hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-28 14:46:33 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,673 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

82643 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
github-actions[bot]
829cfa9517 Add changed framework coverage reports 2025-01-02 00:20:39 +00:00
Mathias Vorreiter Pedersen
e7773770fa C++: Fix missing return value flow out of 'operator=' in lots of MaD models. 2024-12-23 12:00:41 +01:00
Paolo Tranquilli
c95f8d797c Merge pull request #18347 from github/redsun82/rust-include-test-code-again 
Rust: reinstate extraction of test code
 2024-12-21 09:00:37 +01:00
Edward Minnix III
f06ad7c728 Merge pull request #18322 from egregius313/egregius313/csharp/blazor/modeling/sources 
C#: Add common sources for Blazor components
 2024-12-20 17:11:48 -05:00
Dave Bartolomeo
2aba49f074 Merge pull request #18356 from github/dbartol/actions-suites 
Update suites for Actions queries
 2024-12-20 15:54:44 -05:00
Dave Bartolomeo
90efbf5172 Update suites for Actions queries 2024-12-20 14:37:46 -05:00
Dave Bartolomeo
e9a04b8839 Mark UnversionedImmutableAction query as internal 2024-12-20 14:37:32 -05:00
Andrew Eisenberg
553e2c5757 Merge pull request #18354 from github/aeisenberg/actions-ownership 
Update CODEOWNERS
 2024-12-20 11:10:29 -08:00
Jeroen Ketema
b60c86077d Merge pull request #18353 from jketema/template-parameters-2 
C++: Handle `sizeof...` for types and template template parameters
 2024-12-20 19:15:50 +01:00
Andrew Eisenberg
9bff89c910 Update CODEOWNERS 
Add ownership for the actions queries.

We don't yet have a `codeql-actions` team. So, using the dynamic team for this.
 2024-12-20 09:30:15 -08:00
Andrew Eisenberg
fd7bd6b07d Merge pull request #18351 from KyFaSt/clarify-immutable-actions-text 
Clarify immutable actions help text
 2024-12-20 09:28:01 -08:00
Kylie Stradley
690924f72b Update actions/ql/src/Security/CWE-829/UnversionedImmutableAction.md 
Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>
 2024-12-20 12:04:42 -05:00
Jeroen Ketema
659ec66b5e Merge pull request #18350 from jketema/test-cleanup-2 
C++: Simplify more `semmle-extractor-options`
 2024-12-20 17:23:54 +01:00
Kylie Stradley
dc705ad623 indicate immutable actions are only available for internal use at this time 2024-12-20 11:19:15 -05:00
Jeroen Ketema
e9b9dc23f8 Update cpp/ql/lib/change-notes/2024-12-20-sizeof-pack.md 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2024-12-20 17:11:38 +01:00
Jeroen Ketema
46e9d0aa0c Merge pull request #18334 from jketema/template-parameters-1 
C++: Update test after extractor changes
 2024-12-20 17:08:31 +01:00
Paolo Tranquilli
b7437a4550 Rust: extend paths-ignore to all rust/ql 
This will also exclude code examples in `rust/ql/src/queries`.
 2024-12-20 16:13:51 +01:00
Jeroen Ketema
46b230ae92 C++: Simplify more semmle-extractor-options 
This will allow us to drop a number of special cases from the
extractor.
 2024-12-20 16:01:19 +01:00
Kylie Stradley
2dd3adac51 clarify immutable actions help text 2024-12-20 09:51:51 -05:00
Michael Nebel
1aa7c3fdcc C#: Add test for the new lock type. 2024-12-20 15:02:36 +01:00
Michael Nebel
29a0db8053 C#: Update test expected output. 2024-12-20 15:00:54 +01:00
Michael Nebel
4a716c6005 C#: Add a test example in the statements test. 2024-12-20 15:00:30 +01:00
Paolo Tranquilli
f13d03b18c Rust: fix typo (thanks copilot!) 2024-12-20 14:18:36 +01:00
Florin Coada
5f812342a8 Merge pull request #18338 from github/changedocs/2.20.0 
Update CodeQL changelog for versions 2.19.4 and 2.20.0
 2024-12-20 15:12:55 +02:00
Paolo Tranquilli
485586f780 Rust: reinstate extraction of test code 
Users will still be able to opt out:
* for unit tests, by providing the `cargo_cfg_overrides=-test` extractor
  option
* for integration tests, by excluding the test files from the analysis
  using `paths-ignore` in the codescanning configuration file

We may want to revisit whether we want a single option for both. Also
further work will be needed to restrict our security queries to non-test
code on the QL side.
 2024-12-20 14:12:41 +01:00
Jeroen Ketema
6ecaf20cdd C++: Update expected test results 2024-12-20 13:53:35 +01:00
Jeroen Ketema
ecf3c53eba C++: Introduce SizeofPackOperator subclasses for expressions and types 
Note that template template parameters are considered types in this context.
 2024-12-20 13:51:45 +01:00
Jeroen Ketema
90d8fb1a05 Merge pull request #18335 from jketema/test-cleanup 
C++: Simplify some semmle-extractor-options in tests
 2024-12-20 13:43:59 +01:00
Arthur Baars
2b2a37353b Merge pull request #18328 from github/redsun82/fix-cargo-fmt-checks 
CI: fix rust formatting
 2024-12-20 13:41:28 +01:00
Jonas Jensen
2b1c70c33b Java: Diff-informed PolynomialReDoS.ql 
This and other queries would also benefit from making `RegexFlow`
diff-informed. That will come later.
 2024-12-20 13:01:09 +01:00
Jonas Jensen
5bebae9abf Java: Diff-informed ImproperIntentVerification.ql 2024-12-20 13:01:07 +01:00
Jonas Jensen
e799bff744 Java: Diff-informed TaintedPermissionsCheck.ql 2024-12-20 13:01:06 +01:00
Jonas Jensen
011d667f06 Java: Diff-informed PredictableSeed.ql 2024-12-20 13:01:05 +01:00
Jonas Jensen
a928a0d2b5 Java: Diff-informed BrokenCryptoAlgorithm.ql 2024-12-20 13:01:04 +01:00
Jonas Jensen
fea260bd55 Java: Diff-informed UnsafeHostnameVerification.ql 
This commit also adds a test case that would fail under `codeql test run
--check-diff-informed` if not for the override of
`getASelectedSourceLocation`. There was no existing such test since all
the existing tests used anonymous classes whose location was on the same
line as the source.
 2024-12-20 12:58:59 +01:00
Calum Grant
d5571c5f68 Merge pull request #18309 from github/calumgrant/bmn/return-stack-allocated-memory 
C++: Fix FPs to cpp/return-stack-allocated-memory
 2024-12-20 10:54:24 +00:00
Florin Coada
82fdd1125c Update docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.20.0.rst 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2024-12-20 12:50:05 +02:00
Jeroen Ketema
dd021fdcbf Merge pull request #18339 from jketema/typo 
C++: Remove duplicate word from change note
 2024-12-20 11:50:01 +01:00
Jeroen Ketema
51f625b90c C++: Allow sizeof pack in sizeof_bind 2024-12-20 11:49:37 +01:00
Florin Coada
5c5049e5fd Fix typo in CodeQL changelog entry 2024-12-20 12:35:40 +02:00
Jonas Jensen
8224ef6929 Java: Diff-informed InsecureTrustManager.ql 2024-12-20 11:22:58 +01:00
Jonas Jensen
eac1a4c002 Java: Diff-informed SqlTainted.ql 2024-12-20 11:22:57 +01:00
Jonas Jensen
2561cec80c Java: Diff-informed CommandLineQuery 2024-12-20 11:22:56 +01:00
Jonas Jensen
40529d1e51 DataFlow: Add the concept of selected locations 
This extension allows queries to be diff-informed even when the elements
they select are different from the sources and sinks found by data flow.
 2024-12-20 11:22:55 +01:00
Florin Coada
66f3b718a6 Update docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.20.0.rst 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2024-12-20 12:19:53 +02:00
Jeroen Ketema
757d5d6e6d C++: Remove duplicate word from change note 2024-12-20 11:18:26 +01:00
Paolo Tranquilli
8e28d99a62 QL for QL: accept test changes 2024-12-20 10:42:19 +01:00
Florin Coada
3bd8d7c0bb Update CodeQL changelog for versions 2.19.4 and 2.20.0 2024-12-20 11:37:33 +02:00
Calum Grant
3193fe856a C++: Update comments 2024-12-20 09:11:58 +00:00
Jeroen Ketema
6f9968d2c2 C++: Update test after extractor changes 2024-12-20 08:27:39 +01:00