hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-05 07:08:31 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,506 Commits 1,732 Branches 164 Tags
283231bdbc044ad1c98da4c522b89dc1012baf18
Commit Graph

86506 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Taus
283231bdbc Python: Port ShouldBeContextManager.ql 
Only trivial test changes.
 2026-03-20 13:28:45 +00:00
Taus
025a7d0cca Python: Port UselessClass.ql 
No test changes.
 2026-03-20 13:28:45 +00:00
Taus
8cfdea2001 Python: Port PropertyInOldStyleClass.ql 
Only trivial test changes.
 2026-03-20 13:28:45 +00:00
Taus
e860d706c9 Python: Port SuperInOldStyleClass.ql 2026-03-20 13:28:45 +00:00
Taus
3d20050c0a Python: Port SlotsInOldStyleClass.ql 
Only trivial test changes.
 2026-03-20 13:28:45 +00:00
Taus
b57e92164c Python: Add declares/getAttribute API 
These could arguably be moved to `Class` itself, but for now I'm
choosing to limit the changes to the `DuckTyping` module (until we
decide on a proper API).
 2026-03-20 13:28:45 +00:00
Taus
cd92162920 Python: Add DuckTyping::isNewStyle 
Approximates the behaviour of `Types::isNewStyle` but without depending
on points-to
 2026-03-20 13:28:45 +00:00
Taus
33ed6034f6 Python: Introduce DuckTyping module 
This module (which for convenience currently resides inside
`DataFlowDispatch`, but this may change later) contains convenience
predicates for bridging the gap between the data-flow layer and the old
points-to analysis.
 2026-03-20 13:28:44 +00:00
Taus
1dcc76996d Python: Port py/print-during-import 
Uses a (perhaps) slightly coarser approximation of what modules are
imported, but it's probably fine.
 2026-03-20 13:28:44 +00:00
Taus
f4841e1f39 Python: Use API graphs instead of points-to for simple built-ins 
Also extends the list of known built-ins slightly, to add some that were
missing.
 2026-03-20 13:28:44 +00:00
Paolo Tranquilli
7a33e2f539 Merge pull request #21508 from github/dependabot/bazel/rules_pkg-1.2.0 
Bump rules_pkg from 1.0.1 to 1.2.0
 2026-03-19 16:27:45 +01:00
Paolo Tranquilli
34101b5ca0 Merge pull request #21448 from github/redsun82/update-rules-rust 
Update `rules_rust` 0.68.1.codeql.1 → 0.69.0, drop local patch
 2026-03-19 16:16:34 +01:00
Geoffrey White
07db9cf3c4 Merge pull request #21421 from geoffw0/wrongtypeformat 
C++: Add some test cases for cpp/wrong-type-format-argument
 2026-03-19 14:25:33 +00:00
Paolo Tranquilli
50d83ada95 Merge branch 'main' into redsun82/update-rules-rust 2026-03-19 12:50:00 +01:00
dependabot[bot]
10678d3a42 Bump rules_pkg from 1.0.1 to 1.2.0 
Bumps [rules_pkg](https://github.com/bazelbuild/rules_pkg) from 1.0.1 to 1.2.0.
- [Release notes](https://github.com/bazelbuild/rules_pkg/releases)
- [Changelog](https://github.com/bazelbuild/rules_pkg/blob/main/CHANGELOG.md)
- [Commits](https://github.com/bazelbuild/rules_pkg/compare/1.0.1...1.2.0)

---
updated-dependencies:
- dependency-name: rules_pkg
  dependency-version: 1.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-19 11:31:03 +00:00
Paolo Tranquilli
7d538988a6 Merge pull request #21507 from github/dependabot/bazel/rules_go-0.60.0 
Bump rules_go from 0.59.0 to 0.60.0
 2026-03-19 12:29:17 +01:00
dependabot[bot]
7f17b7716d Bump rules_go from 0.59.0 to 0.60.0 
Bumps [rules_go](https://github.com/bazel-contrib/rules_go) from 0.59.0 to 0.60.0.
- [Release notes](https://github.com/bazel-contrib/rules_go/releases)
- [Commits](https://github.com/bazel-contrib/rules_go/compare/v0.59.0...v0.60.0)

---
updated-dependencies:
- dependency-name: rules_go
  dependency-version: 0.60.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-19 10:43:19 +00:00
Paolo Tranquilli
b57fa1bffa Merge pull request #21505 from github/dependabot/bazel/rules_cc-0.2.17 
Bump rules_cc from 0.2.16 to 0.2.17
 2026-03-19 11:41:28 +01:00
dependabot[bot]
662b1e7df6 Bump rules_cc from 0.2.16 to 0.2.17 
Bumps [rules_cc](https://github.com/bazelbuild/rules_cc) from 0.2.16 to 0.2.17.
- [Release notes](https://github.com/bazelbuild/rules_cc/releases)
- [Commits](https://github.com/bazelbuild/rules_cc/compare/0.2.16...0.2.17)

---
updated-dependencies:
- dependency-name: rules_cc
  dependency-version: 0.2.17
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-19 10:02:30 +00:00
Tom Hvitved
3fad6bdc0c Merge pull request #21495 from hvitved/rust/fix-bad-joins 
Rust: Fix two bad joins
 2026-03-19 09:53:22 +01:00
Paolo Tranquilli
518d170acd Merge pull request #21499 from github/redsun82/dependabot-exclude-bazel-registry 
Dependabot: ignore modules in our bazel registry
 2026-03-19 09:25:28 +01:00
Paolo Tranquilli
b9ad36c11d Depdendabot: ignore modules in the our bazel registry 
These come from the upstream registry and should just be left alone.
 2026-03-19 09:15:25 +01:00
Paolo Tranquilli
4ca071210b Merge branch 'main' into redsun82/update-rules-rust 2026-03-19 08:36:31 +01:00
Tom Hvitved
2ff5c2c234 Rust: Fix two bad joins 
Before
```
Evaluated relational algebra for predicate TypeInference::DeconstructionPatMatchingInput::Access.getNodeAt/1#dispred#cc149bc2@88f6f09n with tuple counts:
           142521   ~1%    {3} r1 = JOIN num#FunctionType::TReturnFunctionPosition#a15fd6be WITH TypeInference::DeconstructionPatMatchingInput::Access#a2676dcb CARTESIAN PRODUCT OUTPUT Rhs.0, Lhs.0, Rhs.0

           131938   ~0%    {3} r2 = JOIN `TupleStructPat::Generated::TupleStructPat.getField/1#dispred#ac9c1af6` WITH TypeInference::DeconstructionPatMatchingInput::Access#a2676dcb ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Lhs.2
           131938   ~6%    {3}    | JOIN WITH `FunctionType::FunctionPosition.asPosition/0#dispred#efcc0611_10#join_rhs` ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Lhs.2

          3071346   ~0%    {2} r3 = SCAN `Name::Generated::Name.getText/0#dispred#107a5a39` OUTPUT In.1, In.0
        103064442   ~2%    {3}    | JOIN WITH `StructPat::StructPat.getPatField/1#5e21ea0e_102#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Rhs.2
        103064442   ~3%    {3}    | JOIN WITH TypeInference::DeconstructionPatMatchingInput::Access#a2676dcb ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Lhs.0
        103064438   ~1%    {3}    | JOIN WITH `StructPatField::Generated::StructPatField.getPat/0#dispred#1aadfeff` ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Rhs.1
         20514858   ~2%    {3}    | JOIN WITH `StructField::Generated::StructField.getName/0#dispred#e0248569_10#join_rhs` ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Lhs.2
            59554   ~1%    {3}    | JOIN WITH `StructPat::StructPat.getNthStructField/1#dispred#de537654_021#join_rhs` ON FIRST 2 OUTPUT Rhs.2, Lhs.0, Lhs.2
            59542   ~0%    {3}    | JOIN WITH `FunctionType::FunctionPosition.asPosition/0#dispred#efcc0611_10#join_rhs` ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Lhs.2

           334001   ~0%    {3} r4 = r1 UNION r2 UNION r3
                           return r4

Evaluated relational algebra for predicate TypeInference::ConstructionMatchingInput::Access.getNodeAt/1#dispred#acd835e6@bfb1f1e1 with tuple counts:
          1395153   ~3%    {3} r1 = JOIN TypeInference::ConstructionMatchingInput::PathExprAccess#b7a80c43 WITH num#FunctionType::TReturnFunctionPosition#a15fd6be CARTESIAN PRODUCT OUTPUT Lhs.0, Rhs.0, Lhs.0

            34290   ~3%    {3} r2 = JOIN StructExpr::Generated::StructExpr#d0a89c56 WITH num#FunctionType::TReturnFunctionPosition#a15fd6be CARTESIAN PRODUCT OUTPUT Lhs.0, Rhs.0, Lhs.0

          3071346   ~0%    {2} r3 = SCAN `Name::Generated::Name.getText/0#dispred#107a5a39` OUTPUT In.1, In.0
        145365745   ~0%    {3}    | JOIN WITH `StructExpr::StructExpr.getFieldExpr/1#cd55566d_102#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Rhs.2
        145365745   ~1%    {3}    | JOIN WITH StructExpr::Generated::StructExpr#d0a89c56 ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Lhs.2
         33371514   ~0%    {3}    | JOIN WITH `StructField::Generated::StructField.getName/0#dispred#e0248569_10#join_rhs` ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Lhs.2
           108831   ~0%    {3}    | JOIN WITH `StructExpr::StructExpr.getNthStructField/1#dispred#89ad7e20_021#join_rhs` ON FIRST 2 OUTPUT Rhs.2, Lhs.0, Lhs.2
           108751   ~0%    {3}    | JOIN WITH `FunctionType::FunctionPosition.asPosition/0#dispred#efcc0611_10#join_rhs` ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Rhs.1
           108751   ~4%    {3}    | JOIN WITH `StructExprField::Generated::StructExprField.getExpr/0#dispred#956e6ba1` ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Rhs.1

          1748398   ~4%    {3} r4 = `TypeInference::ConstructionMatchingInput::NonAssocCallAccess.getNodeAt/1#dispred#ef232b1f` UNION r1 UNION r2 UNION r3
                           return r4
```

After
```
Evaluated relational algebra for predicate TypeInference::DeconstructionPatMatchingInput::Access.getNodeAt/1#dispred#cc149bc2@2ea6ebjs with tuple counts:
        142521   ~1%    {3} r1 = JOIN num#FunctionType::TReturnFunctionPosition#a15fd6be WITH TypeInference::DeconstructionPatMatchingInput::Access#a2676dcb CARTESIAN PRODUCT OUTPUT Rhs.0, Lhs.0, Rhs.0

        131938   ~0%    {3} r2 = JOIN `TupleStructPat::Generated::TupleStructPat.getField/1#dispred#ac9c1af6` WITH TypeInference::DeconstructionPatMatchingInput::Access#a2676dcb ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Lhs.2
        131938   ~6%    {3}    | JOIN WITH `FunctionType::FunctionPosition.asPosition/0#dispred#efcc0611_10#join_rhs` ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Lhs.2

        166829   ~3%    {3} r3 = JOIN `_Name::Generated::Name.getText/0#dispred#107a5a39_StructField::Generated::StructField.getName/0#disp__#shared` WITH `StructPat::StructPat.getNthStructField/1#dispred#de537654_201#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Rhs.2
        166817   ~2%    {3}    | JOIN WITH TypeInference::DeconstructionPatMatchingInput::Access#a2676dcb ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Lhs.0
        166817   ~0%    {3}    | JOIN WITH `FunctionType::FunctionPosition.asPosition/0#dispred#efcc0611_10#join_rhs` ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Rhs.1
         59542   ~0%    {3}    | JOIN WITH `StructPat::StructPat.getPatField/1#5e21ea0e` ON FIRST 2 OUTPUT Rhs.2, Lhs.0, Lhs.2
         59542   ~0%    {3}    | JOIN WITH `StructPatField::Generated::StructPatField.getPat/0#dispred#1aadfeff` ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Rhs.1

        334001   ~0%    {3} r4 = r1 UNION r2 UNION r3
                        return r4

Evaluated relational algebra for predicate TypeInference::ConstructionMatchingInput::Access.getNodeAt/1#dispred#acd835e6@c7f267fp with tuple counts:
        1395153   ~3%    {3} r1 = JOIN TypeInference::ConstructionMatchingInput::PathExprAccess#b7a80c43 WITH num#FunctionType::TReturnFunctionPosition#a15fd6be CARTESIAN PRODUCT OUTPUT Lhs.0, Rhs.0, Lhs.0

          34290   ~3%    {3} r2 = JOIN StructExpr::Generated::StructExpr#d0a89c56 WITH num#FunctionType::TReturnFunctionPosition#a15fd6be CARTESIAN PRODUCT OUTPUT Lhs.0, Rhs.0, Lhs.0

         159331   ~0%    {3} r3 = JOIN `_Name::Generated::Name.getText/0#dispred#107a5a39_StructField::Generated::StructField.getName/0#disp__#shared` WITH `StructExpr::StructExpr.getNthStructField/1#dispred#89ad7e20_201#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Rhs.2
         159231   ~3%    {3}    | JOIN WITH StructExpr::Generated::StructExpr#d0a89c56 ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Lhs.0
         159231   ~3%    {3}    | JOIN WITH `FunctionType::FunctionPosition.asPosition/0#dispred#efcc0611_10#join_rhs` ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Rhs.1
         108731   ~0%    {3}    | JOIN WITH `StructExpr::StructExpr.getFieldExpr/1#cd55566d` ON FIRST 2 OUTPUT Rhs.2, Lhs.0, Lhs.2
         108731   ~4%    {3}    | JOIN WITH `StructExprField::Generated::StructExprField.getExpr/0#dispred#956e6ba1` ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Rhs.1

        1748378   ~4%    {3} r4 = `TypeInference::ConstructionMatchingInput::NonAssocCallAccess.getNodeAt/1#dispred#ef232b1f` UNION r1 UNION r2 UNION r3
                         return r4
```
 2026-03-18 20:42:57 +01:00
Tom Hvitved
2e7da72277 Merge pull request #21488 from paldepind/rust/tuple-constructor-self 
Rust: Unify handling of struct and tuple constructors
 2026-03-18 19:52:06 +01:00
Owen Mansel-Chan
5b17d8cf76 Merge pull request #21472 from owen-mc/adjust-severity/xss-log-injection 
Adjust `@security-severity` metadata for XSS and log injection queries
 2026-03-18 16:51:14 +00:00
Simon Friis Vindum
f2a0724620 Rust: Use getReturnType 2026-03-18 15:06:34 +01:00
Simon Friis Vindum
b8222167d2 Rust: Ensure that TPositionalArgumentPosition is large enough for struct expressions 2026-03-18 15:06:32 +01:00
Simon Friis Vindum
6efd844180 Rust: Rename into "construction" and "deconstruction" 2026-03-18 15:06:23 +01:00
Geoffrey White
34f405f465 C++: Update test annotations. 2026-03-18 13:13:22 +00:00
Anders Schack-Mulligen
d4a0846c6c Merge pull request #21490 from aschackmull/csharp/enclosing-obinit 
C#: Add ObjectInitMethod as enclosing callable for the instance initializers.
 2026-03-18 10:03:18 +01:00
Simon Friis Vindum
d180900ab4 Rust: Minor improvements to documentation comments 
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
 2026-03-17 19:01:22 +01:00
Simon Friis Vindum
97670b3674 Rust: Unify handling of struct and tuple constructors 2026-03-17 16:41:18 +01:00
Anders Schack-Mulligen
af63e63686 C#: Accept test changes. 2026-03-17 14:12:18 +01:00
Anders Schack-Mulligen
19faf8f30b C#: Add ObjectInitMethod as enclosing callable for the instance initializers. 2026-03-17 13:38:41 +01:00
Owen Mansel-Chan
3aaee9d981 Change @security-severity for rust/log-injection from 2.6 to 6.1 2026-03-17 12:01:05 +00:00
Tom Hvitved
8e19b05a25 Merge pull request #21355 from hvitved/rust/type-inference-unify 
Rust: Unify call resolution logic
 2026-03-17 10:38:05 +01:00
Tom Hvitved
1ac9e5a2a4 Rust: Elaborate QL doc on FunctionPosition class 2026-03-17 09:51:15 +01:00
Geoffrey White
9cb1c89a02 C++: Change note. 2026-03-16 19:11:27 +00:00
Geoffrey White
a57f803b37 C++: Address false positive results. 2026-03-16 19:03:10 +00:00
Geoffrey White
1130870168 Merge remote-tracking branch 'upstream/main' into wrongtypeformat 2026-03-16 19:03:02 +00:00
Geoffrey White
8ddfee9971 Merge pull request #21457 from geoffw0/intmultlong 
C++: Fix BMN issue with cpp/integer-multiplication-cast-to-long.
 2026-03-16 19:02:16 +00:00
Geoffrey White
8df4dfb585 C++: Autoformat. 2026-03-16 16:40:27 +00:00
Geoffrey White
2f7526d70b C++: Clarify doc comment and make build-mode: nonereferences more consistent. 2026-03-16 16:38:59 +00:00
Geoffrey White
eeb09ae389 C++: Fix typo. 2026-03-16 16:12:30 +00:00
Geoffrey White
3c4a386f3f C++: Clarify two cases in the test. 2026-03-16 16:08:35 +00:00
Taus
a99b3f2c3b Merge pull request #21459 from github/tausbn/python-fix-missing-relative-imports 
Python: Fix resolution of relative imports from namespace packages
 2026-03-16 14:59:44 +01:00
Taus
92718a98d0 Python: Add test for package inside namespace package 2026-03-16 12:41:09 +00:00
Taus
e70727524a Python: Rename prints tag to flow 
The former was a remnant of copying the setup over from
`ql/test/experimental/import-resolution/importflow.ql`.
 2026-03-16 12:37:00 +00:00
Anders Schack-Mulligen
c24b43d01e Merge pull request #21482 from aschackmull/csharp/rangeanalysis-no-split 
C#: Remove splitting-awareness from Range Analysis.
 2026-03-16 10:54:49 +01:00