hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-12 05:01:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
85,799 Commits 1,690 Branches 160 Tags
c15ad31b07bb417d12a7de165edd2e6be052d097
Commit Graph

85799 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Nebel
9a4a6cfcb8 C#: Add ExtensionType to the QL library. 2026-02-05 15:38:07 +01:00
Michael Nebel
edfdc9812f C#: Extract extension types and members. Replacing invocations to static generated methods with invocation of extension type member. 2026-02-05 15:38:05 +01:00
Michael Nebel
ab505e3281 C#: Add class for making synthetic parameter entities. 2026-02-05 15:38:02 +01:00
Taus
8c27437628 Python: Bump extractor version and add change note 2026-02-05 13:50:54 +00:00
Taus
12ee93042b Python: Add tests 2026-02-05 13:47:24 +00:00
Taus
bac356c9a1 Python: Regenerate parser files 2026-02-05 13:46:59 +00:00
Taus
68c1a3d389 Python: Fix syntax error when = is used as a format fill character 
An example (provided by @redsun82) is the string `f"{x:=^20}"`. Parsing
this (with unnamed nodes shown) illustrates the problem:

```
module [0, 0] - [2, 0]
  expression_statement [0, 0] - [0, 11]
    string [0, 0] - [0, 11]
      string_start [0, 0] - [0, 2]
      interpolation [0, 2] - [0, 10]
        "{" [0, 2] - [0, 3]
        expression: named_expression [0, 3] - [0, 9]
          name: identifier [0, 3] - [0, 4]
          ":=" [0, 4] - [0, 6]
          ERROR [0, 6] - [0, 7]
            "^" [0, 6] - [0, 7]
          value: integer [0, 7] - [0, 9]
        "}" [0, 9] - [0, 10]
      string_end [0, 10] - [0, 11]
```
Observe that we've managed to combine the format specifier token `:` and
the fill character `=` in a single token (which doesn't match the `:` we
expect in the grammar rule), and hence we get a syntax error.

If we change the `=` to some other character (e.g. a `-`), we instead
get

```
module [0, 0] - [2, 0]
  expression_statement [0, 0] - [0, 11]
    string [0, 0] - [0, 11]
      string_start [0, 0] - [0, 2]
      interpolation [0, 2] - [0, 10]
        "{" [0, 2] - [0, 3]
        expression: identifier [0, 3] - [0, 4]
        format_specifier: format_specifier [0, 4] - [0, 9]
          ":" [0, 4] - [0, 5]
        "}" [0, 9] - [0, 10]
      string_end [0, 10] - [0, 11]
```
and in particular no syntax error.

To fix this, we want to ensure that the `:` is lexed on its own, and the
`token(prec(1, ...))` construction can be used to do exactly this.

Finally, you may wonder why `=` is special here. I think what's going on
is that the lexer knows that `:=` is a token on its own (because it's
used in the walrus operator), and so it greedily consumes the following
`=` with this in mind.
 2026-02-05 13:45:54 +00:00
Tom Hvitved
2764d697d2 Rust: Merge Input1 and Input2 modules 2026-02-05 14:29:46 +01:00
Tom Hvitved
c62d95ac9d Rust: More type inference tests 2026-02-05 14:29:41 +01:00
Paolo Tranquilli
05bef12ddd Merge pull request #21265 from github/redsun82/csharp-csrf-inheritance 
C#: Fix CSRF query to check antiforgery attributes on base classes
 2026-02-05 14:20:30 +01:00
Idriss Riouak
1df3adf021 Merge pull request #21244 from github/idrissrio/cpp/overlay/changes-json 
C/C++ overlay: use files table instead of `overlayChangedFiles` for overlay discard
 2026-02-05 13:15:07 +01:00
Tom Hvitved
025f73301b Rust: Move some overloading tests into a separate file 2026-02-05 12:49:53 +01:00
idrissrio
e26c199426 C/C++ overlay: use files table instead of overlayChangedFiles for overlay discard 2026-02-05 12:43:01 +01:00
Tom Hvitved
1203da1b66 Merge pull request #21253 from paldepind/rust/as-path-trait 
Rust: Resolve `as` paths to trait
 2026-02-05 12:38:16 +01:00
Paolo Tranquilli
f79bd3f4cf C#: accept location changes in test 2026-02-05 12:14:59 +01:00
Mathias Vorreiter Pedersen
476df7de73 Merge pull request #21260 from MathiasVP/add-windows-remote-flow-sources 
C++: Add more Win32 and Azure SDK remote flow sources
 2026-02-05 10:47:03 +00:00
Anders Schack-Mulligen
29e01748b7 Merge pull request #21267 from aschackmull/java/rename-misc 
Java: Rename several AST predicates.
 2026-02-05 11:15:29 +01:00
Anders Schack-Mulligen
11003e685d Java: Fix qldoc 2026-02-05 10:37:19 +01:00
Anders Schack-Mulligen
e4daeec2ca Merge pull request #21268 from aschackmull/java/view-cfg 
Java: Add support for "View CFG" in VSCode.
 2026-02-05 09:48:14 +01:00
Anders Schack-Mulligen
81977f11a1 Cfg: qldoc + overlay fixups. 2026-02-05 08:59:28 +01:00
Anders Schack-Mulligen
32fe12a6dd Java: Delay deprecation a bit. 2026-02-05 08:51:27 +01:00
Anders Schack-Mulligen
83adf793e4 Cfg: Fix compilation. 2026-02-04 15:28:37 +01:00
REDMOND\brodes
0a88425170 Python: Altering SSRF MaD to use 'request-forgery' tag. Update to test cases expected results, off by one line. Changed to using ModelOutput::sinkNode. 2026-02-04 09:04:22 -05:00
Ben Rodes
cd73dcfb04 Merge branch 'main' into azure_python_sdk_url_summary_upstream 2026-02-04 08:55:38 -05:00
Simon Friis Vindum
52dc58172d Merge branch 'main' into rust/as-path-trait 2026-02-04 14:47:57 +01:00
Owen Mansel-Chan
544931f73f Merge pull request #21266 from owen-mc/python/pretty-print-models-in-test 
Python: Pretty print models in test
 2026-02-04 13:46:51 +00:00
Anders Schack-Mulligen
2d02908e7f Java: Add change note. 2026-02-04 14:43:32 +01:00
Anders Schack-Mulligen
4fcf3fbff8 Java: Make loop classes extend LoopStmt and use getBody instead of getStmt. 2026-02-04 14:43:31 +01:00
Anders Schack-Mulligen
6f40ac15b4 Java: Rename ReturnStmt.getResult to getExpr. 2026-02-04 14:43:31 +01:00
Simon Friis Vindum
55ea55a44f Merge pull request #21247 from paldepind/rust/self-types 
Rust: Resolve `Self` paths in type definitions
 2026-02-04 13:41:53 +01:00
Anders Schack-Mulligen
36fa0a22f9 Java: Rename getTrueExpr/getFalseExpr on ConditionalExpr to getThen/getElse. 2026-02-04 13:38:11 +01:00
Michael Nebel
60bb9a9b06 C#: Move some populate methods and location writing methods. 2026-02-04 13:24:21 +01:00
Michael Nebel
c68cd58f70 C#: Add parameter marker interface, allow a type to a parent for parameter and make it possible to specify a parameter position offset. 2026-02-04 13:19:29 +01:00
Michael Nebel
dca10f8740 C#: Add extended_type to the DB scheme. 2026-02-04 12:51:30 +01:00
Owen Mansel-Chan
3f08ff88a4 Pretty print models in test 
Otherwise the tests breaks when unrelated changes are made because the
model numbers change
 2026-02-04 10:52:44 +00:00
Anders Schack-Mulligen
5e6e64b2b7 Java: Rename UnaryExpr.getExpr to getOperand. 2026-02-04 10:50:49 +01:00
Paolo Tranquilli
4973523404 C#: Fix CSRF query to check antiforgery attributes on base classes 
Fixes https://github.com/github/codeql/discussions/21255
 2026-02-04 09:42:20 +01:00
Michael B. Gale
571f21ba49 C#: Emit diagnostic if private registries are configured 2026-02-03 15:28:47 +00:00
Anders Schack-Mulligen
2d61fc5309 Java: Add support for "View CFG". 2026-02-03 15:49:27 +01:00
Michael B. Gale
8e39ed079e Merge pull request #21252 from github/mbg/go/private-registry-diagnostic 
Go: Add diagnostic for private registry usage
 2026-02-03 14:36:19 +00:00
Anders Schack-Mulligen
389cd5d648 Cfg: Extract CFG pretty-printing code. 2026-02-03 15:33:55 +01:00
Mathias Vorreiter Pedersen
092d25451f C++: Fix Copilot comments. 2026-02-03 11:45:30 +00:00
Mathias Vorreiter Pedersen
32b86eca50 C++: Add change note. 2026-02-03 11:40:31 +00:00
Mathias Vorreiter Pedersen
40a58135c2 C++: Accept test changes. 2026-02-03 11:30:55 +00:00
Mathias Vorreiter Pedersen
7ef96e3f3c C++: Add taint-inheriting reads from the Winhttp structs. 2026-02-03 11:30:31 +00:00
Mathias Vorreiter Pedersen
5531ef9bc1 C++: Accept test changes. 2026-02-03 11:17:23 +00:00
Mathias Vorreiter Pedersen
cbc2dbc14d C++: Add flow sources and summary models. 2026-02-03 11:14:16 +00:00
Mathias Vorreiter Pedersen
208cf716dc C++: Add tests with tests for remote flow sources from the Win32 API and from the Azure SDK. 2026-02-03 11:13:45 +00:00
Simon Friis Vindum
d72d8b63ed Rust: Fix inconsistency by skipping Self in use globs 2026-02-03 11:54:28 +01:00
Simon Friis Vindum
1791c1f1f9 Rust: Add test with path resolution inconsistency 2026-02-03 11:51:55 +01:00