hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,161 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.6
Commit Graph

84161 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
REDMOND\brodes
76128ed8dc Crypto: Update InsecureIVorNonce to be a path problem. 2025-10-13 15:29:57 -04:00
Geoffrey White
93eb7ce1af Rust: Accept test changes following suggested edit. 2025-10-13 19:28:40 +01:00
Geoffrey White
35f3fbf357 Rust: Accept consistency regressions. 2025-10-13 19:19:18 +01:00
REDMOND\brodes
bd068c2a69 Crypto: Updating expected file for weak asymmetric key gen size. 2025-10-13 12:08:07 -04:00
REDMOND\brodes
4b241d7065 Crypto: adding initial weak hash query overhaul and tests, but no expected file yet. 2025-10-13 12:04:51 -04:00
REDMOND\brodes
08abdb8c85 Crypto: Adding a "javaConstant" concept to handle config files. 2025-10-13 12:03:41 -04:00
Geoffrey White
1d7ccb6f2b Update rust/ql/lib/codeql/rust/frameworks/mysql.model.yml 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-10-13 16:42:36 +01:00
yoff
ab78f2b724 Merge pull request #20630 from github/tausbn/python-fix-importerror-in-imp 
Python: Fix `ImportError` in `imp.py` under Python 3.14
 2025-10-13 17:31:47 +02:00
Simon Friis Vindum
d9c76f258e Rust: Add suggested model for into_inner for tuples 2025-10-13 16:22:03 +02:00
Simon Friis Vindum
9e2ee04879 Merge branch 'main' into rust/model-actix-web 2025-10-13 16:04:12 +02:00
Joe Farebrother
9cb593b020 Update tests 2025-10-13 14:51:37 +01:00
Joe Farebrother
093b04f79f Update comments 2025-10-13 14:51:30 +01:00
Joe Farebrother
696ec29dae Upgrade integration tests 2025-10-13 14:51:24 +01:00
Joe Farebrother
1c54296545 Add change note 2025-10-13 14:51:17 +01:00
Joe Farebrother
c4781146c0 Remove experimental query and tests 2025-10-13 14:51:10 +01:00
Joe Farebrother
c799f93811 Update tests and add inline expectations 2025-10-13 14:51:04 +01:00
Joe Farebrother
e1cf3d30d2 Update documentation, rename things and add more comments to explain how the implementation works, remove filter for test code (prefer to filter in code scanning ui than in query logic) 2025-10-13 14:50:57 +01:00
Joe Farebrother
54aefe0dce Copy experimental query to main 2025-10-13 14:50:51 +01:00
Taus
c4b27d5f28 Python: Fix ImportError in imp.py under Python 3.14 
It seems `_ERR_MSG` was silently removed in Python 3.14, leading to an
`ImportError` when running the extractor.

To fix this, we explicitly set `_ERR_MSG` when the existing import fails
(using `_ERR_MSG_PREFIX` which is available in Python 3.14+, along with
the bits that make up the difference between this and `_ERR_MSG`).
 2025-10-13 13:50:43 +00:00
Mathias Vorreiter Pedersen
b57243e073 Merge pull request #20579 from aschackmull/shared/rangeanalysis-joinorder 
Rangeanalysis: Fix a bad join-order in boundedPhiRankStep.
 2025-10-13 14:46:48 +02:00
Michael B. Gale
e65f8eacbc Merge pull request #20609 from github/dependabot/go_modules/go/extractor/extractor-dependencies-5148baeadc 
Bump the extractor-dependencies group in /go/extractor with 2 updates
 2025-10-13 10:33:14 +01:00
dependabot[bot]
500421d891 Bump the extractor-dependencies group in /go/extractor with 2 updates 
Bumps the extractor-dependencies group in /go/extractor with 2 updates: [golang.org/x/mod](https://github.com/golang/mod) and [golang.org/x/tools](https://github.com/golang/tools).


Updates `golang.org/x/mod` from 0.28.0 to 0.29.0
- [Commits](https://github.com/golang/mod/compare/v0.28.0...v0.29.0)

Updates `golang.org/x/tools` from 0.37.0 to 0.38.0
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.37.0...v0.38.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-version: 0.29.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
- dependency-name: golang.org/x/tools
  dependency-version: 0.38.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-13 03:14:48 +00:00
Tom Hvitved
2577452849 C#: Add neutral model for System.ComponentModel.PropertyDescriptor.GetValue 2025-10-12 09:06:54 +02:00
REDMOND\brodes
e76ced1513 Crypto: Updating weak asymmetric key gen to include key exchange. 2025-10-10 15:32:39 -04:00
REDMOND\brodes
d68f3cff8b Crypto: InsecureIVorNonceSource now ignored null to avoid being too noisy. 2025-10-10 14:51:16 -04:00
REDMOND\brodes
ffd191d0e1 Crypto: missing new endpoint to get the creating operation for a key if known. 2025-10-10 14:50:50 -04:00
REDMOND\brodes
36673659ad Crypto: Weak asymmetric key gen size fixes and test. 2025-10-10 14:49:35 -04:00
REDMOND\brodes
758759a304 Crypto: Reused nonce query updates and test updates to address false positives. 2025-10-10 12:25:31 -04:00
Geoffrey White
106bad2764 Rust: Add test cases for bad use of prepared statements as well. 2025-10-10 17:17:08 +01:00
Geoffrey White
c102ce41b7 Rust: Claim support for the two libraries. 2025-10-10 17:12:48 +01:00
Geoffrey White
859c1ef55d Rust: Change note. 2025-10-10 17:11:20 +01:00
Geoffrey White
f16742bf74 Rust: Add models. 2025-10-10 17:09:46 +01:00
Michael B. Gale
47632cdbd1 C#: Improve log messages in DotNetCliInvoker 2025-10-10 17:08:24 +01:00
Owen Mansel-Chan
944e116cc0 Add path query example to other lang data flow docs 2025-10-10 16:22:50 +01:00
Geoffrey White
f15a34f361 Rust: Add test cases for transactions as well. 2025-10-10 16:10:57 +01:00
Geoffrey White
883e00558a Rust: Add test cases for the mysql_async library. 2025-10-10 16:10:56 +01:00
Geoffrey White
ef93b364da Rust: Add test cases for the mysql library. 2025-10-10 15:05:21 +01:00
Owen Mansel-Chan
3c80690ba8 Fix link syntax 2025-10-10 13:58:19 +01:00
Michael Nebel
9ec0c9d5f2 C#: Add change note. 2025-10-10 14:06:45 +02:00
Michael Nebel
56ff0baba3 C#: Use * IDs for source locations. 2025-10-10 14:03:49 +02:00
Michael Nebel
ab9f78fee2 Merge pull request #20617 from michaelnebel/csharp/unboundlocations 
C#: Reduce location TRAP creation for Fields, Parameters, Constructors, Destructors and Operators.
 2025-10-10 13:47:57 +02:00
Tom Hvitved
d842107633 Merge pull request #20621 from hvitved/rust/static-target-addressable 
Rust: Include tuple structs/variants in `CallExprBase.getStaticTarget()`
 2025-10-10 13:00:28 +02:00
Michael Nebel
b8c3a28de3 C#: Add change note. 2025-10-10 11:47:19 +02:00
Owen Mansel-Chan
100463572b Add path query example to python data flow docs 2025-10-10 10:37:09 +01:00
Owen Mansel-Chan
2930e793f1 Fix mistakes in Go data flow examples in docs 2025-10-10 10:36:23 +01:00
Owen Mansel-Chan
87f32dc49f Merge pull request #20613 from owen-mc/go/sanitize-simpletypes-request-forgery 
Go: sanitize simple types in `go/request-forgery`
 2025-10-10 09:15:30 +01:00
Tom Hvitved
0fc2875527 Rust: Include tuple structs/variants in CallExprBase.getStaticTarget() 2025-10-10 09:48:08 +02:00
Owen Mansel-Chan
2c6af0cdb7 Merge pull request #20580 from owen-mc/codeowners-for-shared-libs-and-catchall 
Add code owners for `/shared/` and a catch-all
 2025-10-09 16:31:17 +01:00
Michael Nebel
e8fd843e52 C#: Update some tuple related tests. 2025-10-09 16:33:47 +02:00
Owen Mansel-Chan
11f20457e2 Fix team name 2025-10-09 14:15:07 +01:00