hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-23 21:57:01 +02:00
Code Issues Packages Projects Releases Wiki Activity
88,176 Commits 1,784 Branches 169 Tags
d582d68afdbb0dd99df2029f0fa7d8fc2c6f8cc3
Commit Graph

88176 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Owen Mansel-Chan
d582d68afd Fix CFG for return instructions 2026-06-22 23:08:37 +01:00
Owen Mansel-Chan
9b35117475 Produce CFG nodes for more reference expressions, like selector bases 2026-06-22 23:08:35 +01:00
Owen Mansel-Chan
642e567e48 Fix global value numbering calculation 2026-06-22 23:08:33 +01:00
Owen Mansel-Chan
8a62e874ca Include receivers in parameter init 2026-06-22 23:08:31 +01:00
Owen Mansel-Chan
13d4eb6933 Fix CFG for range loop 2026-06-22 23:08:29 +01:00
Owen Mansel-Chan
22ca59d190 Fix CFG for select statements 2026-06-22 23:08:27 +01:00
Owen Mansel-Chan
32a6187434 Use shared CFG implementation of for loops 2026-06-22 23:08:26 +01:00
Owen Mansel-Chan
f9953630a7 Do not include comments in the CFG 2026-06-22 23:08:24 +01:00
Owen Mansel-Chan
0deb94ac2d Fix edges to function exit with result variables 2026-06-22 23:08:22 +01:00
Owen Mansel-Chan
f8c2f2cbd9 Tweak getEnclosingCallable 2026-06-22 23:08:20 +01:00
Owen Mansel-Chan
984a880089 Model non-returning functions in CFG 2026-06-22 23:08:18 +01:00
Owen Mansel-Chan
1c62580835 Create cfg node for child of ParenExpr 2026-06-22 23:08:16 +01:00
Owen Mansel-Chan
99330a65a7 Add go/print-cfg 2026-06-22 23:08:14 +01:00
Owen Mansel-Chan
fc055a8699 Initial shared CFG library instantiation for Go 2026-06-22 23:08:12 +01:00
Owen Mansel-Chan
65513b8cd2 Incidental fix to CaseClause.getAnExpr() 2026-06-22 23:08:09 +01:00
Owen Mansel-Chan
f0576046b1 Merge pull request #22027 from owen-mc/go/improve-tests 
Go: Improve two tests
 2026-06-22 17:19:40 +01:00
yoff
32f7c541ae Merge pull request #21919 from github/yoff/python-remove-getAFlowNode 
Python: deprecate AstNode.getAFlowNode() and rewrite callers
 2026-06-22 15:35:52 +02:00
yoff
1a9bb2416a Python: deprecate Function.getAReturnValueFlowNode() and rewrite internal callers 
Follow-up to the getAFlowNode deprecation in the same PR: same AST→legacy-CFG
bridge pattern. The 11 internal call sites (across objects/, types/,
frameworks/, and TypeTrackingImpl) are rewritten to bind a `Return ret`
explicitly, then constrain via `ret.getScope() = f and n.getNode() = ret.getValue()`.

The predicate itself is preserved with a deprecation note so external
users do not experience churn.

Semantic noop.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-06-22 14:55:19 +02:00
Copilot
717ff62d70 Python: deprecate AstNode.getAFlowNode() and rewrite internal callers 
Preparatory refactor for the shared-CFG dataflow migration.

Deprecates the AstNode.getAFlowNode() cached predicate on the public
Python QL API and rewrites all ~140 internal callers across lib/, src/,
test/, and tools/ from `expr.getAFlowNode() = cfgNode` to
`cfgNode.getNode() = expr`, using ControlFlowNode.getNode() which
already exists in Flow.qll.

The predicate itself is preserved (with a deprecation note pointing at
the new pattern) so external users do not experience churn — they can
migrate at their own pace and the AST/CFG hierarchies still get the
intended untangling once the deprecation eventually elapses.

Semantic noop verified by:
- All 361 lib/ + src/ queries compile clean.
- All 122 ControlFlow + PointsTo library-tests pass.
- All 64 dataflow library-tests pass.
- All 113 Variables/Exceptions/Expressions/Statements/Functions/Imports/
  Security/CWE-798/ModificationOfParameterWithDefault query-tests pass.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-06-22 14:55:19 +02:00
yoff
8179bffe64 Merge pull request #21930 from github/yoff/python-dataflow-noop-simplifications 
Python: inline init_module_submodule_defn into ImportResolution
 2026-06-22 14:50:39 +02:00
Anders Schack-Mulligen
7197cc56dd Merge pull request #22014 from github/copilot/update-rescue-clause-exception-handling 
Ruby AST: preserve ExceptionList node in RescueClause for 2+ exceptions
 2026-06-22 13:28:29 +02:00
Anders Schack-Mulligen
48b0cbcf01 Merge pull request #22031 from github/copilot/tweak-csharp-extractor 
Extract `TypeMention` for `catch (Exception)` clauses
 2026-06-22 13:27:47 +02:00
Anders Schack-Mulligen
ac7ed0612d C#: Accept test change. 2026-06-22 13:00:55 +02:00
Jeroen Ketema
03187ae8be Merge pull request #22013 from jketema/swift/more-arguments 
Swift: Strip out more unknown clang arguments
 2026-06-22 12:35:36 +02:00
copilot-swe-agent[bot]
bd84fb31e1 Add regression for catch type mention extraction 2026-06-22 09:41:55 +00:00
copilot-swe-agent[bot]
4c9fa4dddc Emit catch type mentions without variables 2026-06-22 09:37:24 +00:00
Anders Schack-Mulligen
7d66ec0f39 Ruby: Clarify AST. 2026-06-22 11:14:53 +02:00
Idriss Riouak
568a147f77 Merge pull request #22007 from github/java-update-ferstl-depgraph-cves 
Java: update ferstl depgraph cves
 2026-06-22 10:08:05 +02:00
Owen Mansel-Chan
07cf89568f Test CFG for function epilogue (read-result nodes and calls to defered functions) 2026-06-20 22:04:45 +01:00
Owen Mansel-Chan
42ebe56023 Make all lines in logging tests reachable 2026-06-20 22:04:43 +01:00
Sotiris Dragonas
d86ec1a4b4 Merge pull request #22012 from github/bazookamusic/js-prompt-injection-sinks 
JS Prompt Injection - Add some more sinks and reclassify legacy API
 2026-06-19 17:41:41 +03:00
Owen Mansel-Chan
b54d95d7c8 Merge pull request #21967 from github/copilot/conversion-of-codeql-queries 
Convert selected Python qlref tests to inline expectations
 2026-06-19 14:56:36 +01:00
Michael Nebel
a076ffcc9a Merge pull request #21996 from michaelnebel/csharp/fixpathcombineissues 
C#: Fix the `cs/path-combine` code quality issues in the extractor.
 2026-06-19 15:49:24 +02:00
Owen Mansel-Chan
f65d1e82cf Merge pull request #21554 from github/copilot/make-go-use-ssa-library 
Go: use shared SSA library (codeql.ssa.Ssa)
 2026-06-19 13:40:37 +01:00
Owen Mansel-Chan
27f6ffc00e Delete accidentally included text file 2026-06-19 13:24:06 +01:00
Owen Mansel-Chan
c9d45217d2 Fix order of comments in test 2026-06-19 13:23:52 +01:00
Jeroen Ketema
75328daf71 Swift: Match quotes 2026-06-19 13:55:19 +02:00
Anders Schack-Mulligen
6fbb572950 Ruby: Get rid of the change note. 2026-06-19 13:27:34 +02:00
Anders Schack-Mulligen
132b476acd Ruby: autoformat 2026-06-19 13:26:10 +02:00
copilot-swe-agent[bot]
65b4a4346b Add ExceptionList AST node for rescue clauses with 2+ exceptions 2026-06-19 13:26:06 +02:00
Owen Mansel-Chan
451fc2e4e7 Undo conversion for queries that import LegacyPointsTo 2026-06-19 12:22:42 +01:00
Owen Mansel-Chan
5497f2c5fe Convert Python qlref tests to inline expectations 2026-06-19 12:22:40 +01:00
Anders Schack-Mulligen
0834e640bb Ruby: Prepare qltest change by line renumbering. 2026-06-19 13:15:18 +02:00
Owen Mansel-Chan
1496fb6b12 Shared: allow comment starting with # after inline expectation comment 2026-06-19 11:20:30 +01:00
Sotiris Dragonas
38435fc3f2 Merge branch 'main' into bazookamusic/js-prompt-injection-sinks 2026-06-19 12:19:50 +03:00
Jeroen Ketema
b743ad9a49 Swift: Strip out more unknown clang arguments 2026-06-19 11:08:55 +02:00
Michael Nebel
03b525b689 C#: Handle the places where we could risk that Path.Combine would have thrown away the first argument. 2026-06-19 10:22:52 +02:00
Michael Nebel
f7b3f851e8 C#: Rename PathCombine to PathJoin. 2026-06-19 10:22:49 +02:00
Michael Nebel
131d4a0d81 C#: Fix the cs/path-combine code quality issues in the extractor. 2026-06-19 10:22:40 +02:00
Michael Nebel
2686026608 Merge pull request #21993 from michaelnebel/csharp/dropmono 
C#: Only use `nuget.exe` on Windows or machines with Mono.
 2026-06-19 09:53:04 +02:00