hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-07 16:14:02 +02:00
Code Issues Packages Projects Releases Wiki Activity
77,106 Commits 1,732 Branches 164 Tags
30ff68dc715f5b13b04f0561245ede080d2beb36
Commit Graph

77106 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Chris Smowton
cd0aebefa4 Add integration test for failure to download a particular Maven version 2025-03-12 09:21:06 +00:00
Óscar San José
ca6f3ffa43 Merge pull request #18742 from github/oscarsj/add-actions-analysis 
Add actions to codeql analysis workflow
 2025-03-12 10:11:58 +01:00
Napalys Klicius
eddd724ea0 Merge pull request #18981 from Napalys/js/db_stats_fix 
JS: Update database.stats
 2025-03-12 09:24:09 +01:00
Tom Hvitved
a574c9f276 Ruby: Add SyntheticGlobal test 2025-03-12 09:22:41 +01:00
Michael Nebel
9e8339db6d Merge pull request #18961 from michaelnebel/csharp/ccr-local-not-disposed 
C#: Add `cs/local-not-disposed` to the CCR suite.
 2025-03-12 09:18:40 +01:00
Michael Nebel
4a3e463918 Merge pull request #18950 from michaelnebel/csharp/localnotdisposed 
C#: Exclude Task from cs/local-not-disposed.
 2025-03-12 09:17:22 +01:00
Napalys
979a5b4587 Updated stats file with intersection, subtraction and quoted_string. 2025-03-12 09:02:53 +01:00
Simon Friis Vindum
b3601b1ac2 Merge pull request #18946 from paldepind/rust-regex-injection 
Rust: Add regular expression injection query
 2025-03-12 08:15:54 +01:00
M Starch
f01737a4c0 Fixing BasicIntTypes to allow C Standard Integers and 'bool' 
The purpose of this check is to ensure that all integral types used by the code point to some fixed size type (e.g. an unsigned 8-bit integer). However; the previous implementation only allowed JPL style typedefs (i.e. U8) and ignored C standard integer types (i.e. uint8_t). This causes the query to false-positive when a typedef resolves to a C standard int type.

'bool' has also be allowed as part of the exclusions list as it represents distinct values 'true' and 'false' in C++ code.
 2025-03-11 14:56:57 -07:00
Jami
269f9fa7c9 Merge pull request #18978 from jcogs33/jcogs33/java/rename-springframework-stubs-dir 
Java: rename springframework stubs directory from 5.3.8 to 5.8.x
 2025-03-11 16:39:30 -04:00
Jami Cogswell
e17486a9d8 Java: rename springframework stubs directory from 5.3.8 to 5.8.x 2025-03-11 15:20:58 -04:00
Jami
ea9b0462bf Merge pull request #18793 from jcogs33/jcogs33/java/spring-boot-actuators-promo 
Java: Promote Spring Boot Actuators query from experimental
 2025-03-11 14:42:14 -04:00
Remco Vermeulen
da720b8b6e Merge pull request #18966 from github/rvermeulen/add-missing-dependency 
Add missing dependency
 2025-03-11 09:43:45 -07:00
Geoffrey White
daa57a9cb5 Merge pull request #18952 from geoffw0/unusedvarfix 
Rust: Improve rust/unused-variable and rust/unused-value
 2025-03-11 15:52:42 +00:00
Asger F
356b9e68c3 JS: Change note 2025-03-11 16:51:51 +01:00
Asger F
8599ab2503 JS: Fix attributes nodes missing an enclosing callable 2025-03-11 16:47:48 +01:00
Geoffrey White
044d0a13f0 Rust: Include WeakSensitiveDataHashing sinks as well. 2025-03-11 15:41:38 +00:00
Geoffrey White
4924a0faf3 Rust: Introduce a QuerySink class, common to all query sinks. 2025-03-11 15:41:37 +00:00
Geoffrey White
dc7d7f121e Rust: Clarify doc on FlowSink, FlowSource. 2025-03-11 15:41:35 +00:00
Michael Nebel
371a72ecec C#: Move Bad test into other file to avoid sync-files breakage. 2025-03-11 14:54:13 +01:00
Michael Nebel
1286420d39 C#: Add change-note. 2025-03-11 14:42:51 +01:00
Michael Nebel
120af3611a C#: Update test expected output. 2025-03-11 14:39:09 +01:00
Michael Nebel
150aa5d1cf C#: Include normal switch/case statements in the white list and allow the use of wildcards when there is a condition. 2025-03-11 14:37:56 +01:00
Michael Nebel
c15137e992 C#: Update test expected output. 2025-03-11 14:36:34 +01:00
Michael Nebel
f42ae48ffa C#: Add some switch case examples. 2025-03-11 14:35:04 +01:00
Asger F
087c555796 Merge pull request #18670 from asgerf/js/test-suite 
JS: Update test suite to use post-processed inline expectations
 2025-03-11 13:58:01 +01:00
Michael Nebel
4451e55bba C#: Convert cs/constant-condition tests to inline expectation tests. 2025-03-11 13:35:05 +01:00
Asger F
6499e5458b JS: Restore line lost in merge 
'Accept incoming changes' in vscode somehow deleted this line.
 2025-03-11 13:19:29 +01:00
Asger F
e8c5e4d006 Merge branch 'main' into js/test-suite 2025-03-11 13:17:08 +01:00
Arthur Baars
3991dc3aa3 Rust: improve performance of Crate::toString 2025-03-11 12:57:16 +01:00
Napalys Klicius
a4f2264f17 Merge pull request #18899 from Napalys/js/ecma-2024-regex 
JS: Add ECMAScript 2024 `v` Flag Operators for Regex Parsing
 2025-03-11 12:50:44 +01:00
Simon Friis Vindum
1e0b78ebd3 Rust: Update regex injection description 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2025-03-11 12:47:12 +01:00
Michael Nebel
744936fbd7 C#: Add cs/local-not-disposed to the CCR suite. 2025-03-11 12:46:16 +01:00
Arthur Baars
66ab3a8002 Rust: add Locatable::fromSource 2025-03-11 12:32:56 +01:00
Napalys
c001435258 Refactor Angular2 API to use httpClientApiNode for HttpClient method calls 2025-03-11 12:32:24 +01:00
Owen Mansel-Chan
22b36a86ce Merge pull request #18940 from owen-mc/go/unhandled-close-writable-handle 
Go: Add test for FP in `go/unhandled-writable-file-close`
 2025-03-11 11:13:36 +00:00
Napalys Klicius
a900f2cea4 Update javascript/ql/lib/change-notes/2025-03-03-regex-v.md 
Co-authored-by: Asger F <asgerf@github.com>
 2025-03-11 11:57:28 +01:00
Óscar San José
8b33dcd018 Merge branch 'main' into oscarsj/add-actions-analysis 2025-03-11 11:51:24 +01:00
Napalys Klicius
3191b2c6fc Update javascript/extractor/src/com/semmle/js/parser/RegExpParser.java 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2025-03-11 09:40:24 +01:00
Napalys Klicius
7c9edff33c Merge pull request #18964 from Napalys/js/mark_down_table 
JS: Refactor `markdown-table` library modeling
 2025-03-11 09:02:56 +01:00
Asger F
b583e52a87 Merge pull request #18962 from asgerf/js/local-type-indirection 
JS: Unfold local type aliases in getAnUnderlyingType
 2025-03-11 08:54:03 +01:00
Napalys
08c07f815f Improved documentation, removed union fram change note. 2025-03-11 08:30:17 +01:00
Napalys Klicius
1ad8b4677d Update javascript/ql/lib/change-notes/2025-03-10-js-refactor-markdown-table.md 
Co-authored-by: Asger F <asgerf@github.com>
 2025-03-11 08:07:49 +01:00
Remco Vermeulen
8f603251d7 Add missing dependency 
The query pack has suites that rely on the `codeql/suite-helpers` pack, but doesn't include it as a dependency.
This will cause error when resolving suites referring the Actions query pack.
 2025-03-10 18:31:01 -07:00
Erik Krogh Kristensen
e6884cf705 Merge pull request #18959 from erik-krogh/faster-routing 
JS: ensure the result from getPathFromFork is unique (to avoid a blowup)
 2025-03-10 21:45:14 +01:00
Jaroslav Lobačevski
fa35d6c3ac Minor example workflow fix 2025-03-10 20:43:16 +00:00
Asger F
73c0a93fc4 Merge pull request #18963 from asgerf/js/disable-tainted-nodes 
JS: Remove TaintedNodes.ql from default meta query suite
 2025-03-10 20:49:46 +01:00
Napalys
4a365857f1 Added change note. 2025-03-10 19:40:41 +01:00
Napalys
13c701948a Refactor Markdown taint steps and update expected results for reflected XSS tests 2025-03-10 19:27:36 +01:00
Geoffrey White
7717f92ec6 Rust: Clean up the test (it turns out a nested UnusedVariable.qlref is not needed) and accept consistency check changes. 2025-03-10 17:59:19 +00:00