hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-26 23:27:06 +02:00
Code Issues Packages Projects Releases Wiki Activity
88,265 Commits 1,784 Branches 169 Tags
5fcaac7cb2e22dfde0481a7f3d6b6c677bb82dee
Commit Graph

88265 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
yoff
5fcaac7cb2 Merge pull request #21869 from yoff/python/support-flask-subclasses 
Python: Support Flask subclasses
 2026-06-25 23:42:21 +02:00
Mario Campos
336df3ccf4 Merge pull request #22060 from github/post-release-prep/codeql-cli-2.26.0 
Post-release preparation for codeql-cli-2.26.0
 2026-06-25 12:43:54 -05:00
github-actions[bot]
456e33773b Post-release preparation for codeql-cli-2.26.0 2026-06-25 16:24:06 +00:00
Mario Campos
7c73de0e3c Merge pull request #22059 from github/release-prep/2.26.0 
Release preparation for version 2.26.0
 2026-06-25 10:31:50 -05:00
github-actions[bot]
237c5639e2 Release preparation for version 2.26.0 2026-06-25 15:27:00 +00:00
Asger F
73ad826d44 Merge pull request #22016 from asgerf/commonast-rebased5 
Unified/swift: new AST spec and Swift mappings
 2026-06-25 16:59:29 +02:00
Michael B. Gale
cc83856c5e Merge pull request #22058 from github/codeql-cli-2.25.6 
Mergeback #21947 into `main`
 2026-06-25 15:57:19 +01:00
Geoffrey White
0fbab225ce Merge pull request #22056 from geoffw0/codequal 
Rust: Remove some redundant imports / casts
 2026-06-25 15:52:15 +01:00
Geoffrey White
ca09327384 Rust: Remove more pointless imports. 2026-06-25 14:51:13 +01:00
Jeroen Ketema
969ab78225 Merge pull request #22048 from github/jketema/kotlin1-pytest 
Kotlin: Update tests to use new `kotlin_2_3_20` fixture
 2026-06-25 15:01:33 +02:00
Paolo Tranquilli
b67644c127 Merge pull request #21986 from JarLob/userpermissions 
Actions: Fix dominates() false positive in reusable workflows
 2026-06-25 14:44:17 +02:00
Geoffrey White
20b4cbe72e Rust: Remove pointless imports of codeql.util.Unit. 2026-06-25 12:51:43 +01:00
Tom Hvitved
b582844f96 Merge pull request #22049 from hvitved/csharp/dead-store-cleanup 
C#: Remove redundant code from `DeadStoreOfLocal.ql`
 2026-06-25 13:51:21 +02:00
Geoffrey White
b9a132dac6 Rust: Remove redundant cast. 2026-06-25 12:51:18 +01:00
Asger F
89cd6770ae Potential fix for pull request finding 
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
 2026-06-25 13:18:27 +02:00
Jeroen Ketema
9b2e6077f1 Kotlin: Address review comments 2026-06-25 12:58:27 +02:00
Tom Hvitved
929fa1e977 C#: Remove redundant code from DeadStoreOfLocal.ql 2026-06-25 08:50:40 +02:00
Mario Campos
3324d07985 Merge pull request #22046 from github/mario-campos/mirror-maven-central/maven 
Use Maven Central mirror in Java Maven integration tests
 2026-06-24 16:42:29 -05:00
Jeroen Ketema
f6b3d1eade Kotlin: Remove unneeded pytest imports 2026-06-24 23:34:39 +02:00
Jeroen Ketema
402c0f89bc Kotlin: Update tests to use new kotlin_2_3_20 fixture 2026-06-24 22:50:32 +02:00
Mario Campos
af11f6e618 Use Maven Central mirror in Java Maven integration tests 2026-06-24 17:45:27 +00:00
Jaroslav Lobačevski
7fc4b4856e Fix formatting 2026-06-24 17:17:16 +00:00
Paolo Tranquilli
4b8cb3ffac Fix false negative for branching nested reusable workflows 
The previous fix required all outermost callers of a reusable workflow to
be protected, which collapsed distinct safe/unsafe inner paths that share
the same outermost caller. Track protection per caller chain instead: a
node inside a reusable workflow is only considered protected if there is
no unprotected caller path up to an outer workflow.

Adds a branching nested regression test where one inner job is protected
by a permission check and a sibling inner job is not.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-06-24 18:22:01 +02:00
Jeroen Ketema
b8c78fdcb7 Merge pull request #21970 from github/andersfugmann/kotlin-2.4-v2 
Kotlin: add Kotlin 2.4.0 support
 2026-06-24 16:40:40 +02:00
Anders Schack-Mulligen
bcf71d0db6 Merge pull request #22043 from github/copilot/tweak-ruby-ast-caseexpr 
Ruby: synthesize implicit `true` value for valueless `CaseExpr`
 2026-06-24 15:43:04 +02:00
Anders Schack-Mulligen
5047bee432 Ruby: Adjust qldoc. 2026-06-24 13:36:54 +02:00
Anders Schack-Mulligen
29eba2f38e Merge pull request #22017 from aschackmull/cfg/catchclause-pattern 
Cfg: Change AST/CFG for CatchClauses to use a pattern.
 2026-06-24 13:21:54 +02:00
copilot-swe-agent[bot]
4fa8a9fb1d Synthesize true value for valueless Ruby CaseExpr 2026-06-24 10:36:23 +00:00
Michael Nebel
a24d222d96 Merge pull request #22011 from michaelnebel/csharp/removeafallback 
C#: Re-factor feed handling logic into its own component.
 2026-06-24 11:58:56 +02:00
Anders Schack-Mulligen
bcfee987f0 Apply suggestion from @aschackmull 2026-06-24 10:26:26 +02:00
Anders Schack-Mulligen
e1d4fe8605 C#: Accept test changes. 2026-06-23 14:42:20 +02:00
Anders Schack-Mulligen
11725e8921 Java: Accept test changes. 2026-06-23 14:28:44 +02:00
Anders Schack-Mulligen
41297c588c Cfg: Change AST/CFG for CatchClauses to use a pattern. 2026-06-23 14:28:44 +02:00
yoff
53cae687f7 Merge pull request #21931 from github/yoff/python-shared-cfg-loop-else 
Shared CFG: add defaulted getWhileElse/getForeachElse to AstSig
 2026-06-23 14:25:16 +02:00
Anders Schack-Mulligen
cfbf4a3927 Merge pull request #22037 from github/copilot/update-csharp-extractor-catch-clause 
C# extractor: extract `catch(ExceptionType)` type as `TypeAccess` instead of `TypeMention`
 2026-06-23 14:21:43 +02:00
Jaroslav Lobačevski
31f6e713c5 Fix "The variable event is only used in one side of disjunct." 2026-06-23 12:06:01 +00:00
copilot-swe-agent[bot]
b254aa7e0b C#: Extract catch(Ex) type as TypeAccess instead of TypeMention 2026-06-23 13:55:39 +02:00
Jaroslav Lobačevski
e2347a5c7d Fix for independent checks 2026-06-23 11:52:11 +00:00
yoff
d26102b263 Merge pull request #21920 from github/yoff/python-flow-py-namespace 
Python: qualify Flow.qll's AST references with Py:: prefix
 2026-06-23 13:20:26 +02:00
yoff
73ab3e6888 Update shared/controlflow/codeql/controlflow/ControlFlowGraph.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2026-06-23 12:41:02 +02:00
yoff
15cbbb82eb Shared CFG: add defaulted getLoopElse to AstSig 
Adds a new defaulted signature predicates to the shared CFG library:

- getLoopElse: `else` block of a loop statement, if
  any (used by Python's `while-else` / `for-else` constructs).

The predicate defaults to `none()`, so behaviour is unchanged for any
language that doesn't override it (verified by re-running
java/ql/test/library-tests/controlflow/).

The Make0 succession rules are extended:
- WhileStmt/ForeachStmt: route the loop-exit edge through the else
  block before reaching the after-position.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-06-23 12:41:02 +02:00
yoff
7d95024487 Apply suggestions from code review 
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
 2026-06-23 12:36:53 +02:00
Copilot
06fa46f664 Python: qualify Flow.qll's AST references with Py:: prefix 
Preparatory refactor for the shared-CFG dataflow migration. Switches
'import python' to 'import python as Py' inside Flow.qll, and qualifies
every AST-class reference (Expr, Bytes, Dict, AssignExpr, Compare,
Module, Scope, Call, Attribute, SsaVariable, AugAssign, etc.) with the
Py:: prefix.

Flow.qll's own CFG types (ControlFlowNode, BasicBlock, CallNode,
NameNode, DefinitionNode, CompareNode, ...) keep their unqualified
names — they remain the public CFG API exported from this file.

This is a semantic noop: the qualification was applied mechanically by
script and no name resolution changes. Verified by:
- All 361 lib/ + src/ queries compile clean.
- All 186 ControlFlow + PointsTo + dataflow library-tests pass.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-06-23 12:36:53 +02:00
Geoffrey White
f6dce466a0 Merge pull request #22009 from geoffw0/rust-crypto 
Rust: Additional test cases for rust/weak-sensitive-data-hashing
 2026-06-23 10:53:45 +01:00
Jeroen Ketema
cd23341dab Merge branch 'main' into andersfugmann/kotlin-2.4-v2 2026-06-23 11:45:17 +02:00
Idriss Riouak
ec91865a7f Merge pull request #22030 from github/idrissrio/cpp/update-stats-file 
C/C++: Update stats file
 2026-06-23 10:26:52 +02:00
Owen Mansel-Chan
f0576046b1 Merge pull request #22027 from owen-mc/go/improve-tests 
Go: Improve two tests
 2026-06-22 17:19:40 +01:00
Geoffrey White
9e0e1bde28 Rust: Use Copilot suggested comment phrasing. 2026-06-22 16:12:54 +01:00
Geoffrey White
8c24acc99d Fix for pull request finding 
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
 2026-06-22 16:10:57 +01:00
yoff
32f7c541ae Merge pull request #21919 from github/yoff/python-remove-getAFlowNode 
Python: deprecate AstNode.getAFlowNode() and rewrite callers
 2026-06-22 15:35:52 +02:00