codeql

mirror of https://github.com/github/codeql.git synced 2026-02-14 22:21:06 +01:00

Author	SHA1	Message	Date
Jon Janego	e36b602743	Enhance PathCombine.ql metadata details	2025-12-17 09:16:56 -06:00
Jon Janego	7423f6f99b	Fix typo in warning message for Path.Combine	2025-12-17 09:16:05 -06:00
Simon Friis Vindum	9e8735f84c	Merge pull request #20878 from paldepind/rust/axum-model Rust: Add models for Axum	2025-12-17 15:47:28 +01:00
Tom Hvitved	47e375f6e4	Merge pull request #21057 from hvitved/rust/fix-bad-join Rust: Fix bad join	2025-12-17 15:34:45 +01:00
Tom Hvitved	adfaefd1e6	Merge pull request #21043 from hvitved/rust/type-inference-trait-bounds-overlap Rust: Fix candidate receiver type calculation for trait bounds	2025-12-17 15:31:00 +01:00
Simon Friis Vindum	8564c1f458	Rust: Add change note	2025-12-17 14:50:50 +01:00
Simon Friis Vindum	97fd70e4f4	Rust: Accept change to expected file	2025-12-17 14:19:19 +01:00
Simon Friis Vindum	f1364caaa9	Rust: Add upgrade and downgrade scripts	2025-12-17 14:19:18 +01:00
Simon Friis Vindum	b64809cbd3	Rust: Adapt QL to AST changes	2025-12-17 14:19:16 +01:00
Tom Hvitved	b6cda4a29b	Update shared/util/codeql/util/UnboundList.qll Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>	2025-12-17 13:44:47 +01:00
Tom Hvitved	08339fe0df	Shared: Add library for unbound lists	2025-12-17 13:13:39 +01:00
Tom Hvitved	5c604fce48	Rust: Fix bad join Before ``` Evaluated relational algebra for predicate TypeInference::MethodResolution::MethodCall.getTrait/0#dispred#fc13ba6e@914858bt with tuple counts: 153112 ~2% {2} r1 = SCAN `Operation::Operation.isOverloaded/3#f0e64084` OUTPUT In.0, In.1 153112 ~2% {2} \| STREAM DEDUP 18807 ~0% {2} r2 = JOIN `TypeInference::getCallExprTraitQualifier/1#c084fe9f` WITH TypeInference::MethodResolution::MethodCallCallExpr#6eae461f ON FIRST 1 OUTPUT Lhs.0, Lhs.1 65859035 ~3% {3} r3 = JOIN `_IndexExpr::Generated::IndexExpr#9975e37a_TypeInference::MethodResolution::MethodCallIndexExpr.isInM__#shared` WITH Trait::Generated::Trait#ecf50173 CARTESIAN PRODUCT OUTPUT Rhs.0, _, Lhs.0 65859035 ~0% {3} \| REWRITE WITH Out.1 := "core::ops::index::Index" 11191 ~0% {2} \| JOIN WITH `Addressable::Addressable.getCanonicalPath/0#dispred#6044348f#bb` ON FIRST 2 OUTPUT Lhs.2, Lhs.0 671 ~0% {1} r4 = JOIN IndexExpr::Generated::IndexExpr#9975e37a WITH `TypeInference::MethodResolution::MethodCallIndexExpr.isInMutableContext/0#dispred#8c8ad425` ON FIRST 1 OUTPUT Lhs.0 3948835 ~2% {3} \| JOIN WITH Trait::Generated::Trait#ecf50173 CARTESIAN PRODUCT OUTPUT Rhs.0, _, Lhs.0 3948835 ~2% {3} \| REWRITE WITH Out.1 := "core::ops::index::IndexMut" 671 ~1% {2} \| JOIN WITH `Addressable::Addressable.getCanonicalPath/0#dispred#6044348f#bb` ON FIRST 2 OUTPUT Lhs.2, Lhs.0 183781 ~0% {2} r5 = r1 UNION r2 UNION r3 UNION r4 return r5 ``` After ``` Evaluated relational algebra for predicate TypeInference::MethodResolution::MethodCall.getTrait/0#dispred#fc13ba6e@1b4a55e3 with tuple counts: 153112 ~2% {2} r1 = SCAN `Operation::Operation.isOverloaded/3#f0e64084` OUTPUT In.0, In.1 153112 ~2% {2} \| STREAM DEDUP 11191 ~0% {2} r2 = JOIN `_IndexExpr::Generated::IndexExpr#9975e37a_TypeInference::MethodResolution::MethodCallIndexExpr.isInM__#shared` WITH Stdlib::IndexTrait#e80543a5 CARTESIAN PRODUCT OUTPUT Lhs.0, Rhs.0 18807 ~0% {2} r3 = JOIN `TypeInference::getCallExprTraitQualifier/1#c084fe9f` WITH TypeInference::MethodResolution::MethodCallCallExpr#6eae461f ON FIRST 1 OUTPUT Lhs.0, Lhs.1 671 ~0% {1} r4 = JOIN IndexExpr::Generated::IndexExpr#9975e37a WITH `TypeInference::MethodResolution::MethodCallIndexExpr.isInMutableContext/0#dispred#8c8ad425` ON FIRST 1 OUTPUT Lhs.0 671 ~1% {2} \| JOIN WITH Stdlib::IndexMutTrait#4d6c31bd CARTESIAN PRODUCT OUTPUT Lhs.0, Rhs.0 183781 ~0% {2} r5 = r1 UNION r2 UNION r3 UNION r4 return r5 ```	2025-12-17 11:52:28 +01:00
Simon Friis Vindum	dd02ac3964	Rust: Update generated files	2025-12-17 11:13:13 +01:00
Simon Friis Vindum	ca6c054256	Rust: Rename `Adt` class and lift common predicates to it	2025-12-17 11:13:11 +01:00
Simon Friis Vindum	22bc924c26	Rust: Apply Black formatter to annotations.py	2025-12-17 11:13:10 +01:00
Tom Hvitved	eb56cbd358	Rust: Fix candidate receiver type calculation for trait bounds	2025-12-17 11:06:27 +01:00
Tom Hvitved	3104adbe77	Rust: Add type inference test	2025-12-17 11:06:22 +01:00
Tom Hvitved	802c465b31	Merge pull request #21027 from hvitved/rust/type-inference-matching-specialization Rust: Also use specialized types when inferring types for calls	2025-12-17 11:03:44 +01:00
Tom Hvitved	fe0ce7a492	Address review comments	2025-12-17 10:35:28 +01:00
Jeroen Ketema	a04b10cb86	Swift: Fix dataset check errors by not referring to unavailable decls Test Test Test Test Test Test	2025-12-17 10:14:58 +01:00
Michael Nebel	8eddc71e0e	Merge pull request #21016 from michaelnebel/csharp/slnx C#: Support `.slnx.` solution files.	2025-12-17 09:27:11 +01:00
Taus	4d45b5839d	Python: Add change note	2025-12-16 23:57:58 +01:00
Taus	b9616eb639	Python: Add stats Not actually based on any measurements, just the usual 100/1000 stuff.	2025-12-16 23:57:58 +01:00
Taus	82c629ada8	Python: Add up-/downgrade scripts for template literals We do the usual thing. Downgrade scripts remove the relevant relations; upgrade scripts do nothing.	2025-12-16 23:57:58 +01:00
Taus	47c967a06c	Python: Bump extractor version	2025-12-16 23:57:58 +01:00
Taus	414e689291	Python: Add AST node wrappers	2025-12-16 23:57:58 +01:00
Taus	652c335d30	Python: Regenerate AST and dbscheme files	2025-12-16 23:57:58 +01:00
Taus	28e733e335	Python: Support template strings in rest of extractor Adds three new AST nodes to the mix: - `TemplateString` represents a t-string in Python 3.14 - `TemplateStringPart` represents one of the string constituents of a t-string. (The interpolated expressions are represented as `Expr` nodes, just like f-strings.) - `JoinedTemplateString` represents an implicit concatenation of template strings. Importantly, we _completely avoid_ the complicated construction we currently do for format strings (as well as the confusing nomenclature). No extra injection of empty strings (so that a template string is a strict alternation of strings and expressions). A `JoinedTemplateString` simply has a list of template string children, and a `TemplateString` has a list of "values" which may be either `Expr` or `TemplateStringPart` nodes. If we ever find that we actually want the more complicated interface for these strings, then I would much rather we reconstruct this inside of QL rather than in the parser.	2025-12-16 23:57:58 +01:00
Taus	cd7ae34380	Python: Regenerate parser files	2025-12-16 23:57:58 +01:00
Taus	7768ebe8b8	Python: Add parser support for template strings - Extends the scanner with a new token kind representing the start of a template string. This is used to distinguish template strings from regular strings (because only a template string will start with a `_template_string_start` external token). - Cleans up the logic surrounding interpolations (and the method names) so that format strings and template strings behave the same in this case. Finally, we add two new node types in the tree-sitter grammar: - `template_string` behaves like format strings, but is a distinct type (mainly so that an implicit concatenation between template strings and regular strings becomes a syntax error). - `concatenated_template_string` is the counterpart of `concatenated_string`. However, internally, the string parts of a template strings are just the same `string_content` nodes that are used in regular format strings. We will disambiguate these inside `tsg-python`.	2025-12-16 23:57:58 +01:00
Jon Janego	576f270753	Update PathCombine.ql	2025-12-16 16:39:06 -06:00
Jon Janego	44d896abaf	Merge pull request #21054 from github/changedocs-2.23.8 Changedocs 2.23.8	2025-12-16 12:18:59 -06:00
Jon Janego	c7ec175e10	Minor change to 2.23.1 rst	2025-12-16 11:36:34 -06:00
Jon Janego	92bb40d7e4	Minor revert to 2.23.1 rst	2025-12-16 11:35:35 -06:00
Jon Janego	ff0a0ed373	Adds changelog docs for 2.23.7 and 2.23.8	2025-12-16 11:28:34 -06:00
Jon Janego	30673a2fc8	Enhance PathCombine metadata with detailed description Updated the `name` and `description` of PathCombine.ql to provide more details about the issue.	2025-12-16 10:37:53 -06:00
Jon Janego	84a501d360	Update csharp/ql/src/Bad Practices/PathCombine.ql Co-authored-by: Tom Hvitved <hvitved@github.com>	2025-12-16 09:10:39 -06:00
Simon Friis Vindum	420dd9ab61	Rust: Add change note for Axum models	2025-12-16 15:15:22 +01:00
Simon Friis Vindum	e53bdb11be	Rust: Accept changes to expected files for consistency check	2025-12-16 13:15:34 +01:00
Simon Friis Vindum	63329b47d8	Merge pull request #21036 from paldepind/rust/prioritize-manual-summaries Rust: Don't apply generated models for functions that have a manual model	2025-12-16 12:47:27 +01:00
Simon Friis Vindum	cbdab99497	Rust: Add XSS sink for Axum HTML response creation	2025-12-16 12:41:44 +01:00
Simon Friis Vindum	fbf9f7eda7	Rust: Add models for Axum	2025-12-16 12:41:32 +01:00
Simon Friis Vindum	0ea06aca06	Rust: Introduce more functions in Axum test	2025-12-16 12:32:40 +01:00
Paolo Tranquilli	6fc963177c	codegen: mention Rust in the README Updated README to reflect support for the Rust extractor and added details about Rust generated files.	2025-12-16 11:05:39 +01:00
Michael Nebel	7df1d7a13f	C#: Address review comment.	2025-12-16 10:21:08 +01:00
Simon Friis Vindum	8c4b81ebc7	Rust: Fix typo in comment Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>	2025-12-16 10:19:01 +01:00
yoff	cbc0100675	Apply suggestion from @Copilot	2025-12-16 10:11:05 +01:00
yoff	50e9057db1	java: add change note	2025-12-16 10:11:05 +01:00
yoff	c6240e5a99	java: understand more initializers Whne a fiels is assigned a safe type in a constructor, that field is not exposed.	2025-12-16 10:11:05 +01:00
yoff	a65d385297	java: add tests for thread safe initialisation Co-authored-by: Raúl Pardo <raul.pardo@protonmail.com>	2025-12-16 10:11:05 +01:00

... 12 13 14 15 16 ...

85654 Commits