hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-20 22:27:18 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,971 Commits 1,758 Branches 167 Tags
codeql-cli-2.25.3
Commit Graph

86971 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Paolo Tranquilli
24f3d9ede0 Revert rust-toolchain.toml changes and update test expectations 2026-02-18 13:56:48 +01:00
Taus
3d4785f29f Python: Add change note 2026-02-18 12:51:35 +00:00
Tom Hvitved
1357de90ec Merge pull request #21311 from hvitved/rust/path-resolution-remove-duplicates 
Rust: Make path resolution robust against invalid code with conflicting declarations
 2026-02-18 12:29:06 +01:00
Geoffrey White
d7250a8abe Address more non-ascii characters. 2026-02-18 11:23:01 +00:00
Paolo Tranquilli
116f5a253c Bazel: Update Rust toolchain to nightly/2026-01-22 and rules_rust to 0.68.1.codeql.1 
Update the Rust nightly toolchain from nightly/2025-08-01 to nightly/2026-01-22
(rustc 1.95.0-nightly), and rules_rust from 0.66.0 to 0.68.1.codeql.1.

The new nightly changed how stdlib metadata is distributed: .rlib files now
contain only a metadata stub, with full metadata in separate .rmeta files.
rules_rust's stdlib glob doesn't include *.rmeta, causing 'only metadata stub
found' errors. This is patched via a custom registry entry (0.68.1.codeql.1).

Upstream bug: https://github.com/bazelbuild/rules_rust/issues/3859
 2026-02-18 12:22:01 +01:00
Idriss Riouak
22b55f3d6f Merge pull request #21063 from github/idrissrio/cpp/overlay/single-location 
C/C++ overlay: discard single location elements
 2026-02-18 08:58:21 +01:00
Tom Hvitved
93d417049c C#: Add tests for Equals methods with nullable parameter types 2026-02-18 08:42:15 +01:00
Owen Mansel-Chan
1bff7a3eb8 Add change note 2026-02-17 22:29:35 +00:00
Owen Mansel-Chan
eb7f1989c7 Reinstate ql model for String#shellescape 2026-02-17 22:27:15 +00:00
Owen Mansel-Chan
de5470a85c Add MaD barriers for Shellwords.escape and shellescape 
Note that this will only block flow for queries that use the kind `command-injection`.
 2026-02-17 22:27:13 +00:00
Owen Mansel-Chan
b3681f7a0c Model flow through Shellwords escape and shellescape 2026-02-17 22:27:11 +00:00
Owen Mansel-Chan
6294c3b3b8 Remove Shellwords sanitizer in ql 
Note that some sanitizers had no effect because flow through those functions wasn't modeled.
 2026-02-17 22:27:10 +00:00
Owen Mansel-Chan
4aee99f0eb Reinstate SQLite3 sanitizer in MaD 2026-02-17 22:27:08 +00:00
Owen Mansel-Chan
5df695bec9 Move SQLite3 flow model to MaD and remove ql sanitizer 2026-02-17 22:27:06 +00:00
Owen Mansel-Chan
1fa183ee2a Improve Sqlite3 test 2026-02-17 22:27:04 +00:00
Owen Mansel-Chan
d4bb92b038 Reinstate Mysql2 sanitizer in MaD 2026-02-17 22:27:03 +00:00
Owen Mansel-Chan
3e4f42f8a3 Move Mysql2 flow model to MaD and remove ql sanitizer 2026-02-17 22:27:01 +00:00
Owen Mansel-Chan
fc429c1757 Improve Mysql2 test 2026-02-17 22:27:00 +00:00
Owen Mansel-Chan
1d7a39a093 Change how sql-injection barriers are accepted 2026-02-17 22:26:58 +00:00
Ben Rodes
a1eaf42cbf Update python/ql/lib/change-notes/2026-02-09-ssrf_test_case_cleanup_and_new_ssrf_barriers.md 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2026-02-17 13:05:51 -05:00
Óscar San José
fa73cd5d5c Remove unnecessary blank line in test.py 2026-02-17 18:49:51 +01:00
Óscar San José
6760390d75 Fix imports 2026-02-17 18:49:11 +01:00
Óscar San José
60295662b7 Merge branch 'main' into oscarsj/skip-csharp-integration-on-macos-26 2026-02-17 18:42:16 +01:00
Ben Rodes
ea0d1bf262 Apply suggestion from @bdrodes 2026-02-17 12:38:59 -05:00
Ben Rodes
0106072b88 Update cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2026-02-17 12:35:27 -05:00
Ben Rodes
779fd757a3 Update cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2026-02-17 12:35:15 -05:00
Óscar San José
0b31ca4348 Merge pull request #21340 from github/copilot/sub-pr-21339 
Centralize mono/nuget platform skip predicate in conftest.py
 2026-02-17 18:26:31 +01:00
copilot-swe-agent[bot]
60b8213fdd Remove unused pytest import from conftest.py 
Co-authored-by: oscarsj <1410188+oscarsj@users.noreply.github.com>
 2026-02-17 17:22:27 +00:00
copilot-swe-agent[bot]
004ebd386c Centralize mono/nuget skip predicate in conftest.py 
Co-authored-by: oscarsj <1410188+oscarsj@users.noreply.github.com>
 2026-02-17 17:21:50 +00:00
copilot-swe-agent[bot]
9efe112026 Initial plan 2026-02-17 17:16:54 +00:00
Óscar San José
5cf281a1b6 Apply suggestions from code review 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-02-17 18:16:51 +01:00
Jeroen Ketema
61dc1d673e Merge pull request #21331 from jketema/must-flow 
C++: Modernize `MustFlow` and fix `allowInterproceduralFlow` in the case of direct recursion
 2026-02-17 17:36:58 +01:00
Óscar San José
0676ba1c07 Skip csharp integration tests on macos-26 2026-02-17 17:23:38 +01:00
Ben Rodes
1072d6a7b7 Apply suggestion from @geoffw0 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2026-02-17 10:49:58 -05:00
Ben Rodes
ceb3b21e0f Update python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryCustomizations.qll 
Co-authored-by: Taus <tausbn@github.com>
 2026-02-17 10:28:43 -05:00
Ben Rodes
c811fae876 Update cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2026-02-17 10:14:11 -05:00
Ben Rodes
549dcb31be Update cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2026-02-17 10:13:55 -05:00
Owen Mansel-Chan
05f9b4124d Revert "javascript: remove sanitizer to be replaced by model" 
This reverts commit da2f77d615.
 2026-02-17 14:39:04 +00:00
Owen Mansel-Chan
b8f9dd9de5 Revert "javascript: add MaD model" 
This reverts commit 75bd4a7a12.
 2026-02-17 14:38:56 +00:00
Michael Nebel
a8e93e7fa0 Merge pull request #21325 from michaelnebel/csharp14/partialmembers 
C# 14: Support for partial `event` declarations.
 2026-02-17 15:00:00 +01:00
Idriss Riouak
744ade6720 Merge pull request #21338 from github/idrissrio/java/fix-change-note 
Java: Fix Maven change note
 2026-02-17 14:48:37 +01:00
Idriss Riouak
c877487e11 Merge pull request #21337 from github/idrissrio/java/jdk26-note 
Java: Add change note for Java 26 and updated supported languages
 2026-02-17 14:48:16 +01:00
idrissrio
5151df456c Java: Fix Maven change note 2026-02-17 14:27:27 +01:00
idrissrio
8aa839f4c0 Java: Address review comments 2026-02-17 14:19:12 +01:00
idrissrio
1a35a05ccc Java: Update supported language versions to include Java 26 2026-02-17 13:59:45 +01:00
idrissrio
bd94ceddd9 Java: Add change note for JDK 26 2026-02-17 13:58:55 +01:00
Owen Mansel-Chan
3dc465f167 Accept MaD sanitizers for queries with MaD sinks 2026-02-17 12:48:36 +00:00
Owen Mansel-Chan
61e8f91404 Accept MaD sanitizers for queries with MaD sinks 2026-02-17 12:45:24 +00:00
Tom Hvitved
e587541e55 Rust: Restrict type propagation into receivers 2026-02-17 13:42:56 +01:00
Tom Hvitved
8a051d7e57 Rust: Add type inference test 2026-02-17 13:40:16 +01:00