hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-13 21:51:29 +01:00
Code Issues Packages Projects Releases Wiki Activity
81,875 Commits 1,690 Branches 160 Tags
38f517ecfaaa3eb1d6b18d0969900aeaddfca420
Commit Graph

81875 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Napalys Klicius
38f517ecfa Java: Add lambda-aware test detection to VisibleForTesting query 2025-08-24 10:02:43 +00:00
Napalys Klicius
4149968f33 Java: Remove the hardcoded path filter that excluded CodeQL's own unit tests from the java/visible-for-testing-abuse query. 2025-08-24 09:58:35 +00:00
Napalys Klicius
4705ad2e32 Java: Added extra test cases for fields 2025-08-22 09:23:49 +02:00
Napalys Klicius
38b3df07ee Java: Address comments 2025-08-22 09:23:49 +02:00
Napalys Klicius
66f2911497 Update java/ql/src/Violations of Best Practice/Implementation Hiding/VisibleForTestingAbuse.ql 
Co-authored-by: Michael Nebel <michaelnebel@github.com>
 2025-08-22 09:23:49 +02:00
Napalys Klicius
0b172080aa Update java/ql/src/Violations of Best Practice/Implementation Hiding/VisibleForTestingAbuse.ql 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-08-22 09:23:49 +02:00
Napalys Klicius
d20fd5beba Java: updated visible-for-testing-abuse meta data and docs. 2025-08-22 09:23:49 +02:00
Napalys Klicius
ea831a8352 Java: Fix VisibleForTestingAbuse false positives in annotations 2025-08-22 09:23:49 +02:00
Napalys Klicius
eb46e54c43 Java: Refactor VisibleForTestingAbuse query to reduce complexity 2025-08-22 09:23:49 +02:00
Napalys Klicius
225723bfeb Java: Exclude @VisibleForTesting-to-@VisibleForTesting access from VisibleForTestingAbuse alerts 2025-08-22 09:23:49 +02:00
Napalys Klicius
e4042402bc Java: Resolve spurious VisibleForTestingAbuse alerts for inner class access patterns 2025-08-22 09:23:49 +02:00
Napalys Klicius
1e2e6eccd7 Java: Test @VisibleForTesting method accessing @VisibleForTesting members 2025-08-22 09:23:49 +02:00
Napalys Klicius
7e2a1944f6 Java: Fix Predicate QLDoc style. 2025-08-22 09:23:49 +02:00
Napalys Klicius
9dfb4d4301 Java: Enchanced isWithinType to also include lambdas, inner classes etc. 2025-08-22 09:23:49 +02:00
Napalys Klicius
fbf18af076 Java: enchanced check if it is within same package 2025-08-22 09:23:49 +02:00
Napalys Klicius
2a16f4829e Java: Expanded test suite of java/visible-for-testing-abuse 2025-08-22 09:23:49 +02:00
Napalys Klicius
ff6ddd2893 Java: Promoted java/visible-for-testing-abuse to quality 2025-08-22 09:23:49 +02:00
Napalys Klicius
652e9cba3d Java: Added inline test expectations for java/visible-for-testing-abuse 2025-08-22 09:23:49 +02:00
Napalys Klicius
0c14d93bc6 Java: Added new query java/visible-for-testing-abuse 2025-08-22 09:23:49 +02:00
Chris Smowton
2d9470ded8 Merge pull request #20264 from github/smowton/admin/merge-rc319-into-main 
Merge rc/3.19 into main
 2025-08-21 17:06:17 +01:00
Chris Smowton
1829060fab Merge remote-tracking branch 'origin/main' into smowton/admin/merge-rc319-into-main 2025-08-21 16:33:37 +01:00
Tom Hvitved
7a4bc80582 Merge pull request #20248 from hvitved/rust/jump-to-def-generic-args 
Rust: Adjust jump-to-def for paths with generic arguments
 2025-08-21 16:00:51 +02:00
Tom Hvitved
0144c77dd1 Merge pull request #20234 from hvitved/type-inference/rename-vars 
Type inference: Rename some variables
 2025-08-21 16:00:31 +02:00
Michael Nebel
c89f2e309d Merge pull request #20089 from michaelnebel/csharp/allowsinkimplicitread 
C#: Allow implicit collection reads in sink nodes.
 2025-08-21 15:29:52 +02:00
Jami
771d7cb171 Merge pull request #20095 from jcogs33/jcogs33/java/finalizers-on-exit-and-garbage-collection 
Java: Add `previous-id` and adjust tags for `java/garbage-collection` and `java/run-finalizers-on-exit`
 2025-08-21 08:10:36 -04:00
Owen Mansel-Chan
f1c6064f4e Merge pull request #20188 from github/dependabot/go_modules/go/extractor/extractor-dependencies-c0b353d580 
Bump the extractor-dependencies group in /go/extractor with 2 updates
 2025-08-21 12:44:15 +01:00
Mathias Vorreiter Pedersen
dfda5a0793 Merge pull request #20249 from MathiasVP/type-tracking-for-cpp-3 
C++: Use the shared type-tracking library for virtual dispatch resolution
 2025-08-21 11:14:12 +02:00
Napalys Klicius
3369e16b1b Merge pull request #20254 from Napalys/cs/ldap-injection-qhelp 
CS: Update `cs/ldap-injection` qhelp
 2025-08-21 08:57:03 +02:00
Michael Nebel
ebfbc71104 C#: Address more review comments. 2025-08-21 08:07:17 +02:00
dependabot[bot]
e99b423e28 Bump the extractor-dependencies group in /go/extractor with 2 updates 
Bumps the extractor-dependencies group in /go/extractor with 2 updates: [golang.org/x/mod](https://github.com/golang/mod) and [golang.org/x/tools](https://github.com/golang/tools).


Updates `golang.org/x/mod` from 0.26.0 to 0.27.0
- [Commits](https://github.com/golang/mod/compare/v0.26.0...v0.27.0)

Updates `golang.org/x/tools` from 0.35.0 to 0.36.0
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.35.0...v0.36.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-version: 0.27.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
- dependency-name: golang.org/x/tools
  dependency-version: 0.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-21 03:46:43 +00:00
Jeroen Ketema
b79f0a2cf2 Merge pull request #20252 from knewbury01/knewbury01/add-uniform-Customizations 
Add extra Customizations files
 2025-08-20 20:14:02 +02:00
Kristen Newbury
cf0342410d Merge branch 'knewbury01/add-uniform-Customizations' of https://github.com/knewbury01/codeql into knewbury01/add-uniform-Customizations 2025-08-20 13:19:16 -04:00
Kristen Newbury
854a5b5871 Add changenotes customizations addition 2025-08-20 13:18:17 -04:00
Napalys Klicius
71a8e10f3d CS: added extra guidance in recommendation section for LDAPInjection 2025-08-20 13:37:02 +02:00
Napalys Klicius
c475bedf73 CS: removed dead links from LDAPInjection qhelp 2025-08-20 12:58:54 +02:00
Mathias Vorreiter Pedersen
70d3e69ce5 C++: Rename 'lambda' to 'virtual'. 2025-08-20 10:38:22 +02:00
Paolo Tranquilli
fd7668d94a Merge pull request #20251 from github/redsun82/rust-remove-warning 
Rust: update README to remove experimental warning
 2025-08-20 10:12:19 +02:00
Michael Nebel
3e03728ffe Merge pull request #20244 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2025-08-20 08:55:48 +02:00
Michael Nebel
b42c366250 C#: Address review comments. 2025-08-20 08:50:23 +02:00
Jeroen Ketema
c9f0e3a377 Apply suggestions from code review 2025-08-20 08:07:10 +02:00
github-actions[bot]
e74116b347 Add changed framework coverage reports 2025-08-20 00:23:14 +00:00
Kristen Newbury
d630e32ce9 Format Customizations.qll 2025-08-19 15:27:29 -04:00
Kristen Newbury
49ef6939d4 Add extra Customizations files 2025-08-19 14:49:31 -04:00
Paolo Tranquilli
65e5ded80d Rust: update README to remove experimental warning 2025-08-19 16:02:45 +02:00
Geoffrey White
963e028645 Merge pull request #20238 from geoffw0/scinit 
Rust: Update StreamCipherInit to use getCanonicalPath.
 2025-08-19 13:18:10 +01:00
Mathias Vorreiter Pedersen
02bf923f7e C++: Add change note. 2025-08-19 13:57:15 +02:00
Mathias Vorreiter Pedersen
0631bd7466 C++: Add object/flow conflation for unions when resolving function pointers. 2025-08-19 13:57:13 +02:00
Mathias Vorreiter Pedersen
16508b1800 C++: Fix off-by-one error in getType on 'FinalGlobalValue' nodes and accept test changes. 2025-08-19 13:57:11 +02:00
Mathias Vorreiter Pedersen
302d35bedc C++: Accept test changes. 2025-08-19 13:57:10 +02:00
Mathias Vorreiter Pedersen
cca5bd9ada C++: Update 'mayBenefitFromCallContext' to not use the old virtual dispatch local flow predicate. 2025-08-19 13:57:07 +02:00