hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-03 06:08:17 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,528 Commits 1,732 Branches 164 Tags
93c656065d20428fffe43d7c79850f5dca41fa4e
Commit Graph

86528 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Owen Mansel-Chan
93c656065d Add test for MaD barriers 2026-03-20 11:06:36 +00:00
Owen Mansel-Chan
e86ce8feed Instantiate flow barriers from MaD 2026-03-20 11:06:35 +00:00
Owen Mansel-Chan
d3177b9e82 Add FlowBarrier.qll 2026-03-20 11:06:33 +00:00
Owen Mansel-Chan
f4550544ce Shared: Add barrierElement in FlowSummaryImpl.qll 2026-03-20 11:06:32 +00:00
Owen Mansel-Chan
f9521e9e88 Update interpretModelForTest 2026-03-20 11:06:30 +00:00
Owen Mansel-Chan
f342bae962 Update empty.model.yml 2026-03-20 11:06:29 +00:00
Owen Mansel-Chan
bceab0b44e Add extensible predicates 2026-03-20 11:06:26 +00:00
Óscar San José
ec726f5941 Merge pull request #21486 from github/post-release-prep/codeql-cli-2.25.0 
Post-release preparation for codeql-cli-2.25.0
 2026-03-20 11:23:20 +01:00
Geoffrey White
208ae7aa01 Merge pull request #21514 from geoffw0/suspicioussizeof 
C++: Fix an issue with cpp/suspicious-add-sizeof in BMN databases
 2026-03-20 09:41:39 +00:00
Geoffrey White
be746b775b Merge pull request #21493 from MarkLee131/fix/format-string-fp-in-printf-impl 
C++: exclude printf implementation internals from uncontrolled format string sinks
 2026-03-20 09:21:48 +00:00
Paolo Tranquilli
06ea72ccc7 Merge pull request #21517 from github/dependabot/bazel/bazel_skylib-1.9.0 
Bump bazel_skylib from 1.8.1 to 1.9.0
 2026-03-20 09:18:44 +01:00
Paolo Tranquilli
57086f60b9 Merge pull request #21518 from github/dependabot/bazel/rules_java-9.6.1 
Bump rules_java from 9.0.3 to 9.6.1
 2026-03-20 09:18:16 +01:00
Kaixuan Li
6452cc549f Merge branch 'github:main' into fix/format-string-fp-in-printf-impl 2026-03-20 10:15:56 +08:00
Kaixuan Li
f59bacab30 Merge pull request #1 from geoffw0/changenote 
C++: Change note.
 2026-03-20 10:14:24 +08:00
Geoffrey White
9c6276ef48 C++: Change note. 2026-03-19 16:24:35 +00:00
Tom Hvitved
21f2c81f24 Merge pull request #21509 from hvitved/ci/remove-compile-queries 
CI: Remove `compile-queries.yml`
 2026-03-19 17:21:09 +01:00
Óscar San José
d30aab47ea Merge branch 'main' into post-release-prep/codeql-cli-2.25.0 2026-03-19 16:57:20 +01:00
dependabot[bot]
fef758998c Bump rules_java from 9.0.3 to 9.6.1 
Bumps [rules_java](https://github.com/bazelbuild/rules_java) from 9.0.3 to 9.6.1.
- [Release notes](https://github.com/bazelbuild/rules_java/releases)
- [Commits](https://github.com/bazelbuild/rules_java/compare/9.0.3...9.6.1)

---
updated-dependencies:
- dependency-name: rules_java
  dependency-version: 9.6.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-19 15:48:18 +00:00
dependabot[bot]
b9592fef2d Bump bazel_skylib from 1.8.1 to 1.9.0 
Bumps [bazel_skylib](https://github.com/bazelbuild/bazel-skylib) from 1.8.1 to 1.9.0.
- [Release notes](https://github.com/bazelbuild/bazel-skylib/releases)
- [Changelog](https://github.com/bazelbuild/bazel-skylib/blob/main/CHANGELOG.md)
- [Commits](https://github.com/bazelbuild/bazel-skylib/compare/1.8.1...1.9.0)

---
updated-dependencies:
- dependency-name: bazel_skylib
  dependency-version: 1.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-19 15:48:11 +00:00
Paolo Tranquilli
7a33e2f539 Merge pull request #21508 from github/dependabot/bazel/rules_pkg-1.2.0 
Bump rules_pkg from 1.0.1 to 1.2.0
 2026-03-19 16:27:45 +01:00
Paolo Tranquilli
34101b5ca0 Merge pull request #21448 from github/redsun82/update-rules-rust 
Update `rules_rust` 0.68.1.codeql.1 → 0.69.0, drop local patch
 2026-03-19 16:16:34 +01:00
Geoffrey White
07db9cf3c4 Merge pull request #21421 from geoffw0/wrongtypeformat 
C++: Add some test cases for cpp/wrong-type-format-argument
 2026-03-19 14:25:33 +00:00
Geoffrey White
92c9a8e146 Update cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/SuspiciousAddWithSizeof/buildless.cpp 2026-03-19 13:51:03 +00:00
Geoffrey White
21cb11ea5d C++: Change note. 2026-03-19 13:29:41 +00:00
Geoffrey White
0f794b57ed C++: Fix the issue. 2026-03-19 13:16:16 +00:00
Geoffrey White
2e987f8d78 C++: Add test cases emulating cpp/suspicious-add-sizeof in buildless mode. 2026-03-19 13:00:58 +00:00
Óscar San José
2139b97628 Merge branch 'main' into post-release-prep/codeql-cli-2.25.0 2026-03-19 13:07:00 +01:00
Paolo Tranquilli
50d83ada95 Merge branch 'main' into redsun82/update-rules-rust 2026-03-19 12:50:00 +01:00
dependabot[bot]
10678d3a42 Bump rules_pkg from 1.0.1 to 1.2.0 
Bumps [rules_pkg](https://github.com/bazelbuild/rules_pkg) from 1.0.1 to 1.2.0.
- [Release notes](https://github.com/bazelbuild/rules_pkg/releases)
- [Changelog](https://github.com/bazelbuild/rules_pkg/blob/main/CHANGELOG.md)
- [Commits](https://github.com/bazelbuild/rules_pkg/compare/1.0.1...1.2.0)

---
updated-dependencies:
- dependency-name: rules_pkg
  dependency-version: 1.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-19 11:31:03 +00:00
Paolo Tranquilli
7d538988a6 Merge pull request #21507 from github/dependabot/bazel/rules_go-0.60.0 
Bump rules_go from 0.59.0 to 0.60.0
 2026-03-19 12:29:17 +01:00
dependabot[bot]
7f17b7716d Bump rules_go from 0.59.0 to 0.60.0 
Bumps [rules_go](https://github.com/bazel-contrib/rules_go) from 0.59.0 to 0.60.0.
- [Release notes](https://github.com/bazel-contrib/rules_go/releases)
- [Commits](https://github.com/bazel-contrib/rules_go/compare/v0.59.0...v0.60.0)

---
updated-dependencies:
- dependency-name: rules_go
  dependency-version: 0.60.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-19 10:43:19 +00:00
Paolo Tranquilli
b57fa1bffa Merge pull request #21505 from github/dependabot/bazel/rules_cc-0.2.17 
Bump rules_cc from 0.2.16 to 0.2.17
 2026-03-19 11:41:28 +01:00
dependabot[bot]
662b1e7df6 Bump rules_cc from 0.2.16 to 0.2.17 
Bumps [rules_cc](https://github.com/bazelbuild/rules_cc) from 0.2.16 to 0.2.17.
- [Release notes](https://github.com/bazelbuild/rules_cc/releases)
- [Commits](https://github.com/bazelbuild/rules_cc/compare/0.2.16...0.2.17)

---
updated-dependencies:
- dependency-name: rules_cc
  dependency-version: 0.2.17
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-19 10:02:30 +00:00
Tom Hvitved
8d6aceb008 CI: Remove compile-queries.yml 
Has been superseded by an internal check.
 2026-03-19 10:10:38 +01:00
Tom Hvitved
3fad6bdc0c Merge pull request #21495 from hvitved/rust/fix-bad-joins 
Rust: Fix two bad joins
 2026-03-19 09:53:22 +01:00
Paolo Tranquilli
518d170acd Merge pull request #21499 from github/redsun82/dependabot-exclude-bazel-registry 
Dependabot: ignore modules in our bazel registry
 2026-03-19 09:25:28 +01:00
Paolo Tranquilli
b9ad36c11d Depdendabot: ignore modules in the our bazel registry 
These come from the upstream registry and should just be left alone.
 2026-03-19 09:15:25 +01:00
Paolo Tranquilli
4ca071210b Merge branch 'main' into redsun82/update-rules-rust 2026-03-19 08:36:31 +01:00
Kaixuan Li
1ddf81c58c Merge branch 'main' into fix/format-string-fp-in-printf-impl 2026-03-19 14:36:50 +08:00
Kaixuan Li
c155394f25 the [] syntax directly 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2026-03-19 14:36:28 +08:00
Kaixuan Li
2c76e6e637 use American spellings in documentation 
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
 2026-03-19 14:35:45 +08:00
Tom Hvitved
2ff5c2c234 Rust: Fix two bad joins 
Before
```
Evaluated relational algebra for predicate TypeInference::DeconstructionPatMatchingInput::Access.getNodeAt/1#dispred#cc149bc2@88f6f09n with tuple counts:
           142521   ~1%    {3} r1 = JOIN num#FunctionType::TReturnFunctionPosition#a15fd6be WITH TypeInference::DeconstructionPatMatchingInput::Access#a2676dcb CARTESIAN PRODUCT OUTPUT Rhs.0, Lhs.0, Rhs.0

           131938   ~0%    {3} r2 = JOIN `TupleStructPat::Generated::TupleStructPat.getField/1#dispred#ac9c1af6` WITH TypeInference::DeconstructionPatMatchingInput::Access#a2676dcb ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Lhs.2
           131938   ~6%    {3}    | JOIN WITH `FunctionType::FunctionPosition.asPosition/0#dispred#efcc0611_10#join_rhs` ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Lhs.2

          3071346   ~0%    {2} r3 = SCAN `Name::Generated::Name.getText/0#dispred#107a5a39` OUTPUT In.1, In.0
        103064442   ~2%    {3}    | JOIN WITH `StructPat::StructPat.getPatField/1#5e21ea0e_102#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Rhs.2
        103064442   ~3%    {3}    | JOIN WITH TypeInference::DeconstructionPatMatchingInput::Access#a2676dcb ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Lhs.0
        103064438   ~1%    {3}    | JOIN WITH `StructPatField::Generated::StructPatField.getPat/0#dispred#1aadfeff` ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Rhs.1
         20514858   ~2%    {3}    | JOIN WITH `StructField::Generated::StructField.getName/0#dispred#e0248569_10#join_rhs` ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Lhs.2
            59554   ~1%    {3}    | JOIN WITH `StructPat::StructPat.getNthStructField/1#dispred#de537654_021#join_rhs` ON FIRST 2 OUTPUT Rhs.2, Lhs.0, Lhs.2
            59542   ~0%    {3}    | JOIN WITH `FunctionType::FunctionPosition.asPosition/0#dispred#efcc0611_10#join_rhs` ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Lhs.2

           334001   ~0%    {3} r4 = r1 UNION r2 UNION r3
                           return r4

Evaluated relational algebra for predicate TypeInference::ConstructionMatchingInput::Access.getNodeAt/1#dispred#acd835e6@bfb1f1e1 with tuple counts:
          1395153   ~3%    {3} r1 = JOIN TypeInference::ConstructionMatchingInput::PathExprAccess#b7a80c43 WITH num#FunctionType::TReturnFunctionPosition#a15fd6be CARTESIAN PRODUCT OUTPUT Lhs.0, Rhs.0, Lhs.0

            34290   ~3%    {3} r2 = JOIN StructExpr::Generated::StructExpr#d0a89c56 WITH num#FunctionType::TReturnFunctionPosition#a15fd6be CARTESIAN PRODUCT OUTPUT Lhs.0, Rhs.0, Lhs.0

          3071346   ~0%    {2} r3 = SCAN `Name::Generated::Name.getText/0#dispred#107a5a39` OUTPUT In.1, In.0
        145365745   ~0%    {3}    | JOIN WITH `StructExpr::StructExpr.getFieldExpr/1#cd55566d_102#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Rhs.2
        145365745   ~1%    {3}    | JOIN WITH StructExpr::Generated::StructExpr#d0a89c56 ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Lhs.2
         33371514   ~0%    {3}    | JOIN WITH `StructField::Generated::StructField.getName/0#dispred#e0248569_10#join_rhs` ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Lhs.2
           108831   ~0%    {3}    | JOIN WITH `StructExpr::StructExpr.getNthStructField/1#dispred#89ad7e20_021#join_rhs` ON FIRST 2 OUTPUT Rhs.2, Lhs.0, Lhs.2
           108751   ~0%    {3}    | JOIN WITH `FunctionType::FunctionPosition.asPosition/0#dispred#efcc0611_10#join_rhs` ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Rhs.1
           108751   ~4%    {3}    | JOIN WITH `StructExprField::Generated::StructExprField.getExpr/0#dispred#956e6ba1` ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Rhs.1

          1748398   ~4%    {3} r4 = `TypeInference::ConstructionMatchingInput::NonAssocCallAccess.getNodeAt/1#dispred#ef232b1f` UNION r1 UNION r2 UNION r3
                           return r4
```

After
```
Evaluated relational algebra for predicate TypeInference::DeconstructionPatMatchingInput::Access.getNodeAt/1#dispred#cc149bc2@2ea6ebjs with tuple counts:
        142521   ~1%    {3} r1 = JOIN num#FunctionType::TReturnFunctionPosition#a15fd6be WITH TypeInference::DeconstructionPatMatchingInput::Access#a2676dcb CARTESIAN PRODUCT OUTPUT Rhs.0, Lhs.0, Rhs.0

        131938   ~0%    {3} r2 = JOIN `TupleStructPat::Generated::TupleStructPat.getField/1#dispred#ac9c1af6` WITH TypeInference::DeconstructionPatMatchingInput::Access#a2676dcb ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Lhs.2
        131938   ~6%    {3}    | JOIN WITH `FunctionType::FunctionPosition.asPosition/0#dispred#efcc0611_10#join_rhs` ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Lhs.2

        166829   ~3%    {3} r3 = JOIN `_Name::Generated::Name.getText/0#dispred#107a5a39_StructField::Generated::StructField.getName/0#disp__#shared` WITH `StructPat::StructPat.getNthStructField/1#dispred#de537654_201#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Rhs.2
        166817   ~2%    {3}    | JOIN WITH TypeInference::DeconstructionPatMatchingInput::Access#a2676dcb ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Lhs.0
        166817   ~0%    {3}    | JOIN WITH `FunctionType::FunctionPosition.asPosition/0#dispred#efcc0611_10#join_rhs` ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Rhs.1
         59542   ~0%    {3}    | JOIN WITH `StructPat::StructPat.getPatField/1#5e21ea0e` ON FIRST 2 OUTPUT Rhs.2, Lhs.0, Lhs.2
         59542   ~0%    {3}    | JOIN WITH `StructPatField::Generated::StructPatField.getPat/0#dispred#1aadfeff` ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Rhs.1

        334001   ~0%    {3} r4 = r1 UNION r2 UNION r3
                        return r4

Evaluated relational algebra for predicate TypeInference::ConstructionMatchingInput::Access.getNodeAt/1#dispred#acd835e6@c7f267fp with tuple counts:
        1395153   ~3%    {3} r1 = JOIN TypeInference::ConstructionMatchingInput::PathExprAccess#b7a80c43 WITH num#FunctionType::TReturnFunctionPosition#a15fd6be CARTESIAN PRODUCT OUTPUT Lhs.0, Rhs.0, Lhs.0

          34290   ~3%    {3} r2 = JOIN StructExpr::Generated::StructExpr#d0a89c56 WITH num#FunctionType::TReturnFunctionPosition#a15fd6be CARTESIAN PRODUCT OUTPUT Lhs.0, Rhs.0, Lhs.0

         159331   ~0%    {3} r3 = JOIN `_Name::Generated::Name.getText/0#dispred#107a5a39_StructField::Generated::StructField.getName/0#disp__#shared` WITH `StructExpr::StructExpr.getNthStructField/1#dispred#89ad7e20_201#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Rhs.2
         159231   ~3%    {3}    | JOIN WITH StructExpr::Generated::StructExpr#d0a89c56 ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Lhs.0
         159231   ~3%    {3}    | JOIN WITH `FunctionType::FunctionPosition.asPosition/0#dispred#efcc0611_10#join_rhs` ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Rhs.1
         108731   ~0%    {3}    | JOIN WITH `StructExpr::StructExpr.getFieldExpr/1#cd55566d` ON FIRST 2 OUTPUT Rhs.2, Lhs.0, Lhs.2
         108731   ~4%    {3}    | JOIN WITH `StructExprField::Generated::StructExprField.getExpr/0#dispred#956e6ba1` ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Rhs.1

        1748378   ~4%    {3} r4 = `TypeInference::ConstructionMatchingInput::NonAssocCallAccess.getNodeAt/1#dispred#ef232b1f` UNION r1 UNION r2 UNION r3
                         return r4
```
 2026-03-18 20:42:57 +01:00
Tom Hvitved
2e7da72277 Merge pull request #21488 from paldepind/rust/tuple-constructor-self 
Rust: Unify handling of struct and tuple constructors
 2026-03-18 19:52:06 +01:00
Owen Mansel-Chan
5b17d8cf76 Merge pull request #21472 from owen-mc/adjust-severity/xss-log-injection 
Adjust `@security-severity` metadata for XSS and log injection queries
 2026-03-18 16:51:14 +00:00
Simon Friis Vindum
f2a0724620 Rust: Use getReturnType 2026-03-18 15:06:34 +01:00
Simon Friis Vindum
b8222167d2 Rust: Ensure that TPositionalArgumentPosition is large enough for struct expressions 2026-03-18 15:06:32 +01:00
Simon Friis Vindum
6efd844180 Rust: Rename into "construction" and "deconstruction" 2026-03-18 15:06:23 +01:00
Geoffrey White
34f405f465 C++: Update test annotations. 2026-03-18 13:13:22 +00:00
Anders Schack-Mulligen
d4a0846c6c Merge pull request #21490 from aschackmull/csharp/enclosing-obinit 
C#: Add ObjectInitMethod as enclosing callable for the instance initializers.
 2026-03-18 10:03:18 +01:00
Simon Friis Vindum
d180900ab4 Rust: Minor improvements to documentation comments 
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
 2026-03-17 19:01:22 +01:00