hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,264 Commits 1,671 Branches 157 Tags
a1671ea8af6d2661b32b379f27e6c875224e6d87
Commit Graph

83264 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
yoff
a1671ea8af java: small cleanups 
- add missing qldoc
- remove use of `getErasure`
- remove use of `getTypeDescriptor`
- define `ExposedField`
 2025-10-09 09:16:25 +02:00
yoff
821b1de5b3 java: inline char pred 2025-10-09 09:16:25 +02:00
yoff
01ddc11fa7 java: address some review comments 2025-10-09 09:16:25 +02:00
yoff
77734f83d5 java: better detection of thread safe fields. 
Identified by triage of DCA results.
Previously, we did not use the erased type, so would not recgnize `CompletableFuture<R>`.
We now also recognize safe initializers.
 2025-10-09 09:16:25 +02:00
yoff
bf138693a3 java: update expectations for java-code-quality suite 2025-10-09 09:16:07 +02:00
yoff
096d5f2a56 java: implement SCC contraction of the call graph 
Our monitor analysis would be fooled by cycles in the call graph,
since it required all edges on a path to a conflicting access to be either
 - targetting a method where the access is monitored (recursively) or
 - monitored locally, that is the call is monitored in the calling method
For access to be monitored (first case) all outgoing edges (towards an access) need
to satisfy this property. For a loop, that is too strong, only edges out of the loop
actually need to be protected. This led to FPs.
 2025-10-09 09:14:16 +02:00
yoff
5b30153113 java: add Escaping query (P1) 2025-10-09 09:14:16 +02:00
yoff
328b53576a java: add SafePublication query (P2) 2025-10-09 09:14:16 +02:00
yoff
fe487e8bf0 java: add ThreadSafe query (P3) 
Co-authored-by: Raúl Pardo <raul.pardo@protonmail.com>
Co-authored-by: SimonJorgensenMancofi <simon.jorgensen@mancofi.dk>
Co-authored-by: Bjørnar Haugstad Jåtten <bjornjaat@hotmail.com>
 2025-10-09 09:14:16 +02:00
Jon Janego
83519a9fcc Merge pull request #20606 from github/changedocs-2.23.2 
changedocs for 2.23.2
 2025-10-08 11:07:58 -05:00
Jon Janego
4534d67107 Merge branch 'main' into changedocs-2.23.2 2025-10-08 11:00:45 -05:00
Jon Janego
9c610e8bab Update links in CodeQL CLI changelog 2025-10-08 10:57:17 -05:00
Jon Janego
f8626cd417 changedocs for 2.23.2 2025-10-08 10:42:10 -05:00
Geoffrey White
d39c8d155c Merge pull request #20574 from geoffw0/rustga3 
Rust: Docs updates
 2025-10-08 11:04:29 +01:00
Anders Schack-Mulligen
2d9b249367 Merge pull request #20600 from aschackmull/java/constant-exp-fix 
Java: Fix bug in ConstantExpAppearsNonConstant.
 2025-10-08 11:40:50 +02:00
Michael Nebel
4cc6a07620 Merge pull request #20593 from michaelnebel/csharp/reducetypeparameterandtuplelocations 
C#: Reduce Type Parameter- and Tuple type location extraction.
 2025-10-08 11:36:32 +02:00
Anders Schack-Mulligen
99f5dcaaa4 Java: Fix bug in ConstantExpAppearsNonConstant. 2025-10-08 10:32:51 +02:00
Michael Nebel
cdfa58645a C#: Add change-note. 2025-10-08 10:14:51 +02:00
Idriss Riouak
28fe20e3e4 Merge pull request #20595 from github/idrissrio/java-lambda 
Java: Add integration test for buildless lambda recovery
 2025-10-08 09:53:29 +02:00
Paolo Tranquilli
75a7507017 Merge pull request #20590 from github/redsun82/rust-test-compatibility 
Rust: test with the 1.90 toolchain
 2025-10-08 09:00:30 +02:00
Asger F
10c9b747a5 Merge pull request #20586 from asgerf/js/api-graphs-block-this 
JS: Restrict receiver-flow in API graphs
 2025-10-08 08:41:56 +02:00
Ian Lynagh
2918d30697 Merge pull request #20597 from github/igfoo/bmn-ga 
C++: Add a changenote for C/C++ BMN GA
 2025-10-07 22:57:32 +01:00
Alexander Eyers-Taylor
825d3709d8 Merge pull request #20386 from github/alexet/overlay-informed-dataflow 
Dataflow: Overlay informed dataflow.
 2025-10-07 20:22:57 +01:00
Alex Eyers-Taylor
193cd46a76 DataFlow: Adress comments on overlay informed dataflow 2025-10-07 17:52:12 +01:00
Alex Eyers-Taylor
7a8d2392ee Daatflow: Fix bug 2025-10-07 17:52:12 +01:00
Alex Eyers-Taylor
542bdf0792 Java: Use Overlay dataflow in java. 2025-10-07 17:52:12 +01:00
Alex Eyers-Taylor
3c110f2eb8 DataFlow: Add code for merging base with overlay. 2025-10-07 17:52:12 +01:00
Alex Eyers-Taylor
c49e2ab2da DataFlow: Add code to do overlay informed dataflow. 2025-10-07 17:52:12 +01:00
Alex Eyers-Taylor
82e4fc9f0f AlertFiltering: Expose filtering further. 2025-10-07 17:52:12 +01:00
Alex Eyers-Taylor
8c02130bcf DataFlow: Rearrange files to group the parts that can be shared with overlay aware. 2025-10-07 17:52:12 +01:00
Ian Lynagh
791a92b146 C++: Add a changenote for C/C++ BMN GA 2025-10-07 17:32:36 +01:00
idrissrio
f69e5f5ffc Java: Accept new test results after extractor changes 2025-10-07 16:55:53 +02:00
idrissrio
55b15a261a Java: Add integration test for buildless lambda recovery 2025-10-07 16:55:52 +02:00
Michael Nebel
eb84b1441a C#: Add some locations tests for type parameters and tuple types. 2025-10-07 15:26:33 +02:00
Michael Nebel
f0842e430d C#: Respect the context when extracting locations for type parameters and tuple typles. 2025-10-07 15:26:31 +02:00
Anders Schack-Mulligen
18e33b193e Merge pull request #20589 from aschackmull/java/array-entrypoint-read-taint 
Java: Allow taint-read-steps for array sources.
 2025-10-07 15:04:03 +02:00
Michael Nebel
ea4d4751f3 Merge pull request #20581 from michaelnebel/csharp/reducetyplocationtuples 
C#: Reduce location tuple extraction for named types.
 2025-10-07 14:50:36 +02:00
Paolo Tranquilli
122b7ebba8 Rust: accept test changes 2025-10-07 14:49:08 +02:00
Michael Nebel
584d8c5377 C#: Add change-note. 2025-10-07 14:24:21 +02:00
Anders Schack-Mulligen
7dadbc43fb Java: Add change note. 2025-10-07 13:51:49 +02:00
Owen Mansel-Chan
b0c8fcda35 Merge pull request #20591 from owen-mc/shared/update-inline-expectations-qldoc 
Shared: Correct comment about empty `.expected` file
 2025-10-07 12:47:11 +01:00
Anders Schack-Mulligen
f0bfd7053e Java: Add test case. 2025-10-07 13:40:44 +02:00
Kasper Svendsen
0396756cd9 Merge pull request #20184 from Marcono1234/patch-1 
Doc: Fix link to `warnOnImplicitThis` GitHub docs
 2025-10-07 13:08:32 +02:00
Kasper Svendsen
74fb46c849 Merge branch 'main' into patch-1 2025-10-07 12:59:56 +02:00
Owen Mansel-Chan
bf76cab7e0 Correct comment about empty .expected file 2025-10-07 11:48:25 +01:00
Idriss Riouak
c809cce170 Merge pull request #20588 from github/idrissrio/macos-26 
Java: Fix buildless test HTTP server binding on macOS26
 2025-10-07 12:17:51 +02:00
Paolo Tranquilli
ace2ff5775 Rust: test with the 1.90 toolchain 2025-10-07 11:32:20 +02:00
Anders Schack-Mulligen
11665bea0a Java: Allow taint-read-steps for array sources. 2025-10-07 10:10:02 +02:00
Michael Nebel
f9d62a0efc C#: Narrow the use of unbound declaration locations to nested types. 2025-10-07 09:43:39 +02:00
idrissrio
5c6d187ef2 Java: Fix buildless test HTTP server binding on macOS26 2025-10-07 09:24:55 +02:00