hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-11 01:54:00 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,439 Commits 1,740 Branches 164 Tags
codeql-cli/v2.25.0
Commit Graph

86439 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Simon Friis Vindum
82304832e8 Rust: Add type inference examples 2025-03-14 11:13:16 +01:00
Michael Nebel
b3a1ff1fc3 C#: Add cs/non-short-circuit to the CCR suite. 2025-03-14 10:52:25 +01:00
Anders Schack-Mulligen
c2309442d5 C++: Accept qltest changes. 2025-03-14 10:51:28 +01:00
Mathias Vorreiter Pedersen
90774c03be C++: Remove yet another DefinitionExt reference. 2025-03-14 10:51:27 +01:00
Anders Schack-Mulligen
35687ea698 C++: Merge two cached stages. 2025-03-14 10:51:27 +01:00
Anders Schack-Mulligen
7bfd47a924 C++: Fix bad join order. 
Before:

[2025-03-12 10:27:53] Evaluated non-recursive predicate SsaInternals::UseImpl.hasIndexInBlock/2#dispred#1e34a5af@e87543ui in 935ms (size: 8905695).
Evaluated relational algebra for predicate SsaInternals::UseImpl.hasIndexInBlock/2#dispred#1e34a5af@e87543ui with tuple counts:
                          {3} r1 = SsaInternals::DirectUseImpl#a58aae88 AND NOT `_ArithmeticOperation::PostfixCrementOperation#17623ada_Expr::UnaryOperation.getOperand/0#dispred#990__#antijoin_rhs`(FIRST 3)
         8579337   ~4%    {2}    | SCAN OUTPUT In.1, In.0
         8579337   ~0%    {2}    | JOIN WITH `Operand::Operand.getUse/0#dispred#427b49d0` ON FIRST 1 OUTPUT Rhs.1, Lhs.1
         8579337   ~0%    {3}    | JOIN WITH `IRBlock::Cached::getInstruction/2#627f9c61_201#join_rhs` ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Rhs.2

           48215   ~2%    {2} r2 = SCAN SsaInternals::GlobalUse#9cd323b4 OUTPUT In.2, In.0
        35467318   ~3%    {2}    | JOIN WITH `SSAConstruction::getInstructionEnclosingIRFunction/1#5443f355_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1

           48189   ~0%    {2} r3 = JOIN r2 WITH Instruction::ReturnInstruction#28bfb7eb ON FIRST 1 OUTPUT Lhs.0, Lhs.1

           12332   ~0%    {2} r4 = JOIN r2 WITH Instruction::UnreachedInstruction#774c7a34 ON FIRST 1 OUTPUT Lhs.0, Lhs.1

           60521   ~0%    {2} r5 = r3 UNION r4
           60521   ~2%    {3}    | JOIN WITH `IRBlock::Cached::getInstruction/2#627f9c61_201#join_rhs` ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Rhs.2

           39316   ~0%    {2} r6 = JOIN SsaInternals::FinalParameterUse#c1f84700_10#join_rhs WITH `Parameter::Parameter.getFunction/0#dispred#803faca2` ON FIRST 1 OUTPUT Rhs.1, Lhs.1
        43821265   ~0%    {2}    | JOIN WITH `Instruction::Instruction.getEnclosingFunction/0#dispred#cb8ccc56_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1

           39194   ~0%    {2} r7 = JOIN r6 WITH Instruction::ReturnInstruction#28bfb7eb ON FIRST 1 OUTPUT Lhs.0, Lhs.1

           21255   ~2%    {2} r8 = JOIN r6 WITH Instruction::UnreachedInstruction#774c7a34 ON FIRST 1 OUTPUT Lhs.0, Lhs.1

           60449   ~0%    {2} r9 = r7 UNION r8
           60449   ~3%    {3}    | JOIN WITH `IRBlock::Cached::getInstruction/2#627f9c61_201#join_rhs` ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Rhs.2

         8784725   ~1%    {5} r10 = JOIN `_SsaInternals::DirectUseImpl#a58aae88_SsaInternals::DirectUseImpl.getBase/0#dispred#4b8c43d0_SsaInte__#shared` WITH `SsaInternals::DirectUseImpl.getBase/0#dispred#4b8c43d0` ON FIRST 1 OUTPUT Rhs.1, Lhs.0, Lhs.1, Lhs.2, Lhs.3
         8784725   ~0%    {5}    | JOIN WITH `cached_SSAConstruction::getInstructionAst/1#d0d95b50` ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3, Lhs.4
          210435   ~4%    {5}    | JOIN WITH `Expr::UnaryOperation.getOperand/0#dispred#990de484#bf_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3, Lhs.4
          205388   ~0%    {4}    | JOIN WITH ArithmeticOperation::PostfixCrementOperation#17623ada ON FIRST 1 OUTPUT Lhs.4, Lhs.3, Lhs.2, Lhs.1
          205388   ~4%    {3}    | JOIN WITH `__IRBlock::Cached::getInstruction/2#627f9c61_201#join_rhs__ArithmeticOperation::PostfixCrementOperat__#join_rhs` ON FIRST 3 OUTPUT Rhs.4, Lhs.3, Rhs.3
          205388   ~0%    {3}    | JOIN WITH `Operand::Operand.getUse/0#dispred#427b49d0` ON FIRST 1 OUTPUT Lhs.2, Rhs.1, Lhs.1
          205388   ~1%    {3}    | JOIN WITH `IRBlock::Cached::getInstruction/2#627f9c61_021#join_rhs` ON FIRST 2 OUTPUT Lhs.2, Lhs.0, Rhs.2

         8905695   ~0%    {3} r11 = r1 UNION r5 UNION r9 UNION r10
                          return r11

After:

[2025-03-12 11:12:48] Evaluated non-recursive predicate SsaInternals::hasReturnPosition/3#02f7eab8@bc405c4l in 3ms (size: 49368).
Evaluated relational algebra for predicate SsaInternals::hasReturnPosition/3#02f7eab8@bc405c4l with tuple counts:
        49368  ~3%    {1} r1 = Instruction::ReturnInstruction#28bfb7eb UNION Instruction::UnreachedInstruction#774c7a34
        49368  ~0%    {2}    | JOIN WITH `cached_SSAConstruction::getInstructionEnclosingIRFunction/1#5443f355` ON FIRST 1 OUTPUT Lhs.0, Rhs.1
        49368  ~2%    {3}    | JOIN WITH `IRBlock::Cached::getInstruction/2#627f9c61_201#join_rhs` ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Rhs.2
                      return r1

[2025-03-12 11:12:54] Evaluated non-recursive predicate SsaInternals::UseImpl.hasIndexInBlock/2#dispred#1e34a5af@6e30cduo in 549ms (size: 8905695).
Evaluated relational algebra for predicate SsaInternals::UseImpl.hasIndexInBlock/2#dispred#1e34a5af@6e30cduo with tuple counts:
          48215   ~2%    {2} r1 = SCAN SsaInternals::GlobalUse#9cd323b4 OUTPUT In.2, In.0
          60521   ~2%    {3}    | JOIN WITH `SsaInternals::hasReturnPosition/3#02f7eab8` ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Rhs.2

          50725   ~0%    {2} r2 = JOIN `IRFunctionBase::IRFunctionBase.getFunction/0#dispred#b024672e_10#join_rhs` WITH `Parameter::Parameter.getFunction/0#dispred#803faca2_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1
          39231   ~2%    {2}    | JOIN WITH SsaInternals::FinalParameterUse#c1f84700_10#join_rhs ON FIRST 1 OUTPUT Lhs.1, Rhs.1
          60449   ~3%    {3}    | JOIN WITH `SsaInternals::hasReturnPosition/3#02f7eab8` ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Rhs.2

                         {3} r3 = SsaInternals::DirectUseImpl#a58aae88 AND NOT `_ArithmeticOperation::PostfixCrementOperation#17623ada_Expr::UnaryOperation.getOperand/0#dispred#990__#antijoin_rhs`(FIRST 3)
        8579337   ~1%    {2}    | SCAN OUTPUT In.1, In.0
        8579337   ~0%    {2}    | JOIN WITH `Operand::Operand.getUse/0#dispred#427b49d0` ON FIRST 1 OUTPUT Rhs.1, Lhs.1
        8579337   ~1%    {3}    | JOIN WITH `IRBlock::Cached::getInstruction/2#627f9c61_201#join_rhs` ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Rhs.2

        8784725   ~0%    {5} r4 = JOIN `_SsaInternals::DirectUseImpl#a58aae88_SsaInternals::DirectUseImpl.getBase/0#dispred#4b8c43d0_SsaInte__#shared` WITH `SsaInternals::DirectUseImpl.getBase/0#dispred#4b8c43d0` ON FIRST 1 OUTPUT Rhs.1, Lhs.0, Lhs.1, Lhs.2, Lhs.3
        8784725   ~0%    {5}    | JOIN WITH `cached_SSAConstruction::getInstructionAst/1#d0d95b50` ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3, Lhs.4
         210435   ~0%    {5}    | JOIN WITH `Expr::UnaryOperation.getOperand/0#dispred#990de484#bf_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3, Lhs.4
         205388   ~2%    {4}    | JOIN WITH ArithmeticOperation::PostfixCrementOperation#17623ada ON FIRST 1 OUTPUT Lhs.4, Lhs.3, Lhs.2, Lhs.1
         205388   ~0%    {3}    | JOIN WITH `__IRBlock::Cached::getInstruction/2#627f9c61_201#join_rhs__ArithmeticOperation::PostfixCrementOperat__#join_rhs` ON FIRST 3 OUTPUT Rhs.4, Lhs.3, Rhs.3
         205388   ~0%    {3}    | JOIN WITH `Operand::Operand.getUse/0#dispred#427b49d0` ON FIRST 1 OUTPUT Lhs.2, Rhs.1, Lhs.1
         205388   ~0%    {3}    | JOIN WITH `IRBlock::Cached::getInstruction/2#627f9c61_021#join_rhs` ON FIRST 2 OUTPUT Lhs.2, Lhs.0, Rhs.2

        8905695   ~0%    {3} r5 = r1 UNION r2 UNION r3 UNION r4
                         return r5
 2025-03-14 10:51:27 +01:00
Anders Schack-Mulligen
ba13d7fffe C++: Remove superfluous disjunct. 2025-03-14 10:51:26 +01:00
Anders Schack-Mulligen
ecb5e7ad07 C++: Fix spurious ExprNode fanout in DataFlowIntegration. 2025-03-14 10:51:26 +01:00
Anders Schack-Mulligen
b5a2f5d3ff C++: Remove useless ipa wrapper. 2025-03-14 10:51:25 +01:00
Anders Schack-Mulligen
4bd35b10fc C++: Delete dead code. 2025-03-14 10:51:25 +01:00
Anders Schack-Mulligen
6ba1d2ef14 C++: Replace DefinitionExt usage with Definition. 2025-03-14 10:51:24 +01:00
Anders Schack-Mulligen
9375e571b1 C++: Use SSA data flow integration module. 2025-03-14 10:51:24 +01:00
Anders Schack-Mulligen
c7ff2f55b5 C++: Remove yet another DefinitionExt reference. 2025-03-14 10:51:23 +01:00
Anders Schack-Mulligen
e01552c3f0 C++: Remove another DefinitionExt reference. 2025-03-14 10:51:23 +01:00
Anders Schack-Mulligen
c5755ba8d4 C++: Remove a DefinitionExt reference. 2025-03-14 10:51:23 +01:00
Anders Schack-Mulligen
0c17786ed0 C++: Delete unused predicate 2025-03-14 10:51:22 +01:00
Napalys
66737402c2 Updated test ouput with fixes from main. 2025-03-14 10:50:10 +01:00
Napalys Klicius
908f48a22f Merge branch 'main' into js/vue_tanstack_model 2025-03-14 10:45:42 +01:00
Asger F
9a8cb1a55b Merge pull request #19007 from asgerf/js/api-graph-awaited-return 
JS: Fix bug in API graphs getPromised() missing async function returns
 2025-03-14 10:36:16 +01:00
Simon Friis Vindum
4dbfda59cf Merge branch 'main' into rust-data-flow-split 2025-03-14 09:58:46 +01:00
Tom Hvitved
cf0b3b5727 Merge pull request #18632 from hvitved/rust/type-inference 
Rust: Implement basic type inference in QL
 2025-03-14 09:43:04 +01:00
Michael Nebel
a3ef137a8e Merge pull request #19014 from michaelnebel/csharp/ccr-useless-gethashcode-all 
C#: Add `cs/useless-gethashcode-call` to the CCR suite.
 2025-03-14 08:45:31 +01:00
Michael Nebel
563ffb8c27 Merge pull request #19010 from michaelnebel/csharp/useless-gethashcode-call 
C#: Increase precision of `cs/useless-gethashcode-call`.
 2025-03-14 08:44:38 +01:00
Jeroen Ketema
de2fb037d0 Merge pull request #18980 from LeStarch/jpl-c-basic-integral-types-fix 
Fixing BasicIntTypes to allow C Standard Integers and 'bool'
 2025-03-14 08:06:55 +01:00
Aditya Sharad
956b5bf6d6 Actions: Fix typos in query names for env var injection 
This will reflect in the UI titles of existing and new alerts
once shipped but should not churn any existing alerts.
 2025-03-13 17:02:04 -07:00
M Starch
7b5d604607 Updating tests to allow new typedefs 2025-03-13 15:04:37 -07:00
Aditya Sharad
c534f89e93 Code scanning config: Exclude actions test directory 
These are test cases for the GitHub Actions analysis.
Exclude them when running code scanning against this repo,
to avoid noisy alerts.

Test workflow files in this directory are safe from
execution, because Actions only executes workflows
that live directly in the .github/workflows
top-level directory.

`action.yml` files in this directory can in theory
be executed as a step in a workflow; for now exclude them.
 2025-03-13 13:30:54 -07:00
Tom Hvitved
c3739d4f23 Address review comments 2025-03-13 21:10:48 +01:00
Óscar San José
fba7bcd127 Merge pull request #19021 from github/oscarsj-patch-2 
Add paths to codeql-config.yml to avoid codeql analysis errors
 2025-03-13 20:26:14 +01:00
M Starch
7f4905987e Addressing review comments 
Reduced the category to minorAnalysis.  Handled bools via a instanceof with BoolType.  Formatted the query correctly.
 2025-03-13 11:12:35 -07:00
Jon Janego
de5d3b6263 Update query-metadata-style-guide.md 2025-03-13 12:42:51 -05:00
Óscar San José
66a496fa82 Add paths to codeql-config.yml to avoid codeql analysis errors 2025-03-13 18:27:25 +01:00
Paolo Tranquilli
45db4ae7c6 Merge pull request #19018 from github/redsun82/rust-ql-test-log-fix 
Rust: fix `qltest.sh` for some versions of macOS
 2025-03-13 18:07:50 +01:00
Jon Janego
6c28be9827 Update query-metadata-style-guide.md 
initial commit of changes starting to add quality tagging standards
 2025-03-13 11:49:48 -05:00
Mathias Vorreiter Pedersen
d23c8fd662 Merge pull request #19001 from MathiasVP/add-uncertain-api-for-dataflow 
C++: Refine `Node.asDefinition`
 2025-03-13 09:35:53 -07:00
Simon Friis Vindum
fb718660d9 Rust: Generate more sinks and update query description 2025-03-13 17:35:32 +01:00
Mathias Vorreiter Pedersen
6f4e9ed136 Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2025-03-13 16:00:36 +00:00
Mathias Vorreiter Pedersen
0e5fa1b5eb Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2025-03-13 16:00:23 +00:00
Mathias Vorreiter Pedersen
470321e8b6 Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2025-03-13 16:00:15 +00:00
Mathias Vorreiter Pedersen
9cde2bb94d Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2025-03-13 15:59:57 +00:00
Mathias Vorreiter Pedersen
68b414d169 Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2025-03-13 15:59:48 +00:00
Napalys Klicius
28d1152250 Merge pull request #19009 from Napalys/js/unescape 
JS: Add support for `unescape`
 2025-03-13 16:59:01 +01:00
Paolo Tranquilli
8cc39af190 Rust: fix qltest.sh for some versions of macOS 
Turns out some version of macOS do not support the way `mktemp` was
being used. In any case it wasn't really necessary, see
https://github.com/github/codeql/pull/18918#discussion_r1979444850
(which I forgot to follow up on at the time after approval).
 2025-03-13 16:54:27 +01:00
Taus
3d643c02be Merge pull request #18921 from github/tausbn/python-fix-unused-global-variable-in-forward-annotation-fp 
Python: Add support for forward references in unused var query
 2025-03-13 16:37:25 +01:00
Owen Mansel-Chan
6ca9a1ff9a Add change note 2025-03-13 15:05:32 +00:00
Owen Mansel-Chan
a8e993c942 Fix FP for always-locked fields 2025-03-13 15:03:32 +00:00
Owen Mansel-Chan
dc2cbf7402 Add tests for always-locked fields 2025-03-13 15:02:26 +00:00
Tom Hvitved
255f06b65a Rust: Update expected test output 2025-03-13 15:51:33 +01:00
Michael Nebel
e2699586db C#: Add cs/useless-gethashcode-call to the CCR suite. 2025-03-13 15:42:28 +01:00
Mathias Vorreiter Pedersen
0fe77154e1 C++: Add library change note. 2025-03-13 14:29:34 +00:00