hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 11:46:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,161 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.6
Commit Graph

84161 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Simon Friis Vindum
ad5c5acae5 Merge pull request #20094 from paldepind/rust/type-inference-path-mention 
Rust: Refactor `PathTypeMention`
 2025-07-21 14:00:20 +02:00
Owen Mansel-Chan
472a6b5fe1 Merge pull request #20018 from owen-mc/java/snakeyaml-safe-unsafe-deserialization 
Java: Update qhelp: SnakeYaml is safe from version 2.0
 2025-07-21 12:22:36 +01:00
Geoffrey White
0ec10e5c30 Rust: Corrections after the merge. 2025-07-21 12:12:23 +01:00
Simon Friis Vindum
28850460b2 Rust: Accept test changes 2025-07-21 12:07:08 +02:00
Nora Dimitrijević
218fcbbec5 [DIFF-INFORMED] C#: HardcodedConnectionString 2025-07-21 11:28:55 +02:00
Nora Dimitrijević
b2fd58eea4 [DIFF-INFORMED] C#: ThreadUnsafeCryptoTransformLambda 2025-07-21 11:28:53 +02:00
Nora Dimitrijević
7f085e6bd9 [DIFF-INFORMED] C#: UnsafeDeserializationQuery 
57c8b6e229/csharp/ql/src/Security%20Features/CWE-502/UnsafeDeserializationUntrustedInput.ql (L59)
 2025-07-21 11:28:50 +02:00
Nora Dimitrijević
793f921291 [DIFF-INFORMED] C#: ConditionalBypass 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/csharp/ql/src/Security%20Features/CWE-807/ConditionalBypass.ql#L22
 2025-07-21 11:28:48 +02:00
Anders Schack-Mulligen
d5cdfc673e Merge pull request #20092 from aschackmull/java/joinorder2 
Java: Improve more join-orders
 2025-07-21 11:27:14 +02:00
Nora Dimitrijević
fbee6bbe21 Merge pull request #20077 from d10c/d10c/diff-informed-phase-3-java 
Java: Diff-informed queries: phase 3 (non-trivial locations)
 2025-07-21 11:23:12 +02:00
Simon Friis Vindum
8ebebf03c2 Rust: Add type inference test with associated type that collides with type parameter 2025-07-21 10:11:41 +02:00
Simon Friis Vindum
ac6715fb3a Rust: Avoid mixing up type parameters and associated types in path resolution 2025-07-21 10:07:41 +02:00
Simon Friis Vindum
71a5e410d7 Rust: Add path resolution test 2025-07-21 09:59:12 +02:00
Anders Schack-Mulligen
937e3dc469 Merge pull request #20091 from aschackmull/java/fix-cfg-cp-assert 
Java: Fix accidental CP in CFG for asserts.
 2025-07-21 09:07:19 +02:00
Simon Friis Vindum
441cefd0bd Rust: Accept test changes 2025-07-21 08:34:16 +02:00
Jami Cogswell
bca2c2da54 Java: Add 'previous-id' and adjust tags for 'java/garbage-collection' and 'java/do-not-use-finalizers' 2025-07-19 19:29:00 -04:00
Jami Cogswell
c9692a6d10 Java: fix test failures cause by alert msg change 2025-07-19 13:27:09 -04:00
Jami Cogswell
0dd33b2734 Java: remove version debugging from alert message 2025-07-19 13:01:00 -04:00
Simon Friis Vindum
27e5251285 Rust: Add resolveRootType predicate instead of using resolveType recursively 2025-07-19 13:57:31 +02:00
Simon Friis Vindum
804ffdb682 Rust: Split PathTypeMention into an alias and a non-alias subclass 2025-07-19 13:43:56 +02:00
Simon Friis Vindum
0e8c137a98 Rust: Only include paths as type mentions when they're used as such 
On databend this changes the number of `PathTypeMention`s from 3,777,464 to 3,330,024. Not a huge difference, but there's also downstream predicates that are reduced as well.
 2025-07-19 11:57:13 +02:00
Simon Friis Vindum
620d228ffa Rust: Factor out getTypeMentionForTypeParameter 2025-07-19 08:41:38 +02:00
Jami Cogswell
7250265c1f Java: consider all endpoints except for health and info as sensitive to align with Spring docs 2025-07-18 17:50:18 -04:00
Jami Cogswell
685f68d9d3 Java: support 'management.endpoints.web.expose' property 2025-07-18 17:50:17 -04:00
Jami Cogswell
8decc136c4 Java: add change note 2025-07-18 17:50:14 -04:00
Jami Cogswell
70d51504a7 Java: rename to align with 'java/spring-boot-exposed-actuators' query 2025-07-18 17:50:12 -04:00
Jami Cogswell
ea529b047b Java: adjust metadata and alert msg 2025-07-18 17:50:10 -04:00
Jami Cogswell
7d5e939a86 Java: minor refactoring 2025-07-18 17:50:09 -04:00
Jami Cogswell
ea35fbbe3b Java: support version 3.x 2025-07-18 17:50:07 -04:00
Jami Cogswell
afa6610cb9 Java: update qhelp 2025-07-18 17:49:54 -04:00
Anders Schack-Mulligen
46ebf503c7 Java: Improve join-order by controlling magic and breaking up TCs. 2025-07-18 16:13:11 +02:00
Anders Schack-Mulligen
ca8fe033d7 Java: Improve join by preventing ssa use-pair join. 2025-07-18 16:12:00 +02:00
Simon Friis Vindum
43b2977cb4 Shared, Rust: Reuse hasTypeConstraint in potentialInstantiationOf and factor out multipleConstraintImplementations 2025-07-18 15:33:17 +02:00
Simon Friis Vindum
bdcecdfc2c Shared, Rust: Ensure that the constraints in satisfiesConstraintType are in relevantConstraint 2025-07-18 15:33:16 +02:00
Simon Friis Vindum
475d872ffb Shared, Rust: Adjust type inference predicates to better match use sites 2025-07-18 15:32:42 +02:00
Anders Schack-Mulligen
d64a9368d2 Merge pull request #20088 from aschackmull/java/joinorders1 
Java: Improve several join-orders
 2025-07-18 14:54:26 +02:00
Anders Schack-Mulligen
bc2e7d4e0d Java: Fix accidental CP in CFG for asserts. 2025-07-18 13:53:15 +02:00
Anders Schack-Mulligen
f6975117fe Merge pull request #20083 from aschackmull/java/prune-csrf-unprotected-request-type 
Java: Prune PathGraph for CsrfUnprotectedRequestType.ql
 2025-07-18 13:25:00 +02:00
Anders Schack-Mulligen
d9f47bdec9 Java: Improve join-order by properly annotating haveIntersection. 2025-07-18 11:48:50 +02:00
Anders Schack-Mulligen
7883124abd Java: getSourceDeclaration() and getASourceSupertype*() commute and this yields much better join-order. 2025-07-18 11:47:14 +02:00
Anders Schack-Mulligen
12732525b5 Java: Allow 2-column join on delta to improve join-order. 2025-07-18 11:45:45 +02:00
Joe Farebrother
8ccb2ed059 Merge remote-tracking branch 'origin/python-qual-raise-not-implemented' into python-qual-raise-not-implemented 2025-07-18 10:05:40 +01:00
Michael Nebel
ededa3c006 Merge pull request #20087 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2025-07-18 08:34:04 +02:00
github-actions[bot]
2f84a4a5b5 Add changed framework coverage reports 2025-07-18 00:25:03 +00:00
Jami Cogswell
0d2a4222fd Java: add related location to alert message 2025-07-17 19:22:18 -04:00
Jami Cogswell
ae163a9f36 Java: add overlay annotations 2025-07-17 19:22:17 -04:00
Jami Cogswell
2bfc4b4ee2 Java: fix test case for version 1.4 
Need the existence of an ApplicationProperties File, not an ApplicationProperties ConfigPair
 2025-07-17 19:22:15 -04:00
Jami Cogswell
3823186dc6 Java: split tests by versions 
splitting is required to properly test each scenario
 2025-07-17 19:22:13 -04:00
Jami Cogswell
1b90a30d45 Java: move code to .qll file 2025-07-17 19:22:11 -04:00
Jami Cogswell
b479f5c8dc Java: fix integration tests 2025-07-17 19:22:10 -04:00