hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-01 21:34:50 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,406 Commits 1,697 Branches 161 Tags
fa471740138190d4ea96b4bcba6690a6ec5c3ac5
Commit Graph

2999 Commits

Author SHA1 Message Date
Nora Dimitrijević
e120e5c3ba Merge pull request #20337 from d10c/d10c/python-overlay-compilation-plus-extractor 
Python: enable overlay compilation + extractor overlay support
 2025-10-16 14:49:01 +02:00
github-actions[bot]
6dd07790ac Post-release preparation for codeql-cli-2.23.3 2025-10-14 11:16:33 +00:00
github-actions[bot]
33542f7d40 Release preparation for version 2.23.3 2025-10-14 09:30:24 +00:00
Taus
c4b27d5f28 Python: Fix ImportError in imp.py under Python 3.14 
It seems `_ERR_MSG` was silently removed in Python 3.14, leading to an
`ImportError` when running the extractor.

To fix this, we explicitly set `_ERR_MSG` when the existing import fails
(using `_ERR_MSG_PREFIX` which is available in Python 3.14+, along with
the bits that make up the difference between this and `_ERR_MSG`).
 2025-10-13 13:50:43 +00:00
Nora Dimitrijević
ece121070b Add change note. 2025-10-06 12:31:21 +02:00
Nora Dimitrijević
20d4e429ca Add consistency query (exactly one path for every entity) 2025-10-06 11:47:56 +02:00
Nora Dimitrijević
7174d4c8ba Overlay.qll: discard predicates 
for dbscheme elements with direct or indirect location links in dbscheme.

- Unify discardable entities under one Discardable superclass.
- Two discard predicates depending on TRAP ID type.
- Future-proof the XML and Yaml discard predicates for when their
  extractors become incremental.
 2025-10-06 11:47:51 +02:00
Nora Dimitrijević
1a9683f986 Add @top database type 2025-10-06 11:47:14 +02:00
Nora Dimitrijević
1574b5fd91 Add synthetic data to dbscheme.stats for databaseMetadata/overlayChangedFiles 2025-10-06 11:37:00 +02:00
Nora Dimitrijević
1c3a7f2b1e Add database upgrade/downgrade scripts 2025-10-06 11:36:58 +02:00
Nora Dimitrijević
a88d3397cd Add overlay builtins to python dbscheme 2025-10-06 11:36:56 +02:00
Nora Dimitrijević
dac50fa0c1 Enable overlay compilation in lib/qlpack.yml 2025-10-06 11:36:51 +02:00
github-actions[bot]
a7a4e43991 Post-release preparation for codeql-cli-2.23.2 2025-09-29 15:10:19 +00:00
github-actions[bot]
d2130a589b Release preparation for version 2.23.2 2025-09-29 10:28:45 +00:00
Taus
e592fd60ff Merge pull request #20495 from github/tausbn/python-fix-unmatchable-dollar-in-lookahead 
Python: Fix false positive for unmatchable dollar/caret
 2025-09-25 15:27:32 +02:00
Simon Friis Vindum
7d6e2060e5 Adapt all languages to changes in shared library 2025-09-22 14:18:58 +02:00
Joe Farebrother
463f79bed2 Merge pull request #20263 from joefarebrother/python-qual-exceptions 
Python: Modernize the Unreachable Except Block query
 2025-09-22 09:42:09 +01:00
Taus
95a84ad655 Python: Fix false positive for unmatchable dollar/caret 
Our previous modelling did not account for the fact that a lookahead can
potentially extend all the way to the end of the input (and similarly,
that a lookbehind can extend all the way to the beginning).

To fix this, I extended `firstPart` and `lastPart` to handle lookbehinds
and lookaheads correctly, and added some test cases (all of which yield
no new results).

Fixes #20429.
 2025-09-19 15:06:46 +00:00
Ian Lynagh
c653d939d9 Merge pull request #20451 from github/post-release-prep/codeql-cli-2.23.1 
Post-release preparation for codeql-cli-2.23.1
 2025-09-17 13:00:14 +01:00
github-actions[bot]
4e8343664f Post-release preparation for codeql-cli-2.23.1 2025-09-17 10:13:40 +00:00
Taus
8fd62252fd Python: Fix bad join in globalVariableNestedFieldJumpStep 2025-09-16 18:12:29 +02:00
Napalys Klicius
431fc8880e Python: Add change note 2025-09-16 18:08:53 +02:00
Napalys Klicius
e82fe9d919 Python: Updated doc string and removed redundant predicate. 2025-09-16 18:08:53 +02:00
Taus
e228aac61f Python: Use AttrWrite.writes 
Also applies @napalys' fix to the base case.
 2025-09-16 18:08:53 +02:00
Taus
6f9e06c59e Python: Add AttrWrite.writes and AttrRead.reads 
The latter of these is identical to `AttrRef.accesses`, but makes the
API a bit more intuitive.
 2025-09-16 18:08:53 +02:00
Napalys Klicius
8393ccf39d Python: Update globalVariableAttrPathAtDepth base case 2025-09-16 18:08:53 +02:00
Taus
6133f01c81 Python: Rewrite access path computation 2025-09-16 18:08:53 +02:00
Taus
69b5853477 Python: Keep track of access path 2025-09-16 18:08:53 +02:00
Napalys Klicius
e60d0c88f1 Python: Add global variable nested field jump steps 2025-09-16 18:08:53 +02:00
github-actions[bot]
02a1b1efcb Release preparation for version 2.23.1 2025-09-16 14:14:42 +00:00
Joe Farebrother
869b7e09d7 Merge pull request #19932 from joefarebrother/python-qual-init-del-calls 
Python: Modernize 4 queries for missing/multiple calls to init/del methods
 2025-09-08 09:29:38 +01:00
Michael Nebel
31852985e5 Merge pull request #20335 from michaelnebel/shared/ql4ql 
Shared and Sync: Fix some Ql4Ql violations.
 2025-09-02 14:37:34 +02:00
Arthur Baars
0bb7fdccf6 Merge pull request #20347 from github/post-release-prep/codeql-cli-2.23.0 
Post-release preparation for codeql-cli-2.23.0
 2025-09-02 14:14:03 +02:00
Anders Schack-Mulligen
f833fe0e6e Merge pull request #20300 from aschackmull/cfg/successortype 
Shared: Add a shared SuccessorType implementation
 2025-09-02 14:09:35 +02:00
Michael Nebel
d3d737b383 Merge pull request #20330 from michaelnebel/python/ql4ql 
Python: Fix some Ql4Ql violations.
 2025-09-02 14:01:54 +02:00
Michael Nebel
7490d8ddd2 Shared and Sync: Fix some Ql4Ql violations. 2025-09-02 13:54:22 +02:00
github-actions[bot]
e8a2600a0c Post-release preparation for codeql-cli-2.23.0 2025-09-02 11:46:23 +00:00
github-actions[bot]
0bfa93828b Release preparation for version 2.23.0 2025-09-02 11:09:32 +00:00
Michael Nebel
dbd31259b3 Python: Fix some Ql4Ql violations. 2025-09-01 15:16:25 +02:00
Joe Farebrother
d0daacd17e Modernize multple calls to init/del 2025-09-01 14:10:22 +01:00
Anders Schack-Mulligen
144e34c669 Shared: Use shared SuccessorType in shared Cfg and BasicBlock libs. 2025-09-01 13:43:32 +02:00
Anders Schack-Mulligen
09b2c5abf0 BasicBlock: Replace entryBlock predicate with subclass. 2025-09-01 11:48:44 +02:00
Anders Schack-Mulligen
f459ddc40a Languages: Adapt to api changes. 2025-09-01 11:26:33 +02:00
Anders Schack-Mulligen
bb3abc815f SSA: Update input to use member predicates. 2025-09-01 11:19:48 +02:00
Taus
f89fae39c5 Merge pull request #20276 from github/tausbn/python-model-psycopg2-connection-pools 
Python: Add support for Psycopg2 database connection pools
 2025-08-29 13:52:59 +02:00
Napalys Klicius
bafe22c50c Merge pull request #20048 from Napalys/js/xml_bomb_sinks 
JS: Exclude patched libraries from `xml-bomb` sink
 2025-08-29 08:10:55 +02:00
Joe Farebrother
bde143e4c1 Merge pull request #20038 from joefarebrother/python-qual-comparison 
Python: Modernize 3 quality queries for comparison methods
 2025-08-28 09:37:20 +01:00
Taus
d5e0298999 Python: Add support for Psycopg2 database connection pools 
Our current modelling only treated `psycopg2` insofar as it implemented
PEP 249 (which does not define any notion of connection pool), which
meant we were missing database connections that arose from such pools.

With these changes, we add support for the three classes relating to
database pools that are defined in `psycopg2`. (Note that
`getAnInstance` automatically looks at subclasses, which means this
should also handle cases where the user has defined a new subclass that
inherits from one of these three classes.)
 2025-08-25 12:35:57 +00:00
Tom Hvitved
bf7e3dabd6 Python: Only include relevant YAML in printAst.ql 2025-08-25 13:54:19 +02:00
Joe Farebrother
9edfd7a6fb Use generator script directly 2025-08-21 14:12:26 +01:00