hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-13 11:06:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
85,368 Commits 1,711 Branches 162 Tags
codeql-cli/v2.24.0
Commit Graph

85368 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alvaro Muñoz
dbcf113546 Bump qlpack versions 2024-10-23 22:04:01 +02:00
Alvaro Muñoz
b6a26e76d4 New azure models 2024-10-23 22:03:11 +02:00
Alvaro Muñoz
ae6309daf6 Account for tar -C option to specify path 2024-10-23 22:02:58 +02:00
Florin Coada
6838d9414b CodeQL 2.19.2 changedocs 2024-10-23 16:02:22 +01:00
erik-krogh
073d6d8c14 have getId always return null if skipExtractingTypes is set 2024-10-23 16:50:23 +02:00
Taus
5db601af3c Python: Allow comments in comprehensions 
A somewhat complicated solution that necessitated adding a new custom
function to `tsg-python`. See the comments in `python.tsg` for why this
was necessary.
 2024-10-23 14:24:47 +00:00
Jeroen Ketema
226756e1d4 Merge pull request #17826 from MathiasVP/missing-flow-with-aliasing-fields 
C++: Add test with missing flow
 2024-10-23 15:49:42 +02:00
Alvaro Muñoz
674afc5edd Improve labelgate accuracy 2024-10-23 15:48:42 +02:00
Calum Grant
421413a654 C++: Update change notes 2024-10-23 14:46:00 +01:00
Michael Nebel
779ee25a19 Merge pull request #17824 from michaelnebel/java/maptoobj 
Java: Add manual models for `mapToObj`.
 2024-10-23 15:40:28 +02:00
Calum Grant
f37be68067 C++: Handle builtin FormattingFunctions better 2024-10-23 14:35:32 +01:00
Tom Hvitved
a3d8b8eb14 Rust: Run codegen 2024-10-23 15:31:08 +02:00
Tom Hvitved
df19281b9f Rust: Introduce AstNode.getEnclosingCallable 2024-10-23 15:31:07 +02:00
Michael Nebel
c1b1c62616 C#: Address review comments. 2024-10-23 15:25:52 +02:00
Tom Hvitved
086e0c61fc Merge pull request #17817 from hvitved/rust/cfg-scope-callable 
Rust: Use `Callable` to define `CfgScope`
 2024-10-23 15:24:13 +02:00
Taus
24ae54886f Merge pull request #17809 from github/tausbn/python-fix-kwargs-in-class-bases 
Python: Fix bug in handling of `**kwargs` in class bases
 2024-10-23 15:04:54 +02:00
Mathias Vorreiter Pedersen
7c5f561724 C++: Accept test changes. 2024-10-23 13:37:06 +01:00
Taus
e1e35689ca Merge pull request #17807 from github/tausbn/python-fix-string-encoding-dataset-check-failure 
Python: Fix string encoding dataset check failure
 2024-10-23 14:26:45 +02:00
Mathias Vorreiter Pedersen
2fd07f28f0 C++: Add test with missing flow. 2024-10-23 13:00:33 +01:00
Michael Nebel
146c88fabb C#: Update test expected output where the results are not affected. 2024-10-23 13:08:21 +02:00
Michael Nebel
5495a211f2 C#: Update exception information exposure expected output. 2024-10-23 13:08:19 +02:00
Michael Nebel
cad9aa21d8 C#: Update flow summaries test expected output. 2024-10-23 13:08:18 +02:00
Michael Nebel
b7b6feed04 C#: Re-generate .NET 8 Runtime models. 2024-10-23 13:08:17 +02:00
Michael Nebel
9cd9ebfda9 C#: Add manual models for StringWriter. 2024-10-23 13:08:15 +02:00
Michael Nebel
87caf3d826 C#: Add change note. 2024-10-23 13:08:14 +02:00
Michael Nebel
d3a359b498 C#: Update .NET 8 models. 2024-10-23 13:08:13 +02:00
Michael Nebel
00ccd20452 C#: Delete all .NET 8 Runtime models. 2024-10-23 13:08:11 +02:00
Michael Nebel
20b5a7b6f0 C#: Update expected test output. 2024-10-23 13:08:10 +02:00
Michael Nebel
062a2ad97d C#: Include exception property accesses in the exception information exposure query. 2024-10-23 13:08:08 +02:00
Alvaro Muñoz
9a0795cc75 Bump qlpack versions 2024-10-23 12:16:32 +02:00
Alvaro Muñoz
43211d3286 Update tests 2024-10-23 12:16:02 +02:00
Alvaro Muñoz
315ffdff8d Improve env var injection sanitizers 2024-10-23 12:15:54 +02:00
Alvaro Muñoz
fef37b6025 Remove pull_request from context event map so that accesss to github.event.pull_request are not considered a source for pull_request triggers 2024-10-23 12:15:26 +02:00
Alvaro Muñoz
c9bb42a46c Enforce a checkout kind of trigger to consider gh pr/gh api ... pulls as a source of untrusted data 2024-10-23 12:14:20 +02:00
Tom Hvitved
7a2105b1d5 Go: Update expected test output 2024-10-23 10:41:13 +02:00
Tom Hvitved
2e7b71c28d Data flow: Prevent quadratic blowup in Stage6Param::localStep 2024-10-23 10:41:12 +02:00
Alvaro Muñoz
6298f2520e Bump qlpack versions 2024-10-23 10:37:33 +02:00
Alvaro Muñoz
d1d92ae68a Create getATriggerEvent for Steps and refactor the code to use it 2024-10-23 10:13:20 +02:00
Alvaro Muñoz
b2a3aaacfd Bump qlpack versions 2024-10-23 09:40:25 +02:00
Alvaro Muñoz
a057b9dd44 Add poisonable step for azure/powershell 2024-10-23 09:39:34 +02:00
Alvaro Muñoz
0738a66380 Add trigger event checks for all checkout models 2024-10-23 09:37:01 +02:00
Michael Nebel
caa08046b6 Java: Update expected test output. 2024-10-23 09:29:29 +02:00
Michael Nebel
3d70f91b9f Java: Add manual models for various mapToObj methods. 2024-10-23 09:29:15 +02:00
Michael Nebel
197642c914 Merge pull request #17547 from michaelnebel/java/jdk17update 
Java: Update Java JDK 17 models.
 2024-10-23 09:07:02 +02:00
Alvaro Muñoz
0cacb6feaf Bump qlpack versions 2024-10-22 22:42:51 +02:00
Alvaro Muñoz
42d4bb577c Better identification of checkout of untrusted code depending on the triggering events 2024-10-22 22:42:11 +02:00
Alvaro Muñoz
8f350d9068 Merge pull request #104 from github/new_gh_sources 
New gh CLI sources
 2024-10-22 21:36:19 +02:00
Henning Makholm
665354ebd2 Merge pull request #17823 from github/hmakholm/pr/graph-equivalence-test 
Supplement 'query-type: graph' with actual query metadata
 2024-10-22 21:08:15 +02:00
Henning Makholm
3d8d340f2a Supplement 'query-type: graph' with actual query metadata 
A number of CPP library tests contain `// query-type: graph`
annotations that make the test driver compare the output
from the test query in a special mode. (This feature is
not used by other languages).

It's somewhat awkward in the implementation of `codeql test run`
that this annotation is not an ordinary item of query metadata --
essentially it means that _every_ test query has to be opened
and read an extra time to look for this annotation. I'd like
to move towards using ordinary query metadata for this, since
the QL compiler already parses it anyway.

For the time being, give the annotation in both old and new
syntaxes, until a CLI that recognizes both has been released.
 2024-10-22 20:38:00 +02:00
Taus
4f60494019 Python: Support assignments of the form [x,y,z] = w 
Surprisingly, the new parser did not support these constructs (and the
relevant test was missing this case), so on files that required the new
parser we were unable to parse this construct.

To fix it, we add `list_pattern` (not to be confused with
`pattern_list`) as a `tree-sitter-python` node that results in a `List`
node in the AST.
 2024-10-22 16:06:35 +00:00