hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,673 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

82643 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Óscar San José
319b781ce3 Add reference to official codeql system requirements doc 2025-03-17 15:57:32 +01:00
Michael B. Gale
51874b8ef0 Apply suggestions from code review 
Co-authored-by: Michael Nebel <michaelnebel@github.com>
 2025-03-17 14:24:04 +00:00
Simon Friis Vindum
7a18da82fa Merge pull request #19000 from paldepind/rust-cleartext-transmission 
Rust: Add cleartext transmission query
 2025-03-17 14:56:57 +01:00
Napalys
ca9ae8a58d Added chaining modeling for underscore.string package. 2025-03-17 14:46:07 +01:00
Napalys
25c6fb59df Added chaining tests for underscore.string package. 2025-03-17 14:46:06 +01:00
Napalys
b59b9c86e4 Added modeling underscore.string of function which contain multiple sources points. 2025-03-17 14:46:01 +01:00
Simon Friis Vindum
f90d53ac46 Merge pull request #19038 from paldepind/rust-type-inference-tweaks 
Rust: Small type inference tweaks
 2025-03-17 14:09:08 +01:00
github-actions[bot]
51cdeefafb Post-release preparation for codeql-cli-2.20.7 2025-03-17 13:00:41 +00:00
Asger F
1516029cf5 JS: Avoid generating ArrayElement edges for extend-like patterns 2025-03-17 13:48:27 +01:00
Asger F
125e732c4c JS: Fix bad join order 2025-03-17 13:44:33 +01:00
Geoffrey White
07011f7460 Rust: Fix more after merge. 2025-03-17 12:22:09 +00:00
Chris Smowton
0ac0dad49d Merge pull request #19042 from github/release-prep/2.20.7 
Release preparation for version 2.20.7
codeql-cli/v2.20.7 		2025-03-17 12:21:27 +00:00
Simon Friis Vindum
81b28df089 Merge branch 'main' into rust-type-inference-tweaks 2025-03-17 13:18:45 +01:00
github-actions[bot]
2d64a618e6 Release preparation for version 2.20.7 2025-03-17 12:15:54 +00:00
Geoffrey White
f5daec9da0 Rust: Fix after merge. 2025-03-17 12:10:59 +00:00
Geoffrey White
81edb4780d Merge branch 'main' into constcrypto 2025-03-17 12:05:51 +00:00
Napalys
77e1e171e1 Added test cases underscore.string with multiple sources. 2025-03-17 12:58:53 +01:00
Napalys
6b105b2f49 Added modeling underscore.string array to string functions. 2025-03-17 12:55:53 +01:00
Napalys
cd40b6f125 Added test cases underscore.string array to string. 2025-03-17 12:53:53 +01:00
Napalys
30623cd953 Added modeling of underscore.string for str to array. 2025-03-17 12:52:56 +01:00
Napalys
c256b9c336 Added underscore.string test cases for str to array. 2025-03-17 12:51:48 +01:00
Napalys
9bca863e38 Added modeling of underscore.string string to string functions. 2025-03-17 12:50:41 +01:00
Napalys
e8b233f086 Added test cases underscore.string string to string. 2025-03-17 12:48:41 +01:00
Simon Friis Vindum
e9ca43ae94 Merge pull request #19039 from paldepind/rust-cfg-uppercase 
Rust: Assume in the CFG that lowercase identifiers are in fact identifiers
 2025-03-17 12:40:56 +01:00
Óscar San José
258794a57e Add python and npm to Dockerfile.codespaces 2025-03-17 12:37:47 +01:00
Geoffrey White
704b3850f4 Rust: Fix a mistake in the test. 2025-03-17 11:24:58 +00:00
Paolo Tranquilli
a2851f753c Merge pull request #18968 from hvitved/rust/cache-to-string 
Rust/Swift: Cache `Element.toString`
 2025-03-17 12:08:27 +01:00
Tom Hvitved
0e3907b2a8 Merge pull request #19035 from hvitved/rust/type-inference-path-limit 
Rust: Limit `TypePath`s to at most length 10
 2025-03-17 12:01:31 +01:00
Jeroen Ketema
43a03de195 Merge pull request #19030 from MathiasVP/atl-namespace-fix 
C++: Fix ATL models' namespace column
 2025-03-17 11:28:16 +01:00
Napalys Klicius
749a0560b4 Merge pull request #19027 from Napalys/js/escape 
JS: Add support for `escape`
 2025-03-17 10:48:44 +01:00
Paolo Tranquilli
8ca33a907c Merge branch 'main' into reddsun82/swift-ql-test-to-internal 2025-03-17 10:42:39 +01:00
Napalys Klicius
478e32cbe5 Update javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2025-03-17 10:17:39 +01:00
Napalys Klicius
9134f79fd2 Merge pull request #18984 from Napalys/js/extractor_error_handler 
JS: Extractor handle error instead of exiting.
 2025-03-17 10:11:26 +01:00
Simon Friis Vindum
17d6cb626d Rust: Assume in the CFG that lowercase identifiers are in fact identifiers 2025-03-17 08:40:02 +01:00
Simon Friis Vindum
0bf826559c Rust: Apply qhelp suggestions from review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2025-03-17 07:56:37 +01:00
Simon Friis Vindum
75355e9e53 Rust: Revert conjunct reorder 2025-03-17 07:46:54 +01:00
Simon Friis Vindum
1b7f4e4d4b Rust: Add type inference tests and rename modules 2025-03-17 07:41:47 +01:00
Simon Friis Vindum
72346cc392 Merge pull request #19004 from paldepind/rust-data-flow-split 
Rust: Extract data flow node and content into separate files
 2025-03-17 07:02:35 +01:00
Tom Hvitved
dfc39272b4 Rust: Limit TypePaths to at most length 10 2025-03-16 20:35:16 +01:00
Simon Friis Vindum
4c3768f771 Rust: Add comments for type inference 2025-03-15 13:51:15 +01:00
Simon Friis Vindum
422d9e1f93 Rust: Minor refactoring of type inference 2025-03-15 13:47:08 +01:00
Simon Friis Vindum
210b4db908 Rust: Encapsulate type parameter decoding/encoding 2025-03-15 13:41:46 +01:00
Aditya Sharad
996bc47ae8 Merge pull request #19032 from adityasharad/docs/remove-semmle-training-slide-template 
Docs: Remove old CodeQL training slide template
 2025-03-15 06:17:42 +05:30
Aditya Sharad
9e8a3145ac Docs: Remove old CodeQL training slide template 
The slide contents (images and RST) remain.
Remove the HTML/JS/CSS templates since we're not maintaining them,
and this creates unnecessary burden keeping the JS libraries up to date
with security patches.
 2025-03-14 15:16:59 -07:00
Asger F
cd3909245d JS: Bugfix in Array constructor summary 2025-03-14 23:08:22 +01:00
Asger F
fe1bdf2468 JS: Update a test 2025-03-14 23:08:20 +01:00
Asger F
ab74898bbb JS: Deprecate getUnknownMember() and replace its uses with getArrayElement() 
Although they mean slightly different things, every single call site
of getUnknownMember() just used it as a way to get array elements.

Since there is no known use-case for the original meaning of
getUnknownMember() I am deprecating it for now.
 2025-03-14 23:08:19 +01:00
Asger F
4c1c0b79a6 JS: Make API-graphs use Content internally, and use steps from flow summaries 2025-03-14 23:08:16 +01:00
Asger F
cc95c77cbc JS: Add failing test 2025-03-14 23:04:10 +01:00
Owen Mansel-Chan
f0af5af015 Merge pull request #19015 from owen-mc/java/toctou-sync-methods 
Java: Fix FP in "Time-of-check time-of-use race condition" (`java/toctou-race-condition`)
 2025-03-14 21:35:51 +00:00