hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,658 Commits 1,671 Branches 157 Tags
rust-ti-implementing-type-method
Commit Graph

78658 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
877118fb3b Merge pull request #19274 from MathiasVP/prepare-cpp-for-mad-generation 
C++: Prepare for model generation adoption
 2025-04-11 05:11:36 -07:00
Michael Nebel
f349048e42 C#: Add change note. 2025-04-11 13:53:54 +02:00
Michael Nebel
31143b405e C#: Improve auto builder logic to detect Sdk reference. 2025-04-11 13:53:52 +02:00
Mathias Vorreiter Pedersen
deef95d384 Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll 
Co-authored-by: Taus <tausbn@github.com>
 2025-04-11 12:43:59 +01:00
Mathias Vorreiter Pedersen
bfc494c0e1 Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll 
Co-authored-by: Taus <tausbn@github.com>
 2025-04-11 12:43:51 +01:00
yoff
b641d5f177 ruby: fix FP 2025-04-11 13:22:42 +02:00
yoff
6e2cfab7b2 ruby: add test for for 
found during triage
 2025-04-11 12:46:25 +02:00
Michael Nebel
a5aef8c6f9 C#: Add some more DotNet autobuilder unit tests. 2025-04-11 12:03:06 +02:00
Paolo Tranquilli
4ae49cfe35 Merge pull request #19281 from github/redsun82/rust-setup 
Rust: refine `ql/test/setup.sh`
 2025-04-11 11:55:12 +02:00
Owen Mansel-Chan
472bfa2668 Merge pull request #19115 from owen-mc/java/port/java/string-replace-all-with-non-regex 
Java: Add new quality query to detect `String#replaceAll` with non-regex first argument
 2025-04-11 10:31:38 +01:00
Napalys Klicius
3d7c0201d9 Merge pull request #19231 from Napalys/js/typed_array 
JS: Taint propagation from low-level `ArrayBuffer` to `Strings`
 2025-04-11 11:29:01 +02:00
Napalys
11abbf8c4a Now nextUrl is of type parameter and loosen the restriction for NextAppRouteHandler 2025-04-11 11:19:12 +02:00
Napalys Klicius
92e4f112c0 Update javascript/ql/lib/semmle/javascript/frameworks/Next.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2025-04-11 11:08:40 +02:00
Napalys Klicius
d0dcf897cb Update javascript/ql/lib/semmle/javascript/internal/flow_summaries/Strings.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2025-04-11 11:04:08 +02:00
yoff
4167e96058 ruby: more complete impleemntation of isInBooleanContext 
Co-authored-by: Tom Hvitved <hvitved@github.com>
 2025-04-11 11:00:22 +02:00
yoff
f675a143d6 ruby: remove redundant cases 
The CFG handles the negation
 2025-04-11 10:48:41 +02:00
Napalys Klicius
d17d29a387 Merge pull request #19218 from Napalys/js/upgrade_websocket 
JS: Refactor `WebSocket` to use `API` graphs
 2025-04-11 10:05:54 +02:00
Napalys
e3f1720f9c RenamedDecodeLike to Decode and updated propagatesFlow 2025-04-11 10:04:09 +02:00
Arthur Baars
85940484ab Update rust/ql/test/setup.sh 2025-04-11 09:57:50 +02:00
Napalys
2c4b3527b4 Added change note 2025-04-11 09:42:12 +02:00
Napalys
678eccb417 Added searchParams.get as potential source for SSRF 2025-04-11 09:42:07 +02:00
Tom Hvitved
e26695fc51 Rust: Take where clauses into account in path resolution 2025-04-11 09:28:08 +02:00
Napalys
8674b61e5a Added SSRF test case with searchParams for NextRequest 2025-04-11 09:26:16 +02:00
Tom Hvitved
cc85a09b39 Rust: Add AI-generated test for path resolution of where clauses 2025-04-11 09:24:09 +02:00
Paolo Tranquilli
db1203acb3 Rust: reinstate adding rust-src for test toolchains 2025-04-11 08:57:14 +02:00
Napalys
6e09a65da0 Added support for NextRequest middleware SSRF. 2025-04-11 08:43:36 +02:00
Napalys
734ad2d767 Removed legacy Consistency check as it is redundant now with inline test expectations. 2025-04-11 08:43:08 +02:00
Napalys
208487f236 Added middleware test 2025-04-11 08:39:47 +02:00
Asger F
719456e27d JS: Fix missing flow into rest pattern lvalue 2025-04-11 08:37:09 +02:00
Asger F
7703b1fab5 JS: Add test for missing getALocalSource flow for rest pattern 2025-04-11 08:37:07 +02:00
Paolo Tranquilli
547833afb5 Rust: add to CODEOWNERS 2025-04-11 08:32:33 +02:00
Paolo Tranquilli
becea89a47 Rust: refine ql/test/setup.sh 2025-04-11 08:26:48 +02:00
Tamas Vajk
159d31d494 Reenable problematic test 2025-04-11 08:24:08 +02:00
yoff
8555e8c8c8 ruby: add change notes 2025-04-11 03:07:19 +02:00
yoff
53c88da91b ruby: refine query for uninitialised local variables 
- there are places where uninitialised reads are intentional
- there are also some places where they are impossible
 2025-04-11 03:07:19 +02:00
yoff
1ca25b2ccb ruby: add test of rb/uninitialized-local-variable 2025-04-11 03:00:05 +02:00
Aditya Sharad
283503b06d Actions: Fix handling of paths-ignore in autobuild scripts 
Always concatenate the default filters with the user-provided filters.
This ensures that when `paths-ignore` is provided,
we begin with the default path inclusions,
not all YAML files.
This makes the `paths-ignore-only` integration test variant
under `filters` pass.

The handling of `paths` is unchanged:
if provided, this overrides the default filters.
 2025-04-10 11:18:45 -07:00
Aditya Sharad
30ce0c5cbf Actions: Add integration tests for configured path filters 
Use the common structure from the existing test
for default filters.

Check both query output finding workflows and actions,
and source archive output showing all extracted YAML files.

The test for only `paths-ignore` fails in this commit,
demonstrating a bug: we start with all YAML files
rather than starting with the default includes.

The tests for `paths` reflect current behaviour
which is consistent with other languages:
`paths` overrides the default inclusions,
and only files under `paths` are included.

This may not be the best user experience for Actions,
since we want to scan all workflow and action files
even in the presence of `paths`, but that is not
currently addressed.
 2025-04-10 11:17:51 -07:00
Tom Hvitved
7ed8a85e08 Merge pull request #19246 from hvitved/rust/cache-tweaks 2025-04-10 19:02:25 +02:00
Felicity Chapman
c2baf9a052 Merge pull request #19270 from github/felicitymay-patch-1 
CodeQL docs: Fix ordering in side navigation bar for Query help
 2025-04-10 15:10:14 +01:00
Owen Mansel-Chan
4f5bdbb517 Add new query to java-code-quality.qls.expected 2025-04-10 14:37:11 +01:00
Mathias Vorreiter Pedersen
3bb249f580 C++: Ensure we always have 'Position's even if there are no calls in the DB. 2025-04-10 14:28:40 +01:00
Mathias Vorreiter Pedersen
b678112f4d C++: Add a few predicates to 'ReturnKind'. 2025-04-10 14:28:38 +01:00
Mathias Vorreiter Pedersen
960e9900af C++: Move the 'getArgumentIndex' into the abstract 'Position' class. It is implemented in all subclasses anyway. 2025-04-10 14:28:36 +01:00
Mathias Vorreiter Pedersen
94e08e318d C++: Expose a few predicates from 'ExternalFlow'. 2025-04-10 14:18:47 +01:00
Napalys Klicius
43bf0beae9 Merge pull request #19263 from Napalys/js/make-dir-lib 
JS: Add support for `make-dir` package
 2025-04-10 15:09:43 +02:00
Napalys
86b64afa13 Added NextResponse to the ResponseCall class it models similar near idential behaviour. 2025-04-10 15:06:44 +02:00
Tom Hvitved
a578f44af4 QL4QL: Restrict ql/qlref-inline-expectations to (path-)problem queries 2025-04-10 15:03:57 +02:00
Mathias Vorreiter Pedersen
ea3bb8cf0c Shared: Provide a hook to MaD generation to modify the 'ReturnValue' string. 2025-04-10 14:02:31 +01:00
Mathias Vorreiter Pedersen
6c348b5855 Rust: Fixup MaD input. 2025-04-10 14:01:20 +01:00