Commit Graph

1768 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
b7b731bab7 Merge branch 'main' into mad-write-through-model 2026-06-30 15:12:02 +01:00
Owen Mansel-Chan
3d8991a4db Update change note 2026-06-30 09:35:23 +01:00
Owen Mansel-Chan
0a737c97f3 Expand log.slog models and add more tests 2026-06-30 08:01:06 +01:00
Owen Mansel-Chan
37ce885b0c Merge pull request #22064 from owen-mc/go/fix-test-failures
Go: fix tests with non-empty `testFailures`
2026-06-26 10:45:14 +01:00
Owen Mansel-Chan
ac618e1cb2 Expand FileNameSource for stored xss 2026-06-25 22:50:21 +01:00
github-actions[bot]
456e33773b Post-release preparation for codeql-cli-2.26.0 2026-06-25 16:24:06 +00:00
github-actions[bot]
237c5639e2 Release preparation for version 2.26.0 2026-06-25 15:27:00 +00:00
Mathias Vorreiter Pedersen
e8fee23093 Go: Fixes after changes to the flow summary API. 2026-06-23 20:33:14 +01:00
Owen Mansel-Chan
2d34b0be1b Merge branch 'main' into copilot/make-go-use-ssa-library 2026-06-18 14:09:20 +01:00
Owen Mansel-Chan
8c07e95f05 Rename mayCapture to mayUpdateCapturedVariable 2026-06-18 12:41:25 +01:00
Owen Mansel-Chan
f04c8ccbc7 Use module already provided by BasicBlocks lib 2026-06-18 12:37:27 +01:00
Owen Mansel-Chan
7222f1d3ad Remove change note 2026-06-18 12:34:20 +01:00
sauyon
00427d204c Go: Model log/slog as a logging sink
The standard-library structured logger `log/slog` (Go 1.21+) was not
modeled, so `go/log-injection` and `go/clear-text-logging` were blind to
any code that logs through it.

Model its logging functions and `*slog.Logger` methods — `Debug`, `Info`,
`Warn`, `Error`, their `Context` variants, and `Log`/`LogAttrs` — as
`log-injection` sinks (the kind that feeds `LoggerCall`, powering both
queries). Adds `log/slog` cases to the `LoggerCall` library test.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-17 20:02:29 -07:00
Owen Mansel-Chan
0a065c93de Update QLDoc for ResultNode 2026-06-17 11:03:23 +01:00
Owen Mansel-Chan
99538f0f07 Delete unused predicate (leftover from old implementation) 2026-06-12 22:21:07 +01:00
Owen Mansel-Chan
0e902d0fe3 Fix captured variable liveness
- Extend synthetic uncertain reads to function exits of any function
  that writes a captured variable, not just the declaring function.
  This ensures writes to captured variables inside closures remain
  live (matching the old `v.isCaptured()` liveness shortcut).
- Uncomment toString overrides for SsaExplicitDefinition, SsaVariableCapture,
  SsaPhiNode, and SsaVariable to restore original output formats.
- Revert test expected files to pre-test-changes state matching the
  correct toString formats and capture variable results.

Agent-Logs-Url: https://github.com/github/codeql/sessions/6dbf9d42-b2e2-42a2-984b-8ea31df4e633

Co-authored-by: owen-mc <62447351+owen-mc@users.noreply.github.com>
2026-06-12 22:21:03 +01:00
copilot-swe-agent[bot]
6ccbf16f3c Make Go use the shared SSA library (codeql.ssa.Ssa)
Co-authored-by: owen-mc <62447351+owen-mc@users.noreply.github.com>
Agent-Logs-Url: https://github.com/github/codeql/sessions/b400ebd5-4095-401e-8811-fb550600b3c4
2026-06-12 22:21:02 +01:00
Owen Mansel-Chan
0b493c30cc Preemptively change toString() for SSA classes 2026-06-12 22:20:51 +01:00
Owen Mansel-Chan
990913519d Make comment clearer 2026-06-09 12:20:10 +02:00
Owen Mansel-Chan
e22f9fadd7 Fix mistakes in change notes
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
2026-06-09 12:20:08 +02:00
Owen Mansel-Chan
071a0e3d7d Add change notes 2026-06-09 12:20:06 +02:00
Owen Mansel-Chan
a92349683e Deprecate FuncTypeExpr.getResultDecl()
It is unused in this library. It could easily be used incorrectly and
silently omit results when `getNumResult() > 1`.
2026-06-09 12:20:04 +02:00
Owen Mansel-Chan
8ce543bf4d Fix: getNumResult() was wrong in some cases
It was the number of result declarations, which is
different from the number of results when one
result declaration declares more than one
variable, as in `x, y int`.
2026-06-09 12:20:02 +02:00
Owen Mansel-Chan
da777a455d Improve QLDoc 2026-06-09 12:19:58 +02:00
Owen Mansel-Chan
f4f17b01c1 Fix result node and remove SPURIOUS test result 2026-06-09 12:19:56 +02:00
Owen Mansel-Chan
703cea2b65 Model panicking log functions better 2026-06-02 01:32:00 +01:00
Owen Mansel-Chan
e6e8e3d005 Taint doesn't flow through panicking functions 2026-06-02 01:31:44 +01:00
Owen Mansel-Chan
8a1e6d4f64 Add missing QLDocs 2026-06-02 00:41:48 +01:00
Owen Mansel-Chan
1a747dd8be (Trivial) Fix QLDoc grammar 2026-06-02 00:39:25 +01:00
Owen Mansel-Chan
28bb1a6870 Add change note 2026-06-02 00:16:23 +01:00
Owen Mansel-Chan
c99dab1d71 Improve glog (and klog) modelling 2026-06-02 00:16:19 +01:00
Owen Mansel-Chan
8d099cbe38 Recognize more non-returning logging functions 2026-06-02 00:15:58 +01:00
github-actions[bot]
cfb18c2477 Post-release preparation for codeql-cli-2.25.6 2026-05-29 12:04:35 +00:00
github-actions[bot]
8b6f969cdb Release preparation for version 2.25.6 2026-05-29 11:27:54 +00:00
Henry Mercer
9bc0c1b1ab Revert "Release preparation for version 2.25.6" 2026-05-29 12:13:50 +01:00
github-actions[bot]
44a914e40f Release preparation for version 2.25.6 2026-05-25 10:23:26 +00:00
github-actions[bot]
9f64000962 Post-release preparation for codeql-cli-2.25.5 2026-05-18 15:20:31 +00:00
github-actions[bot]
e38616a2ef Release preparation for version 2.25.5 2026-05-18 12:05:32 +00:00
github-actions[bot]
7610277199 Post-release preparation for codeql-cli-2.25.4 2026-05-05 10:10:06 +00:00
github-actions[bot]
88e1d86c27 Release preparation for version 2.25.4 2026-05-05 09:34:30 +00:00
Owen Mansel-Chan
b07d2fb7d7 Merge pull request #21740 from owen-mc/go/overlay-correctness
Go: improve accuracy of overlay annotations
2026-04-28 11:35:14 +01:00
Tom Hvitved
2e94b09e6f Address review comments 2026-04-27 14:18:41 +02:00
Owen Mansel-Chan
710c1ba050 Make getACallee overlay[global]
Co-authored-by: Copilot <copilot@github.com>
2026-04-24 12:35:11 +01:00
Tom Hvitved
8e26fa1c81 Go: Avoid combinatorial explosion in mostRecentSideEffect when there are multiple entry points 2026-04-24 13:24:58 +02:00
Owen Mansel-Chan
57eaed4dcc Refactor: remove fields from EncryptionOperation
Co-authored-by: Copilot <copilot@github.com>
2026-04-22 13:37:35 +01:00
Owen Mansel-Chan
6efb21314a Merge pull request #21523 from owen-mc/docs/mad/barriers
Document models-as-data barriers and barrier guards and add change notes
2026-04-21 13:49:19 +01:00
github-actions[bot]
a0bab539bb Post-release preparation for codeql-cli-2.25.3 2026-04-20 12:40:34 +00:00
github-actions[bot]
c861d99802 Release preparation for version 2.25.3 2026-04-20 09:27:23 +00:00
Owen Mansel-Chan
bc28e1726c Refactor to get rid of duplication 2026-04-17 13:24:16 +01:00
Owen Mansel-Chan
9f4fd7fab0 Remove a data flow consistency exclusion
This is no longer needed.
2026-04-17 11:27:36 +01:00