hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-14 11:19:27 +02:00
Code Issues Packages Projects Releases Wiki Activity
87,077 Commits 1,759 Branches 167 Tags
dependabot/bazel/rules_cc-0.2.18
Commit Graph

87077 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
dependabot[bot]
68bacb47cc Bump rules_cc from 0.2.17 to 0.2.18 
Bumps [rules_cc](https://github.com/bazelbuild/rules_cc) from 0.2.17 to 0.2.18.
- [Release notes](https://github.com/bazelbuild/rules_cc/releases)
- [Commits](https://github.com/bazelbuild/rules_cc/compare/0.2.17...0.2.18)

---
updated-dependencies:
- dependency-name: rules_cc
  dependency-version: 0.2.18
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-23 03:07:51 +00:00
Owen Mansel-Chan
d6abd4c72d Merge pull request #21745 from owen-mc/go/refactor-encryption-operation 
Go: refactor `EncryptionOperation`
 2026-04-22 15:46:49 +01:00
Owen Mansel-Chan
57eaed4dcc Refactor: remove fields from EncryptionOperation 
Co-authored-by: Copilot <copilot@github.com>
 2026-04-22 13:37:35 +01:00
Michael Nebel
bca51a986c Merge pull request #21612 from michaelnebel/csharp/legacyasptaintedmember 
C#: Taint members of types in ASP.NET user context.
 2026-04-22 09:28:27 +02:00
Owen Mansel-Chan
62f15d0166 Merge pull request #21742 from owen-mc/docs/fixes 
Docs: several minor fixes
 2026-04-21 17:40:11 +01:00
Owen Mansel-Chan
b47afafe8e Fix duplicated quotation mark 2026-04-21 14:53:11 +01:00
Owen Mansel-Chan
3a13f77058 Fix typo "passd" -> "passed" 2026-04-21 14:52:48 +01:00
Owen Mansel-Chan
424b7decb1 Fix wrong parameter name 2026-04-21 14:52:22 +01:00
Owen Mansel-Chan
91f9f23138 Fix wrong function name 2026-04-21 14:52:10 +01:00
Anders Schack-Mulligen
f912731cd4 Merge pull request #21565 from aschackmull/csharp/cfg2 
C#: Replace CFG with the shared implementation
 2026-04-21 15:50:38 +02:00
Owen Mansel-Chan
6efb21314a Merge pull request #21523 from owen-mc/docs/mad/barriers 
Document models-as-data barriers and barrier guards and add change notes
 2026-04-21 13:49:19 +01:00
Owen Mansel-Chan
c91b5b3c2e Merge pull request #21650 from MarkLee131/fix/sensitive-log-fp-regex 
Java: reduce false positives in sensitive-log
 2026-04-21 13:48:32 +01:00
Michael Nebel
8b93ce2747 C#: Add ASP.NET test case for a collection type. 2026-04-21 14:27:06 +02:00
Michael Nebel
2d6197fd7d C#: Generalize ASP.NET taint members to collection types. 2026-04-21 14:27:03 +02:00
Michael Nebel
f826262f1d C#: Re-factor CollectionType into an abstract class and introduce getElementType predicate. 2026-04-21 14:26:59 +02:00
Michael Nebel
1055084305 C#: Address review comments. 2026-04-21 13:40:07 +02:00
Michael Nebel
dc0e7d4988 C#: Add change-note. 2026-04-21 13:40:04 +02:00
Michael Nebel
8060d2ff24 C#: Streamline the implementation for ASP.NET Core tainted members. 2026-04-21 13:40:02 +02:00
Michael Nebel
921d93e427 C#: Add an ASP.NET flow source example when using the WebMethod attribute. 2026-04-21 13:39:59 +02:00
Michael Nebel
dba1b7539f C#: Taint members of types used in ASP.NET remote flow source context. 2026-04-21 13:39:56 +02:00
Michael Nebel
77da545ab4 C#: Reclassify some sources as AspNetRemoteFlowSource. 2026-04-21 13:39:54 +02:00
Michael Nebel
0062eb1209 C#: Update remote flow sources test to also report tainted members. 2026-04-21 13:39:51 +02:00
Anders Schack-Mulligen
67c0515d3c Cfg: Undo consistency check change. 2026-04-21 13:10:03 +02:00
Michael B. Gale
58e9bad0a0 Merge pull request #21737 from github/post-release-prep/codeql-cli-2.25.3 
Post-release preparation for codeql-cli-2.25.3
 2026-04-21 11:48:30 +02:00
Anders Schack-Mulligen
a2a4e8288e C#: Deprecate ControlFlowElement.getAControlFlowNode and remove some splitting quantification. 2026-04-21 11:14:05 +02:00
Anders Schack-Mulligen
9de02b7ae6 Cfg: Use consistent casing in additional node tags. 2026-04-21 10:56:10 +02:00
Jeroen Ketema
7f2a13bc7a Merge pull request #21728 from jketema/jketema/swift-6.3.1 
Swift: Update to Swift 6.3.1
 2026-04-20 19:33:08 +02:00
Jeroen Ketema
abd08440a1 Swift: Update to Swift 6.3.1 2026-04-20 16:30:29 +02:00
Jeroen Ketema
d5ded932d3 Merge pull request #21723 from jketema/swift-fixed-array 
Swift: Expose the generic arguments of `BuiltinFixedArrayType`s
 2026-04-20 16:17:41 +02:00
Taus
b108e173a5 Merge pull request #21695 from github/tausbn/python-add-support-for-pep-798 
Python: Add support for PEP-798
 2026-04-20 15:01:01 +02:00
Anders Schack-Mulligen
b6f50f5992 C#: Simplify. 2026-04-20 14:43:28 +02:00
Anders Schack-Mulligen
3ceb96a45f C#: Eliminate Completion.qll. 2026-04-20 14:43:28 +02:00
Anders Schack-Mulligen
e928c224ae C#/Cfg: Some simple review fixes. 2026-04-20 14:43:27 +02:00
github-actions[bot]
a0bab539bb Post-release preparation for codeql-cli-2.25.3 2026-04-20 12:40:34 +00:00
Owen Mansel-Chan
9f310c20f3 Merge pull request #21734 from owen-mc/java/fix-partial-path-traversal 
Java: fix bug in partial path traversal
 2026-04-20 11:52:55 +01:00
Michael B. Gale
a73f7cb79d Merge pull request #21736 from github/release-prep/2.25.3 
Release preparation for version 2.25.3
 2026-04-20 12:29:07 +02:00
Michael B. Gale
abf374433b Merge changelog entries for cpp/implicit-function-declaration 2026-04-20 12:24:05 +02:00
Michael B. Gale
34b5dcfd5f Improve wording of actions note 2026-04-20 11:40:32 +02:00
github-actions[bot]
c861d99802 Release preparation for version 2.25.3 2026-04-20 09:27:23 +00:00
MarkLee131
92d205d1a8 Use set literal for getCommonSensitiveInfoFPRegex 
Replace the five-way result = ... or result = ... disjunction with a
single equality on a set literal. Addresses the CodeQL style alert
"Use a set literal in place of or" reported by the self-scan on this
PR. Pure refactor, no semantic change.
 2026-04-19 23:29:07 -04:00
Owen Mansel-Chan
c6f641eac4 Add change note 
Co-authored-by: Copilot <copilot@github.com>
 2026-04-19 07:18:48 +01:00
Owen Mansel-Chan
6d4a3974ce Fix bug so += File.separator is recognized 2026-04-19 07:18:42 +01:00
Owen Mansel-Chan
6099c5d034 Add SPURIOUS test for += File.separator 2026-04-19 07:18:00 +01:00
Owen Mansel-Chan
63d20a54d4 Use inline expectations with second test 
Co-authored-by: Copilot <copilot@github.com>
 2026-04-19 07:17:05 +01:00
Owen Mansel-Chan
dca7046d8c Make inline expectation comments specify query 2026-04-18 10:35:15 +01:00
Owen Mansel-Chan
2764580cdf Merge pull request #21718 from chmodxxx/java/woodstox-xxe 
Java: Add XXE sink model for Woodstox WstxInputFactory
 2026-04-17 17:25:15 +01:00
Salah Baddou
fb2d53e72a Address review: inline Woodstox into XmlParsers, move changelog to lib 2026-04-17 18:46:51 +04:00
Salah Baddou
f5131f9bc6 Java: Add XXE sink model for Woodstox WstxInputFactory 
`com.ctc.wstx.stax.WstxInputFactory` overrides `createXMLStreamReader`,
`createXMLEventReader` and `setProperty` from `XMLInputFactory`, so the
existing `XmlInputFactory` model in `XmlParsers.qll` does not match calls
where the static receiver type is `WstxInputFactory` (or its supertype
`org.codehaus.stax2.XMLInputFactory2`). Woodstox is vulnerable to XXE in
its default configuration, so these missed sinks were false negatives in
`java/xxe`.

This adds a scoped framework model under
`semmle/code/java/frameworks/woodstox/WoodstoxXml.qll` (registered in the
`Frameworks` module of `XmlParsers.qll`) that recognises these calls as
XXE sinks and treats the factory as safe when both
`javax.xml.stream.supportDTD` and
`javax.xml.stream.isSupportingExternalEntities` are disabled — mirroring
the existing `XMLInputFactory` safe-configuration logic.
 2026-04-17 18:46:51 +04:00
Taus
ac23e16786 Python: Move Python 3.15 data-flow tests to a separate file 
We won't be able to run these tests until Python 3.15 is actually out
(and our CI is using it), so it seemed easiest to just put them in their
own test directory.
 2026-04-17 13:16:46 +00:00
Owen Mansel-Chan
29b07d5d07 Merge pull request #21721 from owen-mc/go/remove-global-function-jump-step-from-local-flow 
Go: Remove global function step from local flow
 2026-04-17 14:09:16 +01:00