hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-12 05:01:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,915 Commits 1,690 Branches 160 Tags
44c9c58b482a933dbbd960a5ca1120da48d2aea2
Commit Graph

84915 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Nebel
44c9c58b48 C#: Add implicit span conversion test case. 2025-12-18 12:51:02 +01:00
Michael Nebel
119ecff3b7 C#: Implicit span conversion. 2025-12-18 11:59:18 +01:00
Tom Hvitved
98dc4390ea Merge pull request #21060 from hvitved/shared/unbound-list 
Shared: Add library for unbound lists
 2025-12-17 16:20:40 +01:00
Simon Friis Vindum
9e8735f84c Merge pull request #20878 from paldepind/rust/axum-model 
Rust: Add models for Axum
 2025-12-17 15:47:28 +01:00
Tom Hvitved
47e375f6e4 Merge pull request #21057 from hvitved/rust/fix-bad-join 
Rust: Fix bad join
 2025-12-17 15:34:45 +01:00
Tom Hvitved
adfaefd1e6 Merge pull request #21043 from hvitved/rust/type-inference-trait-bounds-overlap 
Rust: Fix candidate receiver type calculation for trait bounds
 2025-12-17 15:31:00 +01:00
Tom Hvitved
b6cda4a29b Update shared/util/codeql/util/UnboundList.qll 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-12-17 13:44:47 +01:00
Tom Hvitved
08339fe0df Shared: Add library for unbound lists 2025-12-17 13:13:39 +01:00
Tom Hvitved
5c604fce48 Rust: Fix bad join 
Before
```
Evaluated relational algebra for predicate TypeInference::MethodResolution::MethodCall.getTrait/0#dispred#fc13ba6e@914858bt with tuple counts:
          153112   ~2%    {2} r1 = SCAN `Operation::Operation.isOverloaded/3#f0e64084` OUTPUT In.0, In.1
          153112   ~2%    {2}    | STREAM DEDUP

           18807   ~0%    {2} r2 = JOIN `TypeInference::getCallExprTraitQualifier/1#c084fe9f` WITH TypeInference::MethodResolution::MethodCallCallExpr#6eae461f ON FIRST 1 OUTPUT Lhs.0, Lhs.1

        65859035   ~3%    {3} r3 = JOIN `_IndexExpr::Generated::IndexExpr#9975e37a_TypeInference::MethodResolution::MethodCallIndexExpr.isInM__#shared` WITH Trait::Generated::Trait#ecf50173 CARTESIAN PRODUCT OUTPUT Rhs.0, _, Lhs.0
        65859035   ~0%    {3}    | REWRITE WITH Out.1 := "core::ops::index::Index"
           11191   ~0%    {2}    | JOIN WITH `Addressable::Addressable.getCanonicalPath/0#dispred#6044348f#bb` ON FIRST 2 OUTPUT Lhs.2, Lhs.0

             671   ~0%    {1} r4 = JOIN IndexExpr::Generated::IndexExpr#9975e37a WITH `TypeInference::MethodResolution::MethodCallIndexExpr.isInMutableContext/0#dispred#8c8ad425` ON FIRST 1 OUTPUT Lhs.0
         3948835   ~2%    {3}    | JOIN WITH Trait::Generated::Trait#ecf50173 CARTESIAN PRODUCT OUTPUT Rhs.0, _, Lhs.0
         3948835   ~2%    {3}    | REWRITE WITH Out.1 := "core::ops::index::IndexMut"
             671   ~1%    {2}    | JOIN WITH `Addressable::Addressable.getCanonicalPath/0#dispred#6044348f#bb` ON FIRST 2 OUTPUT Lhs.2, Lhs.0

          183781   ~0%    {2} r5 = r1 UNION r2 UNION r3 UNION r4
                          return r5
```

After
```
Evaluated relational algebra for predicate TypeInference::MethodResolution::MethodCall.getTrait/0#dispred#fc13ba6e@1b4a55e3 with tuple counts:
        153112   ~2%    {2} r1 = SCAN `Operation::Operation.isOverloaded/3#f0e64084` OUTPUT In.0, In.1
        153112   ~2%    {2}    | STREAM DEDUP

         11191   ~0%    {2} r2 = JOIN `_IndexExpr::Generated::IndexExpr#9975e37a_TypeInference::MethodResolution::MethodCallIndexExpr.isInM__#shared` WITH Stdlib::IndexTrait#e80543a5 CARTESIAN PRODUCT OUTPUT Lhs.0, Rhs.0

         18807   ~0%    {2} r3 = JOIN `TypeInference::getCallExprTraitQualifier/1#c084fe9f` WITH TypeInference::MethodResolution::MethodCallCallExpr#6eae461f ON FIRST 1 OUTPUT Lhs.0, Lhs.1

           671   ~0%    {1} r4 = JOIN IndexExpr::Generated::IndexExpr#9975e37a WITH `TypeInference::MethodResolution::MethodCallIndexExpr.isInMutableContext/0#dispred#8c8ad425` ON FIRST 1 OUTPUT Lhs.0
           671   ~1%    {2}    | JOIN WITH Stdlib::IndexMutTrait#4d6c31bd CARTESIAN PRODUCT OUTPUT Lhs.0, Rhs.0

        183781   ~0%    {2} r5 = r1 UNION r2 UNION r3 UNION r4
                        return r5
```
 2025-12-17 11:52:28 +01:00
Tom Hvitved
eb56cbd358 Rust: Fix candidate receiver type calculation for trait bounds 2025-12-17 11:06:27 +01:00
Tom Hvitved
3104adbe77 Rust: Add type inference test 2025-12-17 11:06:22 +01:00
Tom Hvitved
802c465b31 Merge pull request #21027 from hvitved/rust/type-inference-matching-specialization 
Rust: Also use specialized types when inferring types for calls
 2025-12-17 11:03:44 +01:00
Tom Hvitved
fe0ce7a492 Address review comments 2025-12-17 10:35:28 +01:00
Michael Nebel
8eddc71e0e Merge pull request #21016 from michaelnebel/csharp/slnx 
C#: Support `.slnx.` solution files.
 2025-12-17 09:27:11 +01:00
Simon Friis Vindum
420dd9ab61 Rust: Add change note for Axum models 2025-12-16 15:15:22 +01:00
Simon Friis Vindum
e53bdb11be Rust: Accept changes to expected files for consistency check 2025-12-16 13:15:34 +01:00
Simon Friis Vindum
63329b47d8 Merge pull request #21036 from paldepind/rust/prioritize-manual-summaries 
Rust: Don't apply generated models for functions that have a manual model
 2025-12-16 12:47:27 +01:00
Simon Friis Vindum
cbdab99497 Rust: Add XSS sink for Axum HTML response creation 2025-12-16 12:41:44 +01:00
Simon Friis Vindum
fbf9f7eda7 Rust: Add models for Axum 2025-12-16 12:41:32 +01:00
Simon Friis Vindum
0ea06aca06 Rust: Introduce more functions in Axum test 2025-12-16 12:32:40 +01:00
Michael Nebel
7df1d7a13f C#: Address review comment. 2025-12-16 10:21:08 +01:00
Simon Friis Vindum
8c4b81ebc7 Rust: Fix typo in comment 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-12-16 10:19:01 +01:00
Simon Friis Vindum
477e1cd96c Rust: Fix manual model for PathBuf::as_path 2025-12-16 09:25:42 +01:00
Tom Hvitved
d709343d38 Merge pull request #21011 from aschackmull/mad/shared-externalflow 
Java/C++/Go/C#: Share parts of ExternalFlow.qll
 2025-12-15 20:27:04 +01:00
Tom Hvitved
74ed18a89f Merge pull request #21035 from hvitved/rust/ord-models 
Rust: Add models for `core::cmp::Ord::{min,max,clamp}`
 2025-12-15 17:09:33 +01:00
Simon Friis Vindum
1b70111dd2 Rust: Don't apply generated models for functions that have a manual model 2025-12-15 14:25:49 +01:00
Simon Friis Vindum
d2cfd53933 Rust: Add test with wrong generated model 2025-12-15 14:23:48 +01:00
Tom Hvitved
86a4d42316 Rust: Remove obsolete comment from test 2025-12-15 13:10:41 +01:00
Tom Hvitved
3239afb278 Rust: Also use specialized types when inferring types for calls 2025-12-15 13:10:37 +01:00
Tom Hvitved
8e2d9d50b7 Rust: Add type inference test 2025-12-15 13:09:21 +01:00
Óscar San José
2824c98efb Merge pull request #21025 from github/oscarsj/mergeback-rc-3-20-into-main 
Mergeback rc/3.20 into main
 2025-12-15 11:59:58 +01:00
Tom Hvitved
fc49360e81 Rust: Add models for core::cmp::Ord::{min,max,clamp} 2025-12-15 11:52:05 +01:00
Michael Nebel
70447c6483 Merge pull request #21026 from michaelnebel/csharp/migratesolution 
C#: Migrate our own solution file to `.slnx`.
 2025-12-15 11:01:35 +01:00
Geoffrey White
93e8534d0a Merge pull request #21009 from geoffw0/varfps 
Rust: Fix some false positives for rust/unused-variable and rust/unused-value
 2025-12-15 09:48:47 +00:00
Geoffrey White
01f9b42472 Merge branch 'main' into varfps 2025-12-15 08:49:16 +00:00
Michael Nebel
949cfc3fbd Merge pull request #21031 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2025-12-15 09:12:24 +01:00
github-actions[bot]
f7bbddec24 Add changed framework coverage reports 2025-12-15 00:27:40 +00:00
Owen Mansel-Chan
af2fbd8dda Merge pull request #20929 from owen-mc/go/fix-data-flow-consistency-checks 
Go: fix small issues highlighted by data flow consistency checks
 2025-12-12 17:01:43 +00:00
Mathias Vorreiter Pedersen
3ea92eada6 Merge pull request #21024 from MathiasVP/csharp-implicit-map-value-reads 
C#: Add implicit `System.Collections.Generic.KeyValuePair2.Value` reads at taint sinks
 2025-12-12 16:46:12 +00:00
Tom Hvitved
b61a439491 Merge pull request #21020 from hvitved/shared/source-sink-provenance-prio 
Shared: Prefer source/sink models with manual provenance over generated
 2025-12-12 16:01:06 +01:00
Michael Nebel
e417938860 C#: Exclude all test projects from the Release build configuration. 2025-12-12 14:25:15 +01:00
Michael Nebel
7f1a9b57f1 C#: Update the default solution to point to the .slnx file instead. 2025-12-12 14:23:23 +01:00
Michael Nebel
1e43d06c6d C#: Migrate CSharp.sln to CSharp.slnx (as is). 2025-12-12 14:22:51 +01:00
Anders Schack-Mulligen
64a48e4e7b MaD: Use "namespace" instead "package" in shared code. 2025-12-12 13:57:02 +01:00
Anders Schack-Mulligen
7f8d0771df MaD: Rename file. 2025-12-12 13:50:58 +01:00
Óscar San José
d972af9ef8 Merge branch 'main' of https://github.com/github/codeql into oscarsj/mergeback-rc-3-20-into-main 2025-12-12 13:22:08 +01:00
Mathias Vorreiter Pedersen
2720f57965 C#: Add change note. 2025-12-12 11:20:02 +00:00
Óscar San José
72b63bbdc3 Merge pull request #20989 from github/post-release-prep/codeql-cli-2.23.8 
Post-release preparation for codeql-cli-2.23.8
 2025-12-12 12:18:16 +01:00
Mathias Vorreiter Pedersen
f30ebab528 C#: Add implicit reads of System.Collections.Generic.KeyValuePair`2.Value at taint sinks. 2025-12-12 11:08:15 +00:00
Mathias Vorreiter Pedersen
b499661c05 C#: Slightly refactor 'CollectionFlow' tests to add a taint-flow test. 2025-12-12 11:06:01 +00:00