hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-08 08:34:02 +02:00
Code Issues Packages Projects Releases Wiki Activity
75,909 Commits 1,731 Branches 164 Tags
7c57962add2c247424fcfa6742e36e6926353d4d
Commit Graph

75909 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Simon Friis Vindum
7c57962add Merge branch 'main' into shared-bb-dominates 2025-02-11 09:31:06 +01:00
Anders Schack-Mulligen
e1c810a50c Merge pull request #18729 from aschackmull/ssa/deprecate-deadcode 
Ssa: Deprecate the unused getALastRead predicate.
 2025-02-11 08:51:02 +01:00
Remco Vermeulen
9971398766 Merge pull request #18708 from rvermeulen/rvermeulen/add-ccr-suite-to-query-list 
Add CCR suite to query list
 2025-02-10 13:35:54 -08:00
Geoffrey White
9eeae712d7 Merge pull request #18712 from GeekMasher/rust-db-sources 
Rust: Add Database Sources + tokio-postgres support
 2025-02-10 15:18:58 +00:00
Anders Schack-Mulligen
c5d0e2f125 C#/Ruby: Replace cached with nomagic for deprecated predicates. 2025-02-10 15:05:03 +01:00
Anders Schack-Mulligen
0b5270979d SSA: Remove the need for ExitBasicBlock in SSA. 2025-02-10 14:36:18 +01:00
Anders Schack-Mulligen
34edda6b9b C#/Ruby/Rust: Deprecate dead code. 2025-02-10 14:24:38 +01:00
Dave Bartolomeo
0b2e307f9a Merge pull request #18705 from github/dbartol/actions-suite-selectors 
Use default query selectors for Actions suites
 2025-02-07 14:06:00 -05:00
Jon Janego
d06ca4398a Merge pull request #18718 from github/changedocs/2.20.4 
Update changelog to include new CodeQL CLI version
 2025-02-07 12:14:37 -06:00
Felicity Chapman
56cfebd3ef Try to resolve Sphinx warnings 2025-02-07 17:06:13 +00:00
Tom Hvitved
614b3cea66 Merge pull request #18697 from hvitved/rust/telemetry 
Rust: Implement database quality telemetry query
 2025-02-07 17:43:23 +01:00
Geoffrey White
b5c07540d0 Merge pull request #18621 from geoffw0/sourcemodels4 
Rust: Improve models for environment sources, iterators
 2025-02-07 16:02:28 +00:00
Jon Janego
3f653dd3e8 Update changelog to include new CodeQL CLI version 2025-02-07 09:50:33 -06:00
Dave Bartolomeo
0e4725bfe2 Merge pull request #18435 from felickz/felickz/actions-trusted-owner-data-extensions 
Convert trusted actions list to data extension
 2025-02-07 10:25:41 -05:00
Dave Bartolomeo
3b02f4d7bc Update change note 2025-02-07 10:09:31 -05:00
Dave Bartolomeo
42562b5187 Merge pull request #18704 from github/dbartol/actions-suites 
Actions: Move experimental queries to `experimental` directory
 2025-02-07 10:03:31 -05:00
Edward Minnix III
c96502478e Merge pull request #18664 from egregius313/egregius313/csharp/blazor/url-param-sources 
C#: Blazor: Add route parameters as remote flow sources
 2025-02-07 08:34:29 -05:00
Tom Hvitved
11bf4c831d Update rust/ql/src/queries/telemetry/DatabaseQualityDiagnostics.ql 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2025-02-07 13:55:11 +01:00
Ian Lynagh
c4d682f686 Merge pull request #18638 from igfoo/igfoo/ferstl 
Java: Update test output
 2025-02-07 12:03:03 +00:00
Mathew Payne
be883ad4cc fix(rust): Update naming of the DB source 2025-02-07 11:10:43 +00:00
Mathew Payne
5c656412d1 Update rust/ql/lib/codeql/rust/frameworks/tokio-postgres.model.yml 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-02-07 10:33:29 +00:00
GeekMasher
5943cc16e4 feat(rust): Add Database Sources + tokio-postgres support 2025-02-07 10:26:40 +00:00
Simon Friis Vindum
4581e772d6 Merge pull request #18709 from paldepind/rust-model-generation-test 
Rust: Add additional tests for model generation
 2025-02-07 11:14:41 +01:00
Tom Hvitved
d8c9427d3e Merge pull request #18700 from hvitved/rust/shorthand-struct 
Rust: Shorthand record construction in data flow
 2025-02-07 10:59:52 +01:00
Simon Friis Vindum
5bef9c98ff Rust: Accept changes 2025-02-07 10:20:15 +01:00
Simon Friis Vindum
c9b5dab097 Rust: Add additional tests for model generation 2025-02-07 09:05:27 +01:00
Tom Hvitved
100de73066 Merge pull request #18689 from hvitved/rust/path-resolution-type-param 
Rust: Extend path resolution to cover type parameters
 2025-02-07 08:55:27 +01:00
Simon Friis Vindum
9bcfd010d4 Merge pull request #18676 from paldepind/rust-model-clone 
Rust: Model `clone`
 2025-02-07 08:37:44 +01:00
yoff
37ddaa36ad Merge pull request #18702 from github/tausbn/python-allow-comments-in-subscripts 
Python: Allow comments in subscripts
 2025-02-06 23:31:29 +01:00
yoff
381cc20cdd Merge pull request #18703 from github/tausbn/python-robustly-handle-loop-constructs 
Python: Handle loop constructs outside of loops
 2025-02-06 23:31:04 +01:00
Remco Vermeulen
3b87fb18a6 Add CCR suite to query list 2025-02-06 14:10:27 -08:00
Ed Minnix
29d03db06b Remove unneeded disjunction 2025-02-06 15:10:06 -05:00
Chad Bentz
fd404bcbcd Update actions/ql/lib/change-notes/2025-01-07-trusted-owner-ext.md 
Co-authored-by: Dave Bartolomeo <dbartol@github.com>
 2025-02-06 14:28:07 -05:00
Ian Lynagh
05180376f2 Java: Update test output 2025-02-06 18:32:46 +00:00
Tom Hvitved
707bf16d90 Rust: Shorthand record construction in data flow 2025-02-06 19:19:18 +01:00
Tom Hvitved
9bc3b0e96e Rust: Update a test to use shorthand record syntax 2025-02-06 19:19:17 +01:00
Tom Hvitved
aca70cd1ea Merge pull request #18675 from hvitved/rust/struct-tuple-field 
Rust: Implement data flow through tuple structs
 2025-02-06 19:17:53 +01:00
Dave Bartolomeo
ca7bcc9714 Add change note 2025-02-06 11:50:59 -05:00
Dave Bartolomeo
cb7aeea516 Use standard query selectors for actions-code-scanning and actions-security-extended 2025-02-06 11:34:43 -05:00
Dave Bartolomeo
74619d49b3 Update precision and severity for unpinned-tag 
This ensures that it will be in `security-extended`, but not the default suite.
 2025-02-06 11:33:17 -05:00
Dave Bartolomeo
81ff4dd81c Update severity for excessive-secrets-exposure 
This ensures that it will remain in the default suite.
 2025-02-06 11:32:32 -05:00
Dave Bartolomeo
d7259c17db Add security tag for missing-actions-permissions 
This ensures that it will remain in the default suite.
 2025-02-06 11:31:36 -05:00
Dave Bartolomeo
909de5280c Update severity and precision of a few injection queries 
These will wind up in `security-extended`, when previously they were not in any of the standard suites.
 2025-02-06 11:30:43 -05:00
Dave Bartolomeo
e2ab65ea3e Update qlref paths 2025-02-06 11:20:19 -05:00
Dave Bartolomeo
604dbfd0d0 Actions: Move experimental to experimental directory 
This is consistent with how other languages manage experimental queries. I've left the `experimental` tags in place.
 2025-02-06 10:54:25 -05:00
Simon Friis Vindum
b2ba5f4f38 Rust: Make imports private 2025-02-06 16:07:25 +01:00
Taus
131ec8d22f Python: Handle loop constructs outside of loops 
Observed on some test files in Nuitka/Nuitka, having `break` and
`continue` outside of loops in Python is (to Python) a syntax error, but
our parser happily accepted this broken syntax.

This then caused issues further downstream in the control-flow
construction, as it broke some invariants.

To fix this we now skip the code that would previously fail when the
invariants are broken.

Co-authored-by: yoff <yoff@github.com>
 2025-02-06 14:30:16 +00:00
Taus
3d25cd3bb5 Python: Add change note 2025-02-06 14:08:20 +00:00
Taus
7124e80f28 Python: Regenerate parser files 2025-02-06 14:05:40 +00:00
Taus
c5be2a3e2d Python: Allow comments in subscripts 
Once again, the interaction between anchors and extras (specifically
comments) was causing trouble.

The root of the problem was the fact that in `a[b]`, we put `b` in the
`index` field of the subscript node, whereas in `a[b,c]`, we
additionally synthesize a `Tuple` node for `b,c` (which matches the
Python AST).

To fix this, we refactored the grammar slightly so as to make that tuple
explicit, such that a subscript node either contains a single expression
or the newly added tuple node. This greatly simplifies the logic.
 2025-02-06 14:04:57 +00:00