.34.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
- dependency-name: golang.org/x/tools
  dependency-version: 0.43.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-13 03:04:44 +00:00
Jeroen Ketema
d5f667e585 Merge pull request #21467 from jketema/jketema/swift-linux 
Swift: Disable stack protector pass
 2026-03-12 22:42:51 +01:00
Jeroen Ketema
b758732a28 Merge pull request #21468 from jketema/jketema/swift-lines 
Swift: Limit successfully extracted lines
 2026-03-12 17:24:28 +01:00
Jeroen Ketema
ba3fadbf20 Swift: Rename function 2026-03-12 16:37:13 +01:00
Owen Mansel-Chan
d7d1554461 Merge pull request #21465 from owen-mc/go/small-tweaks 
Go: improve detection of type expressions when database is missing some type information
 2026-03-12 14:58:16 +00:00
Jeroen Ketema
12e0f3f359 Swift: Limit successfully extracted lines 2026-03-12 15:46:23 +01:00
Owen Mansel-Chan
0bb6ff58cc Merge pull request #21466 from owen-mc/go/add-nil-helper-predicate 
Go: Add and use `exprRefersToNil` predicate
 2026-03-12 14:36:03 +00:00
Jeroen Ketema
b9c0aca11a Swift: Fix formatting 2026-03-12 15:00:18 +01:00
Jeroen Ketema
ee3674cb80 Swift: Disable stack protector pass 2026-03-12 14:43:05 +01:00
Taus
3ee369b710 Python: Add change note 2026-03-12 13:29:24 +00:00
Taus
e16bb226c0 Python: Fix resolution of relative imports from namespace packages 
The fix may look a bit obscure, so here's what's going on.

When we see `from . import helper`, we create an `ImportExpr` with level
equal to 1 (corresponding to the number of dots). To resolve such
imports, we compute the name of the enclosing package, as part of
`ImportExpr.qualifiedTopName()`. For this form of import expression, it
is equivalent to `this.getEnclosingModule().getPackageName()`. But
`qualifiedTopName` requires that `valid_module_name` holds for its
result, and this was _not_ the case for namespace packages.

To fix this, we extend `valid_module_name` to include the module names
of _any_ folder, not just regular package (which are the ones where
there's a `__init__.py` in the folder). Note that this doesn't simply
include all folders -- only the ones that result in valid module names
in Python.
 2026-03-12 13:29:23 +00:00
Taus
48bf4fd82a Python: Add test for missing relative import in namespace packages 2026-03-12 13:29:19 +00:00
Owen Mansel-Chan
c271755985 Add and use exprRefersToNil predicate 2026-03-12 13:28:57 +00:00
Owen Mansel-Chan
a16c43881b Use "database" instead of "snapshot" in QLDocs 2026-03-12 13:28:06 +00:00
Owen Mansel-Chan
39e0382089 Improve QLDoc for isTypeExprTopDown 2026-03-12 13:28:05 +00:00