hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-21 14:47:10 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,971 Commits 1,758 Branches 167 Tags
codeql-cli-2.25.3
Commit Graph

86971 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Nebel
d9fea156f6 C#: Update MaD models for extension members. 2026-02-09 13:28:11 +01:00
Michael Nebel
bcdbd6e283 C#: Use the fully qualified name for the extension type when printing extension types. 2026-02-09 13:27:32 +01:00
Michael Nebel
fe94b3b68b C#: Address review comments. 2026-02-09 11:46:53 +01:00
Owen Mansel-Chan
90401b3ad3 Merge pull request #21254 from owen-mc/go/astnode-get-enclosing-block 
Go: Add `AstNode.getEnclosingBlock()`
 2026-02-06 22:23:15 +00:00
REDMOND\brodes
1796bc0abb C++: Add change note. 2026-02-06 16:19:11 -05:00
REDMOND\brodes
36cc20989c C++: Accept test changes (removing false negative) 2026-02-06 16:11:51 -05:00
REDMOND\brodes
2b806ad6fd C++: Add missing DateTime models for PTIME_FIELDS and TIME_FIELDS 2026-02-06 16:10:04 -05:00
REDMOND\brodes
a534d26449 C++: Accept test changes. 2026-02-06 16:07:44 -05:00
REDMOND\brodes
ca18179bd2 C++: Correct false positive. Only TimeConversionFunction that do not auto correct for leap year should be considered. 2026-02-06 16:07:07 -05:00
REDMOND\brodes
d9feadcfec C++. Accept test changes. One false positive introduced, and one false negative remains. 2026-02-06 16:05:38 -05:00
REDMOND\brodes
95d4a541bc C++: Refactor leap year logic for UncheckedLeapYearAfterYearModification. Includes new logic for detecting leap year checks, new forms of leap year checks detected, and various heuristics to remove false postives. Move TimeConversionFunction into LeapYear.qll and refactored to separate conversion functions that are expected to be checked for failure from those that auto correct leap year dates if feb 29 is provided on a non-leap year. Increas the set of known TimeConversionFunctions. 2026-02-06 16:03:37 -05:00
REDMOND\brodes
6c171c804f C++: Add more tests for modified years with and without leap year checks (UncheckedLeapYearAfterYearModification). Switch to using 'postprocess' for unit tests. 2026-02-06 16:03:25 -05:00
Jon Janego
d0bd8459a1 Merge pull request #21291 from github/codeql-spark-run-21760759512 
Update changelog documentation site
 2026-02-06 12:28:56 -06:00
Jon Janego
1c43ceae95 Merge branch 'main' into codeql-spark-run-21760759512 2026-02-06 12:16:31 -06:00
Geoffrey White
a5aeadd31d Rust: Fix for neutral summaries. 2026-02-06 18:15:13 +00:00
Jon Janego
5bf2d9442e Fix formatting in changelog for Go path injection query 2026-02-06 12:14:03 -06:00
Jon Janego
c40d784a4d Update codeql-cli-2.23.1.rst 2026-02-06 12:13:34 -06:00
Jon Janego
bf6568b928 Fix formatting for Kotlin version support note 2026-02-06 12:12:55 -06:00
Jon Janego
79ad064a93 Fix formatting in Kotlin version support note 2026-02-06 12:12:16 -06:00
Jon Janego
552976d057 Update codeql-cli-2.19.1.rst 2026-02-06 12:11:49 -06:00
github-actions[bot]
353cd31ce6 update codeql documentation 2026-02-06 18:09:49 +00:00
Geoffrey White
08174d7ec9 Rust: Add test cases for summaries as well. 2026-02-06 18:05:54 +00:00
REDMOND\brodes
f6c302b68c Removing commented out test cases. 2026-02-06 11:28:48 -05:00
REDMOND\brodes
4f11913ee5 removing SSRFSink.qll 2026-02-06 11:23:58 -05:00
REDMOND\brodes
42f6e6a19c Fixing inefficiently passed variable in nested existential quantification. 2026-02-06 11:20:15 -05:00
REDMOND\brodes
97f19d03ad Updating test case expected alerts. 2026-02-06 11:20:13 -05:00
REDMOND\brodes
97ddab0724 Added support for new URIValidator in AntiSSRF library. Updated test caes to use postprocessing results. Currently results for partial ssrf still need work, it is flagging cases where the URL is fully controlled, but is sanitized. I'm not sure if this should be flagged yet. 2026-02-06 11:20:11 -05:00
REDMOND\brodes
27e19813be Removing an upstream change log, not needed for local fork update. 2026-02-06 11:20:10 -05:00
REDMOND\brodes
88adb05d4b Adjusting acryonym for SSRF for casing standards. 2026-02-06 11:20:08 -05:00
REDMOND\brodes
265922d2e5 Adding docs. 2026-02-06 11:20:01 -05:00
REDMOND\brodes
7db97799c1 Moved change log to correct location. 2026-02-06 11:19:22 -05:00
Ben Rodes
08b72d0a86 Update python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/test_azure_client.py 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-02-06 11:18:51 -05:00
Ben Rodes
46a2a249f9 Update python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/test_azure_client.py 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-02-06 11:18:49 -05:00
REDMOND\brodes
b8ba905253 Added change logs. 2026-02-06 11:18:23 -05:00
REDMOND\brodes
9912aaaf1a Adding azure sdk test cases and updated test expected file. 2026-02-06 11:18:16 -05:00
Paolo Tranquilli
48db24d184 Merge pull request #21287 from github/redsun82/fix-rust-deps-patching 
Bazel: fix Rust deps patching for semver build metadata
 2026-02-06 17:17:24 +01:00
REDMOND\brodes
8459eec239 Moving the SsrfSink concept into Concepts.qll, and renaming to HttpClientRequestFromModel as suggested in PR review. 2026-02-06 09:26:49 -05:00
Anders Fugmann
c5179e40c6 Kotlin: Add change note for supporting 2.3.10 2026-02-06 14:59:34 +01:00
github-actions[bot]
38830ddc5c Bazel: fix Rust deps patching for semver build metadata 
Handle crate versions containing `+` build metadata (e.g., `0.9.11+spec-1.1.0`).
Bazel repo names use `-` instead of `+`, so the generated labels need patching
to reference the correct repo name.

Also adds documentation for both patching issues handled by patch_defs.py.
 2026-02-06 14:58:34 +01:00
Anders Fugmann
d5827b5cca Kotlin: Support Kotlin 2.3.10 2026-02-06 14:54:08 +01:00
Michael Nebel
6c355a1bf8 C#: Update test expected output. 2026-02-06 14:38:27 +01:00
Michael Nebel
e550d4937c C#: Update parameter modifiers test to include lambda expression from the new test file. 2026-02-06 14:37:50 +01:00
Michael Nebel
62a6b5985d C#: Add test cases for lambda parameter modifiers. 2026-02-06 14:37:11 +01:00
Mathias Vorreiter Pedersen
2c05624088 Merge pull request #21280 from MathiasVP/make-getChildCount-more-robust 
C++: Make 'getChildCount' more robust by counting indices instead of elements
 2026-02-06 12:19:20 +00:00
Ben Rodes
ac1987f264 Update python/ql/lib/change-notes/2025-09-30-azure_ssrf_models.md 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2026-02-05 15:44:44 -05:00
Mathias Vorreiter Pedersen
d57a42a7f7 C++: Make 'getChildCount' more robust by counting indexes instead of 'TranslatedDeclarationEntry's. 2026-02-05 20:23:45 +00:00
Tom Hvitved
32aaac27ec Rust: Add type inference regression test 2026-02-05 17:29:42 +01:00
Tom Hvitved
2dc7576232 Rust: Rework call disambiguation logic 2026-02-05 17:29:40 +01:00
Geoffrey White
05a487ec3b Rust: Repair following merge. 2026-02-05 15:56:58 +00:00
Geoffrey White
c0a5c63e8e Merge branch 'main' into neutralmodels 2026-02-05 15:53:28 +00:00