hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,276 Commits 1,671 Branches 157 Tags
adityasharad/context-experiments
Commit Graph

78276 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Aditya Sharad
93efbfe1c7 WIP: Go: Add context query for retrieving call graph edges 2025-04-17 15:06:16 -07:00
Aditya Sharad
4a1b988f39 WIP: Ruby: Add context query for retrieving XSS sanitisers 2025-04-17 15:05:56 -07:00
Paolo Tranquilli
6176202d50 Merge pull request #19291 from github/redsun82/rust-pick-edition 
Rust: pick correct edition for the files
 2025-04-14 16:26:00 +02:00
Paolo Tranquilli
c9cff09f5d Merge branch 'main' into redsun82/rust-pick-edition 2025-04-14 15:19:33 +02:00
Michael Nebel
53c4b29b50 Merge pull request #19289 from michaelnebel/csharp/improveautobuilder 
C#: Improve auto-builder to better detect SDK references.
 2025-04-14 12:43:23 +02:00
Paolo Tranquilli
c245459e97 Merge pull request #19293 from github/redsun82/rust-fix-member-aggregation 
Rust: fix workspace member aggregation when absolute path is a glob pattern
 2025-04-14 12:08:43 +02:00
Geoffrey White
884c4a6e7b Merge pull request #19171 from geoffw0/badalloc 
Rust: Query for uncontrolled allocation size
 2025-04-14 10:10:53 +01:00
Geoffrey White
c821f27309 Merge branch 'main' into badalloc 2025-04-14 09:36:59 +01:00
Napalys Klicius
86313715a4 Merge pull request #19184 from Napalys/js/request_handlers 
JS: Support for `Request` and `NextRequest`
 2025-04-14 08:07:24 +02:00
yoff
85527101bd Merge pull request #19205 from yoff/ruby/refine-uninitialised-local 
ruby: refine `rb/uninitialized-local-variable`
 2025-04-11 23:08:01 +02:00
yoff
7517272d34 ruby: remove repetitive change note 2025-04-11 23:01:15 +02:00
yoff
b988be8ff6 ruby: improve help file 
This has improved autofixes
I hope it also helps humans
 2025-04-11 21:29:01 +02:00
yoff
85e27cae60 Merge branch 'main' into ruby/refine-uninitialised-local 2025-04-11 18:09:59 +02:00
Aditya Sharad
2dc88d87ae Merge pull request #19278 from adityasharad/actions/integration-test-filters 
Actions: Fix handling of paths-ignore in autobuild scripts, add integration tests for configured path filters
 2025-04-11 20:53:33 +05:30
Paolo Tranquilli
63e5f5a555 Rust: parametrize some integration tests on three editions 2025-04-11 16:50:23 +02:00
Paolo Tranquilli
868680f078 Merge branch 'redsun82/rust-fix-member-aggregation' into redsun82/rust-pick-edition 2025-04-11 16:46:16 +02:00
Paolo Tranquilli
60aa3a8d9d Rust: fix workspace member aggregation when absolute path is a glob pattern 
We were interpreting the absolute path of a workspace as a glob pattern,
which doesn't work if the path has some special characters (e.g. `[` or
`]`).
 2025-04-11 16:41:51 +02:00
yoff
eb0f8e9572 ruby: add rb/uninitialized-local-variable to quality suite 2025-04-11 16:27:21 +02:00
Mathias Vorreiter Pedersen
11aef7019e Merge pull request #19273 from MathiasVP/prepare-shared-mad-generation-for-cpp 
Shared: Prepare model generation for C++ adoption
 2025-04-11 07:22:56 -07:00
yoff
6a76a40cf4 ruby: adjust change notes 2025-04-11 16:18:03 +02:00
Paolo Tranquilli
dbbd80f4dc Rust: pick correct edition for the files 
Previously we would unconditionally set the edition to the latest stable
according to rust-analyzer (2021 at the moment). Now we ask
rust-analyzer itself to pick the correct edition for the file.
 2025-04-11 15:36:45 +02:00
yoff
2477233508 ruby: only report on method calls 
Interviewing a Ruby developer, I learned that
dealing with nil is common practice.
So alerts are mostly useful, if we can point to a place where this has gone wrong.
 2025-04-11 15:01:57 +02:00
Mathias Vorreiter Pedersen
877118fb3b Merge pull request #19274 from MathiasVP/prepare-cpp-for-mad-generation 
C++: Prepare for model generation adoption
 2025-04-11 05:11:36 -07:00
Michael Nebel
f349048e42 C#: Add change note. 2025-04-11 13:53:54 +02:00
Michael Nebel
31143b405e C#: Improve auto builder logic to detect Sdk reference. 2025-04-11 13:53:52 +02:00
Mathias Vorreiter Pedersen
deef95d384 Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll 
Co-authored-by: Taus <tausbn@github.com>
 2025-04-11 12:43:59 +01:00
Mathias Vorreiter Pedersen
bfc494c0e1 Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll 
Co-authored-by: Taus <tausbn@github.com>
 2025-04-11 12:43:51 +01:00
yoff
b641d5f177 ruby: fix FP 2025-04-11 13:22:42 +02:00
yoff
6e2cfab7b2 ruby: add test for for 
found during triage
 2025-04-11 12:46:25 +02:00
Michael Nebel
a5aef8c6f9 C#: Add some more DotNet autobuilder unit tests. 2025-04-11 12:03:06 +02:00
Paolo Tranquilli
4ae49cfe35 Merge pull request #19281 from github/redsun82/rust-setup 
Rust: refine `ql/test/setup.sh`
 2025-04-11 11:55:12 +02:00
Owen Mansel-Chan
472bfa2668 Merge pull request #19115 from owen-mc/java/port/java/string-replace-all-with-non-regex 
Java: Add new quality query to detect `String#replaceAll` with non-regex first argument
 2025-04-11 10:31:38 +01:00
Napalys Klicius
3d7c0201d9 Merge pull request #19231 from Napalys/js/typed_array 
JS: Taint propagation from low-level `ArrayBuffer` to `Strings`
 2025-04-11 11:29:01 +02:00
Napalys
11abbf8c4a Now nextUrl is of type parameter and loosen the restriction for NextAppRouteHandler 2025-04-11 11:19:12 +02:00
Napalys Klicius
92e4f112c0 Update javascript/ql/lib/semmle/javascript/frameworks/Next.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2025-04-11 11:08:40 +02:00
Napalys Klicius
d0dcf897cb Update javascript/ql/lib/semmle/javascript/internal/flow_summaries/Strings.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2025-04-11 11:04:08 +02:00
yoff
4167e96058 ruby: more complete impleemntation of isInBooleanContext 
Co-authored-by: Tom Hvitved <hvitved@github.com>
 2025-04-11 11:00:22 +02:00
yoff
f675a143d6 ruby: remove redundant cases 
The CFG handles the negation
 2025-04-11 10:48:41 +02:00
Napalys Klicius
d17d29a387 Merge pull request #19218 from Napalys/js/upgrade_websocket 
JS: Refactor `WebSocket` to use `API` graphs
 2025-04-11 10:05:54 +02:00
Napalys
e3f1720f9c RenamedDecodeLike to Decode and updated propagatesFlow 2025-04-11 10:04:09 +02:00
Arthur Baars
85940484ab Update rust/ql/test/setup.sh 2025-04-11 09:57:50 +02:00
Napalys
2c4b3527b4 Added change note 2025-04-11 09:42:12 +02:00
Napalys
678eccb417 Added searchParams.get as potential source for SSRF 2025-04-11 09:42:07 +02:00
Napalys
8674b61e5a Added SSRF test case with searchParams for NextRequest 2025-04-11 09:26:16 +02:00
Paolo Tranquilli
db1203acb3 Rust: reinstate adding rust-src for test toolchains 2025-04-11 08:57:14 +02:00
Napalys
6e09a65da0 Added support for NextRequest middleware SSRF. 2025-04-11 08:43:36 +02:00
Napalys
734ad2d767 Removed legacy Consistency check as it is redundant now with inline test expectations. 2025-04-11 08:43:08 +02:00
Napalys
208487f236 Added middleware test 2025-04-11 08:39:47 +02:00
Paolo Tranquilli
becea89a47 Rust: refine ql/test/setup.sh 2025-04-11 08:26:48 +02:00
yoff
8555e8c8c8 ruby: add change notes 2025-04-11 03:07:19 +02:00