hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,698 Commits 1,671 Branches 157 Tags
0280771c51b80318e3a11644fed7ac3fa018e404
Commit Graph

84698 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
0280771c51 Merge pull request #20953 from hvitved/rust/data-flow-call-models 
Rust: Model more data flow constructs as calls using MaD
 2025-12-08 15:22:02 +01:00
Tom Hvitved
57ce2ee749 Address review comments 2025-12-08 13:27:36 +01:00
Chris Smowton
ef991e5ba5 Merge pull request #20983 from smowton/smowton/feature/csharp-csrf-aspnetcore 
C# CSRF query: add support for ASP.NET Core
 2025-12-08 12:14:48 +00:00
Chris Smowton
79718b6dcb Change note 2025-12-08 11:54:02 +00:00
Chris Smowton
5bb31afc83 C# CSRF query: add support for ASP.NET Core 2025-12-08 11:51:01 +00:00
Simon Friis Vindum
cd6429a39e Merge pull request #20969 from paldepind/rust/dispath-default-trait 
Rust: Do not dispatch to all implementations when trait target is accurate
 2025-12-08 10:45:55 +01:00
Geoffrey White
24852c6664 Merge pull request #20966 from geoffw0/lifetimetest 
Rust: Fix FPs from rust/access-after-lifetime-ended
 2025-12-08 09:03:51 +00:00
Michael Nebel
10c01832b0 Merge pull request #20964 from michaelnebel/csharp/nugetversionsorting 
C#: Fix NuGet version bug and a .NET10 compatibility issue.
 2025-12-08 09:35:53 +01:00
Óscar San José
3230df02d9 Merge pull request #20975 from github/oscarsj/merge-back-rc-3.20 
Merge back rc/3.20
 2025-12-05 21:16:18 +01:00
Óscar San José
bc6133de5c Merge branch 'main' of https://github.com/github/codeql into oscarsj/merge-back-rc-3.20 2025-12-05 19:31:47 +01:00
Tom Hvitved
9a95acadb5 Merge pull request #20963 from hvitved/rust/call-refactor-follow-up 
Rust: Remove some predicates
 2025-12-05 14:38:47 +01:00
Paolo Tranquilli
2acb02bf67 Merge pull request #20971 from github/redsun82/ripunzip 
Ripunzip: update to 2.0.4
 2025-12-05 14:32:55 +01:00
Taus
1b519384d7 Merge pull request #20739 from github/tausbn/python-remove-top-level-points-to-imports 
Python: Hide points-to imports in `python.qll`
 2025-12-05 14:24:41 +01:00
Geoffrey White
108db75124 Update rust/ql/lib/codeql/rust/security/AccessAfterLifetimeExtensions.qll 
Co-authored-by: Simon Friis Vindum <paldepind@github.com>
 2025-12-05 13:19:38 +00:00
Simon Friis Vindum
f200dba7dd Rust: Add change note 2025-12-05 14:12:58 +01:00
Simon Friis Vindum
fa4b212020 Rust: Fix grammar 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-12-05 14:03:29 +01:00
Paolo Tranquilli
90aeccab07 Ripunzip: update to 2.0.4 2025-12-05 13:55:33 +01:00
Chris Smowton
86962c6055 Merge pull request #20970 from github/smowton/admin/document-missing-actions-permissions-shortcomings 
Actions: note imprecision of MissingActionsPermissions.ql
 2025-12-05 12:43:49 +00:00
Chris Smowton
02caa098bc Actions: note imprecision of MissingActionsPermissions.ql 
Added a note to the query's qhelp to note its imprecision, but also encourage usage of a permissions block regardless as a belt-and-braces measure.
 2025-12-05 12:36:07 +00:00
Simon Friis Vindum
5888ed30bd Rust: Do not dispatch to all implementations when trait target is accurate 2025-12-05 13:01:22 +01:00
Óscar San José
5addb53e0f Merge pull request #20946 from github/post-release-prep/codeql-cli-2.23.7 
Post-release preparation for codeql-cli-2.23.7
 2025-12-05 12:51:51 +01:00
Tom Hvitved
12a6dcc4ff Rust: Remove some predicates 2025-12-05 12:50:36 +01:00
Paolo Tranquilli
795bfdf02d Merge pull request #20962 from github/redsun82/dependabot 
Dependabot: add bazel
 2025-12-05 10:51:29 +01:00
Simon Friis Vindum
59ce721f7d Rust: Add global data flow example 2025-12-05 09:38:22 +01:00
Tom Hvitved
5a5679bd51 Rust: Taint flow through operations using MaD 2025-12-05 09:19:03 +01:00
Tom Hvitved
41916640c3 Rust: Taint flow tests for operations 2025-12-05 09:19:02 +01:00
Tom Hvitved
294c489fd8 Rust: Handle x[y] expressions as *.index(y) calls in data flow 2025-12-05 09:18:59 +01:00
Tom Hvitved
e72c8acb6c Rust: Add data flow tests for collections 2025-12-05 09:16:57 +01:00
Tom Hvitved
09461e9cb6 Merge pull request #20967 from hvitved/rust/call-refactor-fix 
Rust: Call refactor follow-up fixes
 2025-12-05 09:16:18 +01:00
Simon Friis Vindum
1a19df2044 Merge pull request #20950 from paldepind/rust/ti-raw-pointer 
Rust: Type inference for raw pointers
 2025-12-05 09:06:13 +01:00
Owen Mansel-Chan
6d301f27d0 Merge pull request #20937 from owen-mc/actions/fix/code-injection-privileged-context 
Actions: fix filtering of code injection results between medium and critical version of query
 2025-12-05 07:54:13 +00:00
Joe Farebrother
d70c596c86 Merge pull request #20914 from joefarebrother/python-socketio 
Python: Add models for socketio
 2025-12-04 23:14:58 +00:00
Tom Hvitved
be1d756de4 Rust: Call refactor follow-up fixes 2025-12-04 21:15:28 +01:00
Geoffrey White
4109848927 Rust: Clean up following merge. 2025-12-04 17:55:34 +00:00
Geoffrey White
b7402fef09 Merge remote-tracking branch 'upstream/main' into lifetimetest 2025-12-04 17:33:39 +00:00
Geoffrey White
3cdbef71f1 Rust: Change note. 2025-12-04 17:25:34 +00:00
Geoffrey White
32e9fdfe19 Rust: Fix the false positives. 2025-12-04 17:19:41 +00:00
Owen Mansel-Chan
4a16de2bc8 Pull out logic into separate predicate 2025-12-04 16:50:39 +00:00
Owen Mansel-Chan
fb841ea591 Make predicates containing query logic more self-contained 2025-12-04 16:50:37 +00:00
Owen Mansel-Chan
8bac1dec83 Add change note 2025-12-04 16:50:36 +00:00
Owen Mansel-Chan
f6bdb3a126 Fix filtering of code injection alerts between medium and critical 2025-12-04 16:50:34 +00:00
Owen Mansel-Chan
e2acd1b668 Add test with push and workflow_dispatch triggers 
This is based on push.yml, and it should still be found by
actions/code-injection/medium, but it isn't.
 2025-12-04 16:50:33 +00:00
Tom Hvitved
8b89e15dfa Merge pull request #20863 from hvitved/rust/call-refactor 
Rust: Restructure classes representing calls
 2025-12-04 17:02:17 +01:00
Simon Friis Vindum
27ddc813af Rust: Cleanup of raw pointer types based in PR feedback 2025-12-04 16:41:28 +01:00
Owen Mansel-Chan
5c8ab1f6d1 Merge pull request #20956 from owen-mc/java/improve-regex-sanitizer 
Java: improve regex sanitizer for `java/ssrf`
 2025-12-04 15:32:12 +00:00
Geoffrey White
8594c7a29a Rust: Add test for rust/access-after-lifetime-ended FP involving generic calls. 2025-12-04 15:28:15 +00:00
Michael Nebel
5a33f9fcd8 C#: Update integration test expected output. 2025-12-04 15:58:02 +01:00
Michael Nebel
4112cfc8f1 C#: Add change note. 2025-12-04 15:42:18 +01:00
Michael Nebel
a3e545ddd5 C#: Use NuGetVersion instead of homemade version implementation. 2025-12-04 15:34:28 +01:00
Michael Nebel
1b84f70d1c C#: Use NuGet version sorting instead of lexicographic directory name sorting for finding newest package version. 2025-12-04 15:34:26 +01:00