hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
81,885 Commits 1,671 Branches 157 Tags
alexet/all-overlay-ql-changes
Commit Graph

81885 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alex Eyers-Taylor
faa2d3cac3 DataFlow: Don't become overlay informed if the flow is diff informed but no diff. 2025-08-27 16:51:28 +01:00
Alex Eyers-Taylor
9f3ab970ab Dataflow: Remove diff from overlay informed dataflow. 2025-08-27 16:51:28 +01:00
Alex Eyers-Taylor
59a9c8dff6 Jave: Use force local to make parsing local after global regex finding. 2025-08-27 16:51:28 +01:00
Alex Eyers-Taylor
c2c4778d46 QL: make a fastTC overlay_caller. 2025-08-27 16:51:28 +01:00
Jonas Jensen
814cf743bf TEMP: DataFlow: Java-only flow including base 
This won't work for other languages until we can annotate a `forceLocal`
call with `local?`.
 2025-08-27 16:51:27 +01:00
Jonas Jensen
687b504951 DataFlow: overlay-informed flow includes the diff 2025-08-27 16:51:27 +01:00
Jonas Jensen
442458dd0d DataFlow:Run overlay-informed if not diff-informed 
To ensure good performance, always run data flow overlay-informed unless
the configuration has opted in to being diff-informed. This change
affects only databases with an overlay and therefore has no immediate
production consequences.
 2025-08-27 16:51:27 +01:00
Alex Eyers-Taylor
d3dbd05caf SSA global annotation 2025-08-27 16:51:26 +01:00
Henning Makholm
3134c0aa38 Merge pull request #20269 from github/hmakholm/pr/test-run-output 
rust integration test: use all output from codeql test run
 2025-08-22 15:47:33 +02:00
Henning Makholm
2e69417d67 rust integration test: use all output from codeql test run 
The integration test expectes to find a certain phrase from the
extractor repeated in the _stderr_ of `codeql test run`. However, that
subcommand is about to start reproducing the extractor output as-is,
which means the phrase will instead appear in _stdout_.

Change the integration test to capture all of the output, so it
will keep passing across the change.
 2025-08-22 15:27:37 +02:00
Geoffrey White
49c4c34882 Merge pull request #20221 from github/copilot/fix-20220 
Rust: Implement a new query for Log Injection
 2025-08-22 14:01:49 +01:00
Jeroen Ketema
374c547fa2 Merge pull request #18722 from superboy-zjc/main 
Fix the broken reference
 2025-08-22 12:26:59 +02:00
Jeroen Ketema
6ce3aac7b7 Merge pull request #12660 from moshekaplan/patch-1 
Correct menu title name of "Open Workspace"
 2025-08-22 12:08:06 +02:00
Jeroen Ketema
6d7f6ff77d Merge branch 'main' into patch-1 2025-08-22 11:51:33 +02:00
Chris Smowton
2d9470ded8 Merge pull request #20264 from github/smowton/admin/merge-rc319-into-main 
Merge rc/3.19 into main
 2025-08-21 17:06:17 +01:00
Chris Smowton
1829060fab Merge remote-tracking branch 'origin/main' into smowton/admin/merge-rc319-into-main 2025-08-21 16:33:37 +01:00
Tom Hvitved
7a4bc80582 Merge pull request #20248 from hvitved/rust/jump-to-def-generic-args 
Rust: Adjust jump-to-def for paths with generic arguments
 2025-08-21 16:00:51 +02:00
Tom Hvitved
0144c77dd1 Merge pull request #20234 from hvitved/type-inference/rename-vars 
Type inference: Rename some variables
 2025-08-21 16:00:31 +02:00
Michael Nebel
c89f2e309d Merge pull request #20089 from michaelnebel/csharp/allowsinkimplicitread 
C#: Allow implicit collection reads in sink nodes.
 2025-08-21 15:29:52 +02:00
Jami
771d7cb171 Merge pull request #20095 from jcogs33/jcogs33/java/finalizers-on-exit-and-garbage-collection 
Java: Add `previous-id` and adjust tags for `java/garbage-collection` and `java/run-finalizers-on-exit`
 2025-08-21 08:10:36 -04:00
Owen Mansel-Chan
f1c6064f4e Merge pull request #20188 from github/dependabot/go_modules/go/extractor/extractor-dependencies-c0b353d580 
Bump the extractor-dependencies group in /go/extractor with 2 updates
 2025-08-21 12:44:15 +01:00
Mathias Vorreiter Pedersen
dfda5a0793 Merge pull request #20249 from MathiasVP/type-tracking-for-cpp-3 
C++: Use the shared type-tracking library for virtual dispatch resolution
 2025-08-21 11:14:12 +02:00
Napalys Klicius
3369e16b1b Merge pull request #20254 from Napalys/cs/ldap-injection-qhelp 
CS: Update `cs/ldap-injection` qhelp
 2025-08-21 08:57:03 +02:00
Michael Nebel
ebfbc71104 C#: Address more review comments. 2025-08-21 08:07:17 +02:00
dependabot[bot]
e99b423e28 Bump the extractor-dependencies group in /go/extractor with 2 updates 
Bumps the extractor-dependencies group in /go/extractor with 2 updates: [golang.org/x/mod](https://github.com/golang/mod) and [golang.org/x/tools](https://github.com/golang/tools).


Updates `golang.org/x/mod` from 0.26.0 to 0.27.0
- [Commits](https://github.com/golang/mod/compare/v0.26.0...v0.27.0)

Updates `golang.org/x/tools` from 0.35.0 to 0.36.0
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.35.0...v0.36.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-version: 0.27.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
- dependency-name: golang.org/x/tools
  dependency-version: 0.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-21 03:46:43 +00:00
Jeroen Ketema
b79f0a2cf2 Merge pull request #20252 from knewbury01/knewbury01/add-uniform-Customizations 
Add extra Customizations files
 2025-08-20 20:14:02 +02:00
Kristen Newbury
cf0342410d Merge branch 'knewbury01/add-uniform-Customizations' of https://github.com/knewbury01/codeql into knewbury01/add-uniform-Customizations 2025-08-20 13:19:16 -04:00
Kristen Newbury
854a5b5871 Add changenotes customizations addition 2025-08-20 13:18:17 -04:00
Napalys Klicius
71a8e10f3d CS: added extra guidance in recommendation section for LDAPInjection 2025-08-20 13:37:02 +02:00
Napalys Klicius
c475bedf73 CS: removed dead links from LDAPInjection qhelp 2025-08-20 12:58:54 +02:00
Mathias Vorreiter Pedersen
70d3e69ce5 C++: Rename 'lambda' to 'virtual'. 2025-08-20 10:38:22 +02:00
Paolo Tranquilli
fd7668d94a Merge pull request #20251 from github/redsun82/rust-remove-warning 
Rust: update README to remove experimental warning
 2025-08-20 10:12:19 +02:00
Michael Nebel
3e03728ffe Merge pull request #20244 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2025-08-20 08:55:48 +02:00
Michael Nebel
b42c366250 C#: Address review comments. 2025-08-20 08:50:23 +02:00
Jeroen Ketema
c9f0e3a377 Apply suggestions from code review 2025-08-20 08:07:10 +02:00
github-actions[bot]
e74116b347 Add changed framework coverage reports 2025-08-20 00:23:14 +00:00
Kristen Newbury
d630e32ce9 Format Customizations.qll 2025-08-19 15:27:29 -04:00
Kristen Newbury
49ef6939d4 Add extra Customizations files 2025-08-19 14:49:31 -04:00
Paolo Tranquilli
65e5ded80d Rust: update README to remove experimental warning 2025-08-19 16:02:45 +02:00
Geoffrey White
963e028645 Merge pull request #20238 from geoffw0/scinit 
Rust: Update StreamCipherInit to use getCanonicalPath.
 2025-08-19 13:18:10 +01:00
Mathias Vorreiter Pedersen
02bf923f7e C++: Add change note. 2025-08-19 13:57:15 +02:00
Mathias Vorreiter Pedersen
0631bd7466 C++: Add object/flow conflation for unions when resolving function pointers. 2025-08-19 13:57:13 +02:00
Mathias Vorreiter Pedersen
16508b1800 C++: Fix off-by-one error in getType on 'FinalGlobalValue' nodes and accept test changes. 2025-08-19 13:57:11 +02:00
Mathias Vorreiter Pedersen
302d35bedc C++: Accept test changes. 2025-08-19 13:57:10 +02:00
Mathias Vorreiter Pedersen
cca5bd9ada C++: Update 'mayBenefitFromCallContext' to not use the old virtual dispatch local flow predicate. 2025-08-19 13:57:07 +02:00
Mathias Vorreiter Pedersen
383799ce67 C++: Perform 6 rounds of virtual dispatch resolution like Java. 2025-08-19 13:57:05 +02:00
Mathias Vorreiter Pedersen
d4188d59a8 C++: Instantiate the type tracking module inside a reusable module like it's done in Java. 2025-08-19 13:57:03 +02:00
Mathias Vorreiter Pedersen
ea8d766ae8 Merge pull request #20242 from MathiasVP/fprintf-partial-flow 
C++: Mark the write to `fprintf`'s 0'th argument as partial
 2025-08-19 13:43:22 +02:00
Mathias Vorreiter Pedersen
caf7464f3b C++: Prefix with 'DataflowPrivate'. 2025-08-19 12:46:12 +02:00
Mathias Vorreiter Pedersen
fdb9f7ba2a C++: Move these predicates to make the diff smaller. 2025-08-19 12:42:15 +02:00