hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-25 14:47:04 +02:00
Code Issues Packages Projects Releases Wiki Activity
87,880 Commits 1,788 Branches 169 Tags
d17fd2d964dbcc97f6f9583cdf063bee30cd0ba2
Commit Graph

87880 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger F
d17fd2d964 unified/swift: add variable/property/accessor and enum mappings 2026-06-18 14:26:35 +02:00
Asger F
4e9c3fb436 unified/swift: add literals, names, and operator expression mappings 2026-06-18 14:26:33 +02:00
Asger F
0e9d17b59c unified/swift: add top-level normalization and fallback scaffold 2026-06-18 14:26:31 +02:00
Asger F
6c74cd31e4 Yeast: use child locations instead of rule target 
Previously, when a node was synthesized it would always take the
location from the node that matched the current rule. This resulted
in overly broad locations however.

For (foo #{bar}) we now take the location of the 'bar' node.

For non-leaf nodes we merge all its child node locations.
 2026-06-18 14:26:30 +02:00
Asger F
166406acbb Unified: Elaborate a bit more on AGENTS.md 2026-06-18 14:26:28 +02:00
Asger F
b40cb5dedd Regenerate QL 2026-06-18 14:26:26 +02:00
Asger F
6dd7dedc19 Rewrite AST 2026-06-18 14:26:22 +02:00
Asger F
1d8e682e5f Reset mappings 2026-06-15 10:49:37 +02:00
Asger F
0baa126473 Add ability to prepend fields in Yeast 2026-06-15 10:49:35 +02:00
Asger F
d11b428292 yeast-macros: desugar 'field: @cap' to 'field: _ @cap' 
When a field pattern has a bare capture with no preceding pattern
atom (i.e. `foo: @bar`), implicitly use a true wildcard (`_`,
match_unnamed: true) as the node pattern, making it equivalent to
`foo: _ @bar`.

This is a convenience shorthand: in practice every `field: _ @cap`
in the Swift rules can now be written more concisely as `field: @cap`.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-06-15 10:49:33 +02:00
Asger F
ddc9516e92 Yeast: better support for rewriting unnamed nodes 
- Ensure the full wildcard _ supports quantifiers
- Also rewrite unnamed nodes in one-shot phases
 2026-06-15 10:49:31 +02:00
Asger F
00068948c1 yeast-macros: add .reduce_left(first -> init, acc, elem -> fold) chain 
A left fold over an iterable where the first element seeds the accumulator:
- first -> init  : converts the first element to the initial accumulator
- acc, elem -> fold : fold step; acc = current accumulator, elem = next element
- Empty iterable produces nothing (0-element splice)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-06-15 10:49:29 +02:00
Asger F
28c879f58c yeast-macros: add .map(p -> tpl) chain syntax for tree templates 
After a {expr} or {..expr} placeholder, an optional chain of
.<builtin>() calls may follow. Currently the only builtin is:

  .map(param -> template)

which applies the template to each element of the iterable and
collects the resulting node IDs. A chain auto-splices into the
enclosing field/child position.

Example:
  path: {parts}.map(p -> (identifier #{p}))

The framework is extensible: additional builtins can be added by
matching on the method name in parse_chain_suffix.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-06-15 10:49:27 +02:00
Asger F
6000c18c24 Unified: also QLDoc for unified.qll 2026-06-12 16:48:25 +02:00
Asger F
e81a3bcbc3 Unified: Add QLDoc 2026-06-12 16:47:06 +02:00
Asger F
7d6d5bfb4a Unified: add test for comments 2026-06-12 16:36:33 +02:00
Asger F
f83adb55ce Unified: regenerate AST 2026-06-12 16:33:51 +02:00
Asger F
5608369abe Extract trivia tokens from original parse tree 2026-06-12 16:32:57 +02:00
Tom Hvitved
f5919875b7 Merge pull request #21941 from hvitved/python/content-approx 
Python: Implement `ContentApprox`
 2026-06-09 15:46:04 +02:00
Owen Mansel-Chan
8d456df26f Merge pull request #21960 from github/dependabot/go_modules/go/extractor/extractor-dependencies-28a04969f3 
Bump golang.org/x/mod from 0.36.0 to 0.37.0 in /go/extractor in the extractor-dependencies group
 2026-06-09 05:30:45 +01:00
dependabot[bot]
72fcf27d1a Bump golang.org/x/mod 
Bumps the extractor-dependencies group in /go/extractor with 1 update: [golang.org/x/mod](https://github.com/golang/mod).


Updates `golang.org/x/mod` from 0.36.0 to 0.37.0
- [Commits](https://github.com/golang/mod/compare/v0.36.0...v0.37.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-version: 0.37.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-06-09 03:03:37 +00:00
yoff
0cea01c22f Merge pull request #21926 from github/yoff/python-simplify-decorator-predicates 
Python: simplify decorator-detection predicates to pure AST match
 2026-06-08 22:04:33 +02:00
Anders Schack-Mulligen
a473565256 Merge pull request #21954 from aschackmull/cfg/consistency-child-idx 
Cfg: Add consistency check for relevant child indices.
 2026-06-08 14:44:20 +02:00
Anders Schack-Mulligen
c47135a40b Cfg: Add consistency check for relevant child indices. 2026-06-08 13:40:33 +02:00
Owen Mansel-Chan
3cbc8f0262 Merge pull request #21951 from github/workflow/go-version-update 
Go: Update to 1.26.4
 2026-06-08 11:47:47 +01:00
Tom Hvitved
cc1ea25856 Python: Implement ContentApprox 2026-06-08 08:41:28 +02:00
github-actions[bot]
5a38cbd5d5 Go: Update to 1.26.4 2026-06-08 04:30:10 +00:00
Owen Mansel-Chan
cf6d94cf8a Merge pull request #21324 from github/copilot/automate-go-version-updates-again 
Automate Go version updates via scheduled workflow
 2026-06-06 03:03:03 +01:00
Owen Mansel-Chan
292fc8b777 Fix detection of failed text replacement 
I checked and the comment seems to be correct.

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
 2026-06-06 02:52:21 +01:00
Owen Mansel-Chan
a1759d9834 Use --force-with-lease for slightly improved safety 
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
 2026-06-06 02:51:36 +01:00
Owen Mansel-Chan
6b74874372 Minor improvement to PR text 2026-06-06 02:32:43 +01:00
copilot-swe-agent[bot]
ef29d22c75 Update Go version workflow to include patch numbers in messages 2026-06-06 01:03:44 +00:00
Owen Mansel-Chan
1f91f915c7 Merge pull request #21888 from owen-mc/py/remove-imprecise-container-steps 
Python: Remove imprecise container steps #2
 2026-06-04 22:16:24 +01:00
Jon Janego
ba8eebe2b5 Merge pull request #21948 from github/codeql-spark-run-26974832191 
Update changelog documentation site for codeql-cli-2.25.6
 2026-06-04 14:55:17 -05:00
github-actions[bot]
dc1409e5f4 update codeql documentation 2026-06-04 19:36:45 +00:00
Mario Campos
284f42bb9e Merge pull request #21945 from github/codeql-spark-run-26947645690 
Update changelog documentation site for codeql-cli-2.25.6
 2026-06-04 13:09:04 -05:00
Henry Mercer
2f3524de74 Merge branch 'rc/3.22' into codeql-spark-run-26947645690 2026-06-04 16:01:11 +01:00
github-actions[bot]
b32573b060 update codeql documentation 2026-06-04 14:57:38 +00:00
Owen Mansel-Chan
cd2398aeea Merge pull request #21936 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2026-06-04 12:45:21 +01:00
Sotiris Dragonas
d6892eaf0d Merge pull request #21900 from github/bazookamusic/range-analysis-bound-move-to-shared 
Bound.qll - Replace utility for range analysis duplicate across java and cs with shared file
 2026-06-04 12:45:11 +02:00
BazookaMusic
d2972cb53f Add back alias for module 2026-06-04 11:08:49 +02:00
github-actions[bot]
5576d30780 Add changed framework coverage reports 2026-06-04 01:04:50 +00:00
Owen Mansel-Chan
da999ee440 Address review comments 2026-06-03 21:24:16 +01:00
Tom Hvitved
3da195f50f Merge pull request #21918 from hvitved/rust/expose-resolution 
Rust: Add `Impl::getSelf()` and `Impl::getTrait()`
 2026-06-03 20:18:05 +02:00
Henry Mercer
93a4b427e3 Merge pull request #21933 from github/post-release-prep/codeql-cli-2.25.6 
Post-release preparation for codeql-cli-2.25.6
 2026-06-03 16:57:48 +01:00
Tom Hvitved
0430c71318 Merge pull request #21922 from hvitved/rust/static-const-resolution 
Rust: Path resolution for `static` items
 2026-06-03 17:48:21 +02:00
Owen Mansel-Chan
52f2a5825a Merge pull request #21804 from github/copilot/add-tests-for-models 
Java: Update CWE-918 model coverage for Apache HttpClient `execute` sinks
 2026-06-03 12:55:56 +01:00
Owen Mansel-Chan
d55ff83568 Merge pull request #21269 from owen-mc/go/improve-tests-for-varargs-flow 
Go: improve tests for varargs flow
 2026-06-03 12:39:46 +01:00
BazookaMusic
f34275636c No duplicate Ssa and remove release changenot 2026-06-03 11:54:24 +02:00
BazookaMusic
0a801440b9 review comments 2026-06-03 10:48:50 +02:00