hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-14 22:21:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
85,654 Commits 1,690 Branches 160 Tags
codeql-cli/v2.24.1
Commit Graph

85654 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Owen Mansel-Chan
7fff3534fa Convert 3 barriers for path injection to MaD 2026-01-06 22:56:59 +00:00
Owen Mansel-Chan
1e18fce300 Convert xss sanitizer to MaD 2026-01-06 22:56:57 +00:00
Owen Mansel-Chan
1e6410804f Allow non-query-specific MaD sanitizers 2026-01-06 22:56:55 +00:00
Anders Schack-Mulligen
1fbc28b753 Go: Add support for MaD barriers and barrier guards. 2026-01-06 22:51:32 +00:00
Jeroen Ketema
c567197f29 C++: Simplify expression 2026-01-06 21:58:43 +01:00
Ian Lynagh
70cc153cf5 Merge pull request #21104 from github/post-release-prep/codeql-cli-2.23.9 
Post-release preparation for codeql-cli-2.23.9
 2026-01-06 18:25:18 +00:00
Geoffrey White
13df23630b Rust: Effect of lifting content reads as taint steps. 2026-01-06 16:47:07 +00:00
Jeroen Ketema
063e5d300e C++: Remove redundant SSA branch after IR fix 2026-01-06 17:40:52 +01:00
Geoffrey White
6e2702c3af Rust: Add some taint tests involving tuples. 2026-01-06 16:38:36 +00:00
Jeroen Ketema
3cd9938ebe C++: Update expected test results after IR changes 2026-01-06 17:37:22 +01:00
Jeroen Ketema
740518d23f C++: Use the loaded this instead of the this initialization 2026-01-06 17:11:22 +01:00
github-actions[bot]
2cb932cf5d Post-release preparation for codeql-cli-2.23.9 2026-01-06 15:42:16 +00:00
Ian Lynagh
b4f4b0e6b0 Merge pull request #21092 from github/release-prep/2.23.9 
Release preparation for version 2.23.9
codeql-cli/v2.23.9 		2026-01-06 15:06:25 +00:00
Owen Mansel-Chan
766e908c79 Accept MaD sanitizers for existing sink kinds 2026-01-06 14:38:27 +00:00
Owen Mansel-Chan
81667d741a Rename classes for external sanitizers 2026-01-06 14:36:54 +00:00
Michael Nebel
b686890ba6 C#: Address review comments. 2026-01-06 15:08:13 +01:00
Tom Hvitved
1a2f72252a Merge pull request #21072 from hvitved/rust/mad-provenance-refactor 
Rust: Refactor MaD provenance-based filtering
 2026-01-06 14:59:42 +01:00
Taus
4a567ad75e Python: Add change note 2026-01-06 13:40:38 +00:00
Taus
2c83b296a4 Python: Add parser test 
Note in particular that the `exceptions.py` test is unaffected.
 2026-01-06 13:40:38 +00:00
Taus
4db60df9dd Python: Regenerate parser files 2026-01-06 13:40:38 +00:00
Taus
2380bfd459 Python: Add support for PEP-758 exception syntax 
See https://peps.python.org/pep-0758/ for more details.

We implement this by extending the syntax for exceptions and exception
groups so that the `type` field can now contain either an expression
(which matches the old behaviour), or a comma-separated list of at least
two elements (representing the new behaviour).

We model the latter case using a new node type `exception_list`, which
in `tsg-python` is simply mapped to a tuple. This means it matches the
existing behaviour (when the tuple is surrounded by parentheses)
exactly, hence we don't need to change any other code.

As a consequence of this, however, we cannot directly parse the Python
2.7 syntax `except Foo, e: ...` as `except Foo as e: ...`, as this would
introduce an ambiguity in the grammar. Thus, we have removed support for
the (deprecated) 2.7-style syntax, and only allow `as` to indicate
binding of the exception. The syntax `except Foo, e: ...` continues to
be parsed (in particular, it's not suddenly a syntax error), but it will
be parsed as if it were `except (Foo, e): ...`, which may not give the
correct results.

In principle we could extend the QL libraries to account for this case
(specifically when analysing Python 2 code). In practice, however, I
expect this to have a minor impact on results, and not worth the
additional investment at this time.
 2026-01-06 13:40:37 +00:00
Tom Hvitved
da6d0abe31 Address review comment 2026-01-06 14:35:07 +01:00
Taus
72f9e34318 Merge pull request #20708 from github/tausbn/python-add-support-for-template-string-literals 
Python: Add support for template string literals
 2026-01-06 14:33:51 +01:00
Ian Lynagh
c233e36d4f Merge pull request #21103 from igfoo/igfoo/css 
Fix header link color and hover effect in query help documentation
 2026-01-06 13:30:40 +00:00
Jeroen Ketema
4ede207c1f Merge pull request #20926 from jketema/jketema/frontend-update 
C++: Update expected test results after frontend update
 2026-01-06 14:25:40 +01:00
Chris Smowton
6ed24f22b5 Change notes 2026-01-06 13:01:37 +00:00
Jeroen Ketema
d02ef7c6b1 C++: Add change notes 2026-01-06 13:53:47 +01:00
Jeroen Ketema
17b22bc088 C++: Update expected test results after frontend _Generic fix 2026-01-06 13:53:45 +01:00
Jeroen Ketema
5117b5906b C++: Exclude comparisons from enum constants in `cpp/constant-comparison 2026-01-06 13:53:44 +01:00
Jeroen Ketema
112eaadfae C++: Add another cpp/constant-comparison FP test case 2026-01-06 13:53:43 +01:00
Jeroen Ketema
1f10cddef5 C++: Accept test changes after frontend update and uncomment test case 
The new frontend version does less constant folding.
 2026-01-06 13:53:41 +01:00
Jeroen Ketema
90d6c9fc56 C++: Exclude more comparisons from cpp/constant-comparison 2026-01-06 13:53:40 +01:00
Jeroen Ketema
509cbf7049 C++: Add cpp/constant-comparison FP test cases after frontend update 2026-01-06 13:53:38 +01:00
Jeroen Ketema
2615dab2e2 C++: Update supported compiler versions 2026-01-06 13:53:35 +01:00
Jeroen Ketema
87a9065d61 C++: Update expected test results after frontend update 2026-01-06 13:53:34 +01:00
Chris Smowton
af36eae002 All languages: account for paths and paths-ignore in XML and other ancillary extraction 2026-01-06 12:48:01 +00:00
Tom Hvitved
eca451ea05 Merge pull request #21101 from hvitved/ruby/fix-bad-join 
Ruby: Fix bad join
 2026-01-06 13:44:29 +01:00
Tom Hvitved
5359b3d6e7 Merge pull request #21099 from hvitved/rust/fix-todo 
Rust: Improve `TuplePositionContent.getAnAccess`
 2026-01-06 13:16:15 +01:00
Ian Lynagh
0465dbe02b Fix header link color and hover effect in query help documentation 
Fix from Oscar, who wrote:

The Alabaster theme's global `a { color: #2F1695 }` rule was overriding
header link colors, rendering them purple instead of white.
 2026-01-06 12:15:50 +00:00
Chris Smowton
bfcd36002a Merge pull request #21049 from smowton/smowton/admin/java-buildless-paths-test 
Add integration test for paths and paths-ignore vs. Java buildless mode
 2026-01-06 12:01:09 +00:00
Michael Nebel
f32860b2d2 Merge pull request #21100 from michaelnebel/csharp14/nameofgenerictype 
C# 14: [TEST ONLY] Test for `nameof` generic type.
 2026-01-06 12:37:10 +01:00
Chris Smowton
6fb6923f63 Change note 2026-01-06 10:59:06 +00:00
Chris Smowton
102cfd06a7 Add integration test for paths and paths-ignore vs. Java buildless mode 2026-01-06 10:59:04 +00:00
Tom Hvitved
358339427b Ruby: Fix bad join 
Before
```
Evaluated relational algebra for predicate Filters::Filters::FilterCall.getAnAction/0#dispred#9c0da667@85a4cbtp with tuple counts:
           394650       ~2%    {2} r1 = `__#Module::ModuleBase.getAMethod/0#dispred#56626ed3Merge_Module::ModuleBase.getModule/0#dispred#4f2c__#shared` AND NOT `_Filters::Filters::FilterCall.getExceptArgument/0#dispred#515c95c0__#Method::Method.getName/0#dispre__#antijoin_rhs`(FIRST 2)
                               {2}    | AND NOT `project#Filters::Filters::FilterCall.getOnlyArgument/0#dispred#f337e70f`(FIRST 1)
           380366       ~0%    {2}    | SCAN OUTPUT In.1, In.0

            29453       ~0%    {2} r2 = JOIN `_#Module::ModuleBase.getAMethod/0#dispred#56626ed3Merge__#AST::AstNode.getEnclosingModule/0#dispred#__#shared` WITH project#ActionController::ActionControllerActionMethod#6db6f5e0 ON FIRST 1 OUTPUT Lhs.0, Lhs.1

           366017       ~0%    {2} r3 = JOIN `_#Module::ModuleBase.getAMethod/0#dispred#56626ed3Merge_Module::ModuleBase.getModule/0#dispred#4f2ca__#shared` WITH project#ActionController::ActionControllerActionMethod#6db6f5e0 ON FIRST 1 OUTPUT Lhs.0, Lhs.1

           395470       ~0%    {2} r4 = r2 UNION r3
           395470       ~0%    {3}    | JOIN WITH `Method::Method.getName/0#dispred#2acbf239` ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Lhs.0
             2227       ~0%    {2}    | JOIN WITH `Filters::Filters::FilterCall.getOnlyArgument/0#dispred#f337e70f` ON FIRST 2 OUTPUT Lhs.2, Lhs.0

           382593       ~0%    {2} r5 = r1 UNION r4
           133735       ~4%    {2}    | JOIN WITH `project#ActionController::ActionControllerActionMethod.getARoute/0#dispred#9eb85e56` ON FIRST 1 OUTPUT Lhs.1, Lhs.0
        540556870       ~2%    {3}    | JOIN WITH Filters::Filters::Filter#a42c5138 CARTESIAN PRODUCT OUTPUT Rhs.0, Lhs.0, Lhs.1
        525979755     ~127%    {3}    | JOIN WITH `Filters::Filters::FilterImpl.getFilterCallable/0#dispred#451bf7d7` ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Rhs.1
                               {3}    | REWRITE WITH TEST InOut.1 != InOut.2
        525979755  ~407036%    {2}    | SCAN OUTPUT In.0, In.1
                               return r5
```

After
```
Evaluated relational algebra for predicate Filters::Filters::FilterCall.getAnAction/0#91dba45c@74dfcepp with tuple counts:
          1363   ~4%    {2} r1 = JOIN `Filters::Filters::FilterCall.getAnActionCand/1#f053150d` WITH `Filters::Filters::FilterCall.getOnlyArgument/0#dispred#f337e70f` ON FIRST 2 OUTPUT Lhs.0, Lhs.2

        140978   ~0%    {3} r2 = `Filters::Filters::FilterCall.getAnActionCand/1#f053150d` AND NOT `Filters::Filters::FilterCall.getExceptArgument/0#dispred#515c95c0#fb`(FIRST 2)
                        {3}    | AND NOT `project#Filters::Filters::FilterCall.getOnlyArgument/0#dispred#f337e70f`(FIRST 1)
        132372   ~3%    {2}    | SCAN OUTPUT In.0, In.2

        133735   ~4%    {2} r3 = r1 UNION r2
                        return r3
```
 2026-01-06 11:42:49 +01:00
Michael Nebel
0a0cbdb799 C#14: Test for nameof generic type. 2026-01-06 11:32:49 +01:00
Michael Nebel
ff1ec47f98 Merge pull request #21095 from michaelnebel/net10/generatedmodels 
C#: Update .NET runtime models.
 2026-01-06 11:15:47 +01:00
Michael Nebel
2e208045d4 C#: Update test expected output. 2026-01-06 10:20:41 +01:00
Anders Peter Fugmann
103b3df885 Merge pull request #21093 from github/andersfugmann/deprecate_kotlin_1.7 
Kotlin: Mark support for Kotlin versions 1.6 and 1.7 as deprecated
 2026-01-06 09:53:26 +01:00
Michael Nebel
f5321548e1 C#: Add change note. 2026-01-06 09:46:44 +01:00
Michael Nebel
5299b356a9 C#: Update models test expected output. 2026-01-06 09:46:34 +01:00