hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 04:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity
77,038 Commits 1,741 Branches 166 Tags
aed51644ba49f3582d6583028acaab618bde505c
Commit Graph

77038 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
3d0e44e156 Rust: Accept consistency check failures. 2025-03-07 16:05:01 +00:00
Michael Nebel
3f8679a099 C#: Update test expected output. 2025-03-07 16:00:28 +01:00
Geoffrey White
fe139e5bea Rust: Rearrange the unused variable query logic so that it's clearer what the comments apply to. 2025-03-07 14:55:34 +00:00
Geoffrey White
cc902a6ad1 Rust: Fix unused value FPs due to unexpanded macro calls as well. 2025-03-07 14:48:27 +00:00
Geoffrey White
e0839a369c Rust: Fix unused variable FPs due to unexpanded macro calls. 2025-03-07 14:40:02 +00:00
Geoffrey White
b2e3352aa8 Rust: Add a few more macro tests. 2025-03-07 14:36:26 +00:00
Anders Schack-Mulligen
d075466958 Merge pull request #18941 from aschackmull/ssa/refactor4 
Ssa: Extend consistency checks and reduce phi read nodes
 2025-03-07 15:18:02 +01:00
Michael Nebel
7a99dfaebe C#: Do flag missing Dispose calls on Task and Task<>. 2025-03-07 15:14:07 +01:00
Taus
cef8f7b123 Merge pull request #18739 from paldepind/change-note-script-editor 
Change note creation script uses EDITOR environment variable
 2025-03-07 14:53:14 +01:00
Michael Nebel
f58c72ed59 C#: Add example for local not disposed involving tasks. 2025-03-07 14:44:29 +01:00
Michael Nebel
3903a90a11 C#: Update expected test output. 2025-03-07 13:22:37 +01:00
Michael Nebel
b5ea34fcf3 C#: We can't do any reasoning based on unknown types on whether they match in a pattern. 2025-03-07 13:22:35 +01:00
Michael Nebel
5c0fc1f75b C#: Add BMN tests for cs/constant-condition. 2025-03-07 13:22:34 +01:00
Michael Nebel
431586bb70 C#: Make the same folder structure for BMN tests as used for traced extractor tests. 2025-03-07 13:22:32 +01:00
Simon Friis Vindum
494f914070 Rust: Add regular expression injection query 2025-03-07 12:37:30 +01:00
Geoffrey White
abe14babb1 Rust: Clean up the existing macro cases for the unusedentities test. 2025-03-07 11:24:42 +00:00
Anders Schack-Mulligen
3508ca89e6 Java: Restrict SSA reads to the reachable CFG. 2025-03-07 11:13:53 +01:00
Anders Schack-Mulligen
b1e53f5816 Rust: Accept consistency failure. 2025-03-07 11:11:49 +01:00
Jeroen Ketema
87ee191409 Merge pull request #18928 from jketema/desc 
C++: Improve query description and fix alignment of the text
 2025-03-07 10:47:31 +01:00
Michael Nebel
c9796ee297 C#: Add cs/call-to-object-tostring to the CCR query suite. 2025-03-07 09:52:08 +01:00
Michael Nebel
82b7a19df1 Merge pull request #18894 from michaelnebel/csharp/garbagetypes 
C#: Handle some BMN garbage types.
 2025-03-07 09:19:48 +01:00
Napalys
e0f20b2bd1 Add RegExpIntersection class to support intersection terms in regex 2025-03-07 08:58:19 +01:00
Simon Friis Vindum
fc186eb136 Include -r flag to code when creating change note 
Co-authored-by: Taus <tausbn@github.com>
 2025-03-07 08:47:21 +01:00
Napalys
9cc26208d4 Add test cases for v flag operators in RegExp library-tests. 2025-03-07 08:32:10 +01:00
Andrew Eisenberg
2a0e133768 Move UnversionedImmutableAction.ql to experimental 
This query will give too many false positives for users until
immutable actions is released.
 2025-03-06 15:08:02 -08:00
Tom Hvitved
5c3f21b20c Merge pull request #18937 from hvitved/rust/fix-bad-joins 
Rust: Fix bad joins
 2025-03-06 19:11:31 +01:00
Napalys
c12c12c416 Added modeling for react-relay functions that retrieve data. 2025-03-06 18:30:21 +01:00
Napalys
5a1991bb69 Added test cases for react-relay functions that retrieve data 2025-03-06 18:10:27 +01:00
Napalys
89040d0d06 Added missing response and request MaD source kinds. 2025-03-06 18:10:25 +01:00
Napalys
0166e76cca Add change note 2025-03-06 18:10:24 +01:00
Napalys
1443f314a1 Added react-relay useFragment as threat model source. 2025-03-06 18:10:23 +01:00
Napalys
1e3b8625e6 Added a test case where useFragment from react-relay should be marked as a source but isn't 2025-03-06 18:10:21 +01:00
Anders Schack-Mulligen
da579c27fc Merge pull request #18934 from aschackmull/ssa/refactor5 
SSA: Replace the Guards interface in the SSA data flow integration.
 2025-03-06 15:11:52 +01:00
Taus
6546bb1b1d Merge branch 'main' into tausbn/python-fix-match-pruning-logic 2025-03-06 14:37:58 +01:00
Anders Schack-Mulligen
97a3411c0c Ruby: Accept test output. 2025-03-06 13:58:14 +01:00
Michael Nebel
61c043fd4a Merge pull request #18935 from michaelnebel/csharp/useless-if-statement 
C#: Fewer alerts in `cs/useless-if-statement`.
 2025-03-06 13:53:20 +01:00
Taus
a9ab39da1b Merge pull request #18448 from github/tausbn/python-add-type-annotation-metrics-query 
Python: Add metrics query for type annotations
 2025-03-06 13:52:26 +01:00
Anders Schack-Mulligen
5e722eecf7 Ruby: Push in casts to Definition to delete the then unused DefinitionExt. 2025-03-06 13:31:31 +01:00
Anders Schack-Mulligen
9e6bdbbcbb SSA: Don't add phi-reads for frontiers of uncertain reads. 2025-03-06 12:47:38 +01:00
Anders Schack-Mulligen
947a85ed28 Java: Enable SSA consistency queries. 2025-03-06 12:47:38 +01:00
Anders Schack-Mulligen
d95114fb1d SSA: Extend consistency queries. 2025-03-06 12:47:37 +01:00
Michael Nebel
fb3ce464be C#: Address review comments. 2025-03-06 11:48:35 +01:00
Michael B. Gale
7e984ad48e Merge pull request #18938 from github/dependabot/go_modules/go/extractor/extractor-dependencies-94582fc3a1 
Bump the extractor-dependencies group in /go/extractor with 2 updates
 2025-03-06 10:47:50 +00:00
Owen Mansel-Chan
7b2912376b Add failing test for os.File.Sync with defered Close calls 2025-03-06 10:14:28 +00:00
Owen Mansel-Chan
cbe7edd9c6 Merge pull request #18907 from teuron/cwe-925 
[CWE-925] Intent verification is only needed on non-empty onReceive methods.
 2025-03-06 10:00:05 +00:00
Joe Farebrother
2692b8fa9f Merge pull request #18936 from joefarebrother/python-add-not-named-self-cls-ccr 
Python: Include `py/not-named-self` and `py/not-named-cls` in the CCR suite
 2025-03-06 09:51:14 +00:00
Owen Mansel-Chan
0c091ffe31 Merge pull request #18920 from owen-mc/go/mad/improve-sync-models 
Go: Do not track taint into a `sync.Map` via the key of a key-value pair
 2025-03-06 09:40:49 +00:00
Lukas Abfalterer
32e1589745 Update java/ql/src/change-notes/2025-03-03-fix-improper-intent-verification-query.md 
Co-authored-by: Edward Minnix III <egregius313@github.com>
 2025-03-06 09:57:16 +01:00
Tom Hvitved
ec063d0dbd Rust: Fix bad joins 
```
Evaluated relational algebra for predicate _Synth::Synth::TFormatArgument#5cbf2ffd_63#join_rhs__Format::Format.getArgumentRef/0#dispred#38d664c__#antijoin_rhs@889ee4br with tuple counts:
           11356  ~0%    {5} r1 = JOIN `_Format::Format.getArgumentRef/0#dispred#38d664cb_Format::Format.getParent/0#dispred#f6ec3e8b_10#joi__#shared` WITH Synth::Synth::TFormatArgument#5cbf2ffd_63#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3, Lhs.0
        19631351  ~0%    {6}    | JOIN WITH name_texts_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3, Lhs.4, Lhs.0
           45933  ~0%    {6}    | JOIN WITH format_args_arg_names_10#join_rhs ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Lhs.2, Lhs.3, Lhs.4, Lhs.5
             747  ~0%    {5}    | JOIN WITH format_args_expr_args_02#join_rhs ON FIRST 2 OUTPUT Lhs.0, Lhs.2, Lhs.3, Lhs.4, Lhs.5
                         return r1

Evaluated relational algebra for predicate __Format::Format.getParent/0#dispred#f6ec3e8b_FormatArgument::FormatArgument.getParent/0#dispred#864__#antijoin_rhs@01d9d70k with tuple counts:
        19631351  ~1%    {6} r1 = JOIN `_Format::Format.getParent/0#dispred#f6ec3e8b_FormatArgument::FormatArgument.getParent/0#dispred#8641__#shared` WITH name_texts_10#join_rhs ON FIRST 1 OUTPUT Lhs.4, Lhs.0, Lhs.1, Lhs.2, Lhs.3, Rhs.1
         5173010  ~0%    {7}    | JOIN WITH format_args_expr_args ON FIRST 1 OUTPUT Rhs.2, Lhs.5, Lhs.1, Lhs.2, Lhs.3, Lhs.4, Lhs.0
             747  ~0%    {5}    | JOIN WITH format_args_arg_names ON FIRST 2 OUTPUT Lhs.2, Lhs.3, Lhs.4, Lhs.5, Lhs.6
                         return r1

Evaluated relational algebra for predicate _NamedFormatArgument::NamedFormatArgument#18940f8e__Format::Format.getParent/0#dispred#f6ec3e8b_10#j__#antijoin_rhs@dafbd6hr with tuple counts:
           11356  ~0%    {5} r1 = JOIN `_Format::Format.getParent/0#dispred#f6ec3e8b_10#join_rhs_FormatArgument::FormatArgument.getParent/0#__#shared` WITH NamedFormatArgument::NamedFormatArgument#18940f8e ON FIRST 1 OUTPUT Rhs.4, Lhs.1, Lhs.2, Lhs.3, Lhs.0
        19631351  ~0%    {6}    | JOIN WITH name_texts_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3, Lhs.4, Lhs.0
           45933  ~0%    {6}    | JOIN WITH format_args_arg_names_10#join_rhs ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Lhs.2, Lhs.3, Lhs.4, Lhs.5
             747  ~0%    {5}    | JOIN WITH format_args_expr_args_02#join_rhs ON FIRST 2 OUTPUT Lhs.0, Lhs.2, Lhs.3, Lhs.4, Lhs.5
                         return r1

```
 2025-03-06 09:02:42 +01:00
dependabot[bot]
1037626a28 Bump the extractor-dependencies group in /go/extractor with 2 updates 
Bumps the extractor-dependencies group in /go/extractor with 2 updates: [golang.org/x/mod](https://github.com/golang/mod) and [golang.org/x/tools](https://github.com/golang/tools).


Updates `golang.org/x/mod` from 0.23.0 to 0.24.0
- [Commits](https://github.com/golang/mod/compare/v0.23.0...v0.24.0)

Updates `golang.org/x/tools` from 0.30.0 to 0.31.0
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.30.0...v0.31.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
- dependency-name: golang.org/x/tools
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-03-06 04:02:51 +00:00