mirror of https://github.com/github/codeql.git synced 2026-05-25 16:47:07 +02:00

Go to file

copilot-swe-agent[bot] 0ea1b8596e Add PEP249 connection tracking through class attribute wrappers

Introduce two new Connection::InstanceSource subclasses in PEP249.qll:

- ConnectionGetterAttributeRead: recognises self._conn reads inside
  getter methods of classes whose __init__ stores a connect() call in
  that attribute. The AttrRead node coincides with the return node, so
  the existing TypeTracker returnStep propagates the connection type to
  all call sites automatically.

- ConnectionConstructorAttributeRead: recognises ClassName()._conn
  direct attribute reads on constructor-call results.

Both classes share the classStoresConnectionInInit helper predicate
that checks for the self.attr = dbapi.connect() store pattern in __init__.

Also adds test cases for the new patterns in the hdbcli test suite
and a change note.

2026-05-21 23:22:29 +00:00

.devcontainer

Add reference to official codeql system requirements doc

2025-03-17 15:57:32 +01:00

.github

Fix path to generated models

2026-05-06 08:39:41 +02:00

.vscode

Change note creation script uses EDITOR environment variable

2025-02-11 14:04:46 +01:00

actions

Merge branch 'main' into knewbury01/adjust-actions-queries-untrusted-checkout-second-iteration

2026-05-21 10:49:36 -04:00

change-notes

spelling: triggered

2022-10-20 08:21:02 -04:00

config

C#: Clean up.

2026-03-16 08:51:51 +01:00

cpp

Merge pull request #21836 from MathiasVP/uncertain-def-more-complete

2026-05-20 13:04:37 +01:00

csharp

C#: update ForStmt wrapper class

2026-05-21 13:45:30 +01:00

docs

Merge branch 'main' into docs/customizing-library-models-for-rust

2026-05-13 11:45:11 +01:00

Merge pull request #21817 from jketema/go-version

2026-05-18 10:45:55 +02:00

java

Merge pull request #21868 from github/copilot/bump-jackson-core-to-2150

2026-05-21 16:18:15 +02:00

javascript

Update change notes (Copilot's suggestions).

2026-05-15 09:24:29 +01:00

misc

unified: update build dependencies

2026-05-12 11:25:15 +00:00

python

Add PEP249 connection tracking through class attribute wrappers

2026-05-21 23:22:29 +00:00

Use relative paths in tree-sitter extractor diagnostics

2026-05-13 09:45:37 +02:00

ruby

Fix Windows path handling in diagnostic relativization

2026-05-13 10:31:48 +02:00

rust

Update change notes (Copilot's suggestions).

2026-05-15 09:24:29 +01:00

shared

Merge pull request #21879 from owen-mc/shared/cfg/simpleleafnode

2026-05-21 14:58:04 +01:00

swift

Merge pull request #21806 from geoffw0/extsensitive

2026-05-19 16:22:03 +01:00

unified

unified: regenerate files

2026-05-12 12:57:26 +00:00

.bazelrc

fix: disable Android SDK auto-detection for Bazel 9 compatibility

2026-02-10 13:44:07 +01:00

.bazelrc.internal

Bazel: bump python version to 3.12

2025-03-19 15:14:13 +01:00

.bazelversion

chore: upgrade Bazel to 9.0.0

2026-02-10 13:44:04 +01:00

.clang-format

Swift: update formatting to clang-format 17.0.6

2024-01-25 13:58:14 +01:00

.editorconfig

Normalize all text files to LF

2018-09-23 16:24:31 -07:00

.git-blame-ignore-revs

Ignore auto-format commits in git blame.

2023-03-10 15:08:49 +01:00

.gitattributes

Ripunzip: use releases from github

2025-11-18 17:23:59 +01:00

.gitignore

Add .orig files to .gitignore.

2025-09-25 14:03:39 +01:00

.lfsconfig

Explain .lfsconfig choice in the comment

2024-06-04 14:27:08 +02:00

.lgtm.yml

codeql-go merge prep: integrate go/ into codeql

2022-05-20 10:22:47 -07:00

.pre-commit-config.yaml

Kotlin: reinstante trailing whitespace

2026-03-26 14:59:49 +01:00

BUILD.bazel

Rust: Vendor 3rdparty dependencies.

2024-11-13 13:22:14 +01:00

Cargo.lock

Use absolute path fallback instead of file: URI

2026-05-13 10:28:27 +02:00

Cargo.toml

unified: update build dependencies

2026-05-08 13:41:45 +00:00

CODE_OF_CONDUCT.md

Update code of conduct in line with GH

2020-04-23 10:19:13 +01:00

CODEOWNERS

CODEOWNERS: Add Go-related folders for extractor and autobuilder

2025-11-06 11:12:53 +01:00

codeql-workspace.yml

Move list of immutable actions into internal model pack for now.

2025-02-27 11:48:27 -05:00

conftest.py

Swift: add unit tests to code generation

2022-04-27 08:24:11 +02:00

CONTRIBUTING.md

Deprecate the CodeQL for VS Code docs in favour of docs.github.com version

2024-04-25 07:59:33 +00:00

defs.bzl

Bazel: code reorganization

2022-04-12 12:40:59 +02:00

LICENSE

Update license; remove redundant Go qlpack license.

2025-02-06 10:23:37 +00:00

MODULE.bazel

unified: auto-generate parser files

2026-05-12 11:24:35 +00:00

README.md

Update README.md

2024-05-07 13:09:08 +01:00

rust-toolchain.toml

Cargo: align rust toolchain version with internal repository

2025-08-11 16:45:47 +02:00

README.md

CodeQL

This open source repository contains the standard CodeQL libraries and queries that power GitHub Advanced Security and the other application security products that GitHub makes available to its customers worldwide.

How do I learn CodeQL and run queries?

There is extensive documentation about the CodeQL language, writing CodeQL using the CodeQL extension for Visual Studio Code and using the CodeQL CLI.

Contributing

We welcome contributions to our standard library and standard checks. Do you have an idea for a new check, or how to improve an existing query? Then please go ahead and open a pull request! Before you do, though, please take the time to read our contributing guidelines. You can also consult our style guides to learn how to format your code for consistency and clarity, how to write query metadata, and how to write query help documentation for your query.

For information on contributing to CodeQL documentation, see the "contributing guide" for docs.

License

The code in this repository is licensed under the MIT License by GitHub.

The CodeQL CLI (including the CodeQL engine) is hosted in a different repository and is licensed separately. If you'd like to use the CodeQL CLI to analyze closed-source code, you will need a separate commercial license; please contact us for further help.

Visual Studio Code integration

If you use Visual Studio Code to work in this repository, there are a few integration features to make development easier.

CodeQL for Visual Studio Code

You can install the CodeQL for Visual Studio Code extension to get syntax highlighting, IntelliSense, and code navigation for the QL language, as well as unit test support for testing CodeQL libraries and queries.

Tasks

The .vscode/tasks.json file defines custom tasks specific to working in this repository. To invoke one of these tasks, select the Terminal | Run Task... menu option, and then select the desired task from the dropdown. You can also invoke the Tasks: Run Task command from the command palette.

Languages

CodeQL 32.3%

Kotlin 27.3%

C# 17%

Java 7.6%

Python 4.6%

Other 10.9%