hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-14 11:19:27 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,804 Commits 1,759 Branches 167 Tags
ca59ca0c2f9c8263bd854e77d5e91601eaaba7a4
Commit Graph

86804 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Taus
ca59ca0c2f Python: Add globallyDefinedName and extend monkeyPatchedBuiltin 2026-04-08 15:58:39 +00:00
Taus
205466d7ab Python: Model undefinedness 
Adds `maybeUndefined` to the reachability module, modelling which
names/variables may be undefined at runtime. The approach is very close
to the one used in points-to, though it of course relies on our new
modelling of exceptions/reachability instead.
 2026-04-08 15:58:39 +00:00
Taus
3e7986a14a Python: Extend reachability analysis with common guards 
Adds `if False: ...` and `if typing.TYPE_CHECKING: ...` to the set of
nodes that are unlikely to be reachable.
 2026-04-08 15:58:38 +00:00
Taus
ec9e72ee09 Python: Add getClassName for immutable literals 
Used for queries where we mention the class of a literal in the alert
message.
 2026-04-08 15:58:38 +00:00
Taus
6efedb7d00 Python: Extend ExceptionTypes API 
Adds support for finding instances, and adds things like a
`BaseException` convenience class.
 2026-04-08 15:58:38 +00:00
Taus
993311e436 Python: Add Reachability module 
The implementation is essentially the same as the one from
`BasicBlockWithPointsTo`, with the main difference being that this one
uses the exception machinery we just added (and some extensions added in
this commit).
 2026-04-08 15:54:48 +00:00
Taus
e14d493bcc Python: Move exception modelling to DataFlowDispatch.qll 2026-04-08 12:18:56 +00:00
Taus
16683aee0e Merge pull request #21590 from github/tausbn/python-improve-bind-all-interfaces-query 
Python: Improve "bind all interfaces" query
 2026-04-07 17:59:48 +02:00
Jeroen Ketema
e7d3eedc80 Merge pull request #21661 from jketema/autoconf 
C++: Add heuristic for GNU autoconf config files
 2026-04-07 15:38:06 +02:00
Taus
4cb238f1af Merge pull request #21598 from github/tausbn/python-port-should-use-with 
Python: Port ShouldUseWithStatement.ql
 2026-04-07 14:16:41 +02:00
Mathias Vorreiter Pedersen
5e145aa27d Merge pull request #21631 from MathiasVP/expose-fwd-stage-1 
Dataflow: Expose stage 1's `fwdFlow`
 2026-04-07 11:29:56 +01:00
Mathias Vorreiter Pedersen
e06294bcb4 Shared: Respond to review comments. 2026-04-07 11:11:04 +01:00
Idriss Riouak
39f92e992a Merge pull request #21494 from github/idrissrio/java/jdk26 
Java: Accept new test results after JDK 26 extractor upgrade
 2026-04-07 12:03:36 +02:00
Jeroen Ketema
04cfd37f53 C++: Fix comments in tests 2026-04-07 10:52:12 +02:00
Jeroen Ketema
b19c648965 C++: Add heuristic for GNU autoconf config files 2026-04-07 10:43:15 +02:00
Michael Nebel
e259ebe258 Merge pull request #21627 from michaelnebel/csharp/cleanup 
C#: Deprecate get[L|R]Value predicates.
 2026-04-07 10:23:59 +02:00
idrissrio
6f199b90ba Java: Accept new test results for JDK 26 
Accept new ByteOrder.getEntries, List.ofLazy, and Map.ofLazy entries
in kotlin2 test expected files.
 2026-04-07 09:28:25 +02:00
idrissrio
3ccbd8032c Java: Accept new test results for JDK 26 
JDK 26 added ofLazy methods to List, Map, and Set collections.
Update expected test output to include these new methods.
 2026-04-07 09:28:23 +02:00
idrissrio
5a6eb79470 Java: Pin CWE-676 test to --release 25 
Thread.stop() was removed in JDK 26. Pin the test to --release 25.
 2026-04-07 09:28:22 +02:00
idrissrio
74b0e8c19a Java: Accept new test results after JDK 26 extractor upgrade 2026-04-07 09:28:20 +02:00
Tom Hvitved
7d184d0c7f Merge pull request #21206 from hvitved/rust/type-inference-closure-param-context-typed 
Rust: Infer argument types based on trait bounds on parameters
 2026-04-07 09:17:30 +02:00
Mario Campos
fb8b5699f2 Merge pull request #21639 from github/mario-campos/test-go-registries 
Add tests for multiple Git sources and GoProxy servers in registry config parsing
 2026-04-02 11:12:51 -05:00
Mario Campos
fb871cdfb8 Add tests for multiple Git sources and GoProxy servers in registry config parsing 2026-04-02 10:12:48 -05:00
Paolo Tranquilli
cedacc91db Merge pull request #21583 from github/redsun82/update-kotlin-2.3.20 
Kotlin: update to 2.3.20
 2026-04-02 15:58:22 +02:00
Mathias Vorreiter Pedersen
4d8b782695 Shared: Also expose dataflow stage 1's forward flow predicate. 2026-04-02 10:56:09 +01:00
Paolo Tranquilli
88a893efca Kotlin: update supported versions in documentation 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-02 08:34:22 +02:00
Paolo Tranquilli
2d76b41293 Merge pull request #21628 from github/redsun82/vendor-picosha2 
Vendor `PicoSHA2` into LFS
 2026-04-01 15:24:41 +02:00
Paolo Tranquilli
9a1156dd62 Vendor PicoSHA2 into LFS 
The upstream repo (`okdshin/PicoSHA2`) is a personal GitHub account,
at risk of suspension — the same scenario that hit `rules_antlr`.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-01 14:31:01 +02:00
Michael Nebel
6d5aff4822 C#: Add change-note. 2026-04-01 13:17:52 +02:00
Michael Nebel
9c095bc580 C#: Deprecate get[L|R]Value predicates. 2026-04-01 12:50:37 +02:00
Mathias Vorreiter Pedersen
43d002e6b5 Merge pull request #21619 from MathiasVP/more-http-remote-flow-sources 
C++: Add flow sources from Windows' `http.h`
 2026-03-31 15:44:39 +01:00
Mathias Vorreiter Pedersen
16a7e39e95 C++: Fix pointer indirection. Currently, this does not have any effect because of a conflation bug in taint-tracking. 2026-03-31 15:26:15 +01:00
Jeroen Ketema
17ab87d1fc Merge pull request #21618 from jketema/meson-silence 
C++: Add heuristics for meson configuration files
 2026-03-31 15:24:22 +02:00
Mathias Vorreiter Pedersen
dc8dc61196 C++: Fix type name. 2026-03-31 13:54:30 +01:00
Mathias Vorreiter Pedersen
ab34bd232e C++: Add change note. 2026-03-31 11:30:43 +01:00
Mathias Vorreiter Pedersen
9e97e0433e C++: Accept test changes. 2026-03-31 11:30:41 +01:00
Mathias Vorreiter Pedersen
102221d0aa C++: Add lots of taint inheriting content related to '_HTTP_REQUEST'. 2026-03-31 11:30:39 +01:00
Mathias Vorreiter Pedersen
c6d1ec5f64 C++: Add examples that need taint inheriting content. 2026-03-31 11:30:37 +01:00
Mathias Vorreiter Pedersen
21ea7ebe40 C++: Model a few more remote flow sources from 'http.h' and accept test changes. 2026-03-31 11:30:35 +01:00
Mathias Vorreiter Pedersen
18a25c5071 C++: Add tests with missing flow sources. 2026-03-31 11:30:33 +01:00
Paolo Tranquilli
1836a63122 Merge remote-tracking branch 'origin/main' into wild-crest-ql 2026-03-31 11:35:24 +02:00
Jeroen Ketema
ceec44b819 Apply suggestion from @Copilot 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-03-31 11:08:38 +02:00
Jeroen Ketema
d2839f4ee4 C++: Add change note 2026-03-31 11:02:40 +02:00
Anders Schack-Mulligen
2bde364bdd Merge pull request #21599 from aschackmull/csharp/constantcondition-simplify 
C#: Simplify the ConstantCondition query.
 2026-03-31 11:02:30 +02:00
Jeroen Ketema
5122f7cf92 C++: Add heuristics for meson configuration files 2026-03-31 11:02:26 +02:00
Jeroen Ketema
afd33e4dcd C++: Add test for meson configuration files 2026-03-31 10:23:51 +02:00
Anders Schack-Mulligen
29500c7eb7 C#: Add change note. 2026-03-31 09:38:45 +02:00
Anders Schack-Mulligen
2a54dce5cb C#: Remove redundant ConstantComparison.ql query. 2026-03-31 09:38:44 +02:00
Anders Schack-Mulligen
056be6d504 C#: Simplify the ConstantCondition query. 2026-03-31 09:38:44 +02:00
Anders Schack-Mulligen
71b38b71bf Merge pull request #21613 from aschackmull/csharp/consistent-cs-abbrev 
C#: Fix inconsistent casing of Cs/CS.
 2026-03-31 09:22:49 +02:00