github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
59 799 коммитов 1 533 Ветки 130 Теги 473 MiB
Граф коммитов

893 Коммитов

Автор SHA1 Сообщение Дата
dependabot[bot] 7700210ed2
Bump tracing from 0.1.38 to 0.1.39 in /ql 
Bumps [tracing](https://github.com/tokio-rs/tracing) from 0.1.38 to 0.1.39.
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](https://github.com/tokio-rs/tracing/compare/tracing-0.1.38...tracing-0.1.39)

---
updated-dependencies:
- dependency-name: tracing
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-16 03:21:13 +00:00
dependabot[bot] 0e09420e7b
Bump regex from 1.9.6 to 1.10.0 in /ql 
Bumps [regex](https://github.com/rust-lang/regex) from 1.9.6 to 1.10.0.
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/regex/compare/1.9.6...1.10.0)

---
updated-dependencies:
- dependency-name: regex
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-10 03:56:00 +00:00
Henry Mercer da92da2204 Bump minor versions of packs we regularly release 2023-10-03 16:31:23 +01:00
dependabot[bot] a86b010504
Bump regex from 1.9.5 to 1.9.6 in /ql 
Bumps [regex](https://github.com/rust-lang/regex) from 1.9.5 to 1.9.6.
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/regex/compare/1.9.5...1.9.6)

---
updated-dependencies:
- dependency-name: regex
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-02 03:33:25 +00:00
Anders Schack-Mulligen 7bc0c54a41 QL: Use shared FileSystem library. 2023-09-28 08:58:55 +02:00
dependabot[bot] d0554a05f9
Bump rayon from 1.7.0 to 1.8.0 in /ql 
Bumps [rayon](https://github.com/rayon-rs/rayon) from 1.7.0 to 1.8.0.
- [Changelog](https://github.com/rayon-rs/rayon/blob/master/RELEASES.md)
- [Commits](https://github.com/rayon-rs/rayon/compare/rayon-core-v1.7.0...rayon-core-v1.8.0)

---
updated-dependencies:
- dependency-name: rayon
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-21 03:10:09 +00:00
dependabot[bot] f3a746c324
Bump chrono from 0.4.30 to 0.4.31 in /ql 
Bumps [chrono](https://github.com/chronotope/chrono) from 0.4.30 to 0.4.31.
- [Release notes](https://github.com/chronotope/chrono/releases)
- [Changelog](https://github.com/chronotope/chrono/blob/main/CHANGELOG.md)
- [Commits](https://github.com/chronotope/chrono/compare/v0.4.30...v0.4.31)

---
updated-dependencies:
- dependency-name: chrono
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-18 03:10:03 +00:00
dependabot[bot] 66a4f1bf74
Bump chrono from 0.4.29 to 0.4.30 in /ql 
Bumps [chrono](https://github.com/chronotope/chrono) from 0.4.29 to 0.4.30.
- [Release notes](https://github.com/chronotope/chrono/releases)
- [Changelog](https://github.com/chronotope/chrono/blob/main/CHANGELOG.md)
- [Commits](https://github.com/chronotope/chrono/compare/v0.4.29...v0.4.30)

---
updated-dependencies:
- dependency-name: chrono
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-08 04:04:05 +00:00
dependabot[bot] 7f73c59304
Bump chrono from 0.4.28 to 0.4.29 in /ql 
Bumps [chrono](https://github.com/chronotope/chrono) from 0.4.28 to 0.4.29.
- [Release notes](https://github.com/chronotope/chrono/releases)
- [Changelog](https://github.com/chronotope/chrono/blob/main/CHANGELOG.md)
- [Commits](https://github.com/chronotope/chrono/compare/v0.4.28...v0.4.29)

---
updated-dependencies:
- dependency-name: chrono
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-06 03:58:08 +00:00
dependabot[bot] 4919cc4c4e
Bump regex from 1.9.3 to 1.9.5 in /ql 
Bumps [regex](https://github.com/rust-lang/regex) from 1.9.3 to 1.9.5.
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/regex/compare/1.9.3...1.9.5)

---
updated-dependencies:
- dependency-name: regex
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-04 03:47:05 +00:00
dependabot[bot] 4770eb0328
Bump chrono from 0.4.27 to 0.4.28 in /ql 
Bumps [chrono](https://github.com/chronotope/chrono) from 0.4.27 to 0.4.28.
- [Release notes](https://github.com/chronotope/chrono/releases)
- [Changelog](https://github.com/chronotope/chrono/blob/main/CHANGELOG.md)
- [Commits](https://github.com/chronotope/chrono/compare/v0.4.27...v0.4.28)

---
updated-dependencies:
- dependency-name: chrono
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-31 03:44:01 +00:00
dependabot[bot] e3ff7644f7
Bump chrono from 0.4.26 to 0.4.27 in /ql 
Bumps [chrono](https://github.com/chronotope/chrono) from 0.4.26 to 0.4.27.
- [Release notes](https://github.com/chronotope/chrono/releases)
- [Changelog](https://github.com/chronotope/chrono/blob/main/CHANGELOG.md)
- [Commits](https://github.com/chronotope/chrono/compare/v0.4.26...v0.4.27)

---
updated-dependencies:
- dependency-name: chrono
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-30 03:14:05 +00:00
Harry Maclean ed40d72e4f Shared: Bump extractor version 2023-08-23 14:11:22 +01:00
Harry Maclean 24ac6c0596 QL: Update for shared extractor changes 2023-08-23 14:11:21 +01:00
dependabot[bot] 6ed4aaf94b
Bump regex from 1.9.1 to 1.9.3 in /ql 
Bumps [regex](https://github.com/rust-lang/regex) from 1.9.1 to 1.9.3.
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/regex/compare/1.9.1...1.9.3)

---
updated-dependencies:
- dependency-name: regex
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-07 03:30:06 +00:00
Mathias Vorreiter Pedersen 5fa70b0eb0
Update ql/ql/test/queries/performance/MissingNoInline/MissingNoInline.expected 2023-07-19 11:34:05 +01:00
Mathias Vorreiter Pedersen b470dd7f00
Update ql/ql/src/queries/performance/MissingNoinline.ql 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2023-07-19 11:33:16 +01:00
Mathias Vorreiter Pedersen 5a15c19e4b QL: Accept test changes. 2023-07-18 18:04:46 +01:00
Mathias Vorreiter Pedersen 3b3f374223 QL: Fix FP in 'ql/missing-noinline'. 2023-07-18 17:55:44 +01:00
dependabot[bot] be71898a65
Bump regex from 1.9.0 to 1.9.1 in /ql 
Bumps [regex](https://github.com/rust-lang/regex) from 1.9.0 to 1.9.1.
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/regex/compare/1.9.0...1.9.1)

---
updated-dependencies:
- dependency-name: regex
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-07-10 03:42:24 +00:00
dependabot[bot] 562270709c
Bump regex from 1.8.4 to 1.9.0 in /ql 
Bumps [regex](https://github.com/rust-lang/regex) from 1.8.4 to 1.9.0.
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/regex/compare/1.8.4...1.9.0)

---
updated-dependencies:
- dependency-name: regex
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-07-06 03:24:52 +00:00
Chuan-kai Lin ce464a7d69 Remove pragma[assume_small_delta] 2023-06-30 11:09:29 -07:00
Kasper Svendsen c9cf0744c0 QL: Enable implicit this warnings for remaining packs 2023-06-27 12:04:29 +02:00
Tom Hvitved 104dab4b66 QL: Improve dead-code query 2023-06-22 13:37:42 +02:00
Tom Hvitved 04f388f8c4 QL: Add more dead-code tests 2023-06-22 11:30:38 +02:00
Tom Hvitved 6942925899 QL: Fix bad join 
```
[2023-06-22 10:44:20] (92s) Tuple counts for Predicate#23818b54::Cached::resolveSelfClassCalls#2#ff/2@06fd3bf5 after 1m9s:
                      30500      ~567%     {3} r1 = JOIN Ast#8e1d5bcf::ClassPredicate::getName#0#dispred#ff WITH Ast#8e1d5bcf::PredicateOrBuiltin::getArity#0#dispred#ff ON FIRST 1 OUTPUT Lhs.0 'p', Lhs.1, Rhs.1
                      26500      ~573%     {4} r2 = JOIN r1 WITH Ast#8e1d5bcf::Class::getAClassPredicate#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.2, Lhs.0 'p', Lhs.1, Rhs.1
                      3059915597 ~605%     {4} r3 = JOIN r2 WITH Ast#8e1d5bcf::Call::getNumberOfArguments#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1 'mc', Lhs.2, Lhs.1 'p', Lhs.3
                      20999389   ~701%     {3} r4 = JOIN r3 WITH Ast#8e1d5bcf::MemberCall::getMemberName#0#dispred#ff ON FIRST 2 OUTPUT Lhs.0 'mc', Lhs.2 'p', Lhs.3
                      20995877   ~711%     {4} r5 = JOIN r4 WITH Ast#8e1d5bcf::MemberCall::getBase#0#dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'p', Lhs.2, Lhs.0 'mc'
                      1240332    ~700%     {3} r6 = JOIN r5 WITH Ast#8e1d5bcf::ThisAccess#ff ON FIRST 1 OUTPUT Lhs.3 'mc', Lhs.1 'p', Lhs.2
                      1236711    ~716%     {4} r7 = JOIN r6 WITH Ast#8e1d5bcf::AstNode::getEnclosingPredicate#0#dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.2, Lhs.1 'p', Lhs.0 'mc'
                      4476       ~347%     {2} r8 = JOIN r7 WITH Ast#8e1d5bcf::AstNode::getParent#0#dispred#ff ON FIRST 2 OUTPUT Lhs.3 'mc', Lhs.2 'p'
                                           return r8
```
 2023-06-22 10:53:10 +02:00
Tom Hvitved e6e966bd22 QL: Model `final extends` 2023-06-21 10:40:12 +02:00
Tom Hvitved 0edd80001b QL: Add tests for `AbstractClassImport.ql` 2023-06-21 10:40:12 +02:00
Tom Hvitved 59147ad674 QL: Add more tests for `MissingOverride.ql` 2023-06-20 19:30:30 +02:00
Mathias Vorreiter Pedersen 865c050226
Merge pull request #13517 from hvitved/ql/field-only-used-in-charpred-fix 
QL: Exclude overridden fields from `FieldOnlyUsedInCharPred.ql`
 2023-06-20 16:28:23 +01:00
Tony Torralba 3c60f52a1b Update ql/ql/src/queries/style/AndroidIdPrefix.ql 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2023-06-20 15:41:30 +02:00
Tony Torralba c230c9f793 Consider only Java files in importsAndroidModule 2023-06-20 15:30:46 +02:00
Tom Hvitved d296256920 QL: Exclude overridden fields from `FieldOnlyUsedInCharPred.ql` 2023-06-20 15:24:09 +02:00
Tom Hvitved 12c810c63d QL: Add tests for `FieldOnlyUsedInCharPred.ql` 2023-06-20 15:23:08 +02:00
Tony Torralba 768478103c Add another exception 2023-06-20 15:16:37 +02:00
Tony Torralba 818c312a56 Add exception for `java/improper-intent-verification` 
As suggested by @igfoo.
 2023-06-20 14:50:41 +02:00
Tony Torralba 41534803e5 Refactor to use `QueryDoc` 
Kudos to @erik-krogh for the suggestion.
 2023-06-20 14:41:57 +02:00
Tony Torralba 7837959bdf QL: Add query to find Android queries with improper ids 2023-06-20 12:37:24 +02:00
Jeroen Ketema 9633f00ed1
QL-for-QL: Rewrite inline expectation tests to use parameterized module 2023-06-09 10:42:46 +02:00
dependabot[bot] d38bca1e8c
Bump regex from 1.8.3 to 1.8.4 in /ql 
Bumps [regex](https://github.com/rust-lang/regex) from 1.8.3 to 1.8.4.
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/regex/compare/1.8.3...1.8.4)

---
updated-dependencies:
- dependency-name: regex
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-06-06 04:02:46 +00:00
dependabot[bot] 75f6355bd6
Bump chrono from 0.4.25 to 0.4.26 in /ql 
Bumps [chrono](https://github.com/chronotope/chrono) from 0.4.25 to 0.4.26.
- [Release notes](https://github.com/chronotope/chrono/releases)
- [Changelog](https://github.com/chronotope/chrono/blob/main/CHANGELOG.md)
- [Commits](https://github.com/chronotope/chrono/compare/v0.4.25...v0.4.26)

---
updated-dependencies:
- dependency-name: chrono
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-05-31 04:06:22 +00:00
dependabot[bot] 39a07d42a1
Bump chrono from 0.4.24 to 0.4.25 in /ql 
Bumps [chrono](https://github.com/chronotope/chrono) from 0.4.24 to 0.4.25.
- [Release notes](https://github.com/chronotope/chrono/releases)
- [Changelog](https://github.com/chronotope/chrono/blob/main/CHANGELOG.md)
- [Commits](https://github.com/chronotope/chrono/compare/v0.4.24...v0.4.25)

---
updated-dependencies:
- dependency-name: chrono
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-05-30 04:03:50 +00:00
dependabot[bot] 4ab389bf1a
Bump regex from 1.8.2 to 1.8.3 in /ql 
Bumps [regex](https://github.com/rust-lang/regex) from 1.8.2 to 1.8.3.
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/regex/compare/1.8.2...1.8.3)

---
updated-dependencies:
- dependency-name: regex
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-05-26 04:02:31 +00:00
Asger F 818753e922
Merge pull request #13265 from asgerf/rb/delete-name-clash 
Ruby: fix some name clashes between summarized callables
 2023-05-24 11:08:56 +02:00
Asger F 5b7f69cf0a QL4QL: Fix a warning about repeating alert location 2023-05-24 09:55:09 +02:00
Arthur Baars e33f3a6668
Merge pull request #13154 from aibaars/sync-dbscheme-py 
JS/Ruby/QL/Python: sync dbscheme fragments
 2023-05-23 19:14:29 +02:00
Asger F e4e52e77f7 QL4QL: Add query to warn about name clashes between summarized callables 2023-05-23 18:01:31 +02:00
dependabot[bot] 3a39e8badf
Bump regex from 1.8.1 to 1.8.2 in /ql 
Bumps [regex](https://github.com/rust-lang/regex) from 1.8.1 to 1.8.2.
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/regex/compare/1.8.1...1.8.2)

---
updated-dependencies:
- dependency-name: regex
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-05-23 04:14:09 +00:00
Arthur Baars bec2b7fef9 QL/Ruby: update dbscheme stats 2023-05-22 19:37:58 +02:00
Arthur Baars d2bc66e393 QL: switch to shared YAML extractor 2023-05-22 19:28:59 +02:00