hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-26 15:17:06 +02:00
Code Issues Packages Projects Releases Wiki Activity
88,276 Commits 1,790 Branches 169 Tags
69a73769815673b6679ec36115f00972709b692d
Commit Graph

88276 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger F
69a7376981 QL4QL: Regenerate raw AST 2026-06-26 08:44:42 +00:00
Asger F
81945d261f Ruby: Regenerate raw AST 2026-06-26 08:44:14 +00:00
Asger F
6ae75e5920 unified: Add PrintAst query 2026-06-26 08:44:14 +00:00
Asger F
6e10897a47 unified: Regenerate AST 2026-06-26 08:44:13 +00:00
Asger F
f8bccf91b6 Shared: Generate PrintAst helper in tree sitter extractor 
Auto-generating a helper for implementing the PrintAST query on top of the generated AST.
 2026-06-26 08:44:13 +00:00
copilot-swe-agent[bot]
4297f012f7 Initial plan 2026-06-26 08:40:05 +00:00
Asger F
cacdc467de Merge pull request #22036 from forks-felickz/felickz/js-angular-hostlistener-postmessage 
JavaScript: Recognize Angular @HostListener('window:message') as a postMessage handler
 2026-06-26 10:09:42 +02:00
Owen Mansel-Chan
7b800b1dd6 Merge pull request #22065 from github/dependabot/go_modules/go/extractor/extractor-dependencies-9f88df4328 
Bump golang.org/x/tools from 0.46.0 to 0.47.0 in /go/extractor in the extractor-dependencies group
 2026-06-26 06:59:52 +01:00
dependabot[bot]
3d1b6b64ed Bump golang.org/x/tools 
Bumps the extractor-dependencies group in /go/extractor with 1 update: [golang.org/x/tools](https://github.com/golang/tools).


Updates `golang.org/x/tools` from 0.46.0 to 0.47.0
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.46.0...v0.47.0)

---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-version: 0.47.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-06-26 03:03:16 +00:00
yoff
5fcaac7cb2 Merge pull request #21869 from yoff/python/support-flask-subclasses 
Python: Support Flask subclasses
 2026-06-25 23:42:21 +02:00
Mario Campos
336df3ccf4 Merge pull request #22060 from github/post-release-prep/codeql-cli-2.26.0 
Post-release preparation for codeql-cli-2.26.0
 2026-06-25 12:43:54 -05:00
github-actions[bot]
456e33773b Post-release preparation for codeql-cli-2.26.0 2026-06-25 16:24:06 +00:00
Mario Campos
7c73de0e3c Merge pull request #22059 from github/release-prep/2.26.0 
Release preparation for version 2.26.0
 2026-06-25 10:31:50 -05:00
github-actions[bot]
237c5639e2 Release preparation for version 2.26.0 2026-06-25 15:27:00 +00:00
Asger F
73ad826d44 Merge pull request #22016 from asgerf/commonast-rebased5 
Unified/swift: new AST spec and Swift mappings
 2026-06-25 16:59:29 +02:00
Michael B. Gale
cc83856c5e Merge pull request #22058 from github/codeql-cli-2.25.6 
Mergeback #21947 into `main`
 2026-06-25 15:57:19 +01:00
Geoffrey White
0fbab225ce Merge pull request #22056 from geoffw0/codequal 
Rust: Remove some redundant imports / casts
 2026-06-25 15:52:15 +01:00
Geoffrey White
ca09327384 Rust: Remove more pointless imports. 2026-06-25 14:51:13 +01:00
Jeroen Ketema
969ab78225 Merge pull request #22048 from github/jketema/kotlin1-pytest 
Kotlin: Update tests to use new `kotlin_2_3_20` fixture
 2026-06-25 15:01:33 +02:00
Paolo Tranquilli
b67644c127 Merge pull request #21986 from JarLob/userpermissions 
Actions: Fix dominates() false positive in reusable workflows
 2026-06-25 14:44:17 +02:00
Geoffrey White
20b4cbe72e Rust: Remove pointless imports of codeql.util.Unit. 2026-06-25 12:51:43 +01:00
Tom Hvitved
b582844f96 Merge pull request #22049 from hvitved/csharp/dead-store-cleanup 
C#: Remove redundant code from `DeadStoreOfLocal.ql`
 2026-06-25 13:51:21 +02:00
Geoffrey White
b9a132dac6 Rust: Remove redundant cast. 2026-06-25 12:51:18 +01:00
Asger F
89cd6770ae Potential fix for pull request finding 
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
 2026-06-25 13:18:27 +02:00
Jeroen Ketema
9b2e6077f1 Kotlin: Address review comments 2026-06-25 12:58:27 +02:00
Tom Hvitved
929fa1e977 C#: Remove redundant code from DeadStoreOfLocal.ql 2026-06-25 08:50:40 +02:00
Mario Campos
3324d07985 Merge pull request #22046 from github/mario-campos/mirror-maven-central/maven 
Use Maven Central mirror in Java Maven integration tests
 2026-06-24 16:42:29 -05:00
Jeroen Ketema
f6b3d1eade Kotlin: Remove unneeded pytest imports 2026-06-24 23:34:39 +02:00
Jeroen Ketema
402c0f89bc Kotlin: Update tests to use new kotlin_2_3_20 fixture 2026-06-24 22:50:32 +02:00
Mario Campos
af11f6e618 Use Maven Central mirror in Java Maven integration tests 2026-06-24 17:45:27 +00:00
Jaroslav Lobačevski
7fc4b4856e Fix formatting 2026-06-24 17:17:16 +00:00
Paolo Tranquilli
4b8cb3ffac Fix false negative for branching nested reusable workflows 
The previous fix required all outermost callers of a reusable workflow to
be protected, which collapsed distinct safe/unsafe inner paths that share
the same outermost caller. Track protection per caller chain instead: a
node inside a reusable workflow is only considered protected if there is
no unprotected caller path up to an outer workflow.

Adds a branching nested regression test where one inner job is protected
by a permission check and a sibling inner job is not.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-06-24 18:22:01 +02:00
Jeroen Ketema
b8c78fdcb7 Merge pull request #21970 from github/andersfugmann/kotlin-2.4-v2 
Kotlin: add Kotlin 2.4.0 support
 2026-06-24 16:40:40 +02:00
Anders Schack-Mulligen
bcf71d0db6 Merge pull request #22043 from github/copilot/tweak-ruby-ast-caseexpr 
Ruby: synthesize implicit `true` value for valueless `CaseExpr`
 2026-06-24 15:43:04 +02:00
Anders Schack-Mulligen
5047bee432 Ruby: Adjust qldoc. 2026-06-24 13:36:54 +02:00
Anders Schack-Mulligen
29eba2f38e Merge pull request #22017 from aschackmull/cfg/catchclause-pattern 
Cfg: Change AST/CFG for CatchClauses to use a pattern.
 2026-06-24 13:21:54 +02:00
copilot-swe-agent[bot]
4fa8a9fb1d Synthesize true value for valueless Ruby CaseExpr 2026-06-24 10:36:23 +00:00
Michael Nebel
a24d222d96 Merge pull request #22011 from michaelnebel/csharp/removeafallback 
C#: Re-factor feed handling logic into its own component.
 2026-06-24 11:58:56 +02:00
Anders Schack-Mulligen
bcfee987f0 Apply suggestion from @aschackmull 2026-06-24 10:26:26 +02:00
Anders Schack-Mulligen
e1d4fe8605 C#: Accept test changes. 2026-06-23 14:42:20 +02:00
Anders Schack-Mulligen
11725e8921 Java: Accept test changes. 2026-06-23 14:28:44 +02:00
Anders Schack-Mulligen
41297c588c Cfg: Change AST/CFG for CatchClauses to use a pattern. 2026-06-23 14:28:44 +02:00
yoff
53cae687f7 Merge pull request #21931 from github/yoff/python-shared-cfg-loop-else 
Shared CFG: add defaulted getWhileElse/getForeachElse to AstSig
 2026-06-23 14:25:16 +02:00
Anders Schack-Mulligen
cfbf4a3927 Merge pull request #22037 from github/copilot/update-csharp-extractor-catch-clause 
C# extractor: extract `catch(ExceptionType)` type as `TypeAccess` instead of `TypeMention`
 2026-06-23 14:21:43 +02:00
Jaroslav Lobačevski
31f6e713c5 Fix "The variable event is only used in one side of disjunct." 2026-06-23 12:06:01 +00:00
copilot-swe-agent[bot]
b254aa7e0b C#: Extract catch(Ex) type as TypeAccess instead of TypeMention 2026-06-23 13:55:39 +02:00
Jaroslav Lobačevski
e2347a5c7d Fix for independent checks 2026-06-23 11:52:11 +00:00
yoff
d26102b263 Merge pull request #21920 from github/yoff/python-flow-py-namespace 
Python: qualify Flow.qll's AST references with Py:: prefix
 2026-06-23 13:20:26 +02:00
yoff
73ab3e6888 Update shared/controlflow/codeql/controlflow/ControlFlowGraph.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2026-06-23 12:41:02 +02:00
yoff
15cbbb82eb Shared CFG: add defaulted getLoopElse to AstSig 
Adds a new defaulted signature predicates to the shared CFG library:

- getLoopElse: `else` block of a loop statement, if
  any (used by Python's `while-else` / `for-else` constructs).

The predicate defaults to `none()`, so behaviour is unchanged for any
language that doesn't override it (verified by re-running
java/ql/test/library-tests/controlflow/).

The Make0 succession rules are extended:
- WhileStmt/ForeachStmt: route the loop-exit edge through the else
  block before reaching the after-position.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-06-23 12:41:02 +02:00