hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-26 23:27:06 +02:00
Code Issues Packages Projects Releases Wiki Activity
88,225 Commits 1,784 Branches 169 Tags
ebe24b26f701db10b4bb1978a0a58dd06fb2f986
Commit Graph

88225 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Owen Mansel-Chan
ebe24b26f7 Fix CFG for expressionless switch statements 2026-06-24 19:19:05 +01:00
Owen Mansel-Chan
e5cd376670 Accept changes 2026-06-24 19:19:03 +01:00
Owen Mansel-Chan
4a3fbf3beb Fix ConditionGuardNode 2026-06-24 19:19:01 +01:00
Owen Mansel-Chan
f5b0127bba Accept test output change names 2026-06-24 19:18:59 +01:00
Owen Mansel-Chan
f436d89b3f Restore ConditionGuardNode 2026-06-24 19:18:57 +01:00
Owen Mansel-Chan
c5895a85ce Fix treatment of ParenExpr 2026-06-24 19:18:55 +01:00
Owen Mansel-Chan
85d198ebdf Add Go CFG consistency query 2026-06-24 19:18:53 +01:00
Owen Mansel-Chan
4409d8271c Go: update expected node names 2026-06-24 19:18:51 +01:00
Owen Mansel-Chan
3a955b172f Use shared CFG getIfInit 2026-06-24 19:18:49 +01:00
Owen Mansel-Chan
c4011f16aa Fix lit-init nodes 
There was a loop in the definitions which meant nothing ever got made
 2026-06-24 19:18:47 +01:00
Owen Mansel-Chan
63464ecb84 Fix range loop CFG 2026-06-24 19:18:45 +01:00
Owen Mansel-Chan
4d627be3a0 update function-entry additional nodes 2026-06-24 19:18:43 +01:00
Owen Mansel-Chan
5962a22bdb Restore ExprNode for FuncLit 2026-06-24 19:18:41 +01:00
Owen Mansel-Chan
7430209c3a Accept change in test output 
To determine that test9 can't return normally, you have to use the fact
that test5 can't return normally. This would make CFG construction
recursive, which would be bad for performance. Therefore we accept the
limitation that we cannot detect that test9 can't return normally, and
we change the test output.
 2026-06-24 19:18:39 +01:00
Owen Mansel-Chan
dc7867b459 Fix empty switch statements 2026-06-24 19:18:37 +01:00
Owen Mansel-Chan
8c7859929c Control flow shouldn't enter another callable 2026-06-24 19:18:34 +01:00
Owen Mansel-Chan
c1dfeaca9f Fix CFG for return instructions 2026-06-24 19:18:32 +01:00
Owen Mansel-Chan
1bcdbd2d34 Produce CFG nodes for more reference expressions, like selector bases 2026-06-24 19:18:30 +01:00
Owen Mansel-Chan
cffc3c7bec Fix global value numbering calculation 2026-06-24 19:18:28 +01:00
Owen Mansel-Chan
8fb4875021 Include receivers in parameter init 2026-06-24 19:18:26 +01:00
Owen Mansel-Chan
008cbbadcf Fix CFG for range loop 2026-06-24 19:18:24 +01:00
Owen Mansel-Chan
d6d254fdda Fix CFG for select statements 2026-06-24 19:18:22 +01:00
Owen Mansel-Chan
a5e761254e Use shared CFG implementation of for loops 2026-06-24 19:18:20 +01:00
Owen Mansel-Chan
e328a5d69e Do not include comments in the CFG 2026-06-24 19:18:18 +01:00
Owen Mansel-Chan
01568dd2db Fix edges to function exit with result variables 2026-06-24 19:18:16 +01:00
Owen Mansel-Chan
c136d3ec30 Tweak getEnclosingCallable 2026-06-24 19:18:14 +01:00
Owen Mansel-Chan
6a1649d384 Model non-returning functions in CFG 2026-06-24 19:18:12 +01:00
Owen Mansel-Chan
fbd82ffd68 Create cfg node for child of ParenExpr 2026-06-24 19:18:10 +01:00
Owen Mansel-Chan
3937a96ca4 Add go/print-cfg 2026-06-24 19:18:07 +01:00
Owen Mansel-Chan
a26cbad255 Initial shared CFG library instantiation for Go 2026-06-24 19:18:05 +01:00
Owen Mansel-Chan
412f4c2403 Incidental fix to CaseClause.getAnExpr() 2026-06-24 19:18:03 +01:00
copilot-swe-agent[bot]
1e05710256 Initial plan 2026-06-24 19:18:01 +01:00
Anders Schack-Mulligen
bcf71d0db6 Merge pull request #22043 from github/copilot/tweak-ruby-ast-caseexpr 
Ruby: synthesize implicit `true` value for valueless `CaseExpr`
 2026-06-24 15:43:04 +02:00
Anders Schack-Mulligen
5047bee432 Ruby: Adjust qldoc. 2026-06-24 13:36:54 +02:00
Anders Schack-Mulligen
29eba2f38e Merge pull request #22017 from aschackmull/cfg/catchclause-pattern 
Cfg: Change AST/CFG for CatchClauses to use a pattern.
 2026-06-24 13:21:54 +02:00
copilot-swe-agent[bot]
4fa8a9fb1d Synthesize true value for valueless Ruby CaseExpr 2026-06-24 10:36:23 +00:00
Michael Nebel
a24d222d96 Merge pull request #22011 from michaelnebel/csharp/removeafallback 
C#: Re-factor feed handling logic into its own component.
 2026-06-24 11:58:56 +02:00
Anders Schack-Mulligen
bcfee987f0 Apply suggestion from @aschackmull 2026-06-24 10:26:26 +02:00
Anders Schack-Mulligen
e1d4fe8605 C#: Accept test changes. 2026-06-23 14:42:20 +02:00
Anders Schack-Mulligen
11725e8921 Java: Accept test changes. 2026-06-23 14:28:44 +02:00
Anders Schack-Mulligen
41297c588c Cfg: Change AST/CFG for CatchClauses to use a pattern. 2026-06-23 14:28:44 +02:00
yoff
53cae687f7 Merge pull request #21931 from github/yoff/python-shared-cfg-loop-else 
Shared CFG: add defaulted getWhileElse/getForeachElse to AstSig
 2026-06-23 14:25:16 +02:00
Anders Schack-Mulligen
cfbf4a3927 Merge pull request #22037 from github/copilot/update-csharp-extractor-catch-clause 
C# extractor: extract `catch(ExceptionType)` type as `TypeAccess` instead of `TypeMention`
 2026-06-23 14:21:43 +02:00
copilot-swe-agent[bot]
b254aa7e0b C#: Extract catch(Ex) type as TypeAccess instead of TypeMention 2026-06-23 13:55:39 +02:00
yoff
d26102b263 Merge pull request #21920 from github/yoff/python-flow-py-namespace 
Python: qualify Flow.qll's AST references with Py:: prefix
 2026-06-23 13:20:26 +02:00
yoff
73ab3e6888 Update shared/controlflow/codeql/controlflow/ControlFlowGraph.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2026-06-23 12:41:02 +02:00
yoff
15cbbb82eb Shared CFG: add defaulted getLoopElse to AstSig 
Adds a new defaulted signature predicates to the shared CFG library:

- getLoopElse: `else` block of a loop statement, if
  any (used by Python's `while-else` / `for-else` constructs).

The predicate defaults to `none()`, so behaviour is unchanged for any
language that doesn't override it (verified by re-running
java/ql/test/library-tests/controlflow/).

The Make0 succession rules are extended:
- WhileStmt/ForeachStmt: route the loop-exit edge through the else
  block before reaching the after-position.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-06-23 12:41:02 +02:00
yoff
7d95024487 Apply suggestions from code review 
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
 2026-06-23 12:36:53 +02:00
Copilot
06fa46f664 Python: qualify Flow.qll's AST references with Py:: prefix 
Preparatory refactor for the shared-CFG dataflow migration. Switches
'import python' to 'import python as Py' inside Flow.qll, and qualifies
every AST-class reference (Expr, Bytes, Dict, AssignExpr, Compare,
Module, Scope, Call, Attribute, SsaVariable, AugAssign, etc.) with the
Py:: prefix.

Flow.qll's own CFG types (ControlFlowNode, BasicBlock, CallNode,
NameNode, DefinitionNode, CompareNode, ...) keep their unqualified
names — they remain the public CFG API exported from this file.

This is a semantic noop: the qualification was applied mechanically by
script and no name resolution changes. Verified by:
- All 361 lib/ + src/ queries compile clean.
- All 186 ControlFlow + PointsTo + dataflow library-tests pass.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-06-23 12:36:53 +02:00
Geoffrey White
f6dce466a0 Merge pull request #22009 from geoffw0/rust-crypto 
Rust: Additional test cases for rust/weak-sensitive-data-hashing
 2026-06-23 10:53:45 +01:00