hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-12 13:11:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
85,469 Commits 1,689 Branches 160 Tags
3dbfb9fa4b41177096e74e71fdf4e6533ac42b89
Commit Graph

11096 Commits

Author SHA1 Message Date
yoff
3dbfb9fa4b python: add machinery for MaD barriers 
and reinstate previously removed barrier
now as a MaD row
 2026-01-22 17:30:24 +01:00
Ian Lynagh
a299174f4d javascript: Add up/downgrade scripts 2026-01-20 11:56:15 +00:00
Ian Lynagh
4140121e96 javascript: Use more standard shared dbscheme sections 
We now use the shared "Overlay support" and "Database metadata".
 2026-01-20 11:56:14 +00:00
github-actions[bot]
48475e66af Post-release preparation for codeql-cli-2.24.0 2026-01-19 15:49:08 +00:00
Nick Rolfe
1739e135f5 Fix list formatting inconsistency 2026-01-19 15:17:11 +00:00
github-actions[bot]
4142b9c4ce Release preparation for version 2.24.0 2026-01-19 14:49:14 +00:00
Asger F
bedb80346a Merge pull request #20940 from asgerf/js/detect-minified-files 
JS: Skip minified file if avg line length > 200
 2026-01-19 14:31:09 +01:00
Asger F
077bbb24ac Merge pull request #21159 from asgerf/js/vue-prop-function 
JS: Add support for props callbacks in Vue router configs
 2026-01-19 10:13:49 +01:00
Asger F
ff580410fe Merge pull request #20733 from asgerf/js/incremental-api-graphs 
JS: Incremental API graph
 2026-01-14 12:49:41 +01:00
Asger F
06cc323aee Update javascript/ql/src/change-notes/2025-12-05-skip-minified-files.md 
Co-authored-by: Taus <tausbn@github.com>
 2026-01-14 11:40:01 +01:00
Asger F
b47ae420ca Update javascript/ql/src/change-notes/2025-12-05-skip-minified-files.md 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-01-14 11:40:01 +01:00
Asger F
739ed4b3bb JS: Change note 2026-01-14 11:40:01 +01:00
Asger F
2892ab61ae JS: Make sure a file is not seen as minified 2026-01-14 11:40:01 +01:00
Asger F
84f6b6f67a JS: Accept test change due to file no longer being extracted 2026-01-14 11:40:01 +01:00
Asger F
e430aa97f3 Merge pull request #20916 from asgerf/js/next-folders2 
JS: Handle Next.js files named 'page' or 'route'
 2026-01-14 11:10:57 +01:00
Ian Lynagh
63f78e7609 Merge pull request #21156 from igfoo/igfoo/mb 
Merge rc/3.20 into main
 2026-01-13 12:11:37 +00:00
Asger F
9fa856f974 JS: Change note 2026-01-13 11:49:33 +01:00
Asger F
7cd820ea86 JS: Add support for props callbacks in router configs 2026-01-13 11:46:12 +01:00
Asger F
40c35341d1 JS: Add props to Vue router test case 2026-01-13 11:44:07 +01:00
Asger F
da9aafc3b0 JS: Also track additional use-steps crossing the overlay boundary 2026-01-13 10:54:16 +01:00
Asger F
ca52fe59e8 Merge pull request #20918 from asgerf/js/response-default-content-type 
JS: Handle default 'content-type' header in Response() objects
 2026-01-13 10:34:40 +01:00
Asger F
d2e6ae5e14 Update javascript/ql/lib/semmle/javascript/frameworks/Next.qll 
Co-authored-by: Napalys Klicius <napalys@github.com>
 2026-01-13 10:34:25 +01:00
Ian Lynagh
dcd0a69759 Merge remote-tracking branch 'upstream/main' into igfoo/mb 2026-01-13 01:01:35 +00:00
Asger F
cf0b77074f JS: Workaround forceLocal not supporting 'result' column 
A bug made it into the release which causes compilation errors when
forceLocal is used on a predicate with a result column.

This commit works around the issue by converting the result column
to a positional parameter, for the predicates that we use forceLocal on.

It should be safe to revert this commit once the compiler fix has made
it into a stable release.
 2026-01-07 11:05:41 +01:00
Asger F
e16cacd48d JS: Rename "in scope" to "in active file" 2026-01-07 11:05:41 +01:00
Asger F
87049bd07e Update javascript/ql/lib/semmle/javascript/ApiGraphs.qll 
Co-authored-by: Taus <tausbn@github.com>
 2026-01-07 11:05:41 +01:00
Asger F
56a6fe4c08 Update javascript/ql/lib/semmle/javascript/ApiGraphs.qll 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-01-07 11:05:41 +01:00
Asger F
d0dbc91aa9 Update javascript/ql/lib/semmle/javascript/ApiGraphs.qll 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-01-07 11:05:41 +01:00
Asger F
9721b4e0f5 JS: Fix bad join in export logic 2026-01-07 11:05:41 +01:00
Asger F
cae27c40be JS: Add a missing needsDefNode restriction 
Previously this was implied by MkClassInstance but that's no longer
the case.
 2026-01-07 11:05:41 +01:00
Asger F
369848a870 JS: Fix some QL4QL alerts 2026-01-07 11:05:41 +01:00
Asger F
97d369cf4e JS: Make API::Node overlay[local?] 
We want the type itself to be local but nearly all its member predicates
are global.
 2026-01-07 11:05:41 +01:00
Asger F
27e8bcb347 JS: Add back promisify-all support 
This was somehow lost in a rebase
 2026-01-07 11:05:41 +01:00
Asger F
8731eee10e JS: Work around an issue with overlay-invariance 2026-01-07 11:05:41 +01:00
Asger F
962c128f20 JS: Update test output to reflect Node.toString() change 2026-01-07 11:05:41 +01:00
Asger F
7974416e65 JS: Simplify toString() 2026-01-07 11:05:41 +01:00
Asger F
651608a170 JS: Bugfix in Stage1Local::trackDefNode 2026-01-07 11:05:41 +01:00
Asger F
ed3a8bdfa9 JS: Include import paths from custom ModuleImportNode::Range subclasses 2026-01-07 11:05:41 +01:00
Asger F
c687dc93b0 JS: Add overlay[global] to abstract classes with fields 
Some abstract classes defines fields without binding them, leaving it up to the subclasses to bind them. When combined with overlay[local?], the charpred for such an abstract class can become local, while the subclasses are global. The means the charpred needs to be materialized, even though it doesn't bind the fields, leading to a cartesian product.
 2026-01-07 11:05:41 +01:00
Asger F
cf0e7652f4 JS: Remove global dependency that wasnt needed anyway 2026-01-07 11:05:41 +01:00
Asger F
a6dfb8351c JS: Add back CallReceiverStep() restriction 
This was initially lost after rebasing with indentation changes
 2026-01-07 11:05:41 +01:00
Asger F
825c08356f JS: Change signature of 'edges' to support quick eval 2026-01-07 11:05:41 +01:00
Asger F
4bd0f34938 JS: Add debug tools for detecting lost nodes/edges 2026-01-07 11:05:41 +01:00
Asger F
c9d3f06fbc JS:Add more member labels 2026-01-07 11:05:41 +01:00
Asger F
9c37e076cc JS: Add overlay-specific Stage2 2026-01-07 11:05:41 +01:00
Asger F
1001e86f20 JS: Restrict Stage1 to the base database 2026-01-07 11:05:41 +01:00
Asger F
b12d927020 JS: Also expose "any state" version of tracking predicates 2026-01-07 11:05:41 +01:00
Asger F
daf04f1184 JS: Call forceLocal on the output of Stage 1 2026-01-07 11:05:41 +01:00
Asger F
271567c88f JS: Add missing def-node roots 2026-01-07 11:05:41 +01:00
Asger F
123bc64091 JS: Improve join order at MkUse call 2026-01-07 11:05:41 +01:00