hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 05:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity
75,886 Commits 1,742 Branches 166 Tags
614b3cea662bb9edd967736ffc899bc4c243e7be
Commit Graph

75886 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
614b3cea66 Merge pull request #18697 from hvitved/rust/telemetry 
Rust: Implement database quality telemetry query
 2025-02-07 17:43:23 +01:00
Geoffrey White
b5c07540d0 Merge pull request #18621 from geoffw0/sourcemodels4 
Rust: Improve models for environment sources, iterators
 2025-02-07 16:02:28 +00:00
Dave Bartolomeo
0e4725bfe2 Merge pull request #18435 from felickz/felickz/actions-trusted-owner-data-extensions 
Convert trusted actions list to data extension
 2025-02-07 10:25:41 -05:00
Dave Bartolomeo
42562b5187 Merge pull request #18704 from github/dbartol/actions-suites 
Actions: Move experimental queries to `experimental` directory
 2025-02-07 10:03:31 -05:00
Edward Minnix III
c96502478e Merge pull request #18664 from egregius313/egregius313/csharp/blazor/url-param-sources 
C#: Blazor: Add route parameters as remote flow sources
 2025-02-07 08:34:29 -05:00
Tom Hvitved
11bf4c831d Update rust/ql/src/queries/telemetry/DatabaseQualityDiagnostics.ql 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2025-02-07 13:55:11 +01:00
Ian Lynagh
c4d682f686 Merge pull request #18638 from igfoo/igfoo/ferstl 
Java: Update test output
 2025-02-07 12:03:03 +00:00
Simon Friis Vindum
4581e772d6 Merge pull request #18709 from paldepind/rust-model-generation-test 
Rust: Add additional tests for model generation
 2025-02-07 11:14:41 +01:00
Tom Hvitved
d8c9427d3e Merge pull request #18700 from hvitved/rust/shorthand-struct 
Rust: Shorthand record construction in data flow
 2025-02-07 10:59:52 +01:00
Simon Friis Vindum
5bef9c98ff Rust: Accept changes 2025-02-07 10:20:15 +01:00
Simon Friis Vindum
c9b5dab097 Rust: Add additional tests for model generation 2025-02-07 09:05:27 +01:00
Tom Hvitved
100de73066 Merge pull request #18689 from hvitved/rust/path-resolution-type-param 
Rust: Extend path resolution to cover type parameters
 2025-02-07 08:55:27 +01:00
Simon Friis Vindum
9bcfd010d4 Merge pull request #18676 from paldepind/rust-model-clone 
Rust: Model `clone`
 2025-02-07 08:37:44 +01:00
yoff
37ddaa36ad Merge pull request #18702 from github/tausbn/python-allow-comments-in-subscripts 
Python: Allow comments in subscripts
 2025-02-06 23:31:29 +01:00
yoff
381cc20cdd Merge pull request #18703 from github/tausbn/python-robustly-handle-loop-constructs 
Python: Handle loop constructs outside of loops
 2025-02-06 23:31:04 +01:00
Ed Minnix
29d03db06b Remove unneeded disjunction 2025-02-06 15:10:06 -05:00
Chad Bentz
fd404bcbcd Update actions/ql/lib/change-notes/2025-01-07-trusted-owner-ext.md 
Co-authored-by: Dave Bartolomeo <dbartol@github.com>
 2025-02-06 14:28:07 -05:00
Ian Lynagh
05180376f2 Java: Update test output 2025-02-06 18:32:46 +00:00
Tom Hvitved
707bf16d90 Rust: Shorthand record construction in data flow 2025-02-06 19:19:18 +01:00
Tom Hvitved
9bc3b0e96e Rust: Update a test to use shorthand record syntax 2025-02-06 19:19:17 +01:00
Tom Hvitved
aca70cd1ea Merge pull request #18675 from hvitved/rust/struct-tuple-field 
Rust: Implement data flow through tuple structs
 2025-02-06 19:17:53 +01:00
Dave Bartolomeo
e2ab65ea3e Update qlref paths 2025-02-06 11:20:19 -05:00
Dave Bartolomeo
604dbfd0d0 Actions: Move experimental to experimental directory 
This is consistent with how other languages manage experimental queries. I've left the `experimental` tags in place.
 2025-02-06 10:54:25 -05:00
Simon Friis Vindum
b2ba5f4f38 Rust: Make imports private 2025-02-06 16:07:25 +01:00
Taus
131ec8d22f Python: Handle loop constructs outside of loops 
Observed on some test files in Nuitka/Nuitka, having `break` and
`continue` outside of loops in Python is (to Python) a syntax error, but
our parser happily accepted this broken syntax.

This then caused issues further downstream in the control-flow
construction, as it broke some invariants.

To fix this we now skip the code that would previously fail when the
invariants are broken.

Co-authored-by: yoff <yoff@github.com>
 2025-02-06 14:30:16 +00:00
Taus
3d25cd3bb5 Python: Add change note 2025-02-06 14:08:20 +00:00
Taus
7124e80f28 Python: Regenerate parser files 2025-02-06 14:05:40 +00:00
Taus
c5be2a3e2d Python: Allow comments in subscripts 
Once again, the interaction between anchors and extras (specifically
comments) was causing trouble.

The root of the problem was the fact that in `a[b]`, we put `b` in the
`index` field of the subscript node, whereas in `a[b,c]`, we
additionally synthesize a `Tuple` node for `b,c` (which matches the
Python AST).

To fix this, we refactored the grammar slightly so as to make that tuple
explicit, such that a subscript node either contains a single expression
or the newly added tuple node. This greatly simplifies the logic.
 2025-02-06 14:04:57 +00:00
yoff
40851aeaef Merge pull request #18687 from github/tausbn/python-print-file-path-on-context-error 
Python: Print file path when logging context errors
 2025-02-06 15:01:06 +01:00
Anders Schack-Mulligen
57735388e0 Merge pull request #18655 from aschackmull/java/typeflow-joinorder 
TypeFlow: Improve join-order.
 2025-02-06 13:12:52 +01:00
Asger F
7f4facc864 Merge pull request #18661 from asgerf/js/hoist-in-block 
JS: Hoist function declarations to the top of a block statement
 2025-02-06 12:38:51 +01:00
Tom Hvitved
89502d63e5 Rust: Implement database quality telemetry query 2025-02-06 10:46:48 +01:00
Asger F
6ae06aed9e Update javascript/extractor/src/com/semmle/js/extractor/CFGExtractor.java 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-02-06 10:03:28 +01:00
Asger F
83ccdb76ed Merge pull request #18686 from asgerf/ac/bash-quotation-oom 
Actions: avoid N^2 parsing in common cases
 2025-02-06 09:59:23 +01:00
Asger F
6207e39b5f JS: Change note 2025-02-06 09:58:24 +01:00
Remco Vermeulen
7619f1dac9 Merge pull request #18679 from rvermeulen/rvermeulen/ccr-suites 
Add CCR suites
 2025-02-05 09:35:48 -08:00
Ed Minnix
0a817eb1da Fix test expectations 2025-02-05 11:25:51 -05:00
Ed Minnix
274a2d8dac Remove remoteFlowSource integration test 2025-02-05 11:24:29 -05:00
Ed Minnix
a783ac1abf Add QL tests for remoteFlowSource 2025-02-05 11:22:23 -05:00
Paolo Tranquilli
d65a704209 Merge pull request #18635 from hvitved/codegen/self-type-alias 
Codegen: Improve return type of self-typed properties
 2025-02-05 17:20:25 +01:00
Paolo Tranquilli
e4523ef581 Merge pull request #18684 from github/redsun82/swift-keypath-expr 
Swift: fix `KeyPathExpr` assertion
 2025-02-05 16:40:25 +01:00
Nora Dimitrijević
ab521ff180 Merge pull request #18688 from d10c/d10c/drop-bigint-avg 
Update docs to remove BigInt `avg`
 2025-02-05 16:07:57 +01:00
Tom Hvitved
493953e724 Rust: Extend path resolution to cover type parameters 2025-02-05 15:30:07 +01:00
Tom Hvitved
9319b1848d Merge pull request #18682 from hvitved/dataflow/aliases 
Data flow: Add aliases for removing `DataFlow` prefixes
 2025-02-05 15:04:13 +01:00
Nora Dimitrijević
e455a6c5d7 Update docs to remove BigInt avg 2025-02-05 14:27:21 +01:00
Taus
60d97e0e16 Python: Print file path when logging context errors 
This makes it _much_ easier to find the offending bit of syntax.
 2025-02-05 13:13:39 +00:00
Asger F
4ec84e9327 Actions: update expected output 2025-02-05 13:36:38 +01:00
Asger F
1904b026b2 Actions: Avoid blowup in quotation parser 
The parser has an inherent N^2 blowup and will need a rewrite eventually. For now I'm just trying to make it not blow up as often.
 2025-02-05 13:35:52 +01:00
Asger F
e6b5040909 Actions: add test with many quoted strings 2025-02-05 13:35:50 +01:00
Tom Hvitved
95ab48dfbf Rust: Run codegen 2025-02-05 13:27:08 +01:00