codeql

mirror of https://github.com/github/codeql.git synced 2025-12-16 08:43:11 +01:00

Author	SHA1	Message	Date
Taus	d2c7147480	Python: Add new test	2025-12-10 13:52:13 +00:00
Taus	6af9fd816f	Python: Make space for new test	2025-12-10 13:51:20 +00:00
Taus	e6e05012c8	Python: Add change note	2025-12-09 22:55:40 +00:00
Taus	ad68a5e4e9	Python: Add modelling for `zstd.compression` See https://docs.python.org/3/library/compression.zstd.html for information about this library. As far as I can tell, the `zstd` library is not vulnerable to things like ZipSlip, but it _could_ be vulnerable to a decompression bomb attack, so I extended those models accordingly.	2025-12-09 22:52:16 +00:00
Tom Hvitved	fe18e0e414	Merge pull request #20997 from paldepind/rust/fix-expected Rust: Accept changes to expected files	2025-12-09 14:25:36 +01:00
Tom Hvitved	a5f513f178	Merge pull request #20954 from hvitved/rust/stats-more-calls Rust: Include more calls in DB quality metrics	2025-12-09 14:14:07 +01:00
Simon Friis Vindum	53ad3282c3	Rust: Accept changes to expected files	2025-12-09 14:01:31 +01:00
Owen Mansel-Chan	cf19586516	Merge pull request #20993 from github/dependabot/go_modules/go/extractor/extractor-dependencies-955632e86c Bump the extractor-dependencies group in /go/extractor with 2 updates	2025-12-09 09:36:16 +00:00
Anders Schack-Mulligen	139dc0acaf	Merge pull request #20922 from aschackmull/csharp/object-initializer C#: Replace initializer splitting with an ObjectInitMethod.	2025-12-09 10:35:02 +01:00
yoff	5c6d83ed65	Merge pull request #20877 from joefarebrother/python-tornado-websocket Python: Add models for websocket handlers for Tornado	2025-12-09 10:08:59 +01:00
Michael Nebel	8ecae77887	Merge pull request #20991 from github/dependabot/nuget/csharp/ql/integration-tests/posix/standalone_dependencies_no_framework/nuget-335537b6a2 Bump the nuget group with 1 update	2025-12-09 10:01:15 +01:00
Tom Hvitved	e054741061	Update expected test output	2025-12-09 09:13:26 +01:00
Tom Hvitved	31b184a404	Rust: Exclude deref expressions on raw pointers from call resolution stats	2025-12-09 08:54:51 +01:00
dependabot[bot]	9eb1eb8f0d	Bump the extractor-dependencies group in /go/extractor with 2 updates Bumps the extractor-dependencies group in /go/extractor with 2 updates: [golang.org/x/mod](https://github.com/golang/mod) and [golang.org/x/tools](https://github.com/golang/tools). Updates `golang.org/x/mod` from 0.30.0 to 0.31.0 - [Commits](https://github.com/golang/mod/compare/v0.30.0...v0.31.0) Updates `golang.org/x/tools` from 0.39.0 to 0.40.0 - [Release notes](https://github.com/golang/tools/releases) - [Commits](https://github.com/golang/tools/compare/v0.39.0...v0.40.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-version: 0.31.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: extractor-dependencies - dependency-name: golang.org/x/tools dependency-version: 0.40.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: extractor-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>	2025-12-09 03:07:27 +00:00
Owen Mansel-Chan	e7147244e8	Merge pull request #20992 from myvyang/main Change MethodAccess to MethodCall in query example.	2025-12-09 01:22:55 +00:00
Owen Mansel-Chan	d15342db1f	Fix table padding	2025-12-09 01:12:53 +00:00
i	134312173f	MethodAccess has been deprecated, Change MethodAccess to MethodCall in query example.	2025-12-09 08:41:01 +08:00
dependabot[bot]	c8992fc834	Bump the nuget group with 1 update Bumps Newtonsoft.Json from 6.0.4 to 13.0.1 --- updated-dependencies: - dependency-name: Newtonsoft.Json dependency-version: 13.0.1 dependency-type: direct:production dependency-group: nuget ... Signed-off-by: dependabot[bot] <support@github.com>	2025-12-09 00:33:13 +00:00
Chris Smowton	359a28e409	Merge pull request #20984 from github/rc/3.20 Java: Add change note for Maven compiler flags	2025-12-08 14:24:58 +00:00
Tom Hvitved	0280771c51	Merge pull request #20953 from hvitved/rust/data-flow-call-models Rust: Model more data flow constructs as calls using MaD	2025-12-08 15:22:02 +01:00
Tom Hvitved	57ce2ee749	Address review comments	2025-12-08 13:27:36 +01:00
Chris Smowton	ef991e5ba5	Merge pull request #20983 from smowton/smowton/feature/csharp-csrf-aspnetcore C# CSRF query: add support for ASP.NET Core	2025-12-08 12:14:48 +00:00
Idriss Riouak	877669d1f0	Merge pull request #20981 from github/idrissrio/java/java-maven-sap Java: Add change note for Maven compiler flags	2025-12-08 12:55:50 +01:00
Chris Smowton	79718b6dcb	Change note	2025-12-08 11:54:02 +00:00
Chris Smowton	5bb31afc83	C# CSRF query: add support for ASP.NET Core	2025-12-08 11:51:01 +00:00
idrissrio	a0e7afde8e	Java: Add change note for Maven compiler flags	2025-12-08 12:14:03 +01:00
Simon Friis Vindum	cd6429a39e	Merge pull request #20969 from paldepind/rust/dispath-default-trait Rust: Do not dispatch to all implementations when trait target is accurate	2025-12-08 10:45:55 +01:00
Tom Hvitved	bfa37b8488	Fix typo	2025-12-08 10:17:47 +01:00
Geoffrey White	24852c6664	Merge pull request #20966 from geoffw0/lifetimetest Rust: Fix FPs from rust/access-after-lifetime-ended	2025-12-08 09:03:51 +00:00
Michael Nebel	10c01832b0	Merge pull request #20964 from michaelnebel/csharp/nugetversionsorting C#: Fix NuGet version bug and a .NET10 compatibility issue.	2025-12-08 09:35:53 +01:00
Óscar San José	3230df02d9	Merge pull request #20975 from github/oscarsj/merge-back-rc-3.20 Merge back rc/3.20	2025-12-05 21:16:18 +01:00
Óscar San José	bc6133de5c	Merge branch 'main' of https://github.com/github/codeql into oscarsj/merge-back-rc-3.20	2025-12-05 19:31:47 +01:00
Tom Hvitved	9a95acadb5	Merge pull request #20963 from hvitved/rust/call-refactor-follow-up Rust: Remove some predicates	2025-12-05 14:38:47 +01:00
Paolo Tranquilli	2acb02bf67	Merge pull request #20971 from github/redsun82/ripunzip Ripunzip: update to 2.0.4	2025-12-05 14:32:55 +01:00
Taus	1b519384d7	Merge pull request #20739 from github/tausbn/python-remove-top-level-points-to-imports Python: Hide points-to imports in `python.qll`	2025-12-05 14:24:41 +01:00
Geoffrey White	108db75124	Update rust/ql/lib/codeql/rust/security/AccessAfterLifetimeExtensions.qll Co-authored-by: Simon Friis Vindum <paldepind@github.com>	2025-12-05 13:19:38 +00:00
Simon Friis Vindum	f200dba7dd	Rust: Add change note	2025-12-05 14:12:58 +01:00
Simon Friis Vindum	fa4b212020	Rust: Fix grammar Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>	2025-12-05 14:03:29 +01:00
Paolo Tranquilli	90aeccab07	Ripunzip: update to 2.0.4	2025-12-05 13:55:33 +01:00
Chris Smowton	86962c6055	Merge pull request #20970 from github/smowton/admin/document-missing-actions-permissions-shortcomings Actions: note imprecision of MissingActionsPermissions.ql	2025-12-05 12:43:49 +00:00
Chris Smowton	02caa098bc	Actions: note imprecision of MissingActionsPermissions.ql Added a note to the query's qhelp to note its imprecision, but also encourage usage of a permissions block regardless as a belt-and-braces measure.	2025-12-05 12:36:07 +00:00
Simon Friis Vindum	5888ed30bd	Rust: Do not dispatch to all implementations when trait target is accurate	2025-12-05 13:01:22 +01:00
Óscar San José	5addb53e0f	Merge pull request #20946 from github/post-release-prep/codeql-cli-2.23.7 Post-release preparation for codeql-cli-2.23.7	2025-12-05 12:51:51 +01:00
Tom Hvitved	12a6dcc4ff	Rust: Remove some predicates	2025-12-05 12:50:36 +01:00
Anders Schack-Mulligen	28e9420476	C#: Fix lambda flow.	2025-12-05 10:58:01 +01:00
Paolo Tranquilli	795bfdf02d	Merge pull request #20962 from github/redsun82/dependabot Dependabot: add bazel	2025-12-05 10:51:29 +01:00
Simon Friis Vindum	59ce721f7d	Rust: Add global data flow example	2025-12-05 09:38:22 +01:00
Tom Hvitved	5a5679bd51	Rust: Taint flow through operations using MaD	2025-12-05 09:19:03 +01:00
Tom Hvitved	41916640c3	Rust: Taint flow tests for operations	2025-12-05 09:19:02 +01:00
Tom Hvitved	294c489fd8	Rust: Handle `x[y]` expressions as `*.index(y)` calls in data flow	2025-12-05 09:18:59 +01:00

1 2 3 4 5 ...

84738 Commits