hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-14 19:29:28 +02:00
Code Issues Packages Projects Releases Wiki Activity
87,297 Commits 1,758 Branches 167 Tags
82bbdee83234d082d1fd181b131f282e2b2794ba
Commit Graph

87297 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Taus
82bbdee832 yeast: Support separate output node types in extractor generator 
Language and LanguageSpec gain optional output_node_types field.
When set, the generator produces dbscheme/QL from the output types
and the extractor validates TRAP against them.

All existing extractors pass None (no behavior change).
Ruby extract() calls gain vec![] for the new rules parameter.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-05-06 11:34:09 +00:00
Taus
9ad431dea1 yeast: Integrate yeast with shared tree-sitter extractor 
extract() gains a rules parameter. When empty, uses tree-sitter native
traversal (no behavior change). When non-empty, runs yeast desugaring
and extracts via traverse_yeast.

Adds AstNode trait abstracting over tree_sitter::Node and yeast::Node,
with minimal changes to existing Visitor methods (Node -> &N in 6
signatures).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-05-06 11:34:09 +00:00
Taus
cc28ff9a48 yeast: Add yeast documentation 
Covers architecture, query language, template language
(tree!/trees!/rule!),
capture semantics, fresh identifiers, and extractor integration.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-05-06 11:34:09 +00:00
Taus
6e580446fd yeast: Add yeast test suite 
12 tests covering parsing, queries, tree building, desugaring rules,
cursor navigation, and the shorthand rule! syntax.

Tests use a custom output node-types.yml with named fields for all
children (parameter, stmt, index), loaded via
schema_from_yaml_with_language.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-05-06 11:34:09 +00:00
Taus
4c5548363c yeast: Add AST dumper for human-readable tree output 
Produces indented text showing node kinds, named fields, and leaf
content. Unnamed tokens are hidden unless inside a named field.
Used by tests for readable assertions.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-05-06 11:34:09 +00:00
Taus
8a9e53cc58 yeast: Add YAML node-types format and converter 
Human-friendly YAML alternative to tree-sitter node-types.json with
three sections: supertypes, named, unnamed. Supports bidirectional
conversion and building Schema objects from YAML.

Includes CLI binary (node_types_yaml) and documentation.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-05-06 11:34:09 +00:00
Taus
04f587190e yeast: AST desugaring framework with proc-macro DSL 
YEAST (YEAST Elaborates Abstract Syntax Trees) is a framework for
transforming tree-sitter parse trees before CodeQL extraction.

Core components:
- shared/yeast/ — Ast, Node, Schema, query matching engine, captures,
  FreshScope, BuildCtx
- shared/yeast-macros/ — proc macros: query!, tree!, trees!, rule!

The query language is inspired by tree-sitter queries:
  (assignment left: (_) @lhs right: (_) @rhs)

Templates support embedded Rust ({expr}), splicing ({..expr}),
computed literals (#{expr}), and fresh identifiers ($name).

The rule! macro combines query and transform:
  rule!((for pattern: (_) @pat ...) => (call receiver: {val} ...))

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-05-06 11:34:09 +00:00
Owen Mansel-Chan
e6f587e761 Merge pull request #21715 from knewbury01/knewbury01/adjust-actions-queries-untrusted-checkout 
Improve actions/ql/src/Security/CWE-829/UntrustedCheckoutX queries
 2026-05-06 11:52:30 +01:00
Jack Nørskov Jørgensen
2d2b690b5d Merge pull request #21799 from github/jacknojo/fix_python_formatting 
Fix issue with Python formatting and expand scope of python-tooling
 2026-05-06 12:24:21 +02:00
Jack Nørskov Jørgensen
52b02a0581 Fix path to generated models 2026-05-06 08:39:41 +02:00
Tom Hvitved
00fb11b028 Merge pull request #21778 from hvitved/rust/type-inference-verbose-type-path-expectations 
Rust: Use verbose type paths in inline expectation comments
 2026-05-05 20:23:25 +02:00
Kristen Newbury
6a8f9a950c Fix unit test expected file 2026-05-05 13:27:09 -04:00
Jack Nørskov Jørgensen
ebc759d830 Fix issue with Python formatting and expand scope of python-tooling 2026-05-05 16:14:05 +02:00
Tom Hvitved
4c1461ad5b Merge pull request #21786 from hvitved/inline-test-ignore-tags 
Inline test expectations: Rename `tagIsOptional` to `tagIsIgnored`
 2026-05-05 09:01:58 +02:00
Kristen Newbury
f9f1349a0d Undo larger change in this PR 2026-05-04 16:50:55 -04:00
Kristen Newbury
39b6cf9468 Address review comments 2026-05-04 16:47:44 -04:00
Anders Schack-Mulligen
b67ebd11e0 Merge pull request #21762 from aschackmull/csharp/ssa2 
C#: Replace SSA classes with shared code.
 2026-05-04 14:21:01 +02:00
Anders Schack-Mulligen
02f5fe9a42 C#: Address some review comments. 2026-05-04 11:49:24 +02:00
Tom Hvitved
04a8ef0f81 Merge pull request #21777 from hvitved/swift/type-inference-tests 
Swift: Add type inference tests
 2026-05-04 11:45:32 +02:00
Anders Schack-Mulligen
f663eccf66 Merge pull request #21781 from aschackmull/java/rm-deprecated 
Java: Delete old deprecated code.
 2026-05-04 11:35:09 +02:00
Tom Hvitved
80ccdcc696 Inline test expectations: Rename tagIsOptional to tagIsIgnored 2026-05-04 11:21:33 +02:00
Tom Hvitved
224934645e Swift: Add type inference tests for key path expressions 2026-05-04 11:00:38 +02:00
Tom Hvitved
038f9a2c2f Swift: Split type inference tests into multiple files 2026-05-04 10:55:06 +02:00
Anders Schack-Mulligen
c7904b12c8 Java: Fix reference in deprecated code. 2026-05-04 10:52:27 +02:00
Anders Schack-Mulligen
17fded4aa5 Java: Delete old deprecated code. 2026-05-04 10:52:27 +02:00
Paolo Tranquilli
77cdafd55e Merge pull request #21785 from github/codeql-spark-run-25308467256 
Update changelog documentation site for codeql-cli-2.25.3
 2026-05-04 10:42:33 +02:00
Paolo Tranquilli
1c20e78593 Docs: replace build mode: none with build-mode: none 2026-05-04 10:26:50 +02:00
github-actions[bot]
5546025f12 update codeql documentation 2026-05-04 08:19:28 +00:00
Tom Hvitved
1f3a8319ed Update csharp/ql/lib/semmle/code/csharp/dataflow/internal/SsaImpl.qll 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-05-04 09:41:00 +02:00
Anders Schack-Mulligen
21a0d1444f C#: Add change note. 2026-05-01 13:13:40 +02:00
Anders Schack-Mulligen
e012981e5b C#: Accept test changes for out/ref SSA location changes. 2026-05-01 10:32:18 +02:00
Anders Schack-Mulligen
351e9cc914 C#: Accept test changes. 2026-05-01 10:28:15 +02:00
Anders Schack-Mulligen
439a67a3fe C#: Fix toString for capture definitions. 2026-05-01 10:26:50 +02:00
Anders Schack-Mulligen
5fbba0e9fe C#: Delete ParameterDefaultDefinition. 2026-05-01 10:24:23 +02:00
Anders Schack-Mulligen
d3df5ce110 C#: Deprecate ParameterDefinition in favour of SsaParameterInit. 2026-05-01 10:22:53 +02:00
Kristen Newbury
b0bc0fdd61 Adjust changenotes actions queries 2026-04-30 12:28:06 -04:00
Mathias Vorreiter Pedersen
154d213fd2 Merge pull request #21768 from github/speed-up-unchecked-leap-year-after-modification 
C++: Speed up `cpp/leap-year/unchecked-after-arithmetic-year-modification`
 2026-04-30 16:06:17 +01:00
Kristen Newbury
4fd02220c7 Update help files CWE-829/UntrustedCheckoutX 2026-04-30 10:50:06 -04:00
Michael Nebel
4446f42846 Merge pull request #21684 from michaelnebel/csharp/improve-reachability-checks 
C#: Improve BMN feed checking & handling.
 2026-04-30 15:53:52 +02:00
Tom Hvitved
a291548fd8 Update rust/ql/test/library-tests/type-inference/main.rs 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-04-30 14:31:24 +02:00
Owen Mansel-Chan
87c35e6401 Merge pull request #21654 from MarkLee131/fix/sensitive-log-hash-sanitizer 
Java: treat hash/encrypt/digest methods as sensitive-log sanitizers
 2026-04-30 13:21:03 +01:00
Anders Schack-Mulligen
ff8ab191d1 C#: Drop caching for deprecated predicates. 2026-04-30 13:58:55 +02:00
Anders Schack-Mulligen
77807c83f8 C#: Exclude entry definitions from qualifier definitions. 2026-04-30 13:56:21 +02:00
Anders Schack-Mulligen
e0421dbf53 C#: Reinstate toString for SSA data flow nodes. 2026-04-30 13:56:16 +02:00
Anders Schack-Mulligen
bedadc9f04 C#: Deprecate some SSA internals. 2026-04-30 13:54:21 +02:00
Anders Schack-Mulligen
55b83ca22a C#: Deprecate Ssa::Definition in favour of SsaDefinition. 2026-04-30 13:54:20 +02:00
Anders Schack-Mulligen
de96b5acfd C#: Deprecate Ssa::ImplicitDefinition. 2026-04-30 13:54:20 +02:00
Anders Schack-Mulligen
80d5e27b46 C#: Deprecate Ssa::ImplicitEntryDefinition. 2026-04-30 13:54:15 +02:00
Tom Hvitved
e1cd708c75 Rust: Use verbose type paths in inline expectation comments 2026-04-30 13:54:09 +02:00
Anders Schack-Mulligen
65f647a8c0 C#: Replace Ssa::UncertainDefinition with SsaUncertainWrite. 2026-04-30 13:49:23 +02:00