hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-23 05:37:02 +02:00
Code Issues Packages Projects Releases Wiki Activity
88,183 Commits 1,785 Branches 169 Tags
8099b255af3f26306f033d89720c2e80450f493c
Commit Graph

88183 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Owen Mansel-Chan
8099b255af Fix lit-init nodes 
There was a loop in the definitions which meant nothing ever got made
 2026-06-22 23:08:51 +01:00
Owen Mansel-Chan
68a4131523 Fix range loop CFG 2026-06-22 23:08:49 +01:00
Owen Mansel-Chan
b56342533e update function-entry additional nodes 2026-06-22 23:08:47 +01:00
Owen Mansel-Chan
134cc48c75 Restore ExprNode for FuncLit 2026-06-22 23:08:45 +01:00
Owen Mansel-Chan
016c53ccbd Accept change in test output 
To determine that test9 can't return normally, you have to use the fact
that test5 can't return normally. This would make CFG construction
recursive, which would be bad for performance. Therefore we accept the
limitation that we cannot detect that test9 can't return normally, and
we change the test output.
 2026-06-22 23:08:43 +01:00
Owen Mansel-Chan
9b63398874 Fix empty switch statements 2026-06-22 23:08:41 +01:00
Owen Mansel-Chan
0244d809d1 Control flow shouldn't enter another callable 2026-06-22 23:08:39 +01:00
Owen Mansel-Chan
d582d68afd Fix CFG for return instructions 2026-06-22 23:08:37 +01:00
Owen Mansel-Chan
9b35117475 Produce CFG nodes for more reference expressions, like selector bases 2026-06-22 23:08:35 +01:00
Owen Mansel-Chan
642e567e48 Fix global value numbering calculation 2026-06-22 23:08:33 +01:00
Owen Mansel-Chan
8a62e874ca Include receivers in parameter init 2026-06-22 23:08:31 +01:00
Owen Mansel-Chan
13d4eb6933 Fix CFG for range loop 2026-06-22 23:08:29 +01:00
Owen Mansel-Chan
22ca59d190 Fix CFG for select statements 2026-06-22 23:08:27 +01:00
Owen Mansel-Chan
32a6187434 Use shared CFG implementation of for loops 2026-06-22 23:08:26 +01:00
Owen Mansel-Chan
f9953630a7 Do not include comments in the CFG 2026-06-22 23:08:24 +01:00
Owen Mansel-Chan
0deb94ac2d Fix edges to function exit with result variables 2026-06-22 23:08:22 +01:00
Owen Mansel-Chan
f8c2f2cbd9 Tweak getEnclosingCallable 2026-06-22 23:08:20 +01:00
Owen Mansel-Chan
984a880089 Model non-returning functions in CFG 2026-06-22 23:08:18 +01:00
Owen Mansel-Chan
1c62580835 Create cfg node for child of ParenExpr 2026-06-22 23:08:16 +01:00
Owen Mansel-Chan
99330a65a7 Add go/print-cfg 2026-06-22 23:08:14 +01:00
Owen Mansel-Chan
fc055a8699 Initial shared CFG library instantiation for Go 2026-06-22 23:08:12 +01:00
Owen Mansel-Chan
65513b8cd2 Incidental fix to CaseClause.getAnExpr() 2026-06-22 23:08:09 +01:00
Owen Mansel-Chan
f0576046b1 Merge pull request #22027 from owen-mc/go/improve-tests 
Go: Improve two tests
 2026-06-22 17:19:40 +01:00
yoff
32f7c541ae Merge pull request #21919 from github/yoff/python-remove-getAFlowNode 
Python: deprecate AstNode.getAFlowNode() and rewrite callers
 2026-06-22 15:35:52 +02:00
yoff
1a9bb2416a Python: deprecate Function.getAReturnValueFlowNode() and rewrite internal callers 
Follow-up to the getAFlowNode deprecation in the same PR: same AST→legacy-CFG
bridge pattern. The 11 internal call sites (across objects/, types/,
frameworks/, and TypeTrackingImpl) are rewritten to bind a `Return ret`
explicitly, then constrain via `ret.getScope() = f and n.getNode() = ret.getValue()`.

The predicate itself is preserved with a deprecation note so external
users do not experience churn.

Semantic noop.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-06-22 14:55:19 +02:00
Copilot
717ff62d70 Python: deprecate AstNode.getAFlowNode() and rewrite internal callers 
Preparatory refactor for the shared-CFG dataflow migration.

Deprecates the AstNode.getAFlowNode() cached predicate on the public
Python QL API and rewrites all ~140 internal callers across lib/, src/,
test/, and tools/ from `expr.getAFlowNode() = cfgNode` to
`cfgNode.getNode() = expr`, using ControlFlowNode.getNode() which
already exists in Flow.qll.

The predicate itself is preserved (with a deprecation note pointing at
the new pattern) so external users do not experience churn — they can
migrate at their own pace and the AST/CFG hierarchies still get the
intended untangling once the deprecation eventually elapses.

Semantic noop verified by:
- All 361 lib/ + src/ queries compile clean.
- All 122 ControlFlow + PointsTo library-tests pass.
- All 64 dataflow library-tests pass.
- All 113 Variables/Exceptions/Expressions/Statements/Functions/Imports/
  Security/CWE-798/ModificationOfParameterWithDefault query-tests pass.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-06-22 14:55:19 +02:00
yoff
8179bffe64 Merge pull request #21930 from github/yoff/python-dataflow-noop-simplifications 
Python: inline init_module_submodule_defn into ImportResolution
 2026-06-22 14:50:39 +02:00
Anders Schack-Mulligen
7197cc56dd Merge pull request #22014 from github/copilot/update-rescue-clause-exception-handling 
Ruby AST: preserve ExceptionList node in RescueClause for 2+ exceptions
 2026-06-22 13:28:29 +02:00
Anders Schack-Mulligen
48b0cbcf01 Merge pull request #22031 from github/copilot/tweak-csharp-extractor 
Extract `TypeMention` for `catch (Exception)` clauses
 2026-06-22 13:27:47 +02:00
Anders Schack-Mulligen
ac7ed0612d C#: Accept test change. 2026-06-22 13:00:55 +02:00
Jeroen Ketema
03187ae8be Merge pull request #22013 from jketema/swift/more-arguments 
Swift: Strip out more unknown clang arguments
 2026-06-22 12:35:36 +02:00
copilot-swe-agent[bot]
bd84fb31e1 Add regression for catch type mention extraction 2026-06-22 09:41:55 +00:00
copilot-swe-agent[bot]
4c9fa4dddc Emit catch type mentions without variables 2026-06-22 09:37:24 +00:00
Anders Schack-Mulligen
7d66ec0f39 Ruby: Clarify AST. 2026-06-22 11:14:53 +02:00
Idriss Riouak
568a147f77 Merge pull request #22007 from github/java-update-ferstl-depgraph-cves 
Java: update ferstl depgraph cves
 2026-06-22 10:08:05 +02:00
Owen Mansel-Chan
07cf89568f Test CFG for function epilogue (read-result nodes and calls to defered functions) 2026-06-20 22:04:45 +01:00
Owen Mansel-Chan
42ebe56023 Make all lines in logging tests reachable 2026-06-20 22:04:43 +01:00
Sotiris Dragonas
d86ec1a4b4 Merge pull request #22012 from github/bazookamusic/js-prompt-injection-sinks 
JS Prompt Injection - Add some more sinks and reclassify legacy API
 2026-06-19 17:41:41 +03:00
Owen Mansel-Chan
b54d95d7c8 Merge pull request #21967 from github/copilot/conversion-of-codeql-queries 
Convert selected Python qlref tests to inline expectations
 2026-06-19 14:56:36 +01:00
Michael Nebel
a076ffcc9a Merge pull request #21996 from michaelnebel/csharp/fixpathcombineissues 
C#: Fix the `cs/path-combine` code quality issues in the extractor.
 2026-06-19 15:49:24 +02:00
Owen Mansel-Chan
f65d1e82cf Merge pull request #21554 from github/copilot/make-go-use-ssa-library 
Go: use shared SSA library (codeql.ssa.Ssa)
 2026-06-19 13:40:37 +01:00
Owen Mansel-Chan
27f6ffc00e Delete accidentally included text file 2026-06-19 13:24:06 +01:00
Owen Mansel-Chan
c9d45217d2 Fix order of comments in test 2026-06-19 13:23:52 +01:00
Jeroen Ketema
75328daf71 Swift: Match quotes 2026-06-19 13:55:19 +02:00
Anders Schack-Mulligen
6fbb572950 Ruby: Get rid of the change note. 2026-06-19 13:27:34 +02:00
Anders Schack-Mulligen
132b476acd Ruby: autoformat 2026-06-19 13:26:10 +02:00
copilot-swe-agent[bot]
65b4a4346b Add ExceptionList AST node for rescue clauses with 2+ exceptions 2026-06-19 13:26:06 +02:00
Owen Mansel-Chan
451fc2e4e7 Undo conversion for queries that import LegacyPointsTo 2026-06-19 12:22:42 +01:00
Owen Mansel-Chan
5497f2c5fe Convert Python qlref tests to inline expectations 2026-06-19 12:22:40 +01:00
Anders Schack-Mulligen
0834e640bb Ruby: Prepare qltest change by line renumbering. 2026-06-19 13:15:18 +02:00