hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-23 04:06:37 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,672 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

82643 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
11aef7019e Merge pull request #19273 from MathiasVP/prepare-shared-mad-generation-for-cpp 
Shared: Prepare model generation for C++ adoption
 2025-04-11 07:22:56 -07:00
yoff
6a76a40cf4 ruby: adjust change notes 2025-04-11 16:18:03 +02:00
Arthur Baars
b27ae98b54 Rust: normalize paths in the rustup folder 2025-04-11 15:46:57 +02:00
Arthur Baars
662e963a7b Rust: allow shadowing of prelude items 2025-04-11 15:46:55 +02:00
Paolo Tranquilli
dbbd80f4dc Rust: pick correct edition for the files 
Previously we would unconditionally set the edition to the latest stable
according to rust-analyzer (2021 at the moment). Now we ask
rust-analyzer itself to pick the correct edition for the file.
 2025-04-11 15:36:45 +02:00
Asger F
6c01709048 JS: Update more test output 2025-04-11 15:15:22 +02:00
yoff
2477233508 ruby: only report on method calls 
Interviewing a Ruby developer, I learned that
dealing with nil is common practice.
So alerts are mostly useful, if we can point to a place where this has gone wrong.
 2025-04-11 15:01:57 +02:00
Tamas Vajk
51388f2401 Do not try running mono when it's not available on the runner 2025-04-11 14:58:08 +02:00
Mathias Vorreiter Pedersen
877118fb3b Merge pull request #19274 from MathiasVP/prepare-cpp-for-mad-generation 
C++: Prepare for model generation adoption
 2025-04-11 05:11:36 -07:00
Michael Nebel
f349048e42 C#: Add change note. 2025-04-11 13:53:54 +02:00
Michael Nebel
31143b405e C#: Improve auto builder logic to detect Sdk reference. 2025-04-11 13:53:52 +02:00
Mathias Vorreiter Pedersen
deef95d384 Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll 
Co-authored-by: Taus <tausbn@github.com>
 2025-04-11 12:43:59 +01:00
Mathias Vorreiter Pedersen
bfc494c0e1 Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll 
Co-authored-by: Taus <tausbn@github.com>
 2025-04-11 12:43:51 +01:00
yoff
b641d5f177 ruby: fix FP 2025-04-11 13:22:42 +02:00
yoff
6e2cfab7b2 ruby: add test for for 
found during triage
 2025-04-11 12:46:25 +02:00
Michael Nebel
a5aef8c6f9 C#: Add some more DotNet autobuilder unit tests. 2025-04-11 12:03:06 +02:00
Paolo Tranquilli
33c857ce9f Rust: update supported languages footnote 2025-04-11 12:01:24 +02:00
Paolo Tranquilli
4ae49cfe35 Merge pull request #19281 from github/redsun82/rust-setup 
Rust: refine `ql/test/setup.sh`
 2025-04-11 11:55:12 +02:00
Paolo Tranquilli
df427f7de8 Rust: add supported frameworks file 2025-04-11 11:53:27 +02:00
Owen Mansel-Chan
472bfa2668 Merge pull request #19115 from owen-mc/java/port/java/string-replace-all-with-non-regex 
Java: Add new quality query to detect `String#replaceAll` with non-regex first argument
 2025-04-11 10:31:38 +01:00
Napalys Klicius
3d7c0201d9 Merge pull request #19231 from Napalys/js/typed_array 
JS: Taint propagation from low-level `ArrayBuffer` to `Strings`
 2025-04-11 11:29:01 +02:00
Napalys
11abbf8c4a Now nextUrl is of type parameter and loosen the restriction for NextAppRouteHandler 2025-04-11 11:19:12 +02:00
Napalys Klicius
92e4f112c0 Update javascript/ql/lib/semmle/javascript/frameworks/Next.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2025-04-11 11:08:40 +02:00
Napalys Klicius
d0dcf897cb Update javascript/ql/lib/semmle/javascript/internal/flow_summaries/Strings.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2025-04-11 11:04:08 +02:00
yoff
4167e96058 ruby: more complete impleemntation of isInBooleanContext 
Co-authored-by: Tom Hvitved <hvitved@github.com>
 2025-04-11 11:00:22 +02:00
yoff
f675a143d6 ruby: remove redundant cases 
The CFG handles the negation
 2025-04-11 10:48:41 +02:00
Napalys Klicius
d17d29a387 Merge pull request #19218 from Napalys/js/upgrade_websocket 
JS: Refactor `WebSocket` to use `API` graphs
 2025-04-11 10:05:54 +02:00
Napalys
e3f1720f9c RenamedDecodeLike to Decode and updated propagatesFlow 2025-04-11 10:04:09 +02:00
Arthur Baars
85940484ab Update rust/ql/test/setup.sh 2025-04-11 09:57:50 +02:00
Napalys
2c4b3527b4 Added change note 2025-04-11 09:42:12 +02:00
Napalys
678eccb417 Added searchParams.get as potential source for SSRF 2025-04-11 09:42:07 +02:00
Tom Hvitved
e26695fc51 Rust: Take where clauses into account in path resolution 2025-04-11 09:28:08 +02:00
Napalys
8674b61e5a Added SSRF test case with searchParams for NextRequest 2025-04-11 09:26:16 +02:00
Tom Hvitved
cc85a09b39 Rust: Add AI-generated test for path resolution of where clauses 2025-04-11 09:24:09 +02:00
Paolo Tranquilli
db1203acb3 Rust: reinstate adding rust-src for test toolchains 2025-04-11 08:57:14 +02:00
Napalys
6e09a65da0 Added support for NextRequest middleware SSRF. 2025-04-11 08:43:36 +02:00
Napalys
734ad2d767 Removed legacy Consistency check as it is redundant now with inline test expectations. 2025-04-11 08:43:08 +02:00
Napalys
208487f236 Added middleware test 2025-04-11 08:39:47 +02:00
Asger F
719456e27d JS: Fix missing flow into rest pattern lvalue 2025-04-11 08:37:09 +02:00
Asger F
7703b1fab5 JS: Add test for missing getALocalSource flow for rest pattern 2025-04-11 08:37:07 +02:00
Paolo Tranquilli
547833afb5 Rust: add to CODEOWNERS 2025-04-11 08:32:33 +02:00
Paolo Tranquilli
becea89a47 Rust: refine ql/test/setup.sh 2025-04-11 08:26:48 +02:00
Tamas Vajk
159d31d494 Reenable problematic test 2025-04-11 08:24:08 +02:00
yoff
8555e8c8c8 ruby: add change notes 2025-04-11 03:07:19 +02:00
yoff
53c88da91b ruby: refine query for uninitialised local variables 
- there are places where uninitialised reads are intentional
- there are also some places where they are impossible
 2025-04-11 03:07:19 +02:00
yoff
1ca25b2ccb ruby: add test of rb/uninitialized-local-variable 2025-04-11 03:00:05 +02:00
Aditya Sharad
283503b06d Actions: Fix handling of paths-ignore in autobuild scripts 
Always concatenate the default filters with the user-provided filters.
This ensures that when `paths-ignore` is provided,
we begin with the default path inclusions,
not all YAML files.
This makes the `paths-ignore-only` integration test variant
under `filters` pass.

The handling of `paths` is unchanged:
if provided, this overrides the default filters.
 2025-04-10 11:18:45 -07:00
Aditya Sharad
30ce0c5cbf Actions: Add integration tests for configured path filters 
Use the common structure from the existing test
for default filters.

Check both query output finding workflows and actions,
and source archive output showing all extracted YAML files.

The test for only `paths-ignore` fails in this commit,
demonstrating a bug: we start with all YAML files
rather than starting with the default includes.

The tests for `paths` reflect current behaviour
which is consistent with other languages:
`paths` overrides the default inclusions,
and only files under `paths` are included.

This may not be the best user experience for Actions,
since we want to scan all workflow and action files
even in the presence of `paths`, but that is not
currently addressed.
 2025-04-10 11:17:51 -07:00
Tom Hvitved
7ed8a85e08 Merge pull request #19246 from hvitved/rust/cache-tweaks 2025-04-10 19:02:25 +02:00
Paolo Tranquilli
00f6d9b305 Rust: start preparing documentation changes 2025-04-10 17:35:27 +02:00