hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-10 23:41:09 +02:00
Code Issues Packages Projects Releases Wiki Activity
75,766 Commits 1,777 Branches 169 Tags
6ae06aed9e96ae85f22b1fb70580de3265482fb2
Commit Graph

75766 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger F
6ae06aed9e Update javascript/extractor/src/com/semmle/js/extractor/CFGExtractor.java 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-02-06 10:03:28 +01:00
Asger F
6207e39b5f JS: Change note 2025-02-06 09:58:24 +01:00
Asger F
5613661a48 JS: Update another TRAP file 2025-02-04 14:02:51 +01:00
Asger F
f0afd6aa5f Merge branch 'main' into js/hoist-in-block 2025-02-04 14:01:57 +01:00
Jeroen Ketema
89bbef935d Merge pull request #18672 from jketema/codeblock-name 
C++: Update expected test results after extractor changes
 2025-02-04 13:39:54 +01:00
Jeroen Ketema
1591a56aab C++: Update expected test results after extractor changes 2025-02-04 13:19:49 +01:00
Simon Friis Vindum
8d01bbc1e3 Merge pull request #18628 from paldepind/rust-flow-summary-generation 
Rust: Initial model generation setup
 2025-02-04 12:37:09 +01:00
Asger F
80824cfdc7 JS: Benign test output changes 2025-02-04 12:12:41 +01:00
Asger F
294fd0a7a7 Merge pull request #18653 from asgerf/js/source-on-same-line 
Test: Don't expect 'Source' tag when source and alert are on the same same
 2025-02-04 11:01:46 +01:00
Asger F
3d3f07ad72 Merge pull request #18658 from asgerf/js/jsx-parser-first-attempt 
JS: Use JSX syntax in first attempt when extension is .jsx
 2025-02-04 10:49:26 +01:00
Asger F
d22268e119 JS: Update TRAP again 
The extra successor edge was due to visiting hoisted function declaration IDs multiple times,
which has now been fixed.
 2025-02-04 10:47:08 +01:00
Asger F
5e109ff457 JS: Update test output 2025-02-04 10:45:37 +01:00
Simon Friis Vindum
cf4f6575d1 Merge branch 'main' into rust-flow-summary-generation 2025-02-04 10:42:11 +01:00
Asger F
1e5885ea1e JS: Remove hoisting code from functions 
'buildFunctionBody' no longer needs to handle hoisting, because hoisting now happens when visiting the block statement that is the body of the function.

Note that curly-brace functions contain a block statement as their body, not a list of statements.
 2025-02-04 10:41:47 +01:00
Simon Friis Vindum
07413315a1 Rust: Address PR comments 2025-02-04 10:19:04 +01:00
Tom Hvitved
90944d5252 Merge pull request #18609 from hvitved/rust/dataflow-path-resolution 
Rust: Use `PathResolution` module in data flow
 2025-02-04 10:11:54 +01:00
Simon Friis Vindum
fc15c0d3b2 Merge branch 'main' into rust-flow-summary-generation 2025-02-04 10:10:33 +01:00
Asger F
7bf69d92ca Merge pull request #2 from hvitved/js/source-on-same-line 
Test: Remove location parsing
 2025-02-04 10:09:35 +01:00
Tom Hvitved
acd31dd701 Merge pull request #18657 from hvitved/rust/dataflow-node-api 
Rust: Hide internal implementation details from `DataFlow::Node`
 2025-02-04 09:41:44 +01:00
Tom Hvitved
5a24440e59 Update rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll 
Co-authored-by: Simon Friis Vindum <paldepind@github.com>
 2025-02-04 09:38:16 +01:00
Asger F
09270f4e20 JS: Change note 2025-02-04 09:36:46 +01:00
Tom Hvitved
fc04ad1ef0 Test: Remove location parsing 2025-02-04 09:34:33 +01:00
Michael Nebel
d3b714340e Merge pull request #18666 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2025-02-04 09:06:32 +01:00
github-actions[bot]
42b5222432 Add changed framework coverage reports 2025-02-04 00:20:33 +00:00
Jeroen Ketema
5e927634bc Merge pull request #18660 from MathiasVP/fix-union-regression 
C++: Fix regression from #18629
 2025-02-03 16:15:11 +01:00
Jonas Jensen
0584aee72a Merge pull request #18636 from jbj/diff-informed-java-location-fixups 
Java: make diff-informed queries exact
 2025-02-03 15:22:43 +01:00
Asger F
427e329363 JS: Bump extractor version string 2025-02-03 15:21:41 +01:00
Asger F
7eebe468ee JS: Update TRAP output 
This seems to have reordered the TRAP lines but without semantic change.
 2025-02-03 15:21:09 +01:00
Asger F
be082578d4 JS: Hoist function decls in a block to the top of the block 2025-02-03 15:21:08 +01:00
Asger F
29879297ee JS: Add test showing missed call to later-defined function in block 2025-02-03 14:56:11 +01:00
Tom Hvitved
45fc1daa74 Rust: Hide internal implementation details from DataFlow::Node 2025-02-03 14:12:56 +01:00
Mathias Vorreiter Pedersen
0e6936d418 C++: Strip the type when computing the base type of a chain of qualifiers. 2025-02-03 12:42:11 +00:00
Michael Nebel
e39ad940a7 Merge pull request #18587 from michaelnebel/csharp/updatestubs 
C#: Update stubs
 2025-02-03 13:19:52 +01:00
Michael Nebel
7e18b3e016 Merge pull request #18533 from michaelnebel/csharp/partialmembers 
C# 13: Partial properties and indexers.
 2025-02-03 13:18:43 +01:00
Asger F
2d36a5d478 JS: Use JSX syntax in first attempt when extension is .jsx 2025-02-03 13:17:15 +01:00
Tom Hvitved
4923156d0d Address review comments 2025-02-03 12:52:31 +01:00
Owen Mansel-Chan
a3de138ec2 Merge pull request #18511 from owen-mc/go/docs/data-flow 
Update documentation on data flow in Go (and some small fixes for java)
 2025-02-03 11:11:04 +00:00
Calum Grant
ed3ad1a226 Merge pull request #18613 from github/calumgrant/bmn/wrong-type-format-arg-linkage 
C++: Remove FPs in cpp/wrong-type-format-argument caused by no linker awareness
 2025-02-03 10:39:32 +00:00
Asger F
fc1d36f867 Rust: update a Rust test case 2025-02-03 11:31:04 +01:00
Asger F
78a7f2670a JS: Update a JS test case 2025-02-03 11:31:03 +01:00
Asger F
28472ae12f Test: Don't expect 'Source' tag when source and alert are on same line 
Previously the Source tag was required if the source and alert did not
have the exact same location. This relaxes the restriction to being on
the same line.

Note that in order to be "on the same line" both start and end lines
have to match.

It's still possible for a given line to expect both Alert and Source
tags, in case the source pairs up with another alert on a different
line.
 2025-02-03 11:31:02 +01:00
Jeroen Ketema
25d8f0e161 Merge branch 'main' into calumgrant/bmn/wrong-type-format-arg-linkage 2025-02-03 11:23:27 +01:00
Calum Grant
6e3a169544 C++: Add change note 2025-02-03 09:48:06 +00:00
Tom Hvitved
1066b880aa Merge pull request #18644 from hvitved/rust/fix-bad-join 
Rust: Fix a bad join
 2025-02-03 10:16:09 +01:00
Simon Friis Vindum
0a9b864738 Rust: Fix model generation test 2025-02-03 09:06:07 +01:00
Tom Hvitved
cd1ff6a176 Rust: Fix a bad join 
Before
```
[2025-01-31 14:40:10] Evaluated non-recursive predicate SsaImpl::capturedCallRead/4#1f9b0af4@6f60dcog in 10553ms (size: 372366).
Evaluated relational algebra for predicate SsaImpl::capturedCallRead/4#1f9b0af4@6f60dcog with tuple counts:
        1992868487   ~4%    {6} r1 = JOIN `_BasicBlock::Make<Locations::Location,BasicBlocks::BasicBlocksImpl::BasicBlockInputSig>::Cached::get__#shared` WITH `SsaImpl::variableWriteInOuterScope/4#aca2ef34` ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Lhs.2, Rhs.1, Rhs.2, Rhs.3
                            {6}    | REWRITE WITH TEST InOut.3 < InOut.2
         998449075   ~0%    {5}    | SCAN OUTPUT In.4, In.5, In.0, In.1, In.2

          12205909   ~1%    {4} r2 = JOIN `_BasicBlock::Make<Locations::Location,BasicBlocks::BasicBlocksImpl::BasicBlockInputSig>::Cached::get__#shared` WITH `boundedFastTC:BasicBlocks::BasicBlock.getAPredecessor/0#dispred#268ed41b:_BasicBlock::Make<Locations::Location,BasicBlocks::BasicBlocksImpl::BasicBlockInputSig>::Cached::get__#higher_order_body` ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0, Lhs.2
          34440992   ~9%    {5}    | JOIN WITH `project#SsaImpl::variableWriteInOuterScope/4#aca2ef34` ON FIRST 1 OUTPUT Rhs.1, Rhs.2, Lhs.1, Lhs.2, Lhs.3

        1032890067   ~0%    {5} r3 = r1 UNION r2
            680217  ~74%    {4}    | JOIN WITH `SsaImpl::hasCapturedRead/2#847e9f91` ON FIRST 2 OUTPUT Lhs.2, Lhs.3, Lhs.4, Lhs.0
                            return r3
```

After
```
[2025-01-31 14:43:05] Evaluated non-recursive predicate SsaImpl::capturedCallRead/4#1f9b0af4@15fdf34h in 74ms (size: 373835).
Evaluated relational algebra for predicate SsaImpl::capturedCallRead/4#1f9b0af4@15fdf34h with tuple counts:
        1106129   ~0%    {3} r1 = SCAN `project#SsaImpl::variableWriteInOuterScope/4#aca2ef34` OUTPUT In.1, In.2, In.0
          25209  ~20%    {2}    | JOIN WITH `SsaImpl::hasCapturedRead/2#847e9f91` ON FIRST 2 OUTPUT Lhs.2, Lhs.0
         339364   ~6%    {2}    | JOIN WITH `boundedFastTC:BasicBlocks::BasicBlock.getAPredecessor/0#dispred#268ed41b_10#higher_order_body:_SsaImpl::hasCapturedRead/2#847e9f91_project#SsaImpl::variableWriteInOuterScope/4#aca2ef34#higher_order_body` ON FIRST 1 OUTPUT Rhs.1, Lhs.1
        2095088   ~0%    {4}    | JOIN WITH `BasicBlock::Make<Locations::Location,BasicBlocks::BasicBlocksImpl::BasicBlockInputSig>::Cached::getNode/2#4226f9fe` ON FIRST 1 OUTPUT Lhs.0, Rhs.1, Rhs.2, Lhs.1

        1121531   ~0%    {4} r2 = SCAN `SsaImpl::variableWriteInOuterScope/4#aca2ef34` OUTPUT In.2, In.3, In.0, In.1
          25820  ~22%    {3}    | JOIN WITH `SsaImpl::hasCapturedRead/2#847e9f91` ON FIRST 2 OUTPUT Lhs.2, Lhs.0, Lhs.3
         505208   ~1%    {5}    | JOIN WITH `BasicBlock::Make<Locations::Location,BasicBlocks::BasicBlocksImpl::BasicBlockInputSig>::Cached::getNode/2#4226f9fe` ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Lhs.2, Rhs.1, Rhs.2
                         {5}    | REWRITE WITH TEST InOut.2 < InOut.3
         344294   ~6%    {4}    | SCAN OUTPUT In.1, In.3, In.4, In.0

        2439382   ~0%    {4} r3 = r1 UNION r2
        2434485   ~7%    {4}    | JOIN WITH `BasicBlock::Make<Locations::Location,BasicBlocks::BasicBlocksImpl::BasicBlockInputSig>::Cached::getNode/2#4226f9fe` ON FIRST 3 OUTPUT Lhs.2, Lhs.3, Lhs.0, Lhs.1
        2393182   ~3%    {4}    | JOIN WITH ControlFlowGraphImpl::CfgImpl::Cached::TAstNode#8f9a3aff_31#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3
         380879   ~0%    {4}    | JOIN WITH `SsaImpl::isControlFlowJump/1#c535656e` ON FIRST 1 OUTPUT Lhs.0, Lhs.2, Lhs.3, Lhs.1
                         return r3
```
 2025-01-31 14:45:36 +01:00
Tom Hvitved
d56bf657b9 Rust: Use PathResolution module in data flow 2025-01-31 13:29:15 +01:00
Tom Hvitved
180782d863 Merge pull request #18579 from hvitved/rust/path-resolution 
Rust: Implement path resolution in QL
 2025-01-31 13:22:21 +01:00
Arthur Baars
384c040679 Merge pull request #18641 from github/aibaars/bazel-rust-opt 
Rust: build optimized code
 2025-01-31 12:37:19 +01:00
Jonas Jensen
7ad6f13bf5 Java: adjust CommandLineQuery locations 
It turns out these locations need to be precise.
 2025-01-31 11:37:16 +01:00