hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-03 04:39:29 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,125 Commits 1,741 Branches 166 Tags
018674cfde59c1b0e507bcdb9fa3fbf234d05cf2
Commit Graph

86125 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
fd5c5b5635 Rust: Change note. 2026-02-19 08:59:55 +00:00
Geoffrey White
97a02ed903 Rust: Remove MacroCallTargetStats from rust/diagnostic/database-quality. 2026-02-19 08:57:12 +00:00
Paolo Tranquilli
6e8f43ce2e Merge pull request #21343 from github/redsun82/update-rust-toolchain 
Bazel: Update Rust toolchain to nightly/2026-01-22 and rules_rust to 0.68.1.codeql.1
 2026-02-19 09:40:26 +01:00
Tom Hvitved
6dfbd4e062 Merge pull request #21342 from hvitved/csharp/equals-nullable-tests 
C#: Add tests for `Equals` methods with nullable parameter types
 2026-02-19 09:08:33 +01:00
Paolo Tranquilli
e11363280a Rust: accept test changes 2026-02-18 16:56:28 +01:00
Taus
6b6d8862b0 Merge pull request #21288 from microsoft/azure_python_sanitizer_upstream2 
Azure python sanitizer upstream2
 2026-02-18 14:59:59 +01:00
Owen Mansel-Chan
1d6b8c5120 Use postprocessing queries for unrelated test 
Need to do this because the model numbering was changing. At the same
time we may as well use inline expectations.
 2026-02-18 13:49:53 +00:00
Owen Mansel-Chan
05d681fe19 Update taintstep test for models becoming MaD 2026-02-18 13:49:50 +00:00
Mathias Vorreiter Pedersen
a2339305e5 Merge pull request #329 from geoffw0/moreascii 
Address more non-ascii characters
 2026-02-18 13:43:16 +00:00
Owen Mansel-Chan
f577e973bc Update other test in same folder 2026-02-18 13:39:06 +00:00
Óscar San José
df35f9f98b Merge pull request #21339 from github/oscarsj/skip-csharp-integration-on-macos-26 
Skip csharp integration tests on macos-26
 2026-02-18 14:29:42 +01:00
Paolo Tranquilli
24f3d9ede0 Revert rust-toolchain.toml changes and update test expectations 2026-02-18 13:56:48 +01:00
Taus
3d4785f29f Python: Add change note 2026-02-18 12:51:35 +00:00
Tom Hvitved
1357de90ec Merge pull request #21311 from hvitved/rust/path-resolution-remove-duplicates 
Rust: Make path resolution robust against invalid code with conflicting declarations
 2026-02-18 12:29:06 +01:00
Geoffrey White
d7250a8abe Address more non-ascii characters. 2026-02-18 11:23:01 +00:00
Paolo Tranquilli
116f5a253c Bazel: Update Rust toolchain to nightly/2026-01-22 and rules_rust to 0.68.1.codeql.1 
Update the Rust nightly toolchain from nightly/2025-08-01 to nightly/2026-01-22
(rustc 1.95.0-nightly), and rules_rust from 0.66.0 to 0.68.1.codeql.1.

The new nightly changed how stdlib metadata is distributed: .rlib files now
contain only a metadata stub, with full metadata in separate .rmeta files.
rules_rust's stdlib glob doesn't include *.rmeta, causing 'only metadata stub
found' errors. This is patched via a custom registry entry (0.68.1.codeql.1).

Upstream bug: https://github.com/bazelbuild/rules_rust/issues/3859
 2026-02-18 12:22:01 +01:00
Idriss Riouak
22b55f3d6f Merge pull request #21063 from github/idrissrio/cpp/overlay/single-location 
C/C++ overlay: discard single location elements
 2026-02-18 08:58:21 +01:00
Tom Hvitved
93d417049c C#: Add tests for Equals methods with nullable parameter types 2026-02-18 08:42:15 +01:00
Owen Mansel-Chan
1bff7a3eb8 Add change note 2026-02-17 22:29:35 +00:00
Owen Mansel-Chan
eb7f1989c7 Reinstate ql model for String#shellescape 2026-02-17 22:27:15 +00:00
Owen Mansel-Chan
de5470a85c Add MaD barriers for Shellwords.escape and shellescape 
Note that this will only block flow for queries that use the kind `command-injection`.
 2026-02-17 22:27:13 +00:00
Owen Mansel-Chan
b3681f7a0c Model flow through Shellwords escape and shellescape 2026-02-17 22:27:11 +00:00
Owen Mansel-Chan
6294c3b3b8 Remove Shellwords sanitizer in ql 
Note that some sanitizers had no effect because flow through those functions wasn't modeled.
 2026-02-17 22:27:10 +00:00
Owen Mansel-Chan
4aee99f0eb Reinstate SQLite3 sanitizer in MaD 2026-02-17 22:27:08 +00:00
Owen Mansel-Chan
5df695bec9 Move SQLite3 flow model to MaD and remove ql sanitizer 2026-02-17 22:27:06 +00:00
Owen Mansel-Chan
1fa183ee2a Improve Sqlite3 test 2026-02-17 22:27:04 +00:00
Owen Mansel-Chan
d4bb92b038 Reinstate Mysql2 sanitizer in MaD 2026-02-17 22:27:03 +00:00
Owen Mansel-Chan
3e4f42f8a3 Move Mysql2 flow model to MaD and remove ql sanitizer 2026-02-17 22:27:01 +00:00
Owen Mansel-Chan
fc429c1757 Improve Mysql2 test 2026-02-17 22:27:00 +00:00
Owen Mansel-Chan
1d7a39a093 Change how sql-injection barriers are accepted 2026-02-17 22:26:58 +00:00
Ben Rodes
a1eaf42cbf Update python/ql/lib/change-notes/2026-02-09-ssrf_test_case_cleanup_and_new_ssrf_barriers.md 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2026-02-17 13:05:51 -05:00
Óscar San José
fa73cd5d5c Remove unnecessary blank line in test.py 2026-02-17 18:49:51 +01:00
Óscar San José
6760390d75 Fix imports 2026-02-17 18:49:11 +01:00
Óscar San José
60295662b7 Merge branch 'main' into oscarsj/skip-csharp-integration-on-macos-26 2026-02-17 18:42:16 +01:00
Ben Rodes
ea0d1bf262 Apply suggestion from @bdrodes 2026-02-17 12:38:59 -05:00
Ben Rodes
0106072b88 Update cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2026-02-17 12:35:27 -05:00
Ben Rodes
779fd757a3 Update cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2026-02-17 12:35:15 -05:00
Óscar San José
0b31ca4348 Merge pull request #21340 from github/copilot/sub-pr-21339 
Centralize mono/nuget platform skip predicate in conftest.py
 2026-02-17 18:26:31 +01:00
copilot-swe-agent[bot]
60b8213fdd Remove unused pytest import from conftest.py 
Co-authored-by: oscarsj <1410188+oscarsj@users.noreply.github.com>
 2026-02-17 17:22:27 +00:00
copilot-swe-agent[bot]
004ebd386c Centralize mono/nuget skip predicate in conftest.py 
Co-authored-by: oscarsj <1410188+oscarsj@users.noreply.github.com>
 2026-02-17 17:21:50 +00:00
copilot-swe-agent[bot]
9efe112026 Initial plan 2026-02-17 17:16:54 +00:00
Óscar San José
5cf281a1b6 Apply suggestions from code review 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-02-17 18:16:51 +01:00
Jeroen Ketema
61dc1d673e Merge pull request #21331 from jketema/must-flow 
C++: Modernize `MustFlow` and fix `allowInterproceduralFlow` in the case of direct recursion
 2026-02-17 17:36:58 +01:00
Óscar San José
0676ba1c07 Skip csharp integration tests on macos-26 2026-02-17 17:23:38 +01:00
Ben Rodes
1072d6a7b7 Apply suggestion from @geoffw0 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2026-02-17 10:49:58 -05:00
Ben Rodes
ceb3b21e0f Update python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryCustomizations.qll 
Co-authored-by: Taus <tausbn@github.com>
 2026-02-17 10:28:43 -05:00
Ben Rodes
c811fae876 Update cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2026-02-17 10:14:11 -05:00
Ben Rodes
549dcb31be Update cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2026-02-17 10:13:55 -05:00
Owen Mansel-Chan
05f9b4124d Revert "javascript: remove sanitizer to be replaced by model" 
This reverts commit da2f77d615.
 2026-02-17 14:39:04 +00:00
Owen Mansel-Chan
b8f9dd9de5 Revert "javascript: add MaD model" 
This reverts commit 75bd4a7a12.
 2026-02-17 14:38:56 +00:00