Owen Mansel-Chan
268e9eadac
Add section on specifying java types
2026-07-02 22:09:51 +01:00
Geoffrey White
ab1bc853fc
Merge pull request #22053 from geoffw0/arith
...
Rust: Fix FPs in rust/hard-coded-cryptographic-value
2026-07-02 17:37:38 +01:00
Michael B. Gale
f4d8358454
Merge pull request #22110 from github/post-release-prep/codeql-cli-2.26.0
...
Post-release preparation for codeql-cli-2.26.0
2026-07-02 15:32:22 +01:00
Nora Dimitrijević
0a02b16c43
Merge pull request #22095 from d10c/d10c/drop-bracket-style-links
...
Remove [[ link syntax from C# XSS sink
2026-07-02 15:45:30 +02:00
Owen Mansel-Chan
4aef485d3c
Merge pull request #22106 from github/workflow/coverage/update
...
Update CSV framework coverage reports
2026-07-02 14:08:20 +01:00
github-actions[bot]
5e50fc8471
Post-release preparation for codeql-cli-2.26.0
2026-07-02 12:26:43 +00:00
Michael B. Gale
e4a7b4ff51
Merge pull request #22109 from github/release-prep/2.26.0
...
Release preparation for version 2.26.0
2026-07-02 13:02:15 +01:00
Michael B. Gale
66ddf3b4c6
Remove unnecessary changenote for the hotfix
2026-07-02 12:58:05 +01:00
github-actions[bot]
1af9609eed
Release preparation for version 2.26.0
2026-07-02 11:43:30 +00:00
Mathias Vorreiter Pedersen
4f4cdf434b
Merge pull request #22061 from MathiasVP/mad-write-through-model
...
Shared: Support flow summaries from `ReturnValue`s
2026-07-02 12:38:44 +01:00
Michael B. Gale
79eeaa2028
Merge pull request #22108 from hvitved/python-hot-fix
...
Python: release hotfix
2026-07-02 12:31:20 +01:00
Geoffrey White
1f4ae86a84
Apply suggestions from code review
...
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com >
2026-07-02 11:26:26 +01:00
Tom Hvitved
797f58b5d5
Merge pull request #22052 from hvitved/rust/type-constraint-base-type-match-gen
...
Type inference: Generalize `typeConstraintBaseTypeMatch`
2026-07-02 11:57:28 +02:00
Tom Hvitved
2308981665
Python: Update inline test expectations
2026-07-02 11:54:36 +02:00
Tom Hvitved
32181cd7e8
Python: Improve some flow summaries
2026-07-02 11:54:28 +02:00
Geoffrey White
9aaf3f15eb
Merge pull request #22105 from geoffw0/rubyinline3
...
Ruby: Address testFailures in inline expectations tests (part 3)
2026-07-02 08:29:39 +01:00
github-actions[bot]
d8b89d2581
Add changed framework coverage reports
2026-07-02 00:54:34 +00:00
Michael B. Gale
f4d6f582c8
Merge pull request #22096 from github/revert-22059-release-prep/2.26.0
...
Revert "Release preparation for version 2.26.0"
2026-07-01 22:11:34 +01:00
Tom Hvitved
6c3c5ea8af
Merge pull request #22101 from hvitved/python/flow-summaries-improvements
...
Python: Improve some flow summaries
2026-07-01 19:36:13 +02:00
Geoffrey White
226efb3ad7
Potential fix for pull request finding
...
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com >
2026-07-01 16:52:38 +01:00
Geoffrey White
73ec4b8d02
Ruby: Fix one last inline expectations testFailure.
2026-07-01 16:44:12 +01:00
Owen Mansel-Chan
cb4a1d0929
Merge pull request #22103 from owen-mc/java/fix-mad-file-names
...
Java: Fix misnamed MaD models files
2026-07-01 14:04:44 +01:00
Jeroen Ketema
d664d17a11
Merge pull request #22087 from jketema/subst
...
Add Windows integration tests showing that `subst` is handled inconsistently
2026-07-01 14:48:22 +02:00
Owen Mansel-Chan
7263c00b00
Fix misnamed MaD models files
2026-07-01 13:13:01 +01:00
Geoffrey White
e9766086cd
Merge pull request #22079 from geoffw0/kotlininline
...
Kotlin: Address inline expectations testFailures.
2026-07-01 12:39:11 +01:00
Jeroen Ketema
d551ab3afb
Fix expected file
2026-07-01 13:24:05 +02:00
Tom Hvitved
2bf6031c0f
Python: Update inline test expectations
2026-07-01 13:10:41 +02:00
Jeroen Ketema
daf97f7139
Add Windows integration tests showing that subst is handled inconsistently
2026-07-01 12:51:05 +02:00
Tom Hvitved
a5444b573a
Python: Improve some flow summaries
2026-07-01 12:05:53 +02:00
Mathias Vorreiter Pedersen
3410f39b3c
Merge pull request #22089 from MathiasVP/remove-mad-support-for-variables
...
C++: Remove support for global variables as sources and sinks in MaD
2026-07-01 10:31:59 +01:00
Owen Mansel-Chan
cf51664d69
Merge pull request #22099 from github/workflow/coverage/update
...
Update CSV framework coverage reports
2026-07-01 10:03:46 +01:00
github-actions[bot]
3cbb8ba87e
Add changed framework coverage reports
2026-07-01 00:58:10 +00:00
Taus
b12c67f231
Merge pull request #22092 from github/tausbn/python-hotfix-disable-instance-field-step
...
Python: hotfix - disable instanceFieldStep to avoid type-tracker blowup
2026-06-30 21:53:06 +02:00
Mario Campos
41f2e7b6f6
Revert "Release preparation for version 2.26.0"
2026-06-30 13:21:27 -05:00
Asger F
11e75c12a8
Merge pull request #22090 from asgerf/unified/inline-test-expectations
...
unified: Add inline expectation test library
2026-06-30 19:55:15 +02:00
Mathias Vorreiter Pedersen
dbbcc1741c
C++: Delete now-unsupported MaD rows.
2026-06-30 17:48:31 +01:00
Mathias Vorreiter Pedersen
f37b3e77ff
Merge branch 'main' into remove-mad-support-for-variables
2026-06-30 17:38:37 +01:00
Geoffrey White
b5ec9c25c0
Update rust/ql/lib/codeql/rust/security/HardcodedCryptographicValueExtensions.qll
...
Co-authored-by: Tom Hvitved <hvitved@github.com >
2026-06-30 16:16:45 +01:00
Geoffrey White
9e37ae02fd
Rust: Repair results for const accesses with no definition in the database.
2026-06-30 15:55:28 +01:00
Geoffrey White
c81d31f2e3
Rust: Flag const sources at the definition, not the use (clearer source).
2026-06-30 15:46:12 +01:00
Taus
f251a572e1
Python: hotfix - disable instanceFieldStep to avoid type-tracker blowup
...
The `instanceFieldStep` disjunct of `TypeTrackingInput::levelStepCall`
that was added in 7.2.0 uses `classInstanceTracker(cls)` -- which is
itself a type-tracker -- inside `levelStepCall`. That creates a
structural mutual recursion between the main type-tracker fixpoint and
`classInstanceTracker`, causing the type-tracker delta to blow up to
~100M tuples per iteration on some OOP-heavy Python codebases.
Verified on the python/mypy database: SSRF query wall time goes from
~12s before the offending commit to >40 minutes after it.
This hotfix temporarily drops the `instanceFieldStep` disjunct and
keeps only `inheritedFieldStep`, which does not pull on the call
graph and is well-behaved (verified at ~12s on mypy). The
`instanceFieldStep` helper predicate itself is kept in place, and
the `levelStepCall` body has a commented-out call to it so the
change is trivial to re-enable once the recursion issue is properly
addressed.
2026-06-30 14:41:12 +00:00
Nora Dimitrijević
43cfa2f8bd
C#: Remove [[ style links from XSS sink explanation
...
Remove the makeUrl predicate and the [[""|""]]] link syntax from
AspxCodeSink.explanation(), replacing with plain text.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com >
2026-06-30 16:14:12 +02:00
Geoffrey White
ca4f751f9b
Rust: Add more tests for constants.
2026-06-30 15:13:10 +01:00
Mathias Vorreiter Pedersen
b7b731bab7
Merge branch 'main' into mad-write-through-model
2026-06-30 15:12:02 +01:00
Mathias Vorreiter Pedersen
c045da01a1
Merge pull request #22088 from MathiasVP/cpp-support-fully-qualified-field-names-in-mad
...
C++: Support fully qualified field names in MaD
2026-06-30 15:02:16 +01:00
Asger F
a9617f18a1
Potential fix for pull request finding
...
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com >
2026-06-30 15:48:15 +02:00
Asger F
8a46f03308
Merge pull request #22083 from asgerf/unified/suites
...
Unified: add default_queries and standard qls files and a dummy query
2026-06-30 15:37:53 +02:00
Asger F
fc94d1c035
unified: Add a dummy query
...
This is just to test DCA
2026-06-30 15:26:22 +02:00
Michael Nebel
a93501a1eb
Merge pull request #22033 from michaelnebel/csharp/usefeedmanager
...
C#: Use the feed manager in the `NugetExeWrapper`.
2026-06-30 15:03:25 +02:00
Mathias Vorreiter Pedersen
06f54d1bbb
C++: Add a TODO comment to remove support for unqualified field names.
2026-06-30 13:55:26 +01:00