hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-12 13:11:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,943 Commits 1,689 Branches 160 Tags
f23351afca1883f1d87672fd579e8eebb4f375db
Commit Graph

84943 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
f23351afca Rust: Refactor MaD provanance-based filtering 2025-12-19 19:35:41 +01:00
Tom Hvitved
27874caf14 Merge pull request #20973 from hvitved/rust/type-inference-distinguish-mut-ref 
Rust: Distinguish `&mut T` from `&T` in type inference
 2025-12-18 15:59:40 +01:00
Asger F
f169251a0c Merge pull request #20668 from knewbury01/knewbury01/add-react-useref-step 
Add React missing useRef related constructs
 2025-12-18 14:20:41 +01:00
Tom Hvitved
47d0863bc5 Merge pull request #21038 from github/path-combine-name-desc-update 
Clarify Path.Combine call behavior
 2025-12-18 12:54:38 +01:00
Tom Hvitved
aae6cd93a2 Address review comments 2025-12-18 12:47:43 +01:00
Tom Hvitved
3c6a757c3e Rust: Distinguish &mut T from &T in type inference 2025-12-18 12:47:42 +01:00
Asger F
806fcb2a15 Merge branch 'main' into knewbury01/add-react-useref-step 2025-12-18 12:10:10 +01:00
Simon Friis Vindum
da99bbf6a6 Merge pull request #21059 from paldepind/rust/adt-class 
Rust: Improve and rename `Adt` class
 2025-12-18 10:41:11 +01:00
Simon Friis Vindum
96a986228d Rust: Revert accidental changes 2025-12-18 09:04:07 +01:00
Jon Janego
a3c0082ac7 Update PathCombine.expected 2025-12-17 09:53:07 -06:00
Jon Janego
425d62cfd6 Update PathCombine metadata for clarity 2025-12-17 09:50:11 -06:00
Tom Hvitved
98dc4390ea Merge pull request #21060 from hvitved/shared/unbound-list 
Shared: Add library for unbound lists
 2025-12-17 16:20:40 +01:00
Jon Janego
e36b602743 Enhance PathCombine.ql metadata details 2025-12-17 09:16:56 -06:00
Jon Janego
7423f6f99b Fix typo in warning message for Path.Combine 2025-12-17 09:16:05 -06:00
Simon Friis Vindum
9e8735f84c Merge pull request #20878 from paldepind/rust/axum-model 
Rust: Add models for Axum
 2025-12-17 15:47:28 +01:00
Tom Hvitved
47e375f6e4 Merge pull request #21057 from hvitved/rust/fix-bad-join 
Rust: Fix bad join
 2025-12-17 15:34:45 +01:00
Tom Hvitved
adfaefd1e6 Merge pull request #21043 from hvitved/rust/type-inference-trait-bounds-overlap 
Rust: Fix candidate receiver type calculation for trait bounds
 2025-12-17 15:31:00 +01:00
Simon Friis Vindum
8564c1f458 Rust: Add change note 2025-12-17 14:50:50 +01:00
Simon Friis Vindum
97fd70e4f4 Rust: Accept change to expected file 2025-12-17 14:19:19 +01:00
Simon Friis Vindum
f1364caaa9 Rust: Add upgrade and downgrade scripts 2025-12-17 14:19:18 +01:00
Simon Friis Vindum
b64809cbd3 Rust: Adapt QL to AST changes 2025-12-17 14:19:16 +01:00
Tom Hvitved
b6cda4a29b Update shared/util/codeql/util/UnboundList.qll 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-12-17 13:44:47 +01:00
Tom Hvitved
08339fe0df Shared: Add library for unbound lists 2025-12-17 13:13:39 +01:00
Tom Hvitved
5c604fce48 Rust: Fix bad join 
Before
```
Evaluated relational algebra for predicate TypeInference::MethodResolution::MethodCall.getTrait/0#dispred#fc13ba6e@914858bt with tuple counts:
          153112   ~2%    {2} r1 = SCAN `Operation::Operation.isOverloaded/3#f0e64084` OUTPUT In.0, In.1
          153112   ~2%    {2}    | STREAM DEDUP

           18807   ~0%    {2} r2 = JOIN `TypeInference::getCallExprTraitQualifier/1#c084fe9f` WITH TypeInference::MethodResolution::MethodCallCallExpr#6eae461f ON FIRST 1 OUTPUT Lhs.0, Lhs.1

        65859035   ~3%    {3} r3 = JOIN `_IndexExpr::Generated::IndexExpr#9975e37a_TypeInference::MethodResolution::MethodCallIndexExpr.isInM__#shared` WITH Trait::Generated::Trait#ecf50173 CARTESIAN PRODUCT OUTPUT Rhs.0, _, Lhs.0
        65859035   ~0%    {3}    | REWRITE WITH Out.1 := "core::ops::index::Index"
           11191   ~0%    {2}    | JOIN WITH `Addressable::Addressable.getCanonicalPath/0#dispred#6044348f#bb` ON FIRST 2 OUTPUT Lhs.2, Lhs.0

             671   ~0%    {1} r4 = JOIN IndexExpr::Generated::IndexExpr#9975e37a WITH `TypeInference::MethodResolution::MethodCallIndexExpr.isInMutableContext/0#dispred#8c8ad425` ON FIRST 1 OUTPUT Lhs.0
         3948835   ~2%    {3}    | JOIN WITH Trait::Generated::Trait#ecf50173 CARTESIAN PRODUCT OUTPUT Rhs.0, _, Lhs.0
         3948835   ~2%    {3}    | REWRITE WITH Out.1 := "core::ops::index::IndexMut"
             671   ~1%    {2}    | JOIN WITH `Addressable::Addressable.getCanonicalPath/0#dispred#6044348f#bb` ON FIRST 2 OUTPUT Lhs.2, Lhs.0

          183781   ~0%    {2} r5 = r1 UNION r2 UNION r3 UNION r4
                          return r5
```

After
```
Evaluated relational algebra for predicate TypeInference::MethodResolution::MethodCall.getTrait/0#dispred#fc13ba6e@1b4a55e3 with tuple counts:
        153112   ~2%    {2} r1 = SCAN `Operation::Operation.isOverloaded/3#f0e64084` OUTPUT In.0, In.1
        153112   ~2%    {2}    | STREAM DEDUP

         11191   ~0%    {2} r2 = JOIN `_IndexExpr::Generated::IndexExpr#9975e37a_TypeInference::MethodResolution::MethodCallIndexExpr.isInM__#shared` WITH Stdlib::IndexTrait#e80543a5 CARTESIAN PRODUCT OUTPUT Lhs.0, Rhs.0

         18807   ~0%    {2} r3 = JOIN `TypeInference::getCallExprTraitQualifier/1#c084fe9f` WITH TypeInference::MethodResolution::MethodCallCallExpr#6eae461f ON FIRST 1 OUTPUT Lhs.0, Lhs.1

           671   ~0%    {1} r4 = JOIN IndexExpr::Generated::IndexExpr#9975e37a WITH `TypeInference::MethodResolution::MethodCallIndexExpr.isInMutableContext/0#dispred#8c8ad425` ON FIRST 1 OUTPUT Lhs.0
           671   ~1%    {2}    | JOIN WITH Stdlib::IndexMutTrait#4d6c31bd CARTESIAN PRODUCT OUTPUT Lhs.0, Rhs.0

        183781   ~0%    {2} r5 = r1 UNION r2 UNION r3 UNION r4
                        return r5
```
 2025-12-17 11:52:28 +01:00
Simon Friis Vindum
dd02ac3964 Rust: Update generated files 2025-12-17 11:13:13 +01:00
Simon Friis Vindum
ca6c054256 Rust: Rename Adt class and lift common predicates to it 2025-12-17 11:13:11 +01:00
Simon Friis Vindum
22bc924c26 Rust: Apply Black formatter to annotations.py 2025-12-17 11:13:10 +01:00
Tom Hvitved
eb56cbd358 Rust: Fix candidate receiver type calculation for trait bounds 2025-12-17 11:06:27 +01:00
Tom Hvitved
3104adbe77 Rust: Add type inference test 2025-12-17 11:06:22 +01:00
Tom Hvitved
802c465b31 Merge pull request #21027 from hvitved/rust/type-inference-matching-specialization 
Rust: Also use specialized types when inferring types for calls
 2025-12-17 11:03:44 +01:00
Tom Hvitved
fe0ce7a492 Address review comments 2025-12-17 10:35:28 +01:00
Michael Nebel
8eddc71e0e Merge pull request #21016 from michaelnebel/csharp/slnx 
C#: Support `.slnx.` solution files.
 2025-12-17 09:27:11 +01:00
Jon Janego
576f270753 Update PathCombine.ql 2025-12-16 16:39:06 -06:00
Jon Janego
30673a2fc8 Enhance PathCombine metadata with detailed description 
Updated the `name` and `description` of PathCombine.ql to provide more details about the issue.
 2025-12-16 10:37:53 -06:00
Jon Janego
84a501d360 Update csharp/ql/src/Bad Practices/PathCombine.ql 
Co-authored-by: Tom Hvitved <hvitved@github.com>
 2025-12-16 09:10:39 -06:00
Simon Friis Vindum
420dd9ab61 Rust: Add change note for Axum models 2025-12-16 15:15:22 +01:00
Simon Friis Vindum
e53bdb11be Rust: Accept changes to expected files for consistency check 2025-12-16 13:15:34 +01:00
Simon Friis Vindum
63329b47d8 Merge pull request #21036 from paldepind/rust/prioritize-manual-summaries 
Rust: Don't apply generated models for functions that have a manual model
 2025-12-16 12:47:27 +01:00
Simon Friis Vindum
cbdab99497 Rust: Add XSS sink for Axum HTML response creation 2025-12-16 12:41:44 +01:00
Simon Friis Vindum
fbf9f7eda7 Rust: Add models for Axum 2025-12-16 12:41:32 +01:00
Simon Friis Vindum
0ea06aca06 Rust: Introduce more functions in Axum test 2025-12-16 12:32:40 +01:00
Michael Nebel
7df1d7a13f C#: Address review comment. 2025-12-16 10:21:08 +01:00
Simon Friis Vindum
8c4b81ebc7 Rust: Fix typo in comment 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-12-16 10:19:01 +01:00
Simon Friis Vindum
477e1cd96c Rust: Fix manual model for PathBuf::as_path 2025-12-16 09:25:42 +01:00
Jon Janego
bd9b657e91 Update csharp/ql/src/Bad Practices/PathCombine.ql 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-12-15 15:20:52 -06:00
Jon Janego
f6e3e192ca Clarify Path.Combine call behavior in documentation 
Updated the name and description to clarify the issue with Path.Combine.
 2025-12-15 15:18:34 -06:00
Tom Hvitved
d709343d38 Merge pull request #21011 from aschackmull/mad/shared-externalflow 
Java/C++/Go/C#: Share parts of ExternalFlow.qll
 2025-12-15 20:27:04 +01:00
Tom Hvitved
74ed18a89f Merge pull request #21035 from hvitved/rust/ord-models 
Rust: Add models for `core::cmp::Ord::{min,max,clamp}`
 2025-12-15 17:09:33 +01:00
Simon Friis Vindum
1b70111dd2 Rust: Don't apply generated models for functions that have a manual model 2025-12-15 14:25:49 +01:00
Simon Friis Vindum
d2cfd53933 Rust: Add test with wrong generated model 2025-12-15 14:23:48 +01:00