hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-26 15:17:06 +02:00
Code Issues Packages Projects Releases Wiki Activity
88,208 Commits 1,790 Branches 169 Tags
1bcdbd2d348f1d72ac724b178dbe7c19ebc0cd32
Commit Graph

3654 Commits

Author SHA1 Message Date
Owen Mansel-Chan
1bcdbd2d34 Produce CFG nodes for more reference expressions, like selector bases 2026-06-24 19:18:30 +01:00
Owen Mansel-Chan
cffc3c7bec Fix global value numbering calculation 2026-06-24 19:18:28 +01:00
Owen Mansel-Chan
8fb4875021 Include receivers in parameter init 2026-06-24 19:18:26 +01:00
Owen Mansel-Chan
008cbbadcf Fix CFG for range loop 2026-06-24 19:18:24 +01:00
Owen Mansel-Chan
d6d254fdda Fix CFG for select statements 2026-06-24 19:18:22 +01:00
Owen Mansel-Chan
a5e761254e Use shared CFG implementation of for loops 2026-06-24 19:18:20 +01:00
Owen Mansel-Chan
e328a5d69e Do not include comments in the CFG 2026-06-24 19:18:18 +01:00
Owen Mansel-Chan
01568dd2db Fix edges to function exit with result variables 2026-06-24 19:18:16 +01:00
Owen Mansel-Chan
c136d3ec30 Tweak getEnclosingCallable 2026-06-24 19:18:14 +01:00
Owen Mansel-Chan
6a1649d384 Model non-returning functions in CFG 2026-06-24 19:18:12 +01:00
Owen Mansel-Chan
fbd82ffd68 Create cfg node for child of ParenExpr 2026-06-24 19:18:10 +01:00
Owen Mansel-Chan
3937a96ca4 Add go/print-cfg 2026-06-24 19:18:07 +01:00
Owen Mansel-Chan
a26cbad255 Initial shared CFG library instantiation for Go 2026-06-24 19:18:05 +01:00
Owen Mansel-Chan
412f4c2403 Incidental fix to CaseClause.getAnExpr() 2026-06-24 19:18:03 +01:00
Owen Mansel-Chan
07cf89568f Test CFG for function epilogue (read-result nodes and calls to defered functions) 2026-06-20 22:04:45 +01:00
Owen Mansel-Chan
42ebe56023 Make all lines in logging tests reachable 2026-06-20 22:04:43 +01:00
Owen Mansel-Chan
f65d1e82cf Merge pull request #21554 from github/copilot/make-go-use-ssa-library 
Go: use shared SSA library (codeql.ssa.Ssa)
 2026-06-19 13:40:37 +01:00
github-actions[bot]
65a3153066 Add changed framework coverage reports 2026-06-19 01:06:45 +00:00
Owen Mansel-Chan
fc06aa1a32 Update expected data flow consistency results 2026-06-18 14:54:19 +01:00
Owen Mansel-Chan
2d34b0be1b Merge branch 'main' into copilot/make-go-use-ssa-library 2026-06-18 14:09:20 +01:00
Owen Mansel-Chan
8c07e95f05 Rename mayCapture to mayUpdateCapturedVariable 2026-06-18 12:41:25 +01:00
Owen Mansel-Chan
f04c8ccbc7 Use module already provided by BasicBlocks lib 2026-06-18 12:37:27 +01:00
Owen Mansel-Chan
7222f1d3ad Remove change note 2026-06-18 12:34:20 +01:00
sauyon
b7ef551b52 Address review: exercise variadic args/attrs in slog Log/LogAttrs tests 
Copilot review on #22004: the Log/LogAttrs test cases didn't pass any
variadic args/attrs, so the Argument[..3] portion of the sink range was
untested. Pass an ...any arg to slog.Log/Logger.Log and a slog.Attr to
slog.LogAttrs/Logger.LogAttrs, with inline expectations asserting they're
captured as logged components.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
 2026-06-17 20:27:00 -07:00
sauyon
00427d204c Go: Model log/slog as a logging sink 
The standard-library structured logger `log/slog` (Go 1.21+) was not
modeled, so `go/log-injection` and `go/clear-text-logging` were blind to
any code that logs through it.

Model its logging functions and `*slog.Logger` methods — `Debug`, `Info`,
`Warn`, `Error`, their `Context` variants, and `Log`/`LogAttrs` — as
`log-injection` sinks (the kind that feeds `LoggerCall`, powering both
queries). Adds `log/slog` cases to the `LoggerCall` library test.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
 2026-06-17 20:02:29 -07:00
Owen Mansel-Chan
1154db4f86 Merge pull request #21957 from owen-mc/go/fix-result-node 
Go: fix `DataFlow::ResultNode` and some related things
 2026-06-17 12:20:27 +01:00
Owen Mansel-Chan
0a065c93de Update QLDoc for ResultNode 2026-06-17 11:03:23 +01:00
Owen Mansel-Chan
6161922ba4 Merge pull request #21940 from owen-mc/go/unhandled-writable-file-close 
Go: Improve precision of `go/unhandled-writable-file-close`
 2026-06-17 10:58:08 +01:00
Owen Mansel-Chan
99538f0f07 Delete unused predicate (leftover from old implementation) 2026-06-12 22:21:07 +01:00
Owen Mansel-Chan
0dc95deca4 Test changes to investigate 2026-06-12 22:21:05 +01:00
Owen Mansel-Chan
0e902d0fe3 Fix captured variable liveness 
- Extend synthetic uncertain reads to function exits of any function
  that writes a captured variable, not just the declaring function.
  This ensures writes to captured variables inside closures remain
  live (matching the old `v.isCaptured()` liveness shortcut).
- Uncomment toString overrides for SsaExplicitDefinition, SsaVariableCapture,
  SsaPhiNode, and SsaVariable to restore original output formats.
- Revert test expected files to pre-test-changes state matching the
  correct toString formats and capture variable results.

Agent-Logs-Url: https://github.com/github/codeql/sessions/6dbf9d42-b2e2-42a2-984b-8ea31df4e633

Co-authored-by: owen-mc <62447351+owen-mc@users.noreply.github.com>
 2026-06-12 22:21:03 +01:00
copilot-swe-agent[bot]
6ccbf16f3c Make Go use the shared SSA library (codeql.ssa.Ssa) 
Co-authored-by: owen-mc <62447351+owen-mc@users.noreply.github.com>
Agent-Logs-Url: https://github.com/github/codeql/sessions/b400ebd5-4095-401e-8811-fb550600b3c4
 2026-06-12 22:21:02 +01:00
Owen Mansel-Chan
7a5219f06e Improve SSA tests for variables in closures 2026-06-12 22:21:00 +01:00
Owen Mansel-Chan
0b493c30cc Preemptively change toString() for SSA classes 2026-06-12 22:20:51 +01:00
dependabot[bot]
1ac079d066 Bump golang.org/x/tools 
Bumps the extractor-dependencies group in /go/extractor with 1 update: [golang.org/x/tools](https://github.com/golang/tools).


Updates `golang.org/x/tools` from 0.45.0 to 0.46.0
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.45.0...v0.46.0)

---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-version: 0.46.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-06-12 03:03:31 +00:00
Owen Mansel-Chan
b4a9689341 Convert .qlref test to inline expectations 2026-06-11 07:15:54 +02:00
Owen Mansel-Chan
6a8e20a0c8 Fix pre-existing whitespace issues in go test files 2026-06-11 07:15:09 +02:00
Owen Mansel-Chan
4c411bbcb5 Convert hand-rolled inline expectations test 2026-06-11 07:13:48 +02:00
Owen Mansel-Chan
990913519d Make comment clearer 2026-06-09 12:20:10 +02:00
Owen Mansel-Chan
e22f9fadd7 Fix mistakes in change notes 
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
 2026-06-09 12:20:08 +02:00
Owen Mansel-Chan
071a0e3d7d Add change notes 2026-06-09 12:20:06 +02:00
Owen Mansel-Chan
a92349683e Deprecate FuncTypeExpr.getResultDecl() 
It is unused in this library. It could easily be used incorrectly and
silently omit results when `getNumResult() > 1`.
 2026-06-09 12:20:04 +02:00
Owen Mansel-Chan
8ce543bf4d Fix: getNumResult() was wrong in some cases 
It was the number of result declarations, which is
different from the number of results when one
result declaration declares more than one
variable, as in `x, y int`.
 2026-06-09 12:20:02 +02:00
Owen Mansel-Chan
da777a455d Improve QLDoc 2026-06-09 12:19:58 +02:00
Owen Mansel-Chan
f4f17b01c1 Fix result node and remove SPURIOUS test result 2026-06-09 12:19:56 +02:00
Owen Mansel-Chan
1c47084479 Add result node test with SPURIOUS result 2026-06-09 12:19:51 +02:00
Owen Mansel-Chan
c241049384 Add control flow test for result read steps 2026-06-09 12:19:49 +02:00
dependabot[bot]
72fcf27d1a Bump golang.org/x/mod 
Bumps the extractor-dependencies group in /go/extractor with 1 update: [golang.org/x/mod](https://github.com/golang/mod).


Updates `golang.org/x/mod` from 0.36.0 to 0.37.0
- [Commits](https://github.com/golang/mod/compare/v0.36.0...v0.37.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-version: 0.37.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-06-09 03:03:37 +00:00
github-actions[bot]
5a38cbd5d5 Go: Update to 1.26.4 2026-06-08 04:30:10 +00:00
Owen Mansel-Chan
c170002fb1 Update test output 2026-06-04 13:52:05 +01:00