hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
81,373 Commits 1,671 Branches 157 Tags
79d1deb28d0927a51b9909a24c59778dcd4bc325
Commit Graph

9365 Commits

Author SHA1 Message Date
Joe Farebrother
79d1deb28d Update python/ql/src/Classes/SubclassShadowing/SubclassShadowing.ql 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-07-31 06:05:48 +01:00
Joe Farebrother
71a6b22815 Update python/ql/src/Classes/SubclassShadowing/examples/SubclassShadowingBad.py 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-07-31 06:05:25 +01:00
Joe Farebrother
1efc09bbba Update integration tests 2025-07-30 15:54:39 +01:00
Joe Farebrother
63577f0cca Add extra example 2025-07-30 15:52:26 +01:00
Joe Farebrother
2516f9452e Move to subfolder 2025-07-30 15:17:19 +01:00
Joe Farebrother
34317d2d4a Update documentation 2025-07-30 13:56:28 +01:00
Joe Farebrother
796a6060b2 Exclude setters and update tests 2025-07-30 13:56:05 +01:00
Joe Farebrother
af94ebe1fc Modernize attribute shadows subclass, Add cases for properties 2025-07-30 13:55:11 +01:00
github-actions[bot]
37cc78255a Post-release preparation for codeql-cli-2.22.2 2025-07-22 14:22:20 +00:00
github-actions[bot]
997547b8ef Release preparation for version 2.22.2 2025-07-22 14:04:14 +00:00
Nick Rolfe
825c813095 Revert "Release preparation for version 2.22.2" 2025-07-22 14:33:45 +01:00
github-actions[bot]
c8632b70b7 Release preparation for version 2.22.2 2025-07-21 16:45:45 +00:00
Nick Rolfe
ad9b637bec Revert "Merge pull request #19994 from github/post-release-prep/codeql-cli-2.22.2" 
This reverts commit e5b4a15e35, reversing
changes made to 33e63109bb.
 2025-07-21 15:18:59 +01:00
Jeroen Ketema
cbde11ddc9 Properly share ConceptsShared.qll 2025-07-14 16:30:45 +02:00
Jeroen Ketema
f07d8ee493 Remove duplicate copies of CryptoAlgorithms and CryptoAlgorithmNames 2025-07-14 11:39:06 +02:00
Jeroen Ketema
f4ba2e1fd0 Properly share CryptoAlgorithms and CryptoAlgorithmNames 2025-07-14 11:39:00 +02:00
Jeroen Ketema
c582a9ccd6 Remove duplicate copies of SensitiveDataHeuristics 2025-07-14 11:38:52 +02:00
Jeroen Ketema
8b828cecf1 Use shared SensitiveDataHeuristics 2025-07-14 11:38:47 +02:00
Taus
c6c6a857df Python: Add tests 
Also fixes an issue with the return type annotations that caused these
to not work properly.

Currently, annotated assignments don't work properly, due to the fact
that our flow relation doesn't consider flow going to the "type" part of
an annotated assignment. This means that in `x : Foo`, we do correctly
note that `x` is annotated with `Foo`, but we have no idea what `Foo`
is, since it has no incoming flow.

To fix this we should probably just extend the flow relation, but this
may need to be done with some care, so I have left it as future work.
 2025-07-11 12:03:14 +00:00
Taus
2c45550a9f Python: Add change note 
Co-authored-by: Napalys Klicius <napalys@github.com>
 2025-07-11 12:03:14 +00:00
Taus
d1cf7f0624 Python: Support type annotations in call graph 
Adds support for tracking instances via type annotations. Also adds a
convenience method to the newly added `Annotation` class,
`getAnnotatedExpression`, that returns the expression that is annotated
with the given type. For return annotations this is any value returned
from the annotated function in question.

Co-authored-by: Napalys Klicius <napalys@github.com>
 2025-07-11 12:03:14 +00:00
Jonas Jensen
5a1246a586 Merge remote-tracking branch 'upstream/main' into approximate-related-location 2025-07-09 10:10:20 +02:00
github-actions[bot]
24a0ac1223 Post-release preparation for codeql-cli-2.22.2 2025-07-07 18:15:04 +00:00
github-actions[bot]
f12daefabe Release preparation for version 2.22.2 2025-07-07 14:00:26 +00:00
Asger F
4a2d795076 Shared: Make approximate location filtering the default behaviour 2025-07-02 14:41:02 +02:00
Asger F
a46b5f9529 Python: enable diff-informedness for poly redos using approximate related locations 2025-07-02 14:39:42 +02:00
Michael Nebel
233b54c7fa Merge pull request #19891 from michaelnebel/michaelnebel/freezemoresuites 
Go/Ruby/Python: Freeze quality queries in `security-and-quality`.
 2025-07-01 09:04:19 +02:00
Taus
184dd5bf10 Merge pull request #19895 from github/tausbn/python-fix-match-as-identifier 
Python: Allow use of `match` as an identifier
 2025-06-30 16:24:23 +02:00
Kasper Svendsen
da1b99b921 Merge pull request #19779 from github/kaspersv/overlay-java-annotations 
Overlay: Add overlay annotations to Java & shared libraries
 2025-06-27 08:26:33 +02:00
Joe Farebrother
4cbaeb10e9 Merge pull request #19641 from joefarebrother/python-qual-file-not-closed 
Python: Improve performance of FileNotClosed query by using basic block reachability
 2025-06-26 23:35:38 +01:00
Taus
cd0e46314c Python: Add change note 2025-06-26 15:36:02 +00:00
Taus
ad53518644 Python: Regenerate parser files 2025-06-26 15:34:44 +00:00
Taus
e04821e9e3 Python: Allow use of match as an identifier 
This previously only worked in certain circumstances. In particular,
assignments such as `match[1] = ...` or even just `match[1]` would fail
to parse correctly.

Fixing this turned out to be less trivial than anticipated. Consider the
fact that
```
match [1]: case (...)
```
can either look the start of a `match` statement, or it could be a type
ascription, ascribing the value of `case(...)` (a call) to the item at
index 1 of `match`.

To fix this, then, we give `match` the identifier and `match` the
statement the same precendence in the grammar, and additionally also
mark a conflict between `match_statement` and `primary_expression`. This
causes the conflict to be resolved dynamically, and seems to do the
right thing in all cases.
 2025-06-26 15:33:00 +00:00
Michael Nebel
37b3ca036a Python: Freeze the quality queries in the security-and-quality suite. 2025-06-26 14:45:05 +02:00
Kasper Svendsen
9d2dd782d9 Merge remote-tracking branch 'github/main' into kaspersv/overlay-java-annotations 2025-06-26 13:18:25 +02:00
github-actions[bot]
6972c7a872 Post-release preparation for codeql-cli-2.22.1 2025-06-24 12:55:14 +00:00
github-actions[bot]
3e074b2425 Release preparation for version 2.22.1 2025-06-24 08:55:31 +00:00
Kasper Svendsen
2da8d61984 Run config/sync-files.py 2025-06-24 10:25:06 +02:00
Joe Farebrother
f457453647 Update redundant assignment to be a correctness issue for cross language consistency 2025-06-19 14:22:12 +01:00
Joe Farebrother
e67f057b85 Update integration test output 2025-06-19 14:09:55 +01:00
Joe Farebrother
63d7eac127 Ensure exactly one subcategory is used 2025-06-19 14:09:07 +01:00
Joe Farebrother
c8c92a7139 Update tags for mixed-tuple-returns to include exactly 1 subcategory 2025-06-19 14:09:00 +01:00
Joe Farebrother
c3f7b18055 Review suggestions - update some tags 2025-06-19 14:08:51 +01:00
Joe Farebrother
09516a47d3 Fix integration test output 2025-06-19 14:08:42 +01:00
Joe Farebrother
d28a19c961 Update integration test output & add changenote 2025-06-19 14:08:30 +01:00
Joe Farebrother
fa5b2ef794 Tag remaining high precision quality queries 
Excluded queries that are python 2 specific; as well as the cyclic import queries
 2025-06-19 14:08:07 +01:00
Joe Farebrother
02f8ec33f2 Tag 'type-checking'-like quality queries 2025-06-19 14:07:55 +01:00
Joe Farebrother
4b1d31c976 Tag 'linter-like' quality queries that don't use pointsto 2025-06-19 14:07:42 +01:00
Joe Farebrother
869e33e38c Tag 'linter-like' quality queries that use pointto 
Excluded for now: unnecassary-delete; since the pattern is often intentional to break reference cycles, which the query doesn't account for; so uncertain about its claim of high precision
 2025-06-19 14:07:15 +01:00
Joe Farebrother
5c4548df45 Tag more quality queries. 
Excluded for now for uncertainty: incomplete ordering, import deprecated module
 2025-06-19 14:06:57 +01:00