hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-24 16:17:07 +02:00
Code Issues Packages Projects Releases Wiki Activity
87,274 Commits 1,758 Branches 168 Tags
codeql-cli-2.25.4
Commit Graph

87274 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Owen Mansel-Chan
b4743155f6 Include first step from SsaVariableCapture 
Without this change the test
go/ql/test/query-tests/InconsistentCode/UnhandledCloseWritableHandle/UnhandledCloseWritableHandle.qlref
was failing.
 2025-10-01 16:12:14 +01:00
Owen Mansel-Chan
5267671b15 Clean up code in basicLocalFlowStep 
No changes in functionality.
 2025-10-01 16:12:12 +01:00
Owen Mansel-Chan
4484d5bfa9 Add missing QLDoc 2025-10-01 16:12:09 +01:00
Owen Mansel-Chan
16a11b48ad Switch to use-use dataflow. This will make post-update nodes easy to implement. 
Queries / tests that required changes:
* The CleartextLogging and MissingErrorCheck queries are updated because they assumed def-use flow
* The CommandInjection query works around the shortcomings of use-use flow by essentially reintroducing def-use flow when it applies a sanitizer
* The OpenUrlRedirect query currently just accepts its fate; the tests are updated to avoid excess sanitization while the query comments on the problem. We should choose this approach or the CommandInjection one.
 2025-10-01 16:12:07 +01:00
Simon Friis Vindum
1408c245e0 Merge pull request #20557 from paldepind/rust/type-inference-delete-predicates 
Rust: Remove member predicates on `Type`
 2025-10-01 16:48:41 +02:00
Owen Mansel-Chan
ff3d795a8f Merge pull request #20556 from owen-mc/go/test/safeurlflow 
Go: Add tests for SafeUrlFlow, and fix a latent bug
 2025-10-01 15:05:55 +01:00
Geoffrey White
f96a42c075 Merge pull request #20561 from geoffw0/basicquery 
Rust: Add Basic query for Rust code doc
 2025-10-01 14:20:11 +01:00
Owen Mansel-Chan
8983ac9212 Phrase test in terms of safe URLs 2025-10-01 14:13:15 +01:00
Tom Hvitved
dd3debc2d5 Address review comments 2025-10-01 14:41:28 +02:00
Anders Schack-Mulligen
a1028d604c Guards: Improve performance for uniqueValue. 2025-10-01 14:08:37 +02:00
Mathias Vorreiter Pedersen
b0e9238ddf Merge branch 'main' into use-shared-guards-library 2025-10-01 11:59:17 +01:00
Geoffrey White
b02c19b5bf Rust: Slightly cleaner screenshots. 2025-10-01 11:59:08 +01:00
Mark C
c5cf0ffa75 added java cryptographic check queries 2025-10-01 11:55:51 +01:00
Geoffrey White
936702a0e5 Rust: Update graphics. 2025-10-01 11:49:54 +01:00
Mathias Vorreiter Pedersen
353ee8baa0 C++: Port a test from the experimental directory to show that it works in the non-experimental "new" range analysis. 2025-10-01 11:33:47 +01:00
Chris Smowton
f5ae5bed47 Merge pull request #20560 from smowton/smowton/fix/start-in-constructor-fp 
Java: note that classes with entirely private constructors can't be subclassed
 2025-10-01 11:16:50 +01:00
Geoffrey White
2c7291d27e Rust: Fix toctree bug. 2025-10-01 11:12:29 +01:00
Ben Ahmady
513dcf1cb4 Merge branch 'main' into basicquery 2025-10-01 11:02:19 +01:00
Owen Mansel-Chan
c93852d87a Improve comments in test file 2025-10-01 11:01:58 +01:00
Simon Friis Vindum
daf0cf1c1b Rust: Rename predicates 2025-10-01 11:43:51 +02:00
Owen Mansel-Chan
dd3f754cb3 Add change note. 2025-10-01 09:32:00 +01:00
Simon Friis Vindum
a359a24c9e Merge pull request #20559 from paldepind/rust/string-add-ref 
Rust: Add taint model for add on `String`
 2025-10-01 09:38:54 +02:00
REDMOND\brodes
26b8a394b3 Adjusting acryonym for SSRF for casing standards. 2025-09-30 14:09:06 -04:00
REDMOND\brodes
a660eaba95 Adding docs. 2025-09-30 14:07:32 -04:00
REDMOND\brodes
acddb2c272 Moved change log to correct location. 2025-09-30 14:02:43 -04:00
Ben Rodes
d790c6df57 Update python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/test_azure_client.py 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-09-30 14:00:25 -04:00
Ben Rodes
fab96d9539 Update python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/test_azure_client.py 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-09-30 14:00:16 -04:00
Ben Rodes
5ca9ff2082 Update python/ql/lib/semmle/python/frameworks/SSRFSink.qll 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-09-30 14:00:05 -04:00
REDMOND\brodes
341f553866 Added change logs. 2025-09-30 13:55:31 -04:00
REDMOND\brodes
704e2966cb Adding azure sdk test cases and updated test expected file. 2025-09-30 13:32:56 -04:00
REDMOND\brodes
d27d4fdb27 Updating comments. 2025-09-30 13:31:48 -04:00
Geoffrey White
372b5870b1 Merge pull request #20554 from geoffw0/docs1 
Rust: Consistency fix for reusables/extractors.rst.
 2025-09-30 17:41:05 +01:00
REDMOND\brodes
47fac883b8 Azure SDK models for SSRF analysis. 
(cherry picked from commit 0274962612c02af09729526a3c44a545c1e69be8)
 2025-09-30 11:58:26 -04:00
Geoffrey White
92122fef58 Rust: statement -> expression. 2025-09-30 15:48:26 +01:00
Geoffrey White
d9955ce93c Merge pull request #20503 from geoffw0/cookie 
Rust: New query rust/insecure-cookie
 2025-09-30 15:26:37 +01:00
Tom Hvitved
537e7a8ec3 Rust: Fix formatting 2025-09-30 16:24:38 +02:00
Tom Hvitved
701cff3ca4 Rust: Macro call resolution 2025-09-30 16:21:02 +02:00
Owen Mansel-Chan
a2a9575587 Add tests for safe URL flow 2025-09-30 15:05:42 +01:00
Simon Friis Vindum
19871a2653 Rust: Accept test changes 2025-09-30 15:26:30 +02:00
Geoffrey White
771d9345b5 Merge branch 'main' into basicquery 2025-09-30 14:19:00 +01:00
Mathias Vorreiter Pedersen
ca53a8e787 C++: Update QLDoc. 2025-09-30 14:15:55 +01:00
Mathias Vorreiter Pedersen
1b2bd30a29 Update cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2025-09-30 14:14:19 +01:00
Chris Smowton
f88daff45f Java: note that classes with entirely private constructors can't be subclassed 2025-09-30 13:57:44 +01:00
Simon Friis Vindum
49efd574a0 Rust: Add taint model for add on String 2025-09-30 14:48:03 +02:00
Idriss Riouak
fa8cbeeb44 Merge pull request #20546 from github/idrissrio/ql-constant 
Java: Fix false positives in evaluation-to-constant query for ErrorType
 2025-09-30 14:24:28 +02:00
Chris Smowton
ff4b97bf2d Reword 2025-09-30 13:08:03 +01:00
Simon Friis Vindum
c878af2b9d Rust: Remove member predicates on Type 2025-09-30 13:28:33 +02:00
Owen Mansel-Chan
5b07e8c9c4 Fix bug in UnsafeFieldReadSanitizer 2025-09-30 12:05:06 +01:00
Owen Mansel-Chan
b5fda88bd3 Remove duplication of UnsafeFieldReadSanitizer 2025-09-30 12:04:39 +01:00
idrissrio
63771110a5 Java: Address review comment 2025-09-30 11:46:37 +02:00