hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,544 Commits 1,671 Branches 157 Tags
alexet/avoid-forced-cop
Commit Graph

78544 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alex Eyers-Taylor
5a6a86092a Ruby: Avoid a forced CP. 2025-04-29 18:38:49 +01:00
Michael B. Gale
987af4ce1d Merge pull request #19248 from github/mbg/go/private-registries 
Go: Support private registries via `GOPROXY`
 2025-04-25 16:40:00 +01:00
Paolo Tranquilli
46fb041c50 Merge pull request #19384 from github/redsun82/swift-add-logs 
Swift: add more debug logs
 2025-04-25 17:24:11 +02:00
Michael B. Gale
7592ce47e3 Go: Restore parseRegistryConfigsFail test for the empty string 2025-04-25 15:45:12 +01:00
Michael B. Gale
91a794433a Go: Change "Unable" to "Failed" for consistency 2025-04-25 15:42:29 +01:00
Michael B. Gale
5172a4d6ec Go: Remove check from getEnvVars 2025-04-25 15:41:57 +01:00
Michael B. Gale
9cfa451477 Go: Fix/improve comment about environment variable preservation 2025-04-25 15:41:35 +01:00
Aditya Sharad
d4b083b5c0 Merge pull request #19376 from adityasharad/actions/exclude-model-generator-queries 
Actions: Exclude model-generator queries from query suites
 2025-04-25 20:03:32 +05:30
Tamás Vajk
3437210d32 Merge pull request #19355 from tamasvajk/test/add-query-suite-tests 
Add query suite integration tests for swift, actions, csharp, go, javascript, ruby, rust
 2025-04-25 15:37:51 +02:00
Paolo Tranquilli
d9a6a630e5 Swift: fix log compilation 2025-04-25 15:37:08 +02:00
Chuan-kai Lin
ed690972d4 Merge pull request #19379 from github/cklin/python-polynomial-redos 
Python: disable diff-informed PolynomialReDoS.ql
 2025-04-25 06:21:47 -07:00
Paolo Tranquilli
e71e7a08bb Swift: add more debug logs 2025-04-25 15:20:20 +02:00
Tamas Vajk
998e64baf3 Fix failing C# test 2025-04-25 14:06:18 +02:00
Tamás Vajk
c54b684132 Apply suggestions from code review - code quality improvements 
Co-authored-by: Paolo Tranquilli <redsun82@github.com>
 2025-04-25 14:06:17 +02:00
Tamas Vajk
a4a24470c8 Add query suite inclusion tests for actions, csharp, go, javascript, ruby, rust 2025-04-25 14:06:17 +02:00
Tamas Vajk
522dd51416 Improve query suite test based on feedback 2025-04-25 14:06:16 +02:00
Tamas Vajk
4c9aee2cc7 Add query suite tests for swift with shared logic 2025-04-25 14:06:15 +02:00
Tom Hvitved
432435f1a6 Merge pull request #19358 from hvitved/rust/path-resolution-perf-tweaks 
Rust: Path resolution performance tweaks
 2025-04-25 14:01:47 +02:00
Michael B. Gale
e805d1ee90 Merge remote-tracking branch 'origin/main' into mbg/go/private-registries 2025-04-25 12:55:36 +01:00
Michael B. Gale
cafe1efefa Go: Refactor ApplyProxyEnvVars 2025-04-25 12:30:48 +01:00
Jeroen Ketema
8b95e0ee4a Merge pull request #19315 from github/redsun82/swift-6.1 
Swift: make extractor compile again after 6.1 upgrade
 2025-04-25 12:34:39 +02:00
Jeroen Ketema
e8eac810b4 Swift: Commit external sources to git LFS 2025-04-25 11:56:28 +02:00
Chuan-kai Lin
6c1e80df3a Python: disable diff-informed PolynomialReDoS.ql 
This commit disabled diff-informed for PolynomialReDoS.ql because it
could miss some alerts within diff ranges.
 2025-04-24 14:57:06 -07:00
Aditya Sharad
b197de8db4 Actions: Add change note for removing model ggenerator queries 2025-04-24 14:21:04 -07:00
Aditya Sharad
05243bd855 Actions: Fix query ID for reusable workflow sinks query 2025-04-24 14:20:47 -07:00
Aditya Sharad
aabbfce010 Actions: Exclude model-generator queries from query suites 
This change removes the model generator queries for Actions
sources/sinks/summaries from being run as part of the
`actions-security-and-quality.qls` query suite,
where they were accidentally included.

All languages will now exclude both `modelgenerator`
and `model-generator` tagged queries from their suites.
 2025-04-24 13:25:38 -07:00
Ian Lynagh
f9172ff493 Merge pull request #19368 from igfoo/igfoo/add-check-for-buildmode-none 
C++: Add exception for build-mode-none in various queries
 2025-04-24 20:30:09 +01:00
Jeroen Ketema
5920925041 Merge pull request #19363 from jketema/platform 
Update list of supported platforms
 2025-04-24 19:11:31 +02:00
Jeroen Ketema
a5a21b1ddd Swift: Guard 'getCaptures' in fillClosureExpr 2025-04-24 17:42:59 +02:00
Paolo Tranquilli
21170a1f6d Merge pull request #19370 from github/redsun82/go-remove-invalid-toolchain-diagnostic 
Go: remove invalid toolchain version diagnostics
 2025-04-24 17:32:34 +02:00
Jeroen Ketema
21c97085a1 Merge pull request #19361 from jketema/fieldflow 
Dataflow: Make default field flow branch limit configurable per language
 2025-04-24 16:45:49 +02:00
Jeroen Ketema
55a8a4444d Merge pull request #19365 from jketema/c23 
C++: Claim beta support for C23 and C++23
 2025-04-24 16:13:39 +02:00
Paolo Tranquilli
69b87a63b8 Go: remove invalid toolchain version diagnostics 
This diagnostic was introduced by https://github.com/github/codeql/pull/15979.
However in the meantime the Go team [has backtracked](https://github.com/golang/go/issues/62278#issuecomment-2062002018)
on their decision, which leads to confusing alerts for user (e.g. https://github.com/github/codeql-action/issues/2868).
Even using Go toolchains from 1.21 to 1.22 we weren't immediately able
to reproduce the problem that this diagnostics was meant to guard
against. Therefore it was deemed simpler to just remove it.

_En passant_ the `Makefile` now accepts `rtjo` not being set.
 2025-04-24 14:41:05 +02:00
Ian Lynagh
0cd859c559 C++: qlformat 2025-04-24 12:48:21 +01:00
Alexander Eyers-Taylor
ea83ecf802 Merge pull request #19327 from d10c/d10c/rtjo-csharp-jo-fix 
C#: Join order fix
 2025-04-24 12:34:22 +01:00
Ian Lynagh
063bff073b C++: Add checks for build mode in various queries 
Adds a check for the absence of build-mode-none in
    cpp/wrong-type-format-argument
    cpp/comparison-with-wider-type
    cpp/integer-multiplication-cast-to-long
    cpp/implicit-function-declaration
    cpp/suspicious-add-sizeof
 2025-04-24 12:15:31 +01:00
Jeroen Ketema
42c4252a3d C++: Claim beta support for C23 and C++23 
All features we can support, we currently do support.
 2025-04-24 11:44:16 +02:00
Jeroen Ketema
0357f3959b Update list of supported platforms 
I've effectively sync'ed this with the list of runners that are publicly
available. I did not yet add Windows 2025, as it is my understanding is that
we haven't really done any testing on that yet.
 2025-04-24 11:28:09 +02:00
Jeroen Ketema
46b21af3ef Dataflow: Make default field flow branch limit configurable per language 2025-04-24 11:02:49 +02:00
Jeroen Ketema
4093afbaab Merge pull request #19290 from jketema/typeof 
C++: Support C23 `typeof` and `typeof_unqual`
 2025-04-24 10:12:46 +02:00
Michael Nebel
17f58c90bd Merge pull request #19148 from michaelnebel/csharp/invalid-string-format 
C#: Improve `cs/invalid-string-formatting` and add to the Code Quality suite.
 2025-04-24 10:03:06 +02:00
Michael Nebel
65ac951964 C#: Remove all Sink tags after rebase. 2025-04-24 08:54:53 +02:00
Michael Nebel
dcf11c2d4b C#: Match up sources, alerts and sinks in the tests. 2025-04-24 08:54:51 +02:00
Michael Nebel
b6d2f14b9b C#: Add change note. 2025-04-24 08:54:49 +02:00
Michael Nebel
22ae3e7992 C#: Update string format item parameter expected test case. 2025-04-24 08:54:48 +02:00
Michael Nebel
f2dddd6d5c C#: Hide the abstract FormatMethod class. 2025-04-24 08:54:47 +02:00
Michael Nebel
6de5920172 C#: Update test expected output. 2025-04-24 08:54:45 +02:00
Michael Nebel
042c7e5186 C#: Generalize array logic to params collection like types. 2025-04-24 08:54:43 +02:00
Michael Nebel
930bb6b515 C#: Add FP for string.Format using params collection. 2025-04-24 08:54:42 +02:00
Michael Nebel
39abd5c004 C#: Update test expected output. 2025-04-24 08:54:40 +02:00