hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-19 05:54:00 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,767 Commits 1,740 Branches 165 Tags
cedacc91db92af5ea5437bc459fdf373ff97569f
Commit Graph

86767 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
cc99867969 Merge pull request #21511 from hvitved/ruby/empty-stats 
Ruby: Use empty DB stats
 2026-03-24 08:25:43 +01:00
Taus
2e76f3471a C++: Fix bad join in callsVariadicFormatter 
On `wireshark` this reduces the intermediate tuple count from roughly 88
million tuples to roughly 3000 (with the new helper predicate
materialising ~300 tuples).
 2026-03-23 23:17:22 +00:00
github-actions[bot]
19424627c1 update codeql documentation 2026-03-23 20:19:09 +00:00
Mathias Vorreiter Pedersen
680ea0b960 Merge pull request #21552 from MathiasVP/more-public-dataflow-apis 
C++: Expose indirect instructions and indirect parameters in dataflow
 2026-03-23 17:46:14 +00:00
Mario Campos
a5763303fc Merge pull request #21557 from github/rc/3.21 
Merge back remaining changes from rc/3.21
 2026-03-23 12:28:34 -05:00
Owen Mansel-Chan
8d16a2b4fa Fix parameter -> argument in QLDoc 2026-03-23 16:24:03 +00:00
Owen Mansel-Chan
97ebc0e839 Update QLDoc in FlowBarrier.qll 2026-03-23 16:22:27 +00:00
Owen Mansel-Chan
d82fc67b36 Fix QLDoc formatting 2026-03-23 16:11:22 +00:00
Taus
ac48eca916 Python: Use cls.getMethod instead of getName 2026-03-23 15:26:00 +00:00
Taus
93e35661e6 Python: Make isNewType more precise 
For module-level metaclass declarations, we now also check that the
right hand side in a `__metaclass__ = type` assignment is in fact the
built-in `type`.
 2026-03-23 15:22:24 +00:00
Taus
a276f721f7 Python: Add ternary overridesMethod 
This one also allows easy access to the method being overridden and the
class on which it resides. This let's us simplify DocStrings.ql
accordingly.
 2026-03-23 15:21:27 +00:00
Taus
1ffcdc9293 Python: Select property instead of function 
in PropertyInOldStyleClass. This matches the previous behaviour more
closely.
 2026-03-23 14:55:28 +00:00
Taus
56c83e250e Python: Make comment more precise 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-03-23 15:09:27 +01:00
Taus
5859590b5d Python: Fix typo in comment 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-03-23 15:07:31 +01:00
Mathias Vorreiter Pedersen
8cebf510dc C++: Reword the change note from #21458. 2026-03-23 13:45:46 +00:00
Mathias Vorreiter Pedersen
b5723bd75d Merge branch 'main' into more-public-dataflow-apis 2026-03-23 13:43:01 +00:00
Mathias Vorreiter Pedersen
fef314e27f C++: Add change note. 2026-03-23 13:39:15 +00:00
Mathias Vorreiter Pedersen
1363c54a9f C++: Add 'asIndirectInstruction' as a public predicate. 2026-03-23 13:28:33 +00:00
Mathias Vorreiter Pedersen
09caeca7e9 C++: Move parameter indirection nodes into the public API. 2026-03-23 13:27:20 +00:00
Simon Friis Vindum
c67122b3f1 C++: Add expressions with type data to cpp/extraction-information 2026-03-23 12:14:11 +01:00
Tom Hvitved
0d0d34cc71 Merge pull request #21498 from Gregro/csharp/fix-log-forging-extension-methods 
C#: Fix false positives in cs/log-forging for extension methods
 2026-03-23 11:24:12 +01:00
Jeroen Ketema
be245357cc Merge pull request #21458 from github/jeongsoolee09/add-getIndirectionIndex 
Add `IndirectUninitializedNode` and related helper predicates
 2026-03-23 11:03:57 +01:00
Jeroen Ketema
ee00b98476 Update cpp/ql/lib/change-notes/2026-03-20-add-indirect-uninitialized-node.md 2026-03-23 10:44:21 +01:00
Jeongsoo Lee
6ae32f22a8 Merge branch 'main' into jeongsoolee09/add-getIndirectionIndex 2026-03-22 11:51:14 -04:00
Gregro
a59c865328 let interprocedural analysis handle source-available extension methods for LogForgingLogMessageSink's 2026-03-21 20:05:08 +00:00
Gregro
d0c48893f5 update test helper to use more robust .ReplaceLineEndings() sanitizer 2026-03-21 20:05:08 +00:00
Gregro
d99247cf13 Clarify static extension method class name 2026-03-21 20:05:08 +00:00
Gregro
a9eb801fea C#: Fix false positives in cs/log-forging for extension methods 2026-03-21 20:05:08 +00:00
Tom Hvitved
9a4bc69843 Merge pull request #21510 from hvitved/ci/remove-ruby-checks 
CI: Remove Ruby checks
 2026-03-21 08:04:17 +01:00
Jeongsoo Lee
d4fef1c68e Merge branch 'main' into jeongsoolee09/add-getIndirectionIndex 2026-03-20 10:01:05 -07:00
Jeongsoo Lee
d2fcced5ad Add a feature change note 2026-03-20 09:59:12 -07:00
Owen Mansel-Chan
093c27955f Fix incorrect QLDoc 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-03-20 15:24:15 +00:00
Tom Hvitved
f99f26f908 Merge pull request #21464 from hvitved/rust/type-inference-trait-bound-impl-overlap 
Rust: Disambiguate types inferred from trait bounds
 2026-03-20 15:14:24 +01:00
Taus
434b3973eb Python: Add change note 2026-03-20 13:30:29 +00:00
Taus
3584ad1905 Python: Port DeprecatedSliceMethod.ql 
Only trivial test changes.
 2026-03-20 13:30:29 +00:00
Taus
50b3b7ee1f Python: Add DuckTyping::hasUnreliableMro 
Primarily used to filter out false positives in cases where our MRO
approximation may be wrong.
 2026-03-20 13:30:29 +00:00
Taus
fa8e4f7314 Python: Port DocStrings.ql 2026-03-20 13:28:45 +00:00
Taus
c04b615a07 Python: Extend DuckTyping module 
Adds `overridesMethod` and `isPropertyAccessor`.
 2026-03-20 13:28:45 +00:00
Taus
283231bdbc Python: Port ShouldBeContextManager.ql 
Only trivial test changes.
 2026-03-20 13:28:45 +00:00
Taus
025a7d0cca Python: Port UselessClass.ql 
No test changes.
 2026-03-20 13:28:45 +00:00
Taus
8cfdea2001 Python: Port PropertyInOldStyleClass.ql 
Only trivial test changes.
 2026-03-20 13:28:45 +00:00
Taus
e860d706c9 Python: Port SuperInOldStyleClass.ql 2026-03-20 13:28:45 +00:00
Taus
3d20050c0a Python: Port SlotsInOldStyleClass.ql 
Only trivial test changes.
 2026-03-20 13:28:45 +00:00
Taus
b57e92164c Python: Add declares/getAttribute API 
These could arguably be moved to `Class` itself, but for now I'm
choosing to limit the changes to the `DuckTyping` module (until we
decide on a proper API).
 2026-03-20 13:28:45 +00:00
Taus
cd92162920 Python: Add DuckTyping::isNewStyle 
Approximates the behaviour of `Types::isNewStyle` but without depending
on points-to
 2026-03-20 13:28:45 +00:00
Taus
33ed6034f6 Python: Introduce DuckTyping module 
This module (which for convenience currently resides inside
`DataFlowDispatch`, but this may change later) contains convenience
predicates for bridging the gap between the data-flow layer and the old
points-to analysis.
 2026-03-20 13:28:44 +00:00
Taus
1dcc76996d Python: Port py/print-during-import 
Uses a (perhaps) slightly coarser approximation of what modules are
imported, but it's probably fine.
 2026-03-20 13:28:44 +00:00
Taus
f4841e1f39 Python: Use API graphs instead of points-to for simple built-ins 
Also extends the list of known built-ins slightly, to add some that were
missing.
 2026-03-20 13:28:44 +00:00
Simon Friis Vindum
f6c81ff30a Merge pull request #21512 from paldepind/cpp/extraction-information 
C++: Add `cpp/extraction-information` query
 2026-03-20 14:12:59 +01:00
Tom Hvitved
4b364639a2 Ruby: Fix join orders following DB stats removal 2026-03-20 13:13:38 +01:00