hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 00:33:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,879 Commits 1,670 Branches 157 Tags
main
Commit Graph

84879 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Simon Friis Vindum
8c39472d73 Rust: Add change note for reads as taint steps 2025-12-11 09:09:12 +01:00
Tom Hvitved
d5a95a8099 Rust: Strengthen isNotInstantiationOf uses 2025-12-10 20:48:21 +01:00
Tom Hvitved
f30a3b3712 Rust: Add type inference blowup test 2025-12-10 20:48:18 +01:00
Geoffrey White
f1d241f810 Rust: Accept test change. 2025-12-10 18:22:59 +00:00
Geoffrey White
6ca90a2d62 Rust: Change note. 2025-12-10 16:56:26 +00:00
Geoffrey White
c160a1f658 Rust: Fix common FPs for rust/unused-variable and rust/unused-value. 2025-12-10 16:56:24 +00:00
Anders Schack-Mulligen
000f2c345e Merge pull request #21001 from aschackmull/guards/generalise-validationwrapper 
Guards: Generalise ValidationWrapper to support GuardValue-based BarrierGuards
 2025-12-10 15:52:53 +01:00
Simon Friis Vindum
c6d2047827 Rust: Update expected files 2025-12-10 15:05:36 +01:00
Simon Friis Vindum
efbc0934c4 Rust: Do not use types to limit lifting of reads to taint steps 2025-12-10 14:35:24 +01:00
Simon Friis Vindum
fe37e3d9be Rust: Address PR feedback 2025-12-10 14:35:23 +01:00
Simon Friis Vindum
273eb19b88 Rust: Apply suggestions from code review 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2025-12-10 14:35:22 +01:00
Simon Friis Vindum
5ba4e30c20 Rust: Exclude range start and end from field taint steps 2025-12-10 14:35:20 +01:00
Simon Friis Vindum
647bed9e2f Rust: Add extensible predicate to exclude fields and block fieldless enum types 2025-12-10 14:35:19 +01:00
Simon Friis Vindum
6fcd8d194a Rust: Refactor flow summary implementation 2025-12-10 14:35:18 +01:00
Simon Friis Vindum
047ea10a9a Rust: Update tests and expected files 2025-12-10 14:35:17 +01:00
Simon Friis Vindum
0f97e7e29d Rust: Remov unneeded model 2025-12-10 14:35:16 +01:00
Simon Friis Vindum
8a0e5b5675 Rust: Lift content reads as taint steps 2025-12-10 14:35:14 +01:00
Simon Friis Vindum
cd721b85e9 Merge pull request #20941 from paldepind/rust/invalid-pointer-barriers 
Rust: Reduce the number of sinks in `DereferenceSink`
 2025-12-10 14:22:05 +01:00
Anders Schack-Mulligen
eaa96864f7 Java: Extend test to cover assertion-like barrier guards. 2025-12-10 12:23:52 +01:00
Anders Schack-Mulligen
9cd2247b91 Java: expose support for more general BarrierGuards. 2025-12-10 12:23:52 +01:00
Anders Schack-Mulligen
09058e48aa Guards: Rename -WithState to Parameterized-. 2025-12-10 12:23:51 +01:00
Anders Schack-Mulligen
ebb989962c Guards: Generalise ValidationWrapper to support GuardValue-based BarrierGuards. 2025-12-10 12:23:51 +01:00
Simon Friis Vindum
c5a44cf8ff Rust: Accept changes to expected files 2025-12-10 11:35:32 +01:00
Geoffrey White
506a1ea0b8 Rust: Add test case for rust/access-after-lifetime-ended involving an invalidated reference. 2025-12-10 11:35:31 +01:00
Simon Friis Vindum
ade7815125 Rust: Add change note 2025-12-10 11:35:29 +01:00
Simon Friis Vindum
7d1acbcb87 Rust: Restrict the scope of DereferenceSink to dereferences of raw pointers 2025-12-10 11:35:28 +01:00
Simon Friis Vindum
4a1abc7beb Merge pull request #21007 from hvitved/rust/update-expected 
Rust: Update expected test output
 2025-12-10 11:19:37 +01:00
Geoffrey White
fa02842d30 Rust: Accept consistency check changes. 2025-12-10 10:16:22 +00:00
Tom Hvitved
30b903604d Rust: Update expected test output 2025-12-10 11:02:04 +01:00
Jeroen Ketema
3cabcfef75 Swift: Skip -scan-dependencies compiler calls 
These do not produce any useful data and just crash our frontend.
 2025-12-10 10:11:41 +01:00
Jeroen Ketema
e9aa6ddf53 Swift: Strip more unsupported arguments 
We had customer reports where these occur in practise, although we have not
observed these ourselves in frontend calls.
 2025-12-10 10:08:21 +01:00
Geoffrey White
819a12216e Merge branch 'main' into copilot/add-ecb-cbc-test-cases 2025-12-10 08:56:20 +00:00
Tom Hvitved
fe18e0e414 Merge pull request #20997 from paldepind/rust/fix-expected 
Rust: Accept changes to expected files
 2025-12-09 14:25:36 +01:00
Tom Hvitved
a5f513f178 Merge pull request #20954 from hvitved/rust/stats-more-calls 
Rust: Include more calls in DB quality metrics
 2025-12-09 14:14:07 +01:00
Simon Friis Vindum
53ad3282c3 Rust: Accept changes to expected files 2025-12-09 14:01:31 +01:00
Owen Mansel-Chan
cf19586516 Merge pull request #20993 from github/dependabot/go_modules/go/extractor/extractor-dependencies-955632e86c 
Bump the extractor-dependencies group in /go/extractor with 2 updates
 2025-12-09 09:36:16 +00:00
Anders Schack-Mulligen
139dc0acaf Merge pull request #20922 from aschackmull/csharp/object-initializer 
C#: Replace initializer splitting with an ObjectInitMethod.
 2025-12-09 10:35:02 +01:00
yoff
5c6d83ed65 Merge pull request #20877 from joefarebrother/python-tornado-websocket 
Python: Add models for websocket handlers for Tornado
 2025-12-09 10:08:59 +01:00
Michael Nebel
8ecae77887 Merge pull request #20991 from github/dependabot/nuget/csharp/ql/integration-tests/posix/standalone_dependencies_no_framework/nuget-335537b6a2 
Bump the nuget group with 1 update
 2025-12-09 10:01:15 +01:00
Tom Hvitved
e054741061 Update expected test output 2025-12-09 09:13:26 +01:00
Tom Hvitved
31b184a404 Rust: Exclude deref expressions on raw pointers from call resolution stats 2025-12-09 08:54:51 +01:00
dependabot[bot]
9eb1eb8f0d Bump the extractor-dependencies group in /go/extractor with 2 updates 
Bumps the extractor-dependencies group in /go/extractor with 2 updates: [golang.org/x/mod](https://github.com/golang/mod) and [golang.org/x/tools](https://github.com/golang/tools).


Updates `golang.org/x/mod` from 0.30.0 to 0.31.0
- [Commits](https://github.com/golang/mod/compare/v0.30.0...v0.31.0)

Updates `golang.org/x/tools` from 0.39.0 to 0.40.0
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.39.0...v0.40.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-version: 0.31.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
- dependency-name: golang.org/x/tools
  dependency-version: 0.40.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-09 03:07:27 +00:00
Owen Mansel-Chan
e7147244e8 Merge pull request #20992 from myvyang/main 
Change MethodAccess to MethodCall in query example.
 2025-12-09 01:22:55 +00:00
Owen Mansel-Chan
d15342db1f Fix table padding 2025-12-09 01:12:53 +00:00
i
134312173f MethodAccess has been deprecated, Change MethodAccess to MethodCall in query example. 2025-12-09 08:41:01 +08:00
dependabot[bot]
c8992fc834 Bump the nuget group with 1 update 
Bumps Newtonsoft.Json from 6.0.4 to 13.0.1

---
updated-dependencies:
- dependency-name: Newtonsoft.Json
  dependency-version: 13.0.1
  dependency-type: direct:production
  dependency-group: nuget
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-09 00:33:13 +00:00
github-actions[bot]
2854330759 Post-release preparation for codeql-cli-2.23.8 2025-12-08 15:49:10 +00:00
Paolo Tranquilli
28b6aa8616 Merge pull request #20988 from github/release-prep/2.23.8 
Release preparation for version 2.23.8
codeql-cli/latest codeql-cli/v2.23.8 		2025-12-08 15:45:10 +01:00
github-actions[bot]
66c51e979e Release preparation for version 2.23.8 2025-12-08 14:38:23 +00:00
Paolo Tranquilli
b5f705a4f1 Merge pull request #20985 from asgerf/js/overlay-local-optional 
JS: Use question-mark variant in all overlay annotations
 2025-12-08 15:27:23 +01:00