hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 08:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity
84,891 Commits 1,741 Branches 165 Tags
82c629ada86b16dcb91ffa242a3be5582d965260
Commit Graph

84891 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Taus
82c629ada8 Python: Add up-/downgrade scripts for template literals 
We do the usual thing. Downgrade scripts remove the relevant relations;
upgrade scripts do nothing.
 2025-12-16 23:57:58 +01:00
Taus
47c967a06c Python: Bump extractor version 2025-12-16 23:57:58 +01:00
Taus
414e689291 Python: Add AST node wrappers 2025-12-16 23:57:58 +01:00
Taus
652c335d30 Python: Regenerate AST and dbscheme files 2025-12-16 23:57:58 +01:00
Taus
28e733e335 Python: Support template strings in rest of extractor 
Adds three new AST nodes to the mix:

- `TemplateString` represents a t-string in Python 3.14
- `TemplateStringPart` represents one of the string constituents of a
t-string. (The interpolated expressions are represented as `Expr` nodes,
just like f-strings.)
- `JoinedTemplateString` represents an implicit concatenation of
template strings.

Importantly, we _completely avoid_ the complicated construction we
currently do for format strings (as well as the confusing nomenclature).
No extra injection of empty strings (so that a template string is a
strict alternation of strings and expressions). A `JoinedTemplateString`
simply has a list of template string children, and a `TemplateString`
has a list of "values" which may be either `Expr` or
`TemplateStringPart` nodes.

If we ever find that we actually want the more complicated interface for
these strings, then I would much rather we reconstruct this inside of QL
rather than in the parser.
 2025-12-16 23:57:58 +01:00
Taus
cd7ae34380 Python: Regenerate parser files 2025-12-16 23:57:58 +01:00
Taus
7768ebe8b8 Python: Add parser support for template strings 
- Extends the scanner with a new token kind representing the start of a
template string. This is used to distinguish template strings from
regular strings (because only a template string will start with a
`_template_string_start` external token).

- Cleans up the logic surrounding interpolations (and the method names)
so that format strings and template strings behave the same in this
case.

Finally, we add two new node types in the tree-sitter grammar:

- `template_string` behaves like format strings, but is a distinct type
(mainly so that an implicit concatenation between template strings and
regular strings becomes a syntax error).
- `concatenated_template_string` is the counterpart of
`concatenated_string`.

However, internally, the string parts of a template strings are just the
same `string_content` nodes that are used in regular format strings. We
will disambiguate these inside `tsg-python`.
 2025-12-16 23:57:58 +01:00
Simon Friis Vindum
63329b47d8 Merge pull request #21036 from paldepind/rust/prioritize-manual-summaries 
Rust: Don't apply generated models for functions that have a manual model
 2025-12-16 12:47:27 +01:00
Simon Friis Vindum
8c4b81ebc7 Rust: Fix typo in comment 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-12-16 10:19:01 +01:00
Simon Friis Vindum
477e1cd96c Rust: Fix manual model for PathBuf::as_path 2025-12-16 09:25:42 +01:00
Tom Hvitved
d709343d38 Merge pull request #21011 from aschackmull/mad/shared-externalflow 
Java/C++/Go/C#: Share parts of ExternalFlow.qll
 2025-12-15 20:27:04 +01:00
Tom Hvitved
74ed18a89f Merge pull request #21035 from hvitved/rust/ord-models 
Rust: Add models for `core::cmp::Ord::{min,max,clamp}`
 2025-12-15 17:09:33 +01:00
Simon Friis Vindum
1b70111dd2 Rust: Don't apply generated models for functions that have a manual model 2025-12-15 14:25:49 +01:00
Simon Friis Vindum
d2cfd53933 Rust: Add test with wrong generated model 2025-12-15 14:23:48 +01:00
Óscar San José
2824c98efb Merge pull request #21025 from github/oscarsj/mergeback-rc-3-20-into-main 
Mergeback rc/3.20 into main
 2025-12-15 11:59:58 +01:00
Tom Hvitved
fc49360e81 Rust: Add models for core::cmp::Ord::{min,max,clamp} 2025-12-15 11:52:05 +01:00
Michael Nebel
70447c6483 Merge pull request #21026 from michaelnebel/csharp/migratesolution 
C#: Migrate our own solution file to `.slnx`.
 2025-12-15 11:01:35 +01:00
Geoffrey White
93e8534d0a Merge pull request #21009 from geoffw0/varfps 
Rust: Fix some false positives for rust/unused-variable and rust/unused-value
 2025-12-15 09:48:47 +00:00
Geoffrey White
01f9b42472 Merge branch 'main' into varfps 2025-12-15 08:49:16 +00:00
Michael Nebel
949cfc3fbd Merge pull request #21031 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2025-12-15 09:12:24 +01:00
github-actions[bot]
f7bbddec24 Add changed framework coverage reports 2025-12-15 00:27:40 +00:00
Owen Mansel-Chan
af2fbd8dda Merge pull request #20929 from owen-mc/go/fix-data-flow-consistency-checks 
Go: fix small issues highlighted by data flow consistency checks
 2025-12-12 17:01:43 +00:00
Mathias Vorreiter Pedersen
3ea92eada6 Merge pull request #21024 from MathiasVP/csharp-implicit-map-value-reads 
C#: Add implicit `System.Collections.Generic.KeyValuePair2.Value` reads at taint sinks
 2025-12-12 16:46:12 +00:00
Tom Hvitved
b61a439491 Merge pull request #21020 from hvitved/shared/source-sink-provenance-prio 
Shared: Prefer source/sink models with manual provenance over generated
 2025-12-12 16:01:06 +01:00
Michael Nebel
e417938860 C#: Exclude all test projects from the Release build configuration. 2025-12-12 14:25:15 +01:00
Michael Nebel
7f1a9b57f1 C#: Update the default solution to point to the .slnx file instead. 2025-12-12 14:23:23 +01:00
Michael Nebel
1e43d06c6d C#: Migrate CSharp.sln to CSharp.slnx (as is). 2025-12-12 14:22:51 +01:00
Anders Schack-Mulligen
64a48e4e7b MaD: Use "namespace" instead "package" in shared code. 2025-12-12 13:57:02 +01:00
Anders Schack-Mulligen
7f8d0771df MaD: Rename file. 2025-12-12 13:50:58 +01:00
Óscar San José
d972af9ef8 Merge branch 'main' of https://github.com/github/codeql into oscarsj/mergeback-rc-3-20-into-main 2025-12-12 13:22:08 +01:00
Mathias Vorreiter Pedersen
2720f57965 C#: Add change note. 2025-12-12 11:20:02 +00:00
Óscar San José
72b63bbdc3 Merge pull request #20989 from github/post-release-prep/codeql-cli-2.23.8 
Post-release preparation for codeql-cli-2.23.8
 2025-12-12 12:18:16 +01:00
Mathias Vorreiter Pedersen
f30ebab528 C#: Add implicit reads of System.Collections.Generic.KeyValuePair`2.Value at taint sinks. 2025-12-12 11:08:15 +00:00
Mathias Vorreiter Pedersen
b499661c05 C#: Slightly refactor 'CollectionFlow' tests to add a taint-flow test. 2025-12-12 11:06:01 +00:00
Simon Friis Vindum
c5987b4481 Merge pull request #21019 from paldepind/rust/impl-return 
Rust: Don't propagate `impl` in return position into function bodies
 2025-12-12 11:32:26 +01:00
Anders Schack-Mulligen
8564b4ea66 Go: Use shared modelCoverage. 2025-12-12 11:24:39 +01:00
Tom Hvitved
0b00589f95 Rust: Update expected test output 2025-12-12 11:16:17 +01:00
Tom Hvitved
0b81d44ec7 Rust: Apply same filtering of generated summaries as in C# and Java 2025-12-12 11:16:16 +01:00
Tom Hvitved
c4a8e9df21 Shared: Prefer source/sink models with manual provenance over generated 2025-12-12 11:16:13 +01:00
Anders Schack-Mulligen
f8c144b20e Merge pull request #21018 from aschackmull/csharp/guards-connect-barrierguard 
C#: Connect shared Guards to SSA BarrierGuards.
 2025-12-12 10:50:47 +01:00
Tom Hvitved
6f27863453 Merge pull request #21012 from hvitved/csharp/nhibernate-sql-sinks 
C#: Add `NHibernate` SQL sinks
 2025-12-12 09:23:39 +01:00
Tom Hvitved
0566a9ffe6 Merge pull request #20994 from hvitved/csharp/remove-pre-ssa 
C#: Remove `PreSsa` library
 2025-12-12 09:22:36 +01:00
Anders Schack-Mulligen
4b2e8c0b57 C++/C#/Go: Add empty extensible data. 2025-12-12 09:17:51 +01:00
Anders Schack-Mulligen
5bddc8d289 Go: Move Go package-grouping support into shared lib. 2025-12-12 09:17:51 +01:00
Simon Friis Vindum
4425891352 Rust: Don't propagate impl in return position into function bodies 2025-12-12 09:13:04 +01:00
Anders Schack-Mulligen
e262438557 C++: Use shared model coverage code. 2025-12-12 08:20:20 +01:00
Anders Schack-Mulligen
07252519c8 Java/C++: Thread additional models through the shared lib. 2025-12-12 08:20:20 +01:00
Anders Schack-Mulligen
47dcf05a32 C++/Go/Java: Don't import top-level extensible predicates. 2025-12-12 08:20:19 +01:00
Anders Schack-Mulligen
3b334ea215 Java/C#: Share model coverage code. 2025-12-12 08:20:19 +01:00
Anders Schack-Mulligen
0915db4f6b C++/C#/Go: Use shared interpretModelForTest. 2025-12-12 08:20:18 +01:00