hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,608 Commits 1,671 Branches 157 Tags
108db7512450cfd3167265e9e370f7b4419144ad
Commit Graph

3622 Commits

Author SHA1 Message Date
Geoffrey White
108db75124 Update rust/ql/lib/codeql/rust/security/AccessAfterLifetimeExtensions.qll 
Co-authored-by: Simon Friis Vindum <paldepind@github.com>
 2025-12-05 13:19:38 +00:00
Geoffrey White
4109848927 Rust: Clean up following merge. 2025-12-04 17:55:34 +00:00
Geoffrey White
b7402fef09 Merge remote-tracking branch 'upstream/main' into lifetimetest 2025-12-04 17:33:39 +00:00
Geoffrey White
3cdbef71f1 Rust: Change note. 2025-12-04 17:25:34 +00:00
Geoffrey White
32e9fdfe19 Rust: Fix the false positives. 2025-12-04 17:19:41 +00:00
Tom Hvitved
8b89e15dfa Merge pull request #20863 from hvitved/rust/call-refactor 
Rust: Restructure classes representing calls
 2025-12-04 17:02:17 +01:00
Geoffrey White
8594c7a29a Rust: Add test for rust/access-after-lifetime-ended FP involving generic calls. 2025-12-04 15:28:15 +00:00
Tom Hvitved
bc6d38ebb4 Address review comments 2025-12-04 10:38:47 +01:00
Anders Schack-Mulligen
607ad1f886 Merge pull request #20961 from aschackmull/dataflow/flowfrom 
Dataflow: Add flowFrom predicates to mirror flowTo.
 2025-12-04 10:09:29 +01:00
Tom Hvitved
38a572dfa0 Rust: Run codegen 2025-12-03 20:47:05 +01:00
Tom Hvitved
a707527022 Address review comments in annotations.py 2025-12-03 20:46:30 +01:00
Geoffrey White
2665d8395a Merge pull request #20939 from geoffw0/saltmodel 
Rust: Add heuristic sinks for passwords, initialization vectors etc
 2025-12-03 18:01:48 +00:00
Anders Schack-Mulligen
78e1879c9e Use more flowTo. 2025-12-03 14:12:08 +01:00
Geoffrey White
3028e5dac0 Rust: CallExpr -> Call. 2025-12-02 17:31:35 +00:00
Tom Hvitved
7378fbc567 Rust: Restructure classes representing calls 2025-12-02 10:08:04 +01:00
Tom Hvitved
666855dbd7 Shared: Improvements to content-sensitive model generation 2025-12-01 21:23:14 +01:00
Tom Hvitved
3e5ea5664c Rust: Add DB downgrade script 2025-12-01 20:59:31 +01:00
Tom Hvitved
b350a000e3 Rust: Add DB upgrade script 2025-12-01 20:59:30 +01:00
Tom Hvitved
a2782a12f2 Rust: Run codegen 2025-12-01 20:59:28 +01:00
Tom Hvitved
b40353f88f Rust: Remove CallExprBase and elaborate QL doc 2025-12-01 20:59:26 +01:00
Tom Hvitved
464d2cd5fc Merge pull request #20891 from hvitved/rust/data-flow-implicit-deref-borrow 
Rust: Improve handling of implicit derefs/borrows in data flow
 2025-12-01 19:03:55 +01:00
Simon Friis Vindum
87d6a60814 Merge pull request #20924 from paldepind/rust/struct-field-tostring 
Rust: Implement `toString` for struct fields and visibility
 2025-12-01 14:52:23 +01:00
Geoffrey White
c64f19f6eb Rust: Change note. 2025-12-01 12:39:19 +00:00
Geoffrey White
450403883b Rust: Add test cases for a small number of FPs we see. 2025-12-01 12:39:18 +00:00
Geoffrey White
e834e8665a Rust: Remove one of the cases that is causing FP results in MRVA. 2025-12-01 12:39:16 +00:00
Geoffrey White
faf69b821b Rust: Add sinks as barriers to prevent duplicate results. 2025-12-01 12:39:13 +00:00
Geoffrey White
bb50e9fb40 Rust: Add heuristic sinks for rust/hard-coded-cryptographic-value. 2025-12-01 12:39:12 +00:00
Tom Hvitved
6ddb9c784c Merge pull request #20853 from hvitved/rust/path-resolution-impl-self 
Rust: Refine `Self` resolution inside `impl` blocks
 2025-12-01 12:50:30 +01:00
Tom Hvitved
4bfe1a81dc Rust: Update expected test output following rebase 2025-12-01 11:38:50 +01:00
Tom Hvitved
d8177274a8 Rust: Improve handling of deref expressions in data flow 2025-12-01 11:34:06 +01:00
Tom Hvitved
4255f7f560 Address review comments 2025-12-01 11:34:03 +01:00
Tom Hvitved
6b003580d1 Rust: Improve handling of implicit derefs/borrows in data flow 2025-12-01 11:34:01 +01:00
Tom Hvitved
9b25a3112d Rust: Use TaintFlow instead of ValueFlow in tests 2025-12-01 11:33:57 +01:00
Tom Hvitved
d45f8f7236 Rust: Document overlapping function resoltion with test cases 2025-12-01 11:16:15 +01:00
Simon Friis Vindum
1fe7e2ec45 Rust: Change concat to strictconcat 2025-12-01 10:35:43 +01:00
Tom Hvitved
34f3892c35 Rust: Extend Self resolution logic to all item kinds 2025-12-01 09:58:27 +01:00
Tom Hvitved
250d15aef2 Rust: More path resolution tests 2025-12-01 09:54:22 +01:00
Tom Hvitved
77df65f2bc Address review comment 2025-12-01 09:07:47 +01:00
Geoffrey White
8e099480ab Rust: Add tests for heuristics. 2025-11-28 18:02:41 +00:00
Simon Friis Vindum
86eb949673 Merge pull request #20902 from paldepind/rust/xss-query 
Rust: Add new query for XSS vulnerabilities
 2025-11-28 09:09:14 +01:00
Simon Friis Vindum
1e305851ee Rust: Accept changes to expected files 2025-11-27 11:48:36 +01:00
Simon Friis Vindum
97dad2db17 Rust: Apply suggestions from docs review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2025-11-27 11:43:41 +01:00
Geoffrey White
e8cb6b8f54 Rust: Fix a couple of comments. 2025-11-27 09:24:34 +00:00
Tom Hvitved
f0cac321b2 Merge pull request #20236 from hvitved/rust/type-inference-async-dyn-future 
Rust: Model `async` return types as `dyn Future`
 2025-11-27 09:41:02 +01:00
Simon Friis Vindum
d88cfe98f8 Rust: Implement toString for struct fields and visibility 2025-11-27 09:35:31 +01:00
Simon Friis Vindum
8b32679475 Merge pull request #20921 from paldepind/rust/barrier-tweaks 
Rust: Tweaks and improvements to data flow barriers
 2025-11-27 08:56:04 +01:00
Tom Hvitved
a9b58b8db3 Rust: Model async return types as dyn Future 2025-11-26 21:03:03 +01:00
Simon Friis Vindum
329df20e55 Rust: Fix typo 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-11-26 15:48:34 +01:00
Felicity Chapman
caf6b950ac Remove trailing periods from @name metadata in query files 
Fixed 73 .ql query files where the @name metadata contained an ending period.
This ensures consistency with the CodeQL query metadata style guidelines.
 2025-11-26 14:29:51 +00:00
Simon Friis Vindum
815af34c66 Rust: Add additional barriers to queries 2025-11-26 14:54:11 +01:00