hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,884 Commits 1,671 Branches 157 Tags
main
Commit Graph

759 Commits

Author SHA1 Message Date
Tom Hvitved
0b00589f95 Rust: Update expected test output 2025-12-12 11:16:17 +01:00
Geoffrey White
5db6b92411 Merge pull request #20887 from github/copilot/add-ecb-cbc-test-cases 
Add ECB and CBC block mode test cases for BrokenCryptoAlgorithm query
 2025-12-11 16:22:27 +00:00
Simon Friis Vindum
c6d2047827 Rust: Update expected files 2025-12-10 15:05:36 +01:00
Simon Friis Vindum
047ea10a9a Rust: Update tests and expected files 2025-12-10 14:35:17 +01:00
Simon Friis Vindum
c5a44cf8ff Rust: Accept changes to expected files 2025-12-10 11:35:32 +01:00
Geoffrey White
506a1ea0b8 Rust: Add test case for rust/access-after-lifetime-ended involving an invalidated reference. 2025-12-10 11:35:31 +01:00
Simon Friis Vindum
7d1acbcb87 Rust: Restrict the scope of DereferenceSink to dereferences of raw pointers 2025-12-10 11:35:28 +01:00
Geoffrey White
819a12216e Merge branch 'main' into copilot/add-ecb-cbc-test-cases 2025-12-10 08:56:20 +00:00
Tom Hvitved
fe18e0e414 Merge pull request #20997 from paldepind/rust/fix-expected 
Rust: Accept changes to expected files
 2025-12-09 14:25:36 +01:00
Tom Hvitved
a5f513f178 Merge pull request #20954 from hvitved/rust/stats-more-calls 
Rust: Include more calls in DB quality metrics
 2025-12-09 14:14:07 +01:00
Simon Friis Vindum
53ad3282c3 Rust: Accept changes to expected files 2025-12-09 14:01:31 +01:00
Tom Hvitved
0280771c51 Merge pull request #20953 from hvitved/rust/data-flow-call-models 
Rust: Model more data flow constructs as calls using MaD
 2025-12-08 15:22:02 +01:00
Geoffrey White
24852c6664 Merge pull request #20966 from geoffw0/lifetimetest 
Rust: Fix FPs from rust/access-after-lifetime-ended
 2025-12-08 09:03:51 +00:00
Tom Hvitved
5a5679bd51 Rust: Taint flow through operations using MaD 2025-12-05 09:19:03 +01:00
Tom Hvitved
57bca5ca9b Rust: Include more calls in DB quality metrics 2025-12-05 09:15:26 +01:00
Simon Friis Vindum
1a19df2044 Merge pull request #20950 from paldepind/rust/ti-raw-pointer 
Rust: Type inference for raw pointers
 2025-12-05 09:06:13 +01:00
Geoffrey White
b7402fef09 Merge remote-tracking branch 'upstream/main' into lifetimetest 2025-12-04 17:33:39 +00:00
Geoffrey White
32e9fdfe19 Rust: Fix the false positives. 2025-12-04 17:19:41 +00:00
Geoffrey White
8594c7a29a Rust: Add test for rust/access-after-lifetime-ended FP involving generic calls. 2025-12-04 15:28:15 +00:00
Geoffrey White
2665d8395a Merge pull request #20939 from geoffw0/saltmodel 
Rust: Add heuristic sinks for passwords, initialization vectors etc
 2025-12-03 18:01:48 +00:00
Simon Friis Vindum
236df0ab65 Rust: Accept changes to expected files 2025-12-02 15:07:54 +01:00
Simon Friis Vindum
c15e12c9ff Rust: Accept test changes 2025-12-02 14:43:51 +01:00
Geoffrey White
450403883b Rust: Add test cases for a small number of FPs we see. 2025-12-01 12:39:18 +00:00
Geoffrey White
e834e8665a Rust: Remove one of the cases that is causing FP results in MRVA. 2025-12-01 12:39:16 +00:00
Geoffrey White
bb50e9fb40 Rust: Add heuristic sinks for rust/hard-coded-cryptographic-value. 2025-12-01 12:39:12 +00:00
Tom Hvitved
4bfe1a81dc Rust: Update expected test output following rebase 2025-12-01 11:38:50 +01:00
Tom Hvitved
6b003580d1 Rust: Improve handling of implicit derefs/borrows in data flow 2025-12-01 11:34:01 +01:00
Geoffrey White
8e099480ab Rust: Add tests for heuristics. 2025-11-28 18:02:41 +00:00
Simon Friis Vindum
86eb949673 Merge pull request #20902 from paldepind/rust/xss-query 
Rust: Add new query for XSS vulnerabilities
 2025-11-28 09:09:14 +01:00
Simon Friis Vindum
7278bc75ca Rust: Remove unused function in XSS tests 2025-11-26 08:57:47 +01:00
Simon Friis Vindum
9ae4c14ffb Rust: Address PR feedback 2025-11-25 14:20:17 +01:00
Geoffrey White
1c2d8bb70e Merge pull request #20851 from geoffw0/access-invalid-pointer-fp 
Rust: Improve rust/access-invalid-pointer
 2025-11-25 09:49:07 +00:00
Geoffrey White
5893dc699d Rust: Change the majority of variant tests to be on AES not DES, since the focus of these new tests should be the block mode not the encryption algorithm. 2025-11-24 16:29:23 +00:00
Simon Friis Vindum
9e2bf76a7f Rust: Add XSS sinks for Actix and Warp 2025-11-24 15:46:25 +01:00
Simon Friis Vindum
ae9c753371 Rust: Add XSS query 2025-11-24 15:46:24 +01:00
Simon Friis Vindum
0f4561efc3 Rust: Add XSS examples 2025-11-24 15:46:23 +01:00
Geoffrey White
993154ed57 Rust: Avoid duplicating sinks. 2025-11-21 19:34:16 +00:00
Geoffrey White
0ea28b4026 Rust: Test .expected changes. 2025-11-21 18:57:06 +00:00
Geoffrey White
80615056c0 Merge remote-tracking branch 'upstream/main' into cert-checks 2025-11-21 18:40:40 +00:00
copilot-swe-agent[bot]
9b65a33b4a Add ECB and CBC block mode test cases 
Co-authored-by: geoffw0 <40627776+geoffw0@users.noreply.github.com>
 2025-11-21 18:32:39 +00:00
Geoffrey White
03fc4cb0aa Merge remote-tracking branch 'upstream/main' into access-invalid-pointer-fp 2025-11-21 17:39:56 +00:00
Geoffrey White
9db1722060 Rust: Accept consistency check changes. 2025-11-21 17:35:34 +00:00
Geoffrey White
ace7a77fd6 Rust: Switch to MaD models. 2025-11-21 16:27:52 +00:00
Geoffrey White
785754ec65 Rust: Switch the query to taint flow, since some taint summaries are relevant now. 2025-11-21 15:02:29 +00:00
Geoffrey White
aca7877be2 Rust: Add some missing path / file metadata models. 2025-11-21 15:02:25 +00:00
Geoffrey White
2da0814f65 Rust: Add test case involving taint. 2025-11-21 14:39:15 +00:00
Geoffrey White
41a6bf079d Rust: Add barrier for null pointer checks to the query. 2025-11-17 15:00:22 +00:00
Geoffrey White
d804229158 Rust: Add missing model. 2025-11-17 14:41:14 +00:00
Geoffrey White
6c3566ab52 Rust: It turns out we need test cases for immutable pointers as well. 2025-11-17 14:32:57 +00:00
Tom Hvitved
8455663255 Rust: Speedup AccessAfterLifetime.ql 2025-11-15 15:21:03 +01:00