hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-30 20:28:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,441 Commits 1,724 Branches 164 Tags
851315fb93085b07f64be09fb874b2a57590fb59
Commit Graph

86441 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Óscar San José
851315fb93 Merge pull request #21573 from github/release-prep/2.25.1 
Release preparation for version 2.25.1
 2026-03-25 10:55:04 +01:00
github-actions[bot]
8cf0954796 Release preparation for version 2.25.1 2026-03-25 08:28:30 +00:00
Óscar San José
72534e882b Merge pull request #21483 from github/release-prep/2.25.0 
Release preparation for version 2.25.0
codeql-cli/v2.25.0 		2026-03-16 15:45:36 +01:00
github-actions[bot]
d6055754b6 Release preparation for version 2.25.0 2026-03-16 12:15:34 +00:00
Anders Schack-Mulligen
c24b43d01e Merge pull request #21482 from aschackmull/csharp/rangeanalysis-no-split 
C#: Remove splitting-awareness from Range Analysis.
 2026-03-16 10:54:49 +01:00
Jeroen Ketema
179a4cd41a Merge pull request #21474 from jketema/jketema/swift-linux-2 
Swift: Ignore some DB-CHECK results on Linux
 2026-03-16 10:50:05 +01:00
Anders Schack-Mulligen
a929c0bf24 C#: Remove splitting-awareness from Range Analysis. 2026-03-16 09:58:14 +01:00
Anders Schack-Mulligen
427ccee3b9 Merge pull request #21473 from aschackmull/csharp/dataflow-no-split 
C#: Remove splitting-awareness from data flow.
 2026-03-16 09:33:31 +01:00
Asger F
22f16dda85 Merge pull request #21368 from asgerf/browser-sources 
JS: Add 'browser' source kinds
 2026-03-16 09:24:54 +01:00
Anders Schack-Mulligen
db0a3e38e2 C#: Accept a few irrelevant taint steps. 2026-03-16 09:09:54 +01:00
Anders Schack-Mulligen
e7edf15031 C#: Clean up. 2026-03-16 08:51:51 +01:00
Anders Schack-Mulligen
4c77e0f315 C#: Remove splitting-awareness for local expression steps. 2026-03-16 08:51:51 +01:00
Anders Schack-Mulligen
7124cd4e6e C#: Remove splitting-awareness for source-to-def steps. 2026-03-16 08:51:50 +01:00
Anders Schack-Mulligen
c076992b83 C#: Remove splitting-awareness in ObjectInitializerNode. 2026-03-16 08:51:49 +01:00
Anders Schack-Mulligen
659d8e7c90 C#: Remove splitting-awareness in argumentOf. 2026-03-16 08:51:49 +01:00
Anders Schack-Mulligen
1e8de0511b C#: Remove splitting-awareness in lambda flow. 2026-03-16 08:51:48 +01:00
Anders Schack-Mulligen
bce0a4d2a7 C#: Remove splitting-awareness for store steps. 2026-03-16 08:51:48 +01:00
Anders Schack-Mulligen
2160910d56 C#: Remove splitting-awareness for read steps. 2026-03-16 08:51:47 +01:00
Anders Schack-Mulligen
a5c8a5b5f8 C#: Remove splitting-awareness for taint steps. 2026-03-16 08:51:47 +01:00
Jeroen Ketema
f9f1d9eecc Swift: Ignore some DB-CHECK results on Linux 2026-03-13 20:06:57 +01:00
Owen Mansel-Chan
d52e9bc18c Merge pull request #21370 from github/owen-mc/go/overlay-annotations 
Go: Add overlay annotations from script
 2026-03-13 16:46:01 +00:00
Owen Mansel-Chan
b8b841cfba Add overlay[loca] in 4 more tests 2026-03-13 16:19:00 +00:00
Owen Mansel-Chan
df9f8ee386 Merge branch 'main' into owen-mc/go/overlay-annotations 2026-03-13 15:55:17 +00:00
Owen Mansel-Chan
99f4930e24 Explicitly mark DataFlowNodes.qll as overlay[local] 2026-03-13 15:23:39 +00:00
Owen Mansel-Chan
e9df9147ad Add overlay annotations in 4 PrintAst tests 2026-03-13 15:03:05 +00:00
Owen Mansel-Chan
f32f85399a Mark various files as overlay[local] 2026-03-13 15:03:02 +00:00
Jonas Jensen
c56feb7644 Go: annotate the standard library with for overlay 
This commit is auto-generated with:

    python3 config/add-overlay-annotations.py go
 2026-03-13 15:03:01 +00:00
Jonas Jensen
7ef60a8649 Update the overlay annotation script for go 
The Go libraries follow their own naming convention for "query
libraries". These need to be exempted from automatic `overlay[local?]`
annotations since otherwise it appears that too many predicates are
evaluated, possibly because of inadequate use of sentinels.
 2026-03-13 15:02:58 +00:00
Asger F
7d6e08ecf1 Merge pull request #21461 from github/asger/js-shebang-bun-tsx 
JS: Recognise bun and tsx in shebang lines
 2026-03-13 15:07:12 +01:00
Asger F
dfa6d20072 JS: Replace broken link with plain text 2026-03-13 15:05:07 +01:00
Asger F
821cc0e875 JS: Address PR review comments 
- Fix misplaced semicolons in test files (was inside comment, moved before it)
- Update QLdoc comments to reference new browser source kind names
- Update docs to list browser source kinds and fix outdated 'only remote' note

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-03-13 14:58:04 +01:00
Anders Schack-Mulligen
f11815c633 Merge pull request #21471 from aschackmull/csharp/rm-prebasicblock 
C#: Delete PreBasicBlocks.
 2026-03-13 08:54:06 +01:00
Owen Mansel-Chan
52cfd49087 Merge pull request #21469 from github/dependabot/go_modules/go/extractor/extractor-dependencies-7af763c229 
Bump the extractor-dependencies group across 1 directory with 2 updates
 2026-03-13 07:06:44 +00:00
Anders Schack-Mulligen
8c1c039edf C#: Delete PreBasicBlocks. 2026-03-13 08:00:08 +01:00
dependabot[bot]
c9e0927992 Bump the extractor-dependencies group across 1 directory with 2 updates 
Bumps the extractor-dependencies group with 2 updates in the /go/extractor directory: [golang.org/x/mod](https://github.com/golang/mod) and [golang.org/x/tools](https://github.com/golang/tools).


Updates `golang.org/x/mod` from 0.33.0 to 0.34.0
- [Commits](https://github.com/golang/mod/compare/v0.33.0...v0.34.0)

Updates `golang.org/x/tools` from 0.42.0 to 0.43.0
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.42.0...v0.43.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-version: 0.34.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
- dependency-name: golang.org/x/tools
  dependency-version: 0.43.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-13 03:04:44 +00:00
Jeroen Ketema
d5f667e585 Merge pull request #21467 from jketema/jketema/swift-linux 
Swift: Disable stack protector pass
 2026-03-12 22:42:51 +01:00
Jeroen Ketema
b758732a28 Merge pull request #21468 from jketema/jketema/swift-lines 
Swift: Limit successfully extracted lines
 2026-03-12 17:24:28 +01:00
Jeroen Ketema
ba3fadbf20 Swift: Rename function 2026-03-12 16:37:13 +01:00
Owen Mansel-Chan
d7d1554461 Merge pull request #21465 from owen-mc/go/small-tweaks 
Go: improve detection of type expressions when database is missing some type information
 2026-03-12 14:58:16 +00:00
Jeroen Ketema
12e0f3f359 Swift: Limit successfully extracted lines 2026-03-12 15:46:23 +01:00
Owen Mansel-Chan
0bb6ff58cc Merge pull request #21466 from owen-mc/go/add-nil-helper-predicate 
Go: Add and use `exprRefersToNil` predicate
 2026-03-12 14:36:03 +00:00
Jeroen Ketema
b9c0aca11a Swift: Fix formatting 2026-03-12 15:00:18 +01:00
Jeroen Ketema
ee3674cb80 Swift: Disable stack protector pass 2026-03-12 14:43:05 +01:00
Owen Mansel-Chan
c271755985 Add and use exprRefersToNil predicate 2026-03-12 13:28:57 +00:00
Owen Mansel-Chan
a16c43881b Use "database" instead of "snapshot" in QLDocs 2026-03-12 13:28:06 +00:00
Owen Mansel-Chan
39e0382089 Improve QLDoc for isTypeExprTopDown 2026-03-12 13:28:05 +00:00
Owen Mansel-Chan
22e012c6f4 Expand isTypeExprTopDown 
We should be using all subtypes of `FieldBase`. This allows us to find
more type expressions, and is also simpler to evaluate.
 2026-03-12 13:28:03 +00:00
Asger F
b8c44be599 Add QL test for bun/tsx shebang recognition in TypeScript files 
Add test files with #!/usr/bin/env bun, #!/usr/bin/env tsx, and
#!/usr/bin/env node shebangs. The query lists extracted .ts files,
verifying that all three shebangs are recognized and the files are
not skipped by the extractor.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-03-12 10:09:56 +01:00
Asger F
84d1828a9c JavaScript extractor: recognise bun and tsx in shebang lines 
Update the shebang regexp (renamed NODE_INVOCATION -> JS_INVOCATION) to
also match 'bun' and 'tsx' so that scripts using these runtimes are
correctly identified as JavaScript files.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-03-12 09:35:36 +01:00
Mario Campos
f2e7dca65c Merge pull request #21454 from github/mario-campos-patch-1 
Correct comment about AES crypto algorithm strength
 2026-03-11 22:43:21 -05:00