hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,161 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.6
Commit Graph

84161 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Nebel
d7a2c7da18 C#: Adjust the QL library to use the locations of the unbound declarations. 2025-09-30 11:33:26 +02:00
Michael Nebel
b2cbac3250 C#: Temporarily update the test expected file. 2025-09-30 11:33:23 +02:00
Michael Nebel
443c183e41 C#: Only extract locations for unbound declarations (if a declaration can be unfound) and don't extract empty locations. 2025-09-30 11:33:21 +02:00
Michael Nebel
e9901305b2 C#: Rename GeneratedLocation to EmptyLocation and make sure that we always create one such location. 2025-09-30 11:33:19 +02:00
Michael Nebel
5843fdbdd8 C#: Add a locations example. 2025-09-30 11:33:17 +02:00
Geoffrey White
90a7a58929 Merge pull request #20515 from geoffw0/libs 
Rust: Update Supported languages and frameworks
 2025-09-30 09:56:09 +01:00
Geoffrey White
a286631018 Merge pull request #20512 from geoffw0/stmtlist 
Rust: Improve StmtList
 2025-09-30 09:53:55 +01:00
Nick Rolfe
9688d84f3e Merge pull request #20549 from github/post-release-prep/codeql-cli-2.23.2 
Post-release preparation for codeql-cli-2.23.2
 2025-09-30 09:45:22 +01:00
Simon Friis Vindum
ef80ff416f Bazel: regenerate vendored cargo dependencies 2025-09-30 10:28:42 +02:00
Simon Friis Vindum
4846cf4791 Cargo: upgrade dependencies 2025-09-30 10:21:17 +02:00
Chris Smowton
f1239352ce Note issue in related query 2025-09-29 18:43:59 +01:00
Chris Smowton
18c5cb10d9 Ruby: Update CSRF protection notes in documentation 
Autofix is confused about how the `protect_from_forgery` method works in Rails >= 5: GPT-5 says:

> In modern Rails versions (>=5, including 6 and 7 which this gem permits), ActionController::Base already enables CSRF protection by default with the `:exception` strategy; an explicit call to `protect_from_forgery` without options does not weaken security.

This is false: manual testing confirms that it actually does downgrade from `:exception` to `:null-session` behaviour when a manual call is made.

I can't find any authoritative source showing this gotcha, so I can see how the AI is confused and how humans might also struggle to verify the truth.
 2025-09-29 18:42:11 +01:00
github-actions[bot]
a7a4e43991 Post-release preparation for codeql-cli-2.23.2 2025-09-29 15:10:19 +00:00
Nick Rolfe
a05ffdbc81 Merge pull request #20545 from github/release-prep/2.23.2 
Release preparation for version 2.23.2
codeql-cli/v2.23.2 		2025-09-29 15:35:24 +01:00
Nick Rolfe
a76d736136 C#: tweak changelog wording 2025-09-29 15:32:52 +01:00
Simon Friis Vindum
98a20f9820 Rust: Add change note 2025-09-29 14:58:34 +02:00
Simon Friis Vindum
37ffe82ac9 Rust: Handle functions as lambdas 2025-09-29 14:49:04 +02:00
Simon Friis Vindum
0728692e93 Rust: Add tests for functions as lambdas 2025-09-29 14:46:53 +02:00
idrissrio
b82d8c2252 Java: Accept new test results after query change 2025-09-29 13:38:01 +02:00
idrissrio
659afb5f30 Java: Fix false positives in evaluation-to-constant query for ErrorType 2025-09-29 13:37:25 +02:00
idrissrio
e0444c531b Java: Add integration test for constant expr detection 2025-09-29 13:37:20 +02:00
Simon Friis Vindum
84c6a3a376 Rust: Add change note for actix-web models 2025-09-29 13:03:10 +02:00
Kasper Svendsen
b52fff2f81 Merge pull request #20505 from kaspersv/kaspersv/future-proof-java-discarding2 
Overlay: Discard Java config and XML base entities in overlay extracted files
 2025-09-29 13:01:08 +02:00
github-actions[bot]
d2130a589b Release preparation for version 2.23.2 2025-09-29 10:28:45 +00:00
Simon Friis Vindum
6b7d5d2902 Rust: Add models for actix-web 2025-09-29 09:14:03 +02:00
Jeroen Ketema
9dfd87c284 Merge pull request #20514 from jketema/permissive 
C++: Update tests after extractor changes
 2025-09-28 16:56:31 +02:00
Geoffrey White
c7f6f2c8e1 Rust: Consistency fix for reusables/extractors.rst. 2025-09-26 16:40:25 +01:00
Owen Mansel-Chan
18a1075e70 Merge pull request #20523 from smowton/smowton/fix/mistyped-exp-fp 
Go: mistyped-exponentiation: notice constants with likely-bitmask values
 2025-09-26 16:02:30 +01:00
Owen Mansel-Chan
f5f61193a0 Delete change note 2025-09-26 15:33:26 +01:00
Geoffrey White
1236e2b829 Rust: Add references to alternatives in the getStmtOrExpr methods. 2025-09-26 14:55:06 +01:00
Geoffrey White
a0b533bd40 Merge pull request #20529 from geoffw0/convert 
Rust: Correct from model to taint
 2025-09-26 14:48:58 +01:00
Geoffrey White
4570d7e46e Rust: Replace getBlockChildNode with uses of getStmtOrExpr. 2025-09-26 14:32:36 +01:00
Geoffrey White
27b6f12b3c Rust: Use the suggested cleaner implementation for getStmtOrExpr. 2025-09-26 14:30:31 +01:00
Florin Coada
ba07daa50a Merge pull request #20532 from github/coadaflorin/changelog-fixes 
Update changelog for CodeQL CLI 2.23.1
 2025-09-26 14:21:21 +01:00
Geoffrey White
1635ef9ad9 Merge branch 'main' into convert 2025-09-26 14:11:04 +01:00
Florin Coada
5a0bae27ac Update changelog for CodeQL CLI 2.23.1 2025-09-26 13:57:57 +01:00
Anders Schack-Mulligen
f4388c80d0 Merge pull request #20519 from aschackmull/controlflowreach/perf2 
ControlFlow: Split only on relevant values.
 2025-09-26 14:51:49 +02:00
Florin Coada
a4f5e9aaf5 Update changelog for CodeQL CLI 2.23.1 
Added acknowledgment for the original contributor of the 'Permissive CORS configuration' query and clarified the detection of path injection in Go.
 2025-09-26 13:46:12 +01:00
Florin Coada
f6fe469e02 Merge pull request #20531 from github/coadaflorin-formatingfix2 
Fix formatting in codeql-cli-2.23.1.rst
 2025-09-26 13:31:22 +01:00
Florin Coada
3e9332edfa Fix formatting in codeql-cli-2.23.1.rst 2025-09-26 13:16:45 +01:00
Florin Coada
f8388c521e Merge pull request #20530 from github/coadaflorin/attributer-query 
Attribute `js/cors-permissive-configuration` to original author
 2025-09-26 13:11:08 +01:00
Anders Schack-Mulligen
2c29f21004 Shared: Address review comments. 2025-09-26 13:59:53 +02:00
Tom Hvitved
615b0a0310 Merge pull request #20502 from hvitved/rust/path-resolution-check-arity 
Rust: Check call arities in path resolution
 2025-09-26 13:45:26 +02:00
Tom Hvitved
4c7b66c66a Address review comments 2025-09-26 13:14:44 +02:00
Geoffrey White
77e7898f71 Rust: Use US spelling in comment. 2025-09-26 11:49:23 +01:00
Geoffrey White
f458149655 Rust: Remove a sentance from the qhelp. 2025-09-26 11:32:45 +01:00
Geoffrey White
57f84873b4 Rust: Split off cookieOptionalBarrier predicate (as suggested) and expand / clarify the QLDoc. 2025-09-26 11:29:17 +01:00
Geoffrey White
21fe142955 Update rust/ql/src/queries/security/CWE-614/InsecureCookie.qhelp 
Co-authored-by: Simon Friis Vindum <paldepind@github.com>
 2025-09-26 10:39:49 +01:00
Florin Coada
ba520c60d2 Update 2.1.0.md 2025-09-26 10:11:03 +01:00
Florin Coada
09833e2541 Update CHANGELOG for query promotion and acknowledgment 
Promote 'Permissive CORS configuration' query to default suite and acknowledge contributor.
 2025-09-26 10:09:30 +01:00