hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-24 19:03:50 +01:00
Code Issues Packages Projects Releases Wiki Activity
85,907 Commits 1,692 Branches 161 Tags
codeql-cli/v2.24.2
Commit Graph

85907 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael B. Gale
d5c4a19efa Apply suggestions from code review 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2026-02-03 10:34:14 +00:00
Tom Hvitved
6fbf727309 Merge pull request #21251 from hvitved/rust/fix-bad-join 
Rust: Fix bad join
 2026-02-02 19:12:30 +01:00
Owen Mansel-Chan
e00390d23a Merge pull request #21224 from owen-mc/go/use-shared-basic-block-lib 
Go: Use shared basic block lib
 2026-02-02 16:31:06 +00:00
Michael B. Gale
d079671ec8 Align testItems with what getEnvVars does 2026-02-02 16:17:22 +00:00
Michael B. Gale
cbbc057dd3 Fix singular/plural wording and add test 2026-02-02 16:15:36 +00:00
Simon Friis Vindum
9fc2a54712 Rust: Accept changes to expected files for consistency checks 2026-02-02 17:12:25 +01:00
Simon Friis Vindum
d0e30d19c4 Rust: Resolve as paths to trait 2026-02-02 16:47:43 +01:00
Simon Friis Vindum
8de37fec17 Rust: Add tests with as paths 2026-02-02 16:43:21 +01:00
Henry Mercer
e712e62f14 Merge pull request #21250 from github/post-release-prep/codeql-cli-2.24.1 
Post-release preparation for codeql-cli-2.24.1
 2026-02-02 07:31:39 -08:00
Michael B. Gale
30b30d65c8 Emit the new diagnostic 2026-02-02 14:47:25 +00:00
Michael B. Gale
6d67e419ff Move private registry sources out of util package 2026-02-02 14:45:06 +00:00
Michael B. Gale
29930fa6bf Track active proxy configurations 2026-02-02 14:40:08 +00:00
Michael B. Gale
a57c6cde30 Add EmitPrivateRegistryUsed 2026-02-02 14:39:27 +00:00
Tom Hvitved
b16f1d3778 Rust: Fix bad join 
Before
```
Evaluated relational algebra for predicate _PathResolution::ImplItemNode.getTraitPath/0#dispred#3b7d1cb6_PathResolution::ImplOrTraitItemNode.ge__#shared@0d3de6d9 with tuple counts:
         395360270  ~2%    {5} r1 = JOIN Type::TAssociatedTypeTypeParameter#6da9e52a WITH `PathResolution::ImplItemNode.getTraitPath/0#dispred#3b7d1cb6` CARTESIAN PRODUCT OUTPUT Rhs.0, Lhs.0, Lhs.1, Lhs.2, Rhs.1
        1274237644  ~0%    {6}    | JOIN WITH `PathResolution::ItemNode.getASuccessor/1#8f430f71` ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Lhs.3, Lhs.4, Rhs.1, Rhs.2
        1274237644  ~0%    {6}    | JOIN WITH PathResolution::TraitItemNode#8d4ce62d ON FIRST 1 OUTPUT Lhs.0, Lhs.4, Lhs.1, Lhs.2, Lhs.3, Lhs.5
           6984871  ~0%    {5}    | JOIN WITH `PathResolution::ImplOrTraitItemNode.getAssocItem/1#f77bb9ed` ON FIRST 3 OUTPUT Lhs.2, Lhs.0, Lhs.3, Lhs.4, Lhs.5
           6984871  ~0%    {4}    | JOIN WITH TypeAlias::Generated::TypeAlias#1ca97780 ON FIRST 1 OUTPUT Lhs.4, Lhs.1, Lhs.2, Lhs.3
           6076675  ~0%    {4}    | JOIN WITH `TypeAlias::Generated::TypeAlias.getTypeRepr/0#dispred#5fd7e521` ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3
                           return r1
```

After
```
Evaluated relational algebra for predicate _PathResolution::ImplItemNode.getTraitPath/0#dispred#3b7d1cb6_PathResolution::ImplOrTraitItemNode.ge__#shared@760e0499 with tuple counts:
          443292  ~2%    {3} r1 = SCAN `PathResolution::ImplOrTraitItemNode.getAssocItem/1#f77bb9ed` OUTPUT In.0, In.2, In.1
            1258  ~1%    {3}    | JOIN WITH Type::TAssociatedTypeTypeParameter#6da9e52a ON FIRST 2 OUTPUT Lhs.2, Lhs.0, Rhs.2
        13656944  ~3%    {4}    | JOIN WITH `PathResolution::ItemNode.getASuccessor/1#8f430f71_102#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Rhs.2
         6984871  ~0%    {4}    | JOIN WITH `PathResolution::ImplItemNode.getTraitPath/0#dispred#3b7d1cb6` ON FIRST 1 OUTPUT Lhs.3, Lhs.1, Lhs.2, Rhs.1
         6076675  ~0%    {4}    | JOIN WITH `TypeAlias::Generated::TypeAlias.getTypeRepr/0#dispred#5fd7e521` ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3
                         return r1
```
 2026-02-02 15:26:32 +01:00
github-actions[bot]
73d06f26cb Post-release preparation for codeql-cli-2.24.1 2026-02-02 14:04:26 +00:00
Ben Rodes
7ddfa80399 Merge branch 'main' into azure_python_sdk_url_summary_upstream 2026-02-02 09:00:35 -05:00
Henry Mercer
fedb9464af Merge pull request #21248 from github/henrymercer/fix-mysql-typo 
Fix capitalization of MySQL
codeql-cli/v2.24.1 		2026-02-02 05:33:39 -08:00
Simon Friis Vindum
99b498b891 Rust: Resolve Self paths in type definitions 2026-02-02 13:51:59 +01:00
Simon Friis Vindum
95afe615b5 Rust: Add path resolution tests 2026-02-02 13:51:57 +01:00
Simon Friis Vindum
8b03608a4f Merge pull request #21188 from paldepind/rust/self-path-assoc 
Rust: Implement type inference for associated types for concrete types
 2026-02-02 13:50:43 +01:00
Henry Mercer
1a6b2b9b82 Fix capitalization of MySQL 2026-02-02 12:37:32 +00:00
Henry Mercer
57c2208f7a Merge pull request #21246 from github/henrymercer/kotlin/version-range-formatting 
Fix formatting of Kotlin version ranges
 2026-02-02 04:30:52 -08:00
Henry Mercer
5f1fd57f84 Fix formatting of Kotlin version ranges 2026-02-02 12:22:50 +00:00
Henry Mercer
6b78313701 Merge pull request #21245 from github/release-prep/2.24.1 
Release preparation for version 2.24.1
 2026-02-02 04:12:14 -08:00
Henry Mercer
38fcc61817 Fix formatting in Kotlin changelog 2026-02-02 12:10:15 +00:00
github-actions[bot]
0db542e9f0 Release preparation for version 2.24.1 2026-02-02 12:09:09 +00:00
Tom Hvitved
4a04f7b66f Merge pull request #21243 from hvitved/csharp/insecure-object-tests 
C#: Add more tests for `InsecureDirectObjectReference.ql`
 2026-02-02 13:03:23 +01:00
Simon Friis Vindum
0567864a83 Rust: Make module private 
Co-authored-by: Tom Hvitved <hvitved@github.com>
 2026-02-02 12:57:26 +01:00
Simon Friis Vindum
18576838d4 Rust: Minor tweaks and improvements 2026-02-02 12:07:18 +01:00
Tom Hvitved
fe0634574d C#: Add more tests for InsecureDirectObjectReference.ql 2026-02-02 11:09:26 +01:00
Michael B. Gale
9a00c75460 Merge pull request #21236 from github/mbg/csharp/fix-registry-feeds 
C#: Make sure `allFeeds` contains at least `explicitFeeds`
 2026-02-02 07:49:33 +00:00
Owen Mansel-Chan
8aa1bff9a5 Add AstNode.getEnclosingBlock() 2026-02-01 23:06:26 +00:00
Owen Mansel-Chan
5204255615 Merge pull request #21234 from owen-mc/python/convert-sanitizers-to-mad 
Python: Allow models-as-data sanitizers
 2026-01-30 14:28:39 +00:00
Owen Mansel-Chan
0222159df5 Specify vulnerable args instead of safe ones 2026-01-30 14:10:03 +00:00
Michael B. Gale
454d13b485 Remove element check 2026-01-30 14:03:43 +00:00
Mathias Vorreiter Pedersen
16670511de Merge pull request #21239 from MathiasVP/logical-binary-fix-guards-cpp 
C++: Ensure that there are AST `GuardCondition`s for `||` and `&&`
 2026-01-30 13:50:55 +00:00
Michael B. Gale
ad2aa6d4f8 Accept expected diagnostic output 2026-01-30 13:38:50 +00:00
Michael B. Gale
3e0719609f Fix missing negation 2026-01-30 13:30:47 +00:00
Michael B. Gale
1aba0b20cd Add integration test 2026-01-30 13:19:47 +00:00
Michael B. Gale
1b5ed129ac Log and emit diagnostic if incorrectly named files are found 2026-01-30 13:19:46 +00:00
Taus
958c798c3f Python: Accept dataflow test changes 
New nodes means new results. Luckily we rarely have a test that selects
_all_ dataflow nodes.
 2026-01-30 12:50:25 +00:00
Taus
fb6175d10b Python: Fix consistency test failures 
As we now have many more capturing closure arguments, we must once again
exclude the ones that don't actually have `argumentOf` defined.
 2026-01-30 12:50:25 +00:00
Taus
3f718123a6 Python: Make capturing closure arguments synthetic and non-global 
Uses the same trick as for `ExtractedArgumentNode`, wherein we postpone
the global restriction on the charpred to instead be in the `argumentOf`
predicate (which is global anyway).

In addition to this, we also converted `CapturedVariablesArgumentNode`
into a proper synthetic node, and added an explicit post-update node for
it. These nodes just act as wrappers for the function part of call
nodes. Thus, to make them work with the variable capture machinery, we
simply map them to the closure node for the corresponding control-flow
or post-update node.
 2026-01-30 12:50:25 +00:00
Taus
6113d4be9e Python: Fix test issues 
Fixes the test failures that arose from making `ExtractedArgumentNode`
local.

For the consistency checks, we now explicitly exclude the
`ExtractedArgumentNode`s (now much more plentiful due to the
overapproximation) that don't have a corresponding `getCallArg` tuple.

For various queries/tests using `instanceof ArgumentNode`, we instead us
`isArgumentNode`, which explicitly filters out the ones for which
`isArgumentOf` doesn't hold (which, again, is the case for most of the
nodes in the overapproximation).
 2026-01-30 12:50:25 +00:00
Taus
7fccc23dbe Python: Make ExtractedArgumentNode local 
Explicitly adds a bunch of nodes that were previously (using a global
analysis) identified as `ExtractedArgumentNode`s. These are then
subsequently filtered out in `argumentOf` (which is global) by putting
the call to `getCallArg` there instead of in the charpred.
 2026-01-30 12:50:25 +00:00
Taus
ac5a74448f Python: Fix tests 
With `ModuleVariableNode`s now appearing for _all_ global variables (not
just the ones that actually seem to be used), some of the tests changed
a bit. Mostly this was in the form of new flow (because of new nodes
that popped into existence). For some inline expectation tests, I opted
to instead exclude these results, as there was no suitable location to
annotate. For the normal tests, I just accepted the output (after having
vetted it carefully, of course).
 2026-01-30 12:50:25 +00:00
Taus
30ce4069c7 Python: Remove global restriction on ModuleVariableNode 
This may result in more nodes, but it should still be bounded by the
number of global variables in the source code.
 2026-01-30 12:50:24 +00:00
Taus
4543c66d26 Python: Prepare LocalSourceNode for locality 
Removes the dependence on the (global) `ModuleVariableNode.getARead()`,
by adding a local version (that doesn't include `import *` reads)
instead.
 2026-01-30 12:50:24 +00:00
Mathias Vorreiter Pedersen
5f079c1d51 C++: Add change note. 2026-01-30 12:19:28 +00:00
Michael B. Gale
5ba3b679dd Move into if statement 2026-01-30 12:18:56 +00:00