hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-14 19:29:28 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,363 Commits 1,758 Branches 167 Tags
e2dcfae3ee30a22bce6c89f67992ebdcd1b00f45
Commit Graph

86363 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Taus
e2dcfae3ee Python: Port InconsistentMRO.ql 
For this one we actually lose a test result. However, this is kind of to
be expected since we no longer have the "precise" MRO that the points-to
analysis computes.

Honestly, I'm on the fence about even keeping this query at all. It
seems like it might be superfluous in a world with good Python type
checking.
 2026-03-09 17:13:03 +00:00
Taus
8fe680c716 Python: Port PropertyInOldStyleClass.ql 
Only trivial test changes.
 2026-03-09 17:13:03 +00:00
Taus
8f154f6374 Python: Port SuperInOldStyleClass.ql 2026-03-09 17:13:03 +00:00
Taus
f4f217c993 Python: Port SlotsInOldStyleClass.ql 
Only trivial test changes.
 2026-03-09 17:13:03 +00:00
Taus
c1beca80e6 Python: Add declares/getAttribute API 
These could arguably be moved to `Class` itself, but for now I'm
choosing to limit the changes to the `DuckTyping` module (until we
decide on a proper API).
 2026-03-09 17:13:03 +00:00
Taus
793ecb6416 Python: Add DuckTyping::isNewStyle 
Approximates the behaviour of `Types::isNewStyle` but without depending
on points-to
 2026-03-09 17:13:03 +00:00
Taus
8ffcdfeb05 Python: Port UnusedExceptionObject.ql 
Depending on whether other queries depend on this, we may end up moving
the exception utility functions to a more central location.
 2026-03-09 17:13:02 +00:00
Taus
918e5e25ec Python: Port ShouldUseWithStatement.ql 
Only trivial test changes.
 2026-03-09 17:13:02 +00:00
Taus
485e949467 Python: Port NonIteratorInForLoop.ql 
Same comment as for the preceding commit. We lose one test result due to
the fact that we don't know what to do about `for ... in 1` (because `1`
is an instance of a built-in). I'm going to defer addressing this until
we get some modelling of built-in types.
 2026-03-09 17:13:02 +00:00
Taus
1159d20375 Python: Port ContainsNonContainer.ql 
Uses the new `DuckTyping` module to handle recognising whether a class
is a container or not. Only trivial test changes (one version uses
"class", the other "Class").

Note that the ported query has no understanding of built-in classes. At
some point we'll likely want to replace `hasUnresolvedBase` (which will
hold for any class that extends a built-in) with something that's aware
of the built-in classes.
 2026-03-09 17:13:02 +00:00
Taus
62d5cac6e0 Python: Introduce DuckTyping module 
This module (which for convenience currently resides inside
`DataFlowDispatch`, but this may change later) contains convenience
predicates for bridging the gap between the data-flow layer and the old
points-to analysis.
 2026-03-09 17:13:02 +00:00
Taus
452e189bbc Python: Port py/print-during-import 
Uses a (perhaps) slightly coarser approximation of what modules are
imported, but it's probably fine.
 2026-03-09 16:38:52 +00:00
Taus
5d5060b02b Python: Use API graphs instead of points-to for simple built-ins 
Removes the use of points-to for accessing various built-ins from three
of the queries. In order for this to work I had to extend the lists of
known built-ins slightly.
 2026-03-09 16:38:52 +00:00
Paolo Tranquilli
afb2243984 Merge pull request #21433 from github/dependabot/bazel/abseil-cpp-20260107.1 
Bump abseil-cpp from 20240116.1 to 20260107.1
 2026-03-09 17:14:33 +01:00
Paolo Tranquilli
a7e426d89f Merge pull request #21432 from github/dependabot/bazel/zstd-1.5.7.bcr.1 
Bump zstd from 1.5.5.bcr.1 to 1.5.7.bcr.1
 2026-03-09 17:13:29 +01:00
Paolo Tranquilli
fde51e0c29 Merge pull request #21436 from github/dependabot/bazel/rules_python-1.9.0 
Bump rules_python from 0.40.0 to 1.9.0
 2026-03-09 17:12:58 +01:00
dependabot[bot]
69ed88bccd Bump rules_python from 0.40.0 to 1.9.0 
Bumps [rules_python](https://github.com/bazel-contrib/rules_python) from 0.40.0 to 1.9.0.
- [Release notes](https://github.com/bazel-contrib/rules_python/releases)
- [Changelog](https://github.com/bazel-contrib/rules_python/blob/main/CHANGELOG.md)
- [Commits](https://github.com/bazel-contrib/rules_python/compare/0.40.0...1.9.0)

---
updated-dependencies:
- dependency-name: rules_python
  dependency-version: 1.9.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-09 15:26:10 +00:00
dependabot[bot]
97e1c96200 Bump abseil-cpp from 20240116.1 to 20260107.1 
Bumps [abseil-cpp](https://github.com/abseil/abseil-cpp) from 20240116.1 to 20260107.1.
- [Release notes](https://github.com/abseil/abseil-cpp/releases)
- [Commits](https://github.com/abseil/abseil-cpp/compare/20240116.1...20260107.1)

---
updated-dependencies:
- dependency-name: abseil-cpp
  dependency-version: '20260107.1'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-09 15:25:57 +00:00
dependabot[bot]
46ba1f9160 Bump zstd from 1.5.5.bcr.1 to 1.5.7.bcr.1 
Bumps [zstd](https://github.com/facebook/zstd) from 1.5.5.bcr.1 to 1.5.7.bcr.1.
- [Release notes](https://github.com/facebook/zstd/releases)
- [Changelog](https://github.com/facebook/zstd/blob/dev/CHANGELOG)
- [Commits](https://github.com/facebook/zstd/commits)

---
updated-dependencies:
- dependency-name: zstd
  dependency-version: 1.5.7.bcr.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-09 15:25:53 +00:00
Taus
5d74ad5bc6 Merge pull request #21419 from github/tausbn/python-improve-overloaded-method-resolution 
Python: Improve modelling of overloaded methods
 2026-03-09 16:25:05 +01:00
Taus
f2bad1e6e1 Python: Improve docstring and make predicate private 2026-03-09 13:41:38 +00:00
Geoffrey White
be9c1d074f Merge pull request #21376 from geoffw0/splitoff2 
Rust: Update split_off models
 2026-03-09 09:22:36 +00:00
Jeroen Ketema
8bbb0ec954 Merge pull request #21418 from github/jketema/swift-6.2.4 
Swift: Update to Swift 6.2.4
 2026-03-06 21:48:09 +01:00
Geoffrey White
d81b9aa5fd Merge branch 'main' into splitoff2 2026-03-06 17:24:01 +00:00
Geoffrey White
fd7093e74d Merge pull request #21375 from geoffw0/mapfix 
Rust: Add neutral models (map, from)
 2026-03-06 17:20:14 +00:00
Óscar San José
a6de855549 Merge pull request #21423 from github/oscarsj/merge-back-rc-3.21 
Merge back rc/3.21 into main
 2026-03-06 16:58:04 +01:00
Óscar San José
3b9eba2afc Merge branch 'main' of https://github.com/github/codeql into oscarsj/merge-back-rc-3.21 2026-03-06 16:20:36 +01:00
Tom Hvitved
84bef5d4bc Merge pull request #21420 from hvitved/rust/type-inference-qualified-trait-arg-path 
Rust: More conservative resolution of `<Foo as Bar<...>>` paths
 2026-03-06 15:14:01 +01:00
Jeroen Ketema
2340369e2d Swift: Add change note 2026-03-06 10:43:33 +01:00
Jeroen Ketema
70c1b58492 Swift: Remove overrides 2026-03-06 10:41:37 +01:00
Jeroen Ketema
f3dc0412b5 Swift: update artifacts 2026-03-06 10:40:43 +01:00
Owen Mansel-Chan
a3e9aed00a Merge pull request #21416 from owen-mc/csharp/validate-constructor-summary-models 
C#: Add model validation for constructor summary models
 2026-03-06 09:09:39 +00:00
Owen Mansel-Chan
e96ba4806b Merge pull request #21415 from owen-mc/java/validate-constructor-summary-models 
Java: validate constructor summary models
 2026-03-06 09:09:18 +00:00
Anders Schack-Mulligen
76346eccd8 Merge pull request #21417 from aschackmull/csharp/binary-assignment 
C#: Make Assignment extend BinaryOperation.
 2026-03-06 09:14:20 +01:00
Tom Hvitved
feb45e5731 Merge pull request #21348 from hvitved/csharp/remove-tcs 
C#: Remove some unbounded TC computations
 2026-03-06 09:00:38 +01:00
Taus
66ca10c338 Python: Add change note 2026-03-05 22:20:03 +00:00
Taus
fa61f6f3df Python: Model @typing.overload in method resolution 
Adds `hasOverloadDecorator` as a predicate on functions. It looks for
decorators called `overload` or `something.overload` (usually
`typing.overload` or `t.overload`). These are then filtered out in the
predicates that (approximate) resolving methods according to the MRO.

As the test introduced in the previous commit shows, this removes the
spurious resolutions we had before.
 2026-03-05 22:20:03 +00:00
Taus
0561a63003 Python: Add test for overloaded __init__ resolution 
Adds a test showing that `@typing.overload` stubs are spuriously
resolved as call targets alongside the actual `__init__` implementation.
 2026-03-05 22:20:03 +00:00
Tom Hvitved
ff41917147 Rust: More conservative resolution of <Foo as Bar<...>> paths 2026-03-05 21:42:33 +01:00
Tom Hvitved
838f3b90e7 Rust: Add type inference test 2026-03-05 20:57:32 +01:00
Owen Mansel-Chan
3c36a9e308 Correctly deal with generic types 2026-03-05 15:47:53 +00:00
Jeroen Ketema
eb81743fb5 Swift: Update to Swift 6.2.4 2026-03-05 16:13:29 +01:00
Anders Schack-Mulligen
d9ef9f82e1 C#: Make Assignment extend BinaryOperation. 2026-03-05 14:41:38 +01:00
Owen Mansel-Chan
92a719092a Update models in test output 2026-03-05 13:32:52 +00:00
Anders Schack-Mulligen
ffa5110522 C#: Update dbscheme to make assignments part of binary expressions. 2026-03-05 13:59:14 +01:00
Asger F
c9fa7fa283 Merge pull request #21369 from asgerf/js/this-bindings 
JS: Emit variables for 'this'
 2026-03-05 13:36:38 +01:00
Anders Schack-Mulligen
8ef4be49aa Merge pull request #21412 from aschackmull/java/binary-assignment 
Java: Make Assignment extend BinaryExpr.
 2026-03-05 13:19:45 +01:00
Owen Mansel-Chan
e6996ea29a Add model validation for constructor summary models 2026-03-05 12:11:25 +00:00
Owen Mansel-Chan
579c871b69 Fix incorrect constructor summary models 2026-03-05 12:03:21 +00:00
Owen Mansel-Chan
63c71b418c Add model validation for constructor summary models 2026-03-05 12:02:37 +00:00