Mathias Vorreiter Pedersen
b7b731bab7
Merge branch 'main' into mad-write-through-model
2026-06-30 15:12:02 +01:00
Owen Mansel-Chan
3d8991a4db
Update change note
2026-06-30 09:35:23 +01:00
Owen Mansel-Chan
0a737c97f3
Expand log.slog models and add more tests
2026-06-30 08:01:06 +01:00
Owen Mansel-Chan
37ce885b0c
Merge pull request #22064 from owen-mc/go/fix-test-failures
...
Go: fix tests with non-empty `testFailures`
2026-06-26 10:45:14 +01:00
Owen Mansel-Chan
ac618e1cb2
Expand FileNameSource for stored xss
2026-06-25 22:50:21 +01:00
github-actions[bot]
456e33773b
Post-release preparation for codeql-cli-2.26.0
2026-06-25 16:24:06 +00:00
github-actions[bot]
237c5639e2
Release preparation for version 2.26.0
2026-06-25 15:27:00 +00:00
Mathias Vorreiter Pedersen
e8fee23093
Go: Fixes after changes to the flow summary API.
2026-06-23 20:33:14 +01:00
Owen Mansel-Chan
2d34b0be1b
Merge branch 'main' into copilot/make-go-use-ssa-library
2026-06-18 14:09:20 +01:00
Owen Mansel-Chan
8c07e95f05
Rename mayCapture to mayUpdateCapturedVariable
2026-06-18 12:41:25 +01:00
Owen Mansel-Chan
f04c8ccbc7
Use module already provided by BasicBlocks lib
2026-06-18 12:37:27 +01:00
Owen Mansel-Chan
7222f1d3ad
Remove change note
2026-06-18 12:34:20 +01:00
sauyon
00427d204c
Go: Model log/slog as a logging sink
...
The standard-library structured logger `log/slog` (Go 1.21+) was not
modeled, so `go/log-injection` and `go/clear-text-logging` were blind to
any code that logs through it.
Model its logging functions and `*slog.Logger` methods — `Debug`, `Info`,
`Warn`, `Error`, their `Context` variants, and `Log`/`LogAttrs` — as
`log-injection` sinks (the kind that feeds `LoggerCall`, powering both
queries). Adds `log/slog` cases to the `LoggerCall` library test.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-06-17 20:02:29 -07:00
Owen Mansel-Chan
0a065c93de
Update QLDoc for ResultNode
2026-06-17 11:03:23 +01:00
Owen Mansel-Chan
99538f0f07
Delete unused predicate (leftover from old implementation)
2026-06-12 22:21:07 +01:00
Owen Mansel-Chan
0e902d0fe3
Fix captured variable liveness
...
- Extend synthetic uncertain reads to function exits of any function
that writes a captured variable, not just the declaring function.
This ensures writes to captured variables inside closures remain
live (matching the old `v.isCaptured()` liveness shortcut).
- Uncomment toString overrides for SsaExplicitDefinition, SsaVariableCapture,
SsaPhiNode, and SsaVariable to restore original output formats.
- Revert test expected files to pre-test-changes state matching the
correct toString formats and capture variable results.
Agent-Logs-Url: https://github.com/github/codeql/sessions/6dbf9d42-b2e2-42a2-984b-8ea31df4e633
Co-authored-by: owen-mc <62447351+owen-mc@users.noreply.github.com >
2026-06-12 22:21:03 +01:00
copilot-swe-agent[bot]
6ccbf16f3c
Make Go use the shared SSA library (codeql.ssa.Ssa)
...
Co-authored-by: owen-mc <62447351+owen-mc@users.noreply.github.com >
Agent-Logs-Url: https://github.com/github/codeql/sessions/b400ebd5-4095-401e-8811-fb550600b3c4
2026-06-12 22:21:02 +01:00
Owen Mansel-Chan
0b493c30cc
Preemptively change toString() for SSA classes
2026-06-12 22:20:51 +01:00
Owen Mansel-Chan
990913519d
Make comment clearer
2026-06-09 12:20:10 +02:00
Owen Mansel-Chan
e22f9fadd7
Fix mistakes in change notes
...
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com >
2026-06-09 12:20:08 +02:00
Owen Mansel-Chan
071a0e3d7d
Add change notes
2026-06-09 12:20:06 +02:00
Owen Mansel-Chan
a92349683e
Deprecate FuncTypeExpr.getResultDecl()
...
It is unused in this library. It could easily be used incorrectly and
silently omit results when `getNumResult() > 1`.
2026-06-09 12:20:04 +02:00
Owen Mansel-Chan
8ce543bf4d
Fix: getNumResult() was wrong in some cases
...
It was the number of result declarations, which is
different from the number of results when one
result declaration declares more than one
variable, as in `x, y int`.
2026-06-09 12:20:02 +02:00
Owen Mansel-Chan
da777a455d
Improve QLDoc
2026-06-09 12:19:58 +02:00
Owen Mansel-Chan
f4f17b01c1
Fix result node and remove SPURIOUS test result
2026-06-09 12:19:56 +02:00
Owen Mansel-Chan
703cea2b65
Model panicking log functions better
2026-06-02 01:32:00 +01:00
Owen Mansel-Chan
e6e8e3d005
Taint doesn't flow through panicking functions
2026-06-02 01:31:44 +01:00
Owen Mansel-Chan
8a1e6d4f64
Add missing QLDocs
2026-06-02 00:41:48 +01:00
Owen Mansel-Chan
1a747dd8be
(Trivial) Fix QLDoc grammar
2026-06-02 00:39:25 +01:00
Owen Mansel-Chan
28bb1a6870
Add change note
2026-06-02 00:16:23 +01:00
Owen Mansel-Chan
c99dab1d71
Improve glog (and klog) modelling
2026-06-02 00:16:19 +01:00
Owen Mansel-Chan
8d099cbe38
Recognize more non-returning logging functions
2026-06-02 00:15:58 +01:00
github-actions[bot]
cfb18c2477
Post-release preparation for codeql-cli-2.25.6
2026-05-29 12:04:35 +00:00
github-actions[bot]
8b6f969cdb
Release preparation for version 2.25.6
2026-05-29 11:27:54 +00:00
Henry Mercer
9bc0c1b1ab
Revert "Release preparation for version 2.25.6"
2026-05-29 12:13:50 +01:00
github-actions[bot]
44a914e40f
Release preparation for version 2.25.6
2026-05-25 10:23:26 +00:00
github-actions[bot]
9f64000962
Post-release preparation for codeql-cli-2.25.5
2026-05-18 15:20:31 +00:00
github-actions[bot]
e38616a2ef
Release preparation for version 2.25.5
2026-05-18 12:05:32 +00:00
github-actions[bot]
7610277199
Post-release preparation for codeql-cli-2.25.4
2026-05-05 10:10:06 +00:00
github-actions[bot]
88e1d86c27
Release preparation for version 2.25.4
2026-05-05 09:34:30 +00:00
Owen Mansel-Chan
b07d2fb7d7
Merge pull request #21740 from owen-mc/go/overlay-correctness
...
Go: improve accuracy of overlay annotations
2026-04-28 11:35:14 +01:00
Tom Hvitved
2e94b09e6f
Address review comments
2026-04-27 14:18:41 +02:00
Owen Mansel-Chan
710c1ba050
Make getACallee overlay[global]
...
Co-authored-by: Copilot <copilot@github.com >
2026-04-24 12:35:11 +01:00
Tom Hvitved
8e26fa1c81
Go: Avoid combinatorial explosion in mostRecentSideEffect when there are multiple entry points
2026-04-24 13:24:58 +02:00
Owen Mansel-Chan
57eaed4dcc
Refactor: remove fields from EncryptionOperation
...
Co-authored-by: Copilot <copilot@github.com >
2026-04-22 13:37:35 +01:00
Owen Mansel-Chan
6efb21314a
Merge pull request #21523 from owen-mc/docs/mad/barriers
...
Document models-as-data barriers and barrier guards and add change notes
2026-04-21 13:49:19 +01:00
github-actions[bot]
a0bab539bb
Post-release preparation for codeql-cli-2.25.3
2026-04-20 12:40:34 +00:00
github-actions[bot]
c861d99802
Release preparation for version 2.25.3
2026-04-20 09:27:23 +00:00
Owen Mansel-Chan
bc28e1726c
Refactor to get rid of duplication
2026-04-17 13:24:16 +01:00
Owen Mansel-Chan
9f4fd7fab0
Remove a data flow consistency exclusion
...
This is no longer needed.
2026-04-17 11:27:36 +01:00