hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-11 10:04:02 +02:00
Code Issues Packages Projects Releases Wiki Activity
79,705 Commits 1,740 Branches 164 Tags
bcfc00922817accaba539a9ecceb7cbae26916ec
Commit Graph

79705 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Paolo Tranquilli
bcfc009228 Merge branch 'main' into redsun82/mad 2025-06-10 10:53:52 +02:00
Paolo Tranquilli
e6056f9dfc Update rust/ql/test/query-tests/security/CWE-770/main.rs 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2025-06-10 10:52:18 +02:00
Chuan-kai Lin
c1c0a705b9 Merge pull request #19704 from github/post-release-prep/codeql-cli-2.22.0 
Post-release preparation for codeql-cli-2.22.0
 2025-06-09 12:54:57 -07:00
github-actions[bot]
21463a9653 Post-release preparation for codeql-cli-2.22.0 2025-06-09 18:50:20 +00:00
Chuan-kai Lin
4d681f05bd Merge pull request #19703 from github/release-prep/2.22.0 
Release preparation for version 2.22.0
codeql-cli/v2.22.0 		2025-06-09 11:19:39 -07:00
github-actions[bot]
88ba02edf8 Release preparation for version 2.22.0 2025-06-09 18:14:51 +00:00
Aditya Sharad
98186e3f0e Merge pull request #19700 from adityasharad/actions/validate-change-notes 
CI: Expand list of packs/languages for change note validation
 2025-06-09 22:13:30 +05:30
Aditya Sharad
9f60335b66 CI: Expand list of packs/languages for change note validation 2025-06-09 08:48:16 -07:00
Jeroen Ketema
ef210b8f5e Merge pull request #19678 from jketema/swift-6.1.2 
Swift: Update to Swift 6.1.2
 2025-06-09 17:19:42 +02:00
Chuan-kai Lin
68d2c132b2 Merge pull request #19699 from github/cklin/rc-3.18-mergeback 
Merge rc/3.18 back to main
 2025-06-09 08:15:58 -07:00
Chuan-kai Lin
631502e129 Merge branch 'main' into cklin/rc-3.18-mergeback 2025-06-09 07:19:40 -07:00
Jeroen Ketema
428b48dfe7 Merge pull request #19679 from jketema/stats 
C++: Update stats file after changes to DCA source suite
 2025-06-09 12:39:33 +02:00
Paolo Tranquilli
d6d13b9164 MaD generator: use decompress terminology instead of extract 2025-06-06 17:36:05 +02:00
Owen Mansel-Chan
ef5e605cc4 Merge pull request #19386 from owen-mc/go/promote/html-template-escaping-bypass-xss 
Go: promote `html-template-escaping-bypass-xss`
 2025-06-06 12:36:27 +01:00
Jeroen Ketema
1f7a6ba538 Swift: Update LFS 2025-06-06 11:18:21 +02:00
Owen Mansel-Chan
5bfed770ef Merge pull request #19683 from github/dependabot/go_modules/go/extractor/extractor-dependencies-e08f8ad452 
Bump the extractor-dependencies group in /go/extractor with 2 updates
 2025-06-06 09:56:09 +01:00
Jeroen Ketema
86f425d2fc C++: Fix join-order problem after stats file update 
Before the fix:
```
Pipeline standard for AVRule79::exprReleases/3#e849cdd3@f2995ebb was evaluated in 5 iterations totaling 168745ms (delta sizes total: 12583).
              85855    ~0%    {2} r1 = SCAN `AVRule79::exprReleases/3#e849cdd3#prev_delta` OUTPUT In.1, In.2

              85855    ~0%    {2} r2 = JOIN r1 WITH `AVRule79::exprOrDereference/1#c20425a1_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1
             115767    ~6%    {2}    | JOIN WITH `ASTValueNumbering::GVN.getAnExpr/0#dispred#a14f45bf_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1
             333369   ~18%    {2}    | JOIN WITH `ASTValueNumbering::GVN.getAnExpr/0#dispred#a14f45bf` ON FIRST 1 OUTPUT Rhs.1, Lhs.1
             266264  ~204%    {2}    | JOIN WITH `Access::Access.getTarget/0#dispred#cf25c8aa` ON FIRST 1 OUTPUT Rhs.1, Lhs.1
              16379   ~21%    {3}    | JOIN WITH `Function::Function.getParameter/1#dispred#200dcf26_201#join_rhs` ON FIRST 1 OUTPUT Rhs.2, Lhs.1, Rhs.1

        13117819221    ~0%    {4} r3 = JOIN r2 WITH `Call::Call.getArgument/1#dispred#ada436ba_102#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.2, Lhs.1, Rhs.2
              10477    ~3%    {3}    | JOIN WITH `Call::FunctionCall.getTarget/0#dispred#935da4c5` ON FIRST 2 OUTPUT Lhs.0, Lhs.3, Lhs.2

        13117819221    ~1%    {4} r4 = JOIN r2 WITH `Call::Call.getArgument/1#dispred#ada436ba_102#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Rhs.2
        13022632157    ~1%    {5}    | JOIN WITH `Call::FunctionCall.getTarget/0#dispred#935da4c5` ON FIRST 1 OUTPUT Rhs.1, Lhs.2, Lhs.1, Lhs.0, Lhs.3
               3720   ~70%    {3}    | JOIN WITH `#MemberFunction::MemberFunction.getAnOverridingFunction/0#dispred#a6e65b9ePlus` ON FIRST 2 OUTPUT Lhs.3, Lhs.4, Lhs.2

             115767    ~6%    {2} r5 = JOIN r1 WITH `ASTValueNumbering::GVN.getAnExpr/0#dispred#a14f45bf_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1
             333367   ~20%    {3}    | JOIN WITH `ASTValueNumbering::GVN.getAnExpr/0#dispred#a14f45bf` ON FIRST 1 OUTPUT Rhs.1, _, Lhs.1
             333367   ~12%    {3}    | REWRITE WITH Out.1 := 85
                  4    ~0%    {2}    | JOIN WITH exprs ON FIRST 2 OUTPUT Lhs.0, Lhs.2
                  4  ~100%    {2}    | JOIN WITH `Expr::Expr.getEnclosingFunction/0#dispred#3960f06c` ON FIRST 1 OUTPUT Rhs.1, Lhs.1

                  0    ~0%    {2} r6 = JOIN r5 WITH `Call::FunctionCall.getTarget/0#dispred#935da4c5_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1

                  0    ~0%    {2} r7 = JOIN r5 WITH `#MemberFunction::MemberFunction.getAnOverridingFunction/0#dispred#a6e65b9ePlus#swapped` ON FIRST 1 OUTPUT Rhs.1, Lhs.1
                  0    ~0%    {2}    | JOIN WITH `Call::FunctionCall.getTarget/0#dispred#935da4c5_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1

                  0    ~0%    {2} r8 = r6 UNION r7
                  0    ~0%    {3}    | JOIN WITH `Call::Call.getQualifier/0#dispred#7d175544` ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0
                  0    ~0%    {3}    | JOIN WITH `AVRule79::exprOrDereference/1#c20425a1_10#join_rhs` ON FIRST 1 OUTPUT Lhs.2, Rhs.1, Lhs.1

              14197   ~18%    {3} r9 = r3 UNION r4 UNION r8
              12615    ~3%    {3}    | AND NOT `AVRule79::exprReleases/3#e849cdd3#prev`(FIRST 3)
                              return r9
```

After:
```
Pipeline standard for AVRule79::exprReleases/3#e849cdd3@13dead04 was evaluated in 5 iterations totaling 68ms (delta sizes total: 12551).
         85855    ~0%    {2} r1 = SCAN `AVRule79::exprReleases/3#e849cdd3#prev_delta` OUTPUT In.1, In.2

         85855    ~0%    {2} r2 = JOIN r1 WITH `AVRule79::exprOrDereference/1#c20425a1_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1
        115767    ~6%    {2}    | JOIN WITH `ASTValueNumbering::GVN.getAnExpr/0#dispred#a14f45bf_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1
        333443   ~18%    {2}    | JOIN WITH `ASTValueNumbering::GVN.getAnExpr/0#dispred#a14f45bf` ON FIRST 1 OUTPUT Rhs.1, Lhs.1
        265872  ~204%    {2}    | JOIN WITH `Access::Access.getTarget/0#dispred#cf25c8aa` ON FIRST 1 OUTPUT Rhs.1, Lhs.1
         16399   ~27%    {3}    | JOIN WITH `Function::Function.getParameter/1#dispred#200dcf26_201#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Rhs.2

         10489    ~1%    {3} r3 = JOIN r2 WITH `Call::FunctionCall.getTarget/0#dispred#935da4c5_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.2, Lhs.1

          1558   ~80%    {3} r4 = JOIN r2 WITH `#MemberFunction::MemberFunction.getAnOverridingFunction/0#dispred#a6e65b9ePlus#swapped` ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
          2196    ~7%    {3}    | JOIN WITH `Call::FunctionCall.getTarget/0#dispred#935da4c5_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.2, Lhs.1

         12685    ~3%    {3} r5 = r3 UNION r4
         12581    ~3%    {3}    | JOIN WITH `Call::Call.getArgument/1#dispred#ada436ba` ON FIRST 2 OUTPUT Lhs.0, Rhs.2, Lhs.2

        115767    ~6%    {2} r6 = JOIN r1 WITH `ASTValueNumbering::GVN.getAnExpr/0#dispred#a14f45bf_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1
        333443   ~20%    {3}    | JOIN WITH `ASTValueNumbering::GVN.getAnExpr/0#dispred#a14f45bf` ON FIRST 1 OUTPUT Rhs.1, _, Lhs.1
        333443   ~12%    {3}    | REWRITE WITH Out.1 := 85
             4    ~0%    {2}    | JOIN WITH exprs ON FIRST 2 OUTPUT Lhs.0, Lhs.2
             4  ~100%    {2}    | JOIN WITH `Expr::Expr.getEnclosingFunction/0#dispred#3960f06c` ON FIRST 1 OUTPUT Rhs.1, Lhs.1

             0    ~0%    {2} r7 = JOIN r6 WITH `Call::FunctionCall.getTarget/0#dispred#935da4c5_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1

             0    ~0%    {2} r8 = JOIN r6 WITH `#MemberFunction::MemberFunction.getAnOverridingFunction/0#dispred#a6e65b9ePlus#swapped` ON FIRST 1 OUTPUT Rhs.1, Lhs.1
             0    ~0%    {2}    | JOIN WITH `Call::FunctionCall.getTarget/0#dispred#935da4c5_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1

             0    ~0%    {2} r9 = r7 UNION r8
             0    ~0%    {3}    | JOIN WITH `Call::Call.getQualifier/0#dispred#7d175544` ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0
             0    ~0%    {3}    | JOIN WITH `AVRule79::exprOrDereference/1#c20425a1_10#join_rhs` ON FIRST 1 OUTPUT Lhs.2, Rhs.1, Lhs.1

         12581    ~3%    {3} r10 = r5 UNION r9
         12576    ~3%    {3}    | AND NOT `AVRule79::exprReleases/3#e849cdd3#prev`(FIRST 3)
                         return r10
```
 2025-06-06 07:13:26 +02:00
dependabot[bot]
bbabf2c410 Bump the extractor-dependencies group in /go/extractor with 2 updates 
Bumps the extractor-dependencies group in /go/extractor with 2 updates: [golang.org/x/mod](https://github.com/golang/mod) and [golang.org/x/tools](https://github.com/golang/tools).


Updates `golang.org/x/mod` from 0.24.0 to 0.25.0
- [Commits](https://github.com/golang/mod/compare/v0.24.0...v0.25.0)

Updates `golang.org/x/tools` from 0.33.0 to 0.34.0
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.33.0...v0.34.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-version: 0.25.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
- dependency-name: golang.org/x/tools
  dependency-version: 0.34.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-06 03:29:36 +00:00
Owen Mansel-Chan
238a3021d0 Merge pull request #19673 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2025-06-05 19:44:44 +01:00
Chris Smowton
fbae3062d3 Merge pull request #19675 from github/smowton/fix/abstract-env 
Actions: Make `Env` non-abstract
 2025-06-05 16:50:11 +01:00
Jeroen Ketema
99ef4c7b38 Merge pull request #19533 from github/idrissrio/constexpr 
C++: accept new test results after changes
 2025-06-05 16:53:34 +02:00
Paolo Tranquilli
e1eb1f6345 Rust: address review 
Also fix some minor things in `bulk_generate_mad.py`.
 2025-06-05 16:03:40 +02:00
Jeroen Ketema
057d3ebfdf C++: Update stats file after changes to DCA source suite 2025-06-05 15:57:55 +02:00
Jeroen Ketema
5b5d855808 Swift: Remove empty line from change note 2025-06-05 14:47:10 +02:00
Jeroen Ketema
3f89dd3c4e Swift: Update to Swift 6.1.2 2025-06-05 14:16:18 +02:00
Chris Smowton
338d3834c4 Actions: Make Env non-abstract 
`class Env` was previously abstract with no concrete descendants, so user queries like `any(Env e | ...)` would never produce results.

In the JS library the corresponding class derived from `YamlNode` and has concrete descendants representing workflow-, job- and step-level `env` nodes. However these are dubiously useful since you can always just use `any(Step s).getEnv()` to achieve the same result. Since `EnvImpl` already fully characterises an `env` node, I simply make the class concrete.
 2025-06-05 10:21:24 +01:00
Paolo Tranquilli
6162cf5dbb Rust: accept test changes 2025-06-05 10:52:59 +02:00
Paolo Tranquilli
ec77eb3ec8 Rust: regenerate MaD models 2025-06-05 10:08:47 +02:00
Paolo Tranquilli
f4bbef9769 Rust: switch to DCA strategy for MaD bulk generation 2025-06-05 10:08:30 +02:00
Paolo Tranquilli
530b990dd5 MaD generator: some final minor tweaks 2025-06-05 10:08:01 +02:00
Paolo Tranquilli
ee7eb86a1d MaD: make bulk generator cleanup downloaded DBs 2025-06-05 09:31:24 +02:00
Paolo Tranquilli
4f47ee2e72 MaD: make bulk generator DCA strategy download DBs in parallel 2025-06-05 09:30:02 +02:00
Paolo Tranquilli
fbd50583fe MaD generator: move bulk generation config files one directory up 2025-06-05 08:50:48 +02:00
Paolo Tranquilli
31954fa794 MaD generator: make bulk generator executable 2025-06-05 08:49:15 +02:00
Paolo Tranquilli
d5c16d6092 MaD generator: reformat 2025-06-05 08:48:01 +02:00
Paolo Tranquilli
900a3b0992 MaD generator: only pick up last database on comparison DCAs 2025-06-05 08:47:45 +02:00
Paolo Tranquilli
31d1604337 Bulk model generator: switch from json to yml configuration files 2025-06-05 08:37:43 +02:00
github-actions[bot]
401911e185 Add changed framework coverage reports 2025-06-05 00:24:03 +00:00
Tom Hvitved
76c6d7104d Merge pull request #19669 from hvitved/rust/external-location-post-processing 
Rust: Remove external locations in tests using post-processing
 2025-06-04 16:52:40 +02:00
idrissrio
149c53bef6 C++: accept new test results after changes 2025-06-04 16:51:29 +02:00
Arthur Baars
189c16b7bc Merge pull request #19630 from github/aibaars/qldoc-ast 
Rust: add documentation for AST nodes
 2025-06-04 16:04:56 +02:00
Arthur Baars
39851bcab4 Rust: update expected output 2025-06-04 15:44:36 +02:00
Arthur Baars
e87878298e Rust: run codegen 2025-06-04 15:41:52 +02:00
Arthur Baars
7a13c981b8 Rust: address comments 2025-06-04 15:38:23 +02:00
Napalys Klicius
5419285091 Merge pull request #19544 from Napalys/js/quality/stream_pipe 
JS: new `Quality` query - Unhandled errors in `.pipe()` chain
 2025-06-04 15:34:41 +02:00
Jeroen Ketema
2e6794e16c Merge pull request #18931 from jketema/frontend-upgrade 
C++: Update expected test results and compiler version documentation after frontend update
 2025-06-04 14:34:53 +02:00
Jeroen Ketema
129f259f1a C++: Update supported compiler versions after frontend update 2025-06-04 14:03:44 +02:00
Jeroen Ketema
0e34ee18df C++: Update expected test results after frontend update 2025-06-04 14:03:43 +02:00
Tom Hvitved
aa0fc05df8 Rust: Remove external locations in tests using post-processing 2025-06-04 13:07:43 +02:00
Owen Mansel-Chan
e7e4286233 Merge pull request #19561 from owen-mc/go/mad/bigquery-sql-injection-sink 
Go: Add BigQuery as a sink for SQLi queries #2
 2025-06-04 11:36:18 +01:00