Rasmus Lerchedahl Petersen
0ecca91dea
Python: typo
2026-05-21 16:59:16 +01:00
Rasmus Lerchedahl Petersen
f669a4f3bf
Python: Make sure all imprecise taint bubbles up
2026-05-21 16:59:14 +01:00
Rasmus Lerchedahl Petersen
3275c814bd
Python: reset test expectations
2026-05-21 16:59:11 +01:00
Rasmus Lerchedahl Petersen
9a180036a5
Python: conversion step for format_map
...
and adjust collection test
2026-05-21 16:59:08 +01:00
Rasmus Lerchedahl Petersen
93e7ab52b7
Python: adjust test expectations
...
We now find an alert on this line as we hope to
It is not an alert for _full_ SSRF, though, since that configuration cannot handle multiple substitutions.
2026-05-21 16:58:51 +01:00
Rasmus Lerchedahl Petersen
facb3b681d
Python: recover taint for % format strings
2026-05-21 16:57:50 +01:00
Rasmus Lerchedahl Petersen
b67694b2ab
Python: Remove imprecise container steps
...
- remove `tupleStoreStep` and `dictStoreStep` from `containerStep`
These are imprecise compared to the content being precise.
- add implicit reads to recover taint at sinks
- add implicit read steps for decoders
to supplement the `AdditionalTaintStep`
that now only covers when the full container is tainted.
2026-05-21 16:57:44 +01:00
Owen Mansel-Chan
7e6b10e8cf
Merge pull request #21879 from owen-mc/shared/cfg/simpleleafnode
...
Shared CFG: update `simpleLeafNode` to exclude those with additional leaf nodes
2026-05-21 14:58:04 +01:00
Owen Mansel-Chan
149bfd19d3
Merge pull request #21880 from owen-mc/shared/cfg/for-loop-stmt-init-update
...
Shared CFG: Make the init and update parts of a for loop statements
2026-05-21 14:57:44 +01:00
Paolo Tranquilli
153fbb0378
Merge pull request #21878 from github/redsun82/windows-diagnostic-path-tests
...
Add Windows file path tests for `relativize_for_diagnostic`
2026-05-21 15:30:25 +02:00
Owen Mansel-Chan
039b5927f0
C#: update ForStmt wrapper class
2026-05-21 13:45:30 +01:00
Owen Mansel-Chan
2070dafeb2
Java: add ForStmt wrapper class
2026-05-21 13:41:29 +01:00
Owen Mansel-Chan
c3bafc75ab
Shared CFG: allow statements for init and update of for loop
2026-05-21 13:40:26 +01:00
Owen Mansel-Chan
19f93cd18b
Shared CFG: update simpleLeafNode to exclude those with additional nodes
2026-05-21 13:31:56 +01:00
Paolo Tranquilli
39becfd7e5
Add Windows file path tests for relativize_for_diagnostic
...
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com >
2026-05-21 14:08:50 +02:00
Paolo Tranquilli
a84043b627
Merge pull request #21844 from github/redsun82/issue-21802-ruby-absolute-paths-in-sarif-diagnostics-a02887
...
Use relative paths in tree-sitter extractor diagnostics
2026-05-21 14:00:32 +02:00
Owen Mansel-Chan
2280955136
Merge pull request #21800 from knewbury01/knewbury01/adjust-actions-queries-untrusted-checkout-critical-alert
...
Actions: Adjust alert location UntrustedCheckoutCritical
2026-05-21 12:40:29 +01:00
Owen Mansel-Chan
4897757b96
Merge pull request #21875 from github/workflow/coverage/update
...
Update CSV framework coverage reports
2026-05-21 11:09:26 +01:00
github-actions[bot]
fb04cd2212
Add changed framework coverage reports
2026-05-21 00:54:55 +00:00
Mathias Vorreiter Pedersen
157424cca3
Merge pull request #21836 from MathiasVP/uncertain-def-more-complete
...
C++: Support reasoning about whether a phi node overwrites the entire buffer
2026-05-20 13:04:37 +01:00
Jack Nørskov Jørgensen
4b095f3129
Merge pull request #21754 from github/jacknojo/add_llm_generated_mads_for_avro
...
Add MaDs for Apache Avro
2026-05-20 08:24:06 +02:00
Geoffrey White
3aa660663e
Merge pull request #21806 from geoffw0/extsensitive
...
Shared: Improvements to SensitiveDataHeuristics.qll
2026-05-19 16:22:03 +01:00
Paolo Tranquilli
c1e26f9ea5
Merge pull request #21847 from github/redsun82/redsun82-python-absolute-paths-in-diagno
...
Python extractor: use relative paths in diagnostic locations
2026-05-19 17:03:35 +02:00
Mathias Vorreiter Pedersen
f5113b1932
C++: Fix internal SCC edges and accept test changes.
2026-05-19 15:39:32 +01:00
Mathias Vorreiter Pedersen
f77d426706
C++: Add test demonstrating broken phi cycle certain'ness.
2026-05-19 15:35:20 +01:00
Mathias Vorreiter Pedersen
c6ce13a012
C++: Simplify recursion in 'PhiCycle::isCertain' and do not restrict the definition to be a 'PhiNode'.
2026-05-19 15:27:23 +01:00
Jack Nørskov Jørgensen
aa136a3282
Add change note entry
2026-05-19 16:09:05 +02:00
Michael Nebel
49a435c402
Merge pull request #21827 from michaelnebel/csharp14/userincrementdecrement
...
C# 14: User increment/decrement support.
2026-05-19 14:18:08 +02:00
Jeroen Ketema
96ef59a22a
Merge pull request #21861 from jketema/jketema/swift-6.3.2
...
Swift: Update to Swift 6.3.2
2026-05-19 14:01:25 +02:00
Michael Nebel
7a1a90b5a4
C#: Address review comment.
2026-05-19 13:23:22 +02:00
Paolo Tranquilli
06c908756f
Merge branch 'main' into redsun82/issue-21802-ruby-absolute-paths-in-sarif-diagnostics-a02887
2026-05-19 13:17:23 +02:00
Mathias Vorreiter Pedersen
d93de54397
C++: Consistent use of 'this.getIndirection()' in 'toString'.
2026-05-19 12:16:37 +01:00
Paolo Tranquilli
adf59f3ee5
Merge branch 'main' into redsun82/redsun82-python-absolute-paths-in-diagno
2026-05-19 13:09:04 +02:00
Jeroen Ketema
22a8123ee1
Merge pull request #21860 from jketema/jketema/alias-template
...
C++: Support alias templates
2026-05-19 10:46:56 +02:00
Jack Nørskov Jørgensen
3119ef6c1a
Add MaDs for Apache Avro
2026-05-19 09:27:32 +02:00
Jeroen Ketema
01ff9aa91f
Swift: Update to Swift 6.3.2
2026-05-19 06:50:59 +02:00
Mathias Vorreiter Pedersen
0633bc7b91
Merge pull request #21862 from MathiasVP/more-fopen-models
...
C++: Add two more `fopen`-like models.
2026-05-18 22:43:48 +01:00
Owen Mansel-Chan
ad69cfb721
Merge pull request #21838 from github/copilot/widen-regex-for-pinned-actions
...
Align `alphaNumericRegex()` with the documented grouped SHA pattern
2026-05-18 17:35:27 +01:00
Mathias Vorreiter Pedersen
2c156994de
C++: Add two more 'fopen'-like models.
2026-05-18 14:47:11 +01:00
Jeroen Ketema
5f6553490c
Update cpp/ql/lib/change-notes/2026-05-16-alias-template.md
2026-05-18 15:04:52 +02:00
Jeroen Ketema
d14b8064b0
Update cpp/ql/lib/semmle/code/cpp/TypedefType.qll
2026-05-18 15:04:03 +02:00
Jeroen Ketema
7636bf560e
Potential fix for pull request finding
...
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com >
2026-05-18 15:02:34 +02:00
Michael Nebel
9b2b5971fe
Merge pull request #21846 from michaelnebel/csharp/updateextractordependencies
...
C# 14: Update paket and dependencies.
2026-05-18 14:25:55 +02:00
Jeroen Ketema
c2e2770bbf
C++: Simplify type alias class naming
2026-05-18 14:22:04 +02:00
Jeroen Ketema
e55edf2f1f
Merge pull request #21853 from jketema/jketema/template-constants
...
C++: Update test results after extractor changes
2026-05-18 13:43:54 +02:00
Óscar San José
8a199f963d
Merge pull request #21692 from github/copilot/update-codeql-query-for-composite-actions
...
Extend `actions/unpinned-tag` to analyze composite action metadata (`action.yml` / `action.yaml`)
2026-05-18 12:17:13 +02:00
Mathias Vorreiter Pedersen
fcdce550e8
Merge pull request #21857 from MathiasVP/fix-cleartext-fp
...
C++: Fix FP on `cpp/cleartext-transmission`
2026-05-18 10:58:13 +01:00
Jeroen Ketema
76f71dd235
Merge pull request #21817 from jketema/go-version
...
Go: Make version parsing robust in the face of custom Go builds
2026-05-18 10:45:55 +02:00
Jeroen Ketema
305a63bc38
C++: Update dbscheme stats
2026-05-16 16:10:27 +02:00
Jeroen Ketema
963715884e
C++: Add change note
2026-05-16 11:50:00 +02:00
