hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-06 06:05:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
76,713 Commits 1,747 Branches 166 Tags
98a40967d242fdd2bf06d0ba7af8f6dc5e2c4b2d
Commit Graph

76713 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Arthur Baars
98a40967d2 Rust: ignore crate graph elements from summary stats and AST no-location checks 
These elements depend on the version of the standard libraries and platform, and
in addition no location information is extracted for them at the moment.

f
 2025-03-10 10:16:15 +01:00
Arthur Baars
e21a7f5336 Rust: extract crate graph 2025-03-10 10:16:13 +01:00
Arthur Baars
75ca04f3dd Rust: add Crate to dbscheme 2025-03-10 10:16:12 +01:00
Michael Nebel
0676c21a4b Merge pull request #18866 from michaelnebel/csharp/ccr-call-to-object-tostring 
C#: Add cs/call-to-object-tostring to the CCR query suite.
 2025-03-10 09:41:11 +01:00
Andrew Eisenberg
e73745d3ca Merge pull request #18945 from github/aeisenberg/move-to-experimental 
Move UnversionedImmutableAction.ql to experimental
 2025-03-07 09:26:11 -08:00
Anders Schack-Mulligen
d075466958 Merge pull request #18941 from aschackmull/ssa/refactor4 
Ssa: Extend consistency checks and reduce phi read nodes
 2025-03-07 15:18:02 +01:00
Taus
cef8f7b123 Merge pull request #18739 from paldepind/change-note-script-editor 
Change note creation script uses EDITOR environment variable
 2025-03-07 14:53:14 +01:00
Anders Schack-Mulligen
3508ca89e6 Java: Restrict SSA reads to the reachable CFG. 2025-03-07 11:13:53 +01:00
Anders Schack-Mulligen
b1e53f5816 Rust: Accept consistency failure. 2025-03-07 11:11:49 +01:00
Jeroen Ketema
87ee191409 Merge pull request #18928 from jketema/desc 
C++: Improve query description and fix alignment of the text
 2025-03-07 10:47:31 +01:00
Michael Nebel
c9796ee297 C#: Add cs/call-to-object-tostring to the CCR query suite. 2025-03-07 09:52:08 +01:00
Michael Nebel
82b7a19df1 Merge pull request #18894 from michaelnebel/csharp/garbagetypes 
C#: Handle some BMN garbage types.
 2025-03-07 09:19:48 +01:00
Simon Friis Vindum
fc186eb136 Include -r flag to code when creating change note 
Co-authored-by: Taus <tausbn@github.com>
 2025-03-07 08:47:21 +01:00
Andrew Eisenberg
2a0e133768 Move UnversionedImmutableAction.ql to experimental 
This query will give too many false positives for users until
immutable actions is released.
 2025-03-06 15:08:02 -08:00
Tom Hvitved
5c3f21b20c Merge pull request #18937 from hvitved/rust/fix-bad-joins 
Rust: Fix bad joins
 2025-03-06 19:11:31 +01:00
Anders Schack-Mulligen
da579c27fc Merge pull request #18934 from aschackmull/ssa/refactor5 
SSA: Replace the Guards interface in the SSA data flow integration.
 2025-03-06 15:11:52 +01:00
Anders Schack-Mulligen
97a3411c0c Ruby: Accept test output. 2025-03-06 13:58:14 +01:00
Michael Nebel
61c043fd4a Merge pull request #18935 from michaelnebel/csharp/useless-if-statement 
C#: Fewer alerts in `cs/useless-if-statement`.
 2025-03-06 13:53:20 +01:00
Taus
a9ab39da1b Merge pull request #18448 from github/tausbn/python-add-type-annotation-metrics-query 
Python: Add metrics query for type annotations
 2025-03-06 13:52:26 +01:00
Anders Schack-Mulligen
5e722eecf7 Ruby: Push in casts to Definition to delete the then unused DefinitionExt. 2025-03-06 13:31:31 +01:00
Anders Schack-Mulligen
9e6bdbbcbb SSA: Don't add phi-reads for frontiers of uncertain reads. 2025-03-06 12:47:38 +01:00
Anders Schack-Mulligen
947a85ed28 Java: Enable SSA consistency queries. 2025-03-06 12:47:38 +01:00
Anders Schack-Mulligen
d95114fb1d SSA: Extend consistency queries. 2025-03-06 12:47:37 +01:00
Michael Nebel
fb3ce464be C#: Address review comments. 2025-03-06 11:48:35 +01:00
Michael B. Gale
7e984ad48e Merge pull request #18938 from github/dependabot/go_modules/go/extractor/extractor-dependencies-94582fc3a1 
Bump the extractor-dependencies group in /go/extractor with 2 updates
 2025-03-06 10:47:50 +00:00
Owen Mansel-Chan
cbe7edd9c6 Merge pull request #18907 from teuron/cwe-925 
[CWE-925] Intent verification is only needed on non-empty onReceive methods.
 2025-03-06 10:00:05 +00:00
Joe Farebrother
2692b8fa9f Merge pull request #18936 from joefarebrother/python-add-not-named-self-cls-ccr 
Python: Include `py/not-named-self` and `py/not-named-cls` in the CCR suite
 2025-03-06 09:51:14 +00:00
Owen Mansel-Chan
0c091ffe31 Merge pull request #18920 from owen-mc/go/mad/improve-sync-models 
Go: Do not track taint into a `sync.Map` via the key of a key-value pair
 2025-03-06 09:40:49 +00:00
Lukas Abfalterer
32e1589745 Update java/ql/src/change-notes/2025-03-03-fix-improper-intent-verification-query.md 
Co-authored-by: Edward Minnix III <egregius313@github.com>
 2025-03-06 09:57:16 +01:00
Tom Hvitved
ec063d0dbd Rust: Fix bad joins 
```
Evaluated relational algebra for predicate _Synth::Synth::TFormatArgument#5cbf2ffd_63#join_rhs__Format::Format.getArgumentRef/0#dispred#38d664c__#antijoin_rhs@889ee4br with tuple counts:
           11356  ~0%    {5} r1 = JOIN `_Format::Format.getArgumentRef/0#dispred#38d664cb_Format::Format.getParent/0#dispred#f6ec3e8b_10#joi__#shared` WITH Synth::Synth::TFormatArgument#5cbf2ffd_63#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3, Lhs.0
        19631351  ~0%    {6}    | JOIN WITH name_texts_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3, Lhs.4, Lhs.0
           45933  ~0%    {6}    | JOIN WITH format_args_arg_names_10#join_rhs ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Lhs.2, Lhs.3, Lhs.4, Lhs.5
             747  ~0%    {5}    | JOIN WITH format_args_expr_args_02#join_rhs ON FIRST 2 OUTPUT Lhs.0, Lhs.2, Lhs.3, Lhs.4, Lhs.5
                         return r1

Evaluated relational algebra for predicate __Format::Format.getParent/0#dispred#f6ec3e8b_FormatArgument::FormatArgument.getParent/0#dispred#864__#antijoin_rhs@01d9d70k with tuple counts:
        19631351  ~1%    {6} r1 = JOIN `_Format::Format.getParent/0#dispred#f6ec3e8b_FormatArgument::FormatArgument.getParent/0#dispred#8641__#shared` WITH name_texts_10#join_rhs ON FIRST 1 OUTPUT Lhs.4, Lhs.0, Lhs.1, Lhs.2, Lhs.3, Rhs.1
         5173010  ~0%    {7}    | JOIN WITH format_args_expr_args ON FIRST 1 OUTPUT Rhs.2, Lhs.5, Lhs.1, Lhs.2, Lhs.3, Lhs.4, Lhs.0
             747  ~0%    {5}    | JOIN WITH format_args_arg_names ON FIRST 2 OUTPUT Lhs.2, Lhs.3, Lhs.4, Lhs.5, Lhs.6
                         return r1

Evaluated relational algebra for predicate _NamedFormatArgument::NamedFormatArgument#18940f8e__Format::Format.getParent/0#dispred#f6ec3e8b_10#j__#antijoin_rhs@dafbd6hr with tuple counts:
           11356  ~0%    {5} r1 = JOIN `_Format::Format.getParent/0#dispred#f6ec3e8b_10#join_rhs_FormatArgument::FormatArgument.getParent/0#__#shared` WITH NamedFormatArgument::NamedFormatArgument#18940f8e ON FIRST 1 OUTPUT Rhs.4, Lhs.1, Lhs.2, Lhs.3, Lhs.0
        19631351  ~0%    {6}    | JOIN WITH name_texts_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3, Lhs.4, Lhs.0
           45933  ~0%    {6}    | JOIN WITH format_args_arg_names_10#join_rhs ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Lhs.2, Lhs.3, Lhs.4, Lhs.5
             747  ~0%    {5}    | JOIN WITH format_args_expr_args_02#join_rhs ON FIRST 2 OUTPUT Lhs.0, Lhs.2, Lhs.3, Lhs.4, Lhs.5
                         return r1

```
 2025-03-06 09:02:42 +01:00
dependabot[bot]
1037626a28 Bump the extractor-dependencies group in /go/extractor with 2 updates 
Bumps the extractor-dependencies group in /go/extractor with 2 updates: [golang.org/x/mod](https://github.com/golang/mod) and [golang.org/x/tools](https://github.com/golang/tools).


Updates `golang.org/x/mod` from 0.23.0 to 0.24.0
- [Commits](https://github.com/golang/mod/compare/v0.23.0...v0.24.0)

Updates `golang.org/x/tools` from 0.30.0 to 0.31.0
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.30.0...v0.31.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
- dependency-name: golang.org/x/tools
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-03-06 04:02:51 +00:00
Joe Farebrother
a06de21f45 Python: Include py/not-named-self and py/not-named-cls in the CCR suite. 2025-03-05 15:13:20 +00:00
Michael Nebel
c73eeec814 C#: Add change note. 2025-03-05 15:33:02 +01:00
Michael Nebel
dd7d5d031c C#: Update test expected output. 2025-03-05 15:27:01 +01:00
Michael Nebel
35fbaf4ac3 C#: Do flag empty if statements if there is a comment in cs/useless-if-statement. 2025-03-05 15:26:39 +01:00
Michael Nebel
361bdfac12 C#: Add a testcase with an empty if statement containing a comment. 2025-03-05 15:22:22 +01:00
Owen Mansel-Chan
f2947f7066 Fix indentation 2025-03-05 14:13:53 +00:00
Michael Nebel
a9d45a2aa2 C#: Add some tests for cs/useless-if-statement. 2025-03-05 14:32:41 +01:00
Lukas Abfalterer
b4c75d832c Merge branch 'main' into cwe-925 2025-03-05 14:15:07 +01:00
Anders Schack-Mulligen
c6761db2fc SSA: Replace the Guards interface in the SSA data flow integration. 2025-03-05 13:29:31 +01:00
Anders Schack-Mulligen
a02735326a Ruby: Remove some DefinitionExt references and deprecate the rest. 2025-03-05 12:57:15 +01:00
Lukas Abfalterer
41e9a837e5 Fix naming 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2025-03-05 12:50:54 +01:00
Mathias Vorreiter Pedersen
38bf9c6835 Merge pull request #18908 from aschackmull/cpp/branchlimit-adjustment-refactor 
C++: Change countNumberOfBranchesUsingParameter to match qldoc closer.
 2025-03-05 11:21:38 +00:00
Anders Schack-Mulligen
709d36b502 Merge pull request #18869 from aschackmull/ssa/refactor3 
Ssa: Update qltests including consistency checks
 2025-03-05 11:40:27 +01:00
Lukas Abfalterer
c9b75afc2a Fix QLL and add change notes with tests 2025-03-05 10:23:35 +01:00
Michael Nebel
5c931fa897 C#: Improve comments. 2025-03-05 09:50:52 +01:00
Michael Nebel
d5ee93dbbc C#: Anonymous types should not be considered unknown. 2025-03-05 09:04:58 +01:00
Michael Nebel
3b764b0640 C#: Update test expected output. 2025-03-05 09:04:56 +01:00
Michael Nebel
fc5a49ef84 C#: Handle some broken types in BMN. 2025-03-05 09:04:54 +01:00
Michael Nebel
e835d8b168 C#: Change the populate logic context. It looks like a mistake that the only flag set is Standalone. 2025-03-05 09:04:53 +01:00