hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,864 Commits 1,671 Branches 157 Tags
2824c98efb577b1ff4d43c04ee4ab60a908c5edb
Commit Graph

84864 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Simon Friis Vindum
0f97e7e29d Rust: Remov unneeded model 2025-12-10 14:35:16 +01:00
Simon Friis Vindum
8a0e5b5675 Rust: Lift content reads as taint steps 2025-12-10 14:35:14 +01:00
Simon Friis Vindum
cd721b85e9 Merge pull request #20941 from paldepind/rust/invalid-pointer-barriers 
Rust: Reduce the number of sinks in `DereferenceSink`
 2025-12-10 14:22:05 +01:00
Anders Schack-Mulligen
eaa96864f7 Java: Extend test to cover assertion-like barrier guards. 2025-12-10 12:23:52 +01:00
Anders Schack-Mulligen
9cd2247b91 Java: expose support for more general BarrierGuards. 2025-12-10 12:23:52 +01:00
Anders Schack-Mulligen
09058e48aa Guards: Rename -WithState to Parameterized-. 2025-12-10 12:23:51 +01:00
Anders Schack-Mulligen
ebb989962c Guards: Generalise ValidationWrapper to support GuardValue-based BarrierGuards. 2025-12-10 12:23:51 +01:00
Simon Friis Vindum
c5a44cf8ff Rust: Accept changes to expected files 2025-12-10 11:35:32 +01:00
Geoffrey White
506a1ea0b8 Rust: Add test case for rust/access-after-lifetime-ended involving an invalidated reference. 2025-12-10 11:35:31 +01:00
Simon Friis Vindum
ade7815125 Rust: Add change note 2025-12-10 11:35:29 +01:00
Simon Friis Vindum
7d1acbcb87 Rust: Restrict the scope of DereferenceSink to dereferences of raw pointers 2025-12-10 11:35:28 +01:00
Simon Friis Vindum
4a1abc7beb Merge pull request #21007 from hvitved/rust/update-expected 
Rust: Update expected test output
 2025-12-10 11:19:37 +01:00
Geoffrey White
fa02842d30 Rust: Accept consistency check changes. 2025-12-10 10:16:22 +00:00
Tom Hvitved
30b903604d Rust: Update expected test output 2025-12-10 11:02:04 +01:00
Jeroen Ketema
3cabcfef75 Swift: Skip -scan-dependencies compiler calls 
These do not produce any useful data and just crash our frontend.
 2025-12-10 10:11:41 +01:00
Jeroen Ketema
e9aa6ddf53 Swift: Strip more unsupported arguments 
We had customer reports where these occur in practise, although we have not
observed these ourselves in frontend calls.
 2025-12-10 10:08:21 +01:00
Geoffrey White
819a12216e Merge branch 'main' into copilot/add-ecb-cbc-test-cases 2025-12-10 08:56:20 +00:00
Tom Hvitved
fe18e0e414 Merge pull request #20997 from paldepind/rust/fix-expected 
Rust: Accept changes to expected files
 2025-12-09 14:25:36 +01:00
Tom Hvitved
a5f513f178 Merge pull request #20954 from hvitved/rust/stats-more-calls 
Rust: Include more calls in DB quality metrics
 2025-12-09 14:14:07 +01:00
Simon Friis Vindum
53ad3282c3 Rust: Accept changes to expected files 2025-12-09 14:01:31 +01:00
Owen Mansel-Chan
cf19586516 Merge pull request #20993 from github/dependabot/go_modules/go/extractor/extractor-dependencies-955632e86c 
Bump the extractor-dependencies group in /go/extractor with 2 updates
 2025-12-09 09:36:16 +00:00
Anders Schack-Mulligen
139dc0acaf Merge pull request #20922 from aschackmull/csharp/object-initializer 
C#: Replace initializer splitting with an ObjectInitMethod.
 2025-12-09 10:35:02 +01:00
yoff
5c6d83ed65 Merge pull request #20877 from joefarebrother/python-tornado-websocket 
Python: Add models for websocket handlers for Tornado
 2025-12-09 10:08:59 +01:00
Michael Nebel
8ecae77887 Merge pull request #20991 from github/dependabot/nuget/csharp/ql/integration-tests/posix/standalone_dependencies_no_framework/nuget-335537b6a2 
Bump the nuget group with 1 update
 2025-12-09 10:01:15 +01:00
Tom Hvitved
e054741061 Update expected test output 2025-12-09 09:13:26 +01:00
Tom Hvitved
31b184a404 Rust: Exclude deref expressions on raw pointers from call resolution stats 2025-12-09 08:54:51 +01:00
dependabot[bot]
9eb1eb8f0d Bump the extractor-dependencies group in /go/extractor with 2 updates 
Bumps the extractor-dependencies group in /go/extractor with 2 updates: [golang.org/x/mod](https://github.com/golang/mod) and [golang.org/x/tools](https://github.com/golang/tools).


Updates `golang.org/x/mod` from 0.30.0 to 0.31.0
- [Commits](https://github.com/golang/mod/compare/v0.30.0...v0.31.0)

Updates `golang.org/x/tools` from 0.39.0 to 0.40.0
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.39.0...v0.40.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-version: 0.31.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
- dependency-name: golang.org/x/tools
  dependency-version: 0.40.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-09 03:07:27 +00:00
Owen Mansel-Chan
e7147244e8 Merge pull request #20992 from myvyang/main 
Change MethodAccess to MethodCall in query example.
 2025-12-09 01:22:55 +00:00
Owen Mansel-Chan
d15342db1f Fix table padding 2025-12-09 01:12:53 +00:00
i
134312173f MethodAccess has been deprecated, Change MethodAccess to MethodCall in query example. 2025-12-09 08:41:01 +08:00
dependabot[bot]
c8992fc834 Bump the nuget group with 1 update 
Bumps Newtonsoft.Json from 6.0.4 to 13.0.1

---
updated-dependencies:
- dependency-name: Newtonsoft.Json
  dependency-version: 13.0.1
  dependency-type: direct:production
  dependency-group: nuget
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-09 00:33:13 +00:00
github-actions[bot]
2854330759 Post-release preparation for codeql-cli-2.23.8 2025-12-08 15:49:10 +00:00
Paolo Tranquilli
28b6aa8616 Merge pull request #20988 from github/release-prep/2.23.8 
Release preparation for version 2.23.8
codeql-cli/latest codeql-cli/v2.23.8 		2025-12-08 15:45:10 +01:00
github-actions[bot]
66c51e979e Release preparation for version 2.23.8 2025-12-08 14:38:23 +00:00
Paolo Tranquilli
b5f705a4f1 Merge pull request #20985 from asgerf/js/overlay-local-optional 
JS: Use question-mark variant in all overlay annotations
 2025-12-08 15:27:23 +01:00
Chris Smowton
359a28e409 Merge pull request #20984 from github/rc/3.20 
Java: Add change note for Maven compiler flags
 2025-12-08 14:24:58 +00:00
Tom Hvitved
0280771c51 Merge pull request #20953 from hvitved/rust/data-flow-call-models 
Rust: Model more data flow constructs as calls using MaD
 2025-12-08 15:22:02 +01:00
Tom Hvitved
57ce2ee749 Address review comments 2025-12-08 13:27:36 +01:00
Asger F
4d1200fd13 Revert changes in synced files 2025-12-08 13:26:19 +01:00
Chris Smowton
ef991e5ba5 Merge pull request #20983 from smowton/smowton/feature/csharp-csrf-aspnetcore 
C# CSRF query: add support for ASP.NET Core
 2025-12-08 12:14:48 +00:00
Asger F
294089fe35 JS: Use question-mark variant in all overlay annotations 2025-12-08 13:13:09 +01:00
Idriss Riouak
877669d1f0 Merge pull request #20981 from github/idrissrio/java/java-maven-sap 
Java: Add change note for Maven compiler flags
 2025-12-08 12:55:50 +01:00
Chris Smowton
79718b6dcb Change note 2025-12-08 11:54:02 +00:00
Chris Smowton
5bb31afc83 C# CSRF query: add support for ASP.NET Core 2025-12-08 11:51:01 +00:00
idrissrio
a0e7afde8e Java: Add change note for Maven compiler flags 2025-12-08 12:14:03 +01:00
Simon Friis Vindum
cd6429a39e Merge pull request #20969 from paldepind/rust/dispath-default-trait 
Rust: Do not dispatch to all implementations when trait target is accurate
 2025-12-08 10:45:55 +01:00
Tom Hvitved
bfa37b8488 Fix typo 2025-12-08 10:17:47 +01:00
Geoffrey White
24852c6664 Merge pull request #20966 from geoffw0/lifetimetest 
Rust: Fix FPs from rust/access-after-lifetime-ended
 2025-12-08 09:03:51 +00:00
Michael Nebel
10c01832b0 Merge pull request #20964 from michaelnebel/csharp/nugetversionsorting 
C#: Fix NuGet version bug and a .NET10 compatibility issue.
 2025-12-08 09:35:53 +01:00
Óscar San José
3230df02d9 Merge pull request #20975 from github/oscarsj/merge-back-rc-3.20 
Merge back rc/3.20
 2025-12-05 21:16:18 +01:00