hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-23 04:06:37 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,161 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.6
Commit Graph

84161 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Kasper Svendsen
7186ea5975 Merge pull request #19871 from github/kaspersv/overlay-script-re 
Use regex to match overlay annotations
 2025-06-25 09:39:50 +02:00
Kasper Svendsen
869ba0d246 Use regex to match overlay annotations 2025-06-25 09:30:49 +02:00
Napalys Klicius
73126fef9e JS: update change note. 2025-06-25 09:26:26 +02:00
Jeroen Ketema
2f1cd388d1 C++: Update stats file after DCA and extractor changes 2025-06-25 09:21:56 +02:00
Asger F
d39b68cd41 Merge pull request #19849 from asgerf/js/remove-legacy-actions-queries 
JS: Remove legacy actions queries
 2025-06-25 09:18:33 +02:00
Asger F
853fc1a7cf Merge pull request #19852 from asgerf/js/react-use-server 
JS: Model React 'use' and 'use server'
 2025-06-25 09:13:56 +02:00
Jeroen Ketema
ddae47118b Merge pull request #16075 from jketema/explicit 
C++: Handle explicitly instantiated templates
 2025-06-25 08:53:50 +02:00
Jeroen Ketema
fff23040b3 C++: Update test results 2025-06-25 08:14:22 +02:00
REDMOND\brodes
bd0efbe48c Crypto: Overhaul of EVP final/init/update to now use a more general 'OperationStep' mechanic. 2025-06-24 16:03:25 -04:00
Chuan-kai Lin
9a064de86e Merge pull request #19865 from github/cklin/pick-kotlin-version 
pick-kotlin-version.py: tolerate warnings
 2025-06-24 10:21:13 -07:00
Eric Bickle
b8f8501cf5 Merge pull request #1 from geoffw0/sql 
C++: Fix for the SQL query.
 2025-06-24 10:13:52 -07:00
Aditya Sharad
1c567b9b71 Merge pull request #19867 from adityasharad/qldoc/opcode-script-regex 
QLDoc scripts: Fix overly permissive regex ranges
 2025-06-24 10:11:08 -07:00
Aditya Sharad
a79e3cf604 QLDoc scripts: Fix overly permissive regex ranges 
The range `A-aa-z` was too permissive and
includes special characters between `Z` and `a`.
Low impact, but fix to address an internally
reported code scanning alert.
 2025-06-24 10:00:29 -07:00
Nora Dimitrijević
690446149a Java: add CleartextStorageCookie test 
Given that it's a non-path-problem dataflow query, the InlineExpectationsTest is not as useful.
 2025-06-24 18:12:19 +02:00
Paolo Tranquilli
1dcd60527c Codegen: improve implementation of generated parent/child relationship 
This improves the implementation of the generated parent/child
relationship by adding a new `all_children` field to `ql.Class` which
lists all children (both direct and inherited) of a class, carefully
avoiding duplicating children in case of diamond inheritance. This:
* simplifies the generated code,
* avoid children ambiguities in case of diamond inheritance.

This only comes with some changes in the order of children in the
generated tests (we were previously sorting bases alphabetically there).
For the rest this should be a non-functional change.
 2025-06-24 17:26:24 +02:00
Jeroen Ketema
9a83005730 Merge pull request #19862 from jketema/complex 
C++: Support more complex 16-bit float types
 2025-06-24 17:26:07 +02:00
Chuan-kai Lin
565627847f pick-kotlin-version.py: tolerate warnings 
This commit changes pick-kotlin-version.py to use re.search() instead of
re.match(), so that it can better cope with warning messages.
 2025-06-24 08:13:43 -07:00
Jeroen Ketema
8f249c77bc C++: Support more complex 16-bit float types 2025-06-24 16:56:34 +02:00
Nora Dimitrijević
a49999dd5d PolynomialReDoS: disable diff-informed support 
This is because it was failing the diff-informed consistency check, and like other ReDoS queries (Python?) the query tries to be helpful by showing a substring of a regex, which has a `hasLocation(...)` (intensional) but no corresponding `getLocation()` (extensional). Until the location overrides get updated to support `hasLocation`-based locations, it's probably best to turn off diff-informed support.
 2025-06-24 16:42:41 +02:00
Nora Dimitrijević
b2cb585bf2 UnsafeDeserialization: add missing getASelectedSinkLocation override 
This fixes the failing diff-informed consistency check.
 2025-06-24 16:42:39 +02:00
Nora Dimitrijević
e213e3fc37 Java: convert ImplicitPendingIntents test to .qlref 2025-06-24 16:42:37 +02:00
Nora Dimitrijević
e0311e26c6 Java: convert ImproperIntentVerification test to .qlref 
It's a non-path query, so the InlineExpectationsTest postprocessor doesn't do anything.
 2025-06-24 16:42:35 +02:00
Nora Dimitrijević
aac4f63e9a Java: convert RequestForgery test to .qlref 2025-06-24 16:42:32 +02:00
Nora Dimitrijević
7f05b72e10 Java: convert OgnlInjection test to .qlref 2025-06-24 16:42:30 +02:00
Nora Dimitrijević
cadfd0dcaa Java: convert RsaWithoutOaep test to .qlref 2025-06-24 16:42:28 +02:00
Nora Dimitrijević
b7e47e2cf3 Java: convert PolynomialReDoS and RegexInjection tests to .qlref 
Leaves ReDoS.ql unmodified since it's not a dataflow query; just moves it to its own directory.
 2025-06-24 16:42:26 +02:00
Nora Dimitrijević
f5c7ef6ab4 Java: convert XPathInjection test to .qlref 2025-06-24 16:42:23 +02:00
Nora Dimitrijević
162b1c51a9 Java: convert XXE test to .qlref 2025-06-24 16:42:21 +02:00
Nora Dimitrijević
7f33f57c9b Java: convert UrlForward test to .qlref 2025-06-24 16:42:19 +02:00
Nora Dimitrijević
bf1a699982 Java: convert CWE-522 tests to .qlref 2025-06-24 16:42:17 +02:00
Nora Dimitrijević
4412335223 Java: convert UnsafeDeserialization test to .qlref 2025-06-24 16:42:14 +02:00
Nora Dimitrijević
c4b0955045 Java: convert WebviewDebuggingEnabled test to .qlref 2025-06-24 16:42:12 +02:00
Nora Dimitrijević
192f45ed2b Java: convert FragmentInjection test to .qlref 2025-06-24 16:42:10 +02:00
Nora Dimitrijević
2b19cbcd7e Java: convert UnsafeContentUriResolution test to .qlref 2025-06-24 16:42:08 +02:00
Nora Dimitrijević
28694276e2 Java: convert MissingJWTSignatureCheck test to .qlref 2025-06-24 16:42:06 +02:00
Nora Dimitrijević
85c2f72892 Java: convert InsecureRandomness test to .qlref 2025-06-24 16:42:04 +02:00
Nora Dimitrijević
288a938814 Java: convert InsufficientKeySize test to .qlref 2025-06-24 16:42:02 +02:00
Nora Dimitrijević
993b261b63 Java: convert InsecureTrustManager test to .qlref 2025-06-24 16:42:00 +02:00
Nora Dimitrijević
b736e3733c Java: convert IntentUriPermissionManipulation test to .qlref 2025-06-24 16:41:58 +02:00
Nora Dimitrijević
c77875d834 Java: convert TemplateInjection test to .qlref 2025-06-24 16:41:56 +02:00
Nora Dimitrijević
b8c7bd29c3 Java: convert SpelInjection test to .qlref 2025-06-24 16:41:54 +02:00
Nora Dimitrijević
2a837b208b Java: convert MvelInjection test to .qlref 2025-06-24 16:41:52 +02:00
Nora Dimitrijević
1b61cb660a Java: convert JexlInjection test to .qlref 2025-06-24 16:41:50 +02:00
Nora Dimitrijević
1cc91e964d Java: convert GroovyInjection test to .qlref 2025-06-24 16:41:48 +02:00
Nora Dimitrijević
8e53da285f Java: convert XSS test to .qlref 2025-06-24 16:41:46 +02:00
Nora Dimitrijević
199eabdd20 Java: convert XsltInjection test to .qlref 
Also, split off into separate directory from JndiInjectionTest because their $Alerts were interfering with each other.
 2025-06-24 16:41:43 +02:00
Nora Dimitrijević
3f9e0fee81 Java: convert JndiInjection test to .qlref 2025-06-24 16:41:41 +02:00
Nora Dimitrijević
e1ddce8456 Java: convert PartialPathTraversalFromRemote test to .qlref 2025-06-24 16:41:39 +02:00
Nora Dimitrijević
588efe4b2b Java: Convert TaintedPath test to .qlref 2025-06-24 16:41:35 +02:00
Nora Dimitrijević
c4a385fa6a Merge pull request #19817 from d10c/d10c/convert-tests-to-qlref 
Convert remaining `{go,swift,ruby}-code-scanning.qls` query tests to `.qlref`
 2025-06-24 16:31:13 +02:00