Commit Graph

88495 Commits

Author SHA1 Message Date
Owen Mansel-Chan
25cd352de7 Merge pull request #22123 from owen-mc/csharp/convert-qlref-tests-to-inline-expectations
C#: Convert qlref tests to inline expectations
2026-07-08 14:47:04 +01:00
Geoffrey White
8bb12d1507 Merge pull request #22005 from github/dependabot/pip/misc/codegen/pip-02f7ad5a4b
Bump the pip group across 2 directories with 2 updates
2026-07-08 14:37:05 +01:00
Owen Mansel-Chan
aba008dcd7 Remove comments "// BAD: but flagged by cs/constant-condition" 2026-07-08 14:00:57 +01:00
Owen Mansel-Chan
7b96f66d34 Also run cs/constant-condition on test for cs/comparison-of-identical-expressions 2026-07-08 14:00:55 +01:00
Taus
3c3f740a25 Merge pull request #22120 from asgerf/unified/local-scoping
Unified: implement local scoping
2026-07-08 14:33:14 +02:00
Owen Mansel-Chan
85d800f317 Apply suggestions from code review
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
2026-07-08 13:02:20 +01:00
Owen Mansel-Chan
134e30260d Merge pull request #22119 from owen-mc/java/fix-tainted-path-pattern-sanitization
Java: fix `@Pattern` sanitization for `java/path-injection`
2026-07-08 11:37:15 +01:00
Owen Mansel-Chan
a16e19a3b1 Merge pull request #22127 from owen-mc/cpp/convert-qlref-inline-expectations
C++: Convert qlref tests to inline expectations
2026-07-08 11:36:35 +01:00
Owen Mansel-Chan
69ed2da241 Merge pull request #22134 from github/workflow/coverage/update
Update CSV framework coverage reports
2026-07-08 11:19:06 +01:00
github-actions[bot]
bc966f62e2 Add changed framework coverage reports 2026-07-08 00:38:59 +00:00
Owen Mansel-Chan
b6d588c1a8 Revert inline expectations for blazor integration tests with BMN 2026-07-08 00:56:43 +01:00
Owen Mansel-Chan
5ba1fe315d Accept updated .expected output 2026-07-08 00:56:16 +01:00
Owen Mansel-Chan
8363d2d66d Merge pull request #22132 from joshimar/java/spring-webclient-uri-ssrf-sink
Java: Model Spring reactive `WebClient.uri` as a request forgery sink
2026-07-08 00:40:33 +01:00
Luis Azanza
b8f8370c33 Update java/ql/lib/change-notes/2026-06-30-spring-webclient-uri-ssrf.md
Update change note to be more technically accurate

Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
2026-07-07 16:21:09 -07:00
Luis Azanza
6ff2a4c0d6 Apply suggestion from @owen-mc
Removing Apple Inc notice per feedback provided by GitHub

Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
2026-07-07 16:10:05 -07:00
Luis Azanza
1db31327a7 Java: Model Spring reactive WebClient.uri as a request forgery sink 2026-07-07 13:30:48 -07:00
Owen Mansel-Chan
19745e13b5 Fix some lines with // $ ... // $ MISSING:
Note that when a line is marked `// BAD [NOT DETECTED]` but actually has
an alert, I assume that the `[NOT DETECTED]` is outdated and should be
deleted.
2026-07-07 20:48:39 +01:00
Owen Mansel-Chan
9d9590623d Address review comments 2026-07-07 20:48:36 +01:00
Geoffrey White
117a0bb87e Copilot fix for missing module pygments - regenerating the lockfile fully. 2026-07-07 16:02:36 +01:00
Owen Mansel-Chan
f67b7299f9 Update query example (synced file) 2026-07-07 14:09:50 +01:00
Owen Mansel-Chan
366d70bfee Convert qlref tests to inline expectations 2026-07-07 14:09:48 +01:00
Owen Mansel-Chan
a812e4aa99 Refactor creating barriers with annotations 2026-07-07 12:44:19 +01:00
Owen Mansel-Chan
fa16728522 Fix comments in one test 2026-07-07 12:06:43 +01:00
Owen Mansel-Chan
76d8ae8694 Add MISSING: tag 2026-07-07 10:59:21 +01:00
Owen Mansel-Chan
843ac7c6b0 Add SPURIOUS: tags 2026-07-07 10:54:11 +01:00
Owen Mansel-Chan
a2c5d4c818 C++: Convert qlref tests to inline expectations 2026-07-07 09:49:50 +01:00
Owen Mansel-Chan
8f026b1dc2 Allow inline expectation comments in more file formats 2026-07-06 13:43:31 +01:00
Asger F
bfb3ead314 Apply suggestions from code review
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
2026-07-03 14:29:54 +02:00
Owen Mansel-Chan
e5bd62dbd3 Add change note 2026-07-03 11:34:11 +01:00
Owen Mansel-Chan
76b4f4f223 Fix @Pattern sanitizer for TaintedPath 2026-07-03 11:34:06 +01:00
Owen Mansel-Chan
077b531e41 Add failing TaintedPath test for @Pattern sanitizer 2026-07-03 11:34:03 +01:00
Asger F
c23c3d9e79 unified: Translate bare names in patterns correctly
- Context is fully reset when stepping into an expr/stmt/body.
- Binding modifier is rolled into outer_modifiers.
2026-07-03 11:59:58 +02:00
Asger F
036ed04eee unified: Support OrPattern bindings 2026-07-03 11:59:57 +02:00
Asger F
891e244116 unified: Add WhileStmt as a Conditional 2026-07-03 11:59:55 +02:00
Asger F
c8eb2071d8 unified: Add tests with 'while let' 2026-07-03 11:59:53 +02:00
Asger F
e7bff859e8 unified: More fixes in test cases 2026-07-03 11:59:51 +02:00
Asger F
6ea146f65b unified: Fix broken block syntax
The original test was not valid Swift syntax
2026-07-03 11:59:50 +02:00
Asger F
a86c7ba422 unified: Flatten GuardIfStmt into the enclosing block 2026-07-03 11:59:47 +02:00
Asger F
d0cd4ac536 Shared: remove unused getLhs() predicate 2026-07-03 11:54:26 +02:00
Owen Mansel-Chan
c3a0b65c0c Merge pull request #22115 from owen-mc/java/update-mad-docs
Java: Add section in models docs about specifying java types
2026-07-03 09:16:29 +01:00
Owen Mansel-Chan
268e9eadac Add section on specifying java types 2026-07-02 22:09:51 +01:00
Geoffrey White
ab1bc853fc Merge pull request #22053 from geoffw0/arith
Rust: Fix FPs in rust/hard-coded-cryptographic-value
2026-07-02 17:37:38 +01:00
Michael B. Gale
f4d8358454 Merge pull request #22110 from github/post-release-prep/codeql-cli-2.26.0
Post-release preparation for codeql-cli-2.26.0
2026-07-02 15:32:22 +01:00
Nora Dimitrijević
0a02b16c43 Merge pull request #22095 from d10c/d10c/drop-bracket-style-links
Remove [[ link syntax from C# XSS sink
2026-07-02 15:45:30 +02:00
Owen Mansel-Chan
4aef485d3c Merge pull request #22106 from github/workflow/coverage/update
Update CSV framework coverage reports
2026-07-02 14:08:20 +01:00
github-actions[bot]
5e50fc8471 Post-release preparation for codeql-cli-2.26.0 2026-07-02 12:26:43 +00:00
Michael B. Gale
e4a7b4ff51 Merge pull request #22109 from github/release-prep/2.26.0
Release preparation for version 2.26.0
codeql-cli/latest codeql-cli/v2.26.0
2026-07-02 13:02:15 +01:00
Michael B. Gale
66ddf3b4c6 Remove unnecessary changenote for the hotfix 2026-07-02 12:58:05 +01:00
github-actions[bot]
1af9609eed Release preparation for version 2.26.0 2026-07-02 11:43:30 +00:00
Mathias Vorreiter Pedersen
4f4cdf434b Merge pull request #22061 from MathiasVP/mad-write-through-model
Shared: Support flow summaries from `ReturnValue`s
2026-07-02 12:38:44 +01:00