hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-30 02:51:24 +02:00
Code Issues Packages Projects Releases Wiki Activity
87,716 Commits 1,763 Branches 168 Tags
1de7b0e729652ab655233edaefd08ae65708d0f1
Commit Graph

5046 Commits

Author SHA1 Message Date
copilot-swe-agent[bot]
1de7b0e729 Merge PR #21873 branch to get files 2026-05-29 12:14:38 +00:00
Anders Schack-Mulligen
4c31866910 Merge pull request #21867 from aschackmull/ruby/callable-body 
Ruby: Split callable and its body into two AST nodes.
 2026-05-29 10:16:19 +02:00
Tom Hvitved
09371339d7 Ruby: Adopt shared local name resolution library 2026-05-29 09:06:14 +02:00
Tom Hvitved
7718fe40a0 Ruby: Add more variable tests 2026-05-28 10:50:15 +02:00
Anders Schack-Mulligen
780591d42a Ruby: Remove spurious parent-child edges for Ruby::SimpleSymbol. 
These treesitter nodes translate to multiple AstNodes, but we only want
those that are Stmts.
 2026-05-27 10:06:15 +02:00
Anders Schack-Mulligen
3aa69823af Ruby: Skip BodyStmt in ErbDirective.getAChildStmt. 2026-05-27 10:06:14 +02:00
Óscar San José
996e79131e Merge branch 'main' into post-release-prep/codeql-cli-2.25.5 2026-05-22 16:32:30 +02:00
Anders Schack-Mulligen
e07f45fff4 Ruby: Accept test changes. 2026-05-22 13:36:59 +02:00
Anders Schack-Mulligen
3adb7043e8 Ruby: Fix pre-existing bug. 2026-05-22 13:29:45 +02:00
Anders Schack-Mulligen
7dcd2d6ab6 Ruby: Adjust CFG to updated AST. 2026-05-22 11:06:15 +02:00
Anders Schack-Mulligen
b6c2915f24 Ruby: Split callable and its body into two AST nodes. 2026-05-22 11:06:14 +02:00
github-actions[bot]
9f64000962 Post-release preparation for codeql-cli-2.25.5 2026-05-18 15:20:31 +00:00
github-actions[bot]
e38616a2ef Release preparation for version 2.25.5 2026-05-18 12:05:32 +00:00
Anders Schack-Mulligen
cb0fc786c7 Ruby: Minor cleanup, Callable is a StmtSequence. 2026-05-18 13:05:14 +02:00
Paolo Tranquilli
c2fc0cf111 Fix Windows path handling in diagnostic relativization 
Canonicalize `current_dir()` to match canonicalized file paths (avoids
`\\?\` prefix mismatch on Windows), and normalize backslashes to
forward slashes in relative diagnostic paths.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-05-13 10:31:48 +02:00
Paolo Tranquilli
d16bc36e83 Use relative paths in tree-sitter extractor diagnostics 
Diagnostic `location.file` entries were using absolute paths (e.g.
`/home/runner/work/...`), causing broken links in the GitHub UI.
Now relativize against CWD (the source root during extraction), falling
back to a properly percent-encoded `file:` URI for paths outside it.

Fixes https://github.com/github/codeql/issues/21802

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-05-13 09:45:37 +02:00
Owen Mansel-Chan
0b808e1170 Merge pull request #21807 from owen-mc/java/improve-qhelp-unsafe-deserialization 
Shared: improve qhelp for unsafe deserialization queries
 2026-05-12 22:22:49 +01:00
Owen Mansel-Chan
a5ef036465 Note that common standard library types can be vulnerable to gadget-chain attacks 2026-05-08 14:18:54 +01:00
Owen Mansel-Chan
ed9477aac9 Ruby: Clarify that deserialization following a schema is safe 2026-05-08 14:06:16 +01:00
Paolo Tranquilli
f9e42ac443 Merge pull request #21794 from github/post-release-prep/codeql-cli-2.25.4 
Post-release preparation for codeql-cli-2.25.4
 2026-05-07 14:43:24 +02:00
Taus
82bbdee832 yeast: Support separate output node types in extractor generator 
Language and LanguageSpec gain optional output_node_types field.
When set, the generator produces dbscheme/QL from the output types
and the extractor validates TRAP against them.

All existing extractors pass None (no behavior change).
Ruby extract() calls gain vec![] for the new rules parameter.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-05-06 11:34:09 +00:00
Taus
9ad431dea1 yeast: Integrate yeast with shared tree-sitter extractor 
extract() gains a rules parameter. When empty, uses tree-sitter native
traversal (no behavior change). When non-empty, runs yeast desugaring
and extracts via traverse_yeast.

Adds AstNode trait abstracting over tree_sitter::Node and yeast::Node,
with minimal changes to existing Visitor methods (Node -> &N in 6
signatures).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-05-06 11:34:09 +00:00
github-actions[bot]
7610277199 Post-release preparation for codeql-cli-2.25.4 2026-05-05 10:10:06 +00:00
github-actions[bot]
88e1d86c27 Release preparation for version 2.25.4 2026-05-05 09:34:30 +00:00
Tom Hvitved
18da5f61cd Ruby: Remove deprecated references to deprecated shared code 2026-04-23 11:29:04 +02:00
Owen Mansel-Chan
6efb21314a Merge pull request #21523 from owen-mc/docs/mad/barriers 
Document models-as-data barriers and barrier guards and add change notes
 2026-04-21 13:49:19 +01:00
github-actions[bot]
a0bab539bb Post-release preparation for codeql-cli-2.25.3 2026-04-20 12:40:34 +00:00
github-actions[bot]
c861d99802 Release preparation for version 2.25.3 2026-04-20 09:27:23 +00:00
Owen Mansel-Chan
76d165e71e "modelling" -> "modeling" in docs 2026-04-14 15:27:39 +01:00
Owen Mansel-Chan
8f17b73796 Fix link formatting in change notes 2026-04-14 15:27:37 +01:00
Owen Mansel-Chan
c86ba38a4e Add change notes 2026-04-14 15:27:31 +01:00
Henry Mercer
43c9b95e6f Merge branch 'main' into post-release-prep/codeql-cli-2.25.2 2026-04-14 13:56:52 +01:00
Owen Mansel-Chan
7458674470 Merge pull request #21584 from owen-mc/shared/update-mad-comments 
Shared: update code comments explaining models-as-data format to include barriers and barrier guards
 2026-04-14 09:30:28 +01:00
github-actions[bot]
242090e0ac Post-release preparation for codeql-cli-2.25.2 2026-04-06 13:49:20 +00:00
github-actions[bot]
4fe2f6d2b4 Release preparation for version 2.25.2 2026-04-06 10:30:38 +00:00
Óscar San José
59eec7ffa2 Merge branch 'main' of https://github.com/github/codeql into post-release-prep/codeql-cli-2.25.1 2026-03-30 10:51:12 +02:00
github-actions[bot]
ce6e6d5db3 Post-release preparation for codeql-cli-2.25.1 2026-03-30 08:43:48 +00:00
Owen Mansel-Chan
37aac05964 Replace branch with acceptingValue 2026-03-27 22:39:10 +00:00
Owen Mansel-Chan
10fddc7b96 Add barriers and barrier guards to MaD format explanations 2026-03-27 09:47:24 +00:00
github-actions[bot]
fb011842c9 Release preparation for version 2.25.1 2026-03-25 23:43:06 +00:00
github-actions[bot]
8cf0954796 Release preparation for version 2.25.1 2026-03-25 08:28:30 +00:00
Tom Hvitved
cc99867969 Merge pull request #21511 from hvitved/ruby/empty-stats 
Ruby: Use empty DB stats
 2026-03-24 08:25:43 +01:00
Tom Hvitved
4b364639a2 Ruby: Fix join orders following DB stats removal 2026-03-20 13:13:38 +01:00
Óscar San José
2139b97628 Merge branch 'main' into post-release-prep/codeql-cli-2.25.0 2026-03-19 13:07:00 +01:00
Tom Hvitved
750f1ae8e9 Ruby: Use empty DB stats 2026-03-19 10:18:42 +01:00
github-actions[bot]
e3dbf5b022 Post-release preparation for codeql-cli-2.25.0 2026-03-16 16:03:22 +00:00
github-actions[bot]
d6055754b6 Release preparation for version 2.25.0 2026-03-16 12:15:34 +00:00
Owen Mansel-Chan
52809133f5 Add change notes 2026-03-13 11:10:43 +00:00
Owen Mansel-Chan
056aa342fe Change @security-severity for log injection queries from 7.8 to 6.1 2026-03-13 10:02:01 +00:00
Owen Mansel-Chan
f58a6e5d3a Change @security-severity for XSS queries from 6.1 to 7.8 2026-03-13 10:01:02 +00:00