codeql

mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00

Author	SHA1	Message	Date
Tom Hvitved	41916640c3	Rust: Taint flow tests for operations	2025-12-05 09:19:02 +01:00
Tom Hvitved	294c489fd8	Rust: Handle `x[y]` expressions as `*.index(y)` calls in data flow	2025-12-05 09:18:59 +01:00
Tom Hvitved	e72c8acb6c	Rust: Add data flow tests for collections	2025-12-05 09:16:57 +01:00
Tom Hvitved	09461e9cb6	Merge pull request #20967 from hvitved/rust/call-refactor-fix Rust: Call refactor follow-up fixes	2025-12-05 09:16:18 +01:00
Simon Friis Vindum	1a19df2044	Merge pull request #20950 from paldepind/rust/ti-raw-pointer Rust: Type inference for raw pointers	2025-12-05 09:06:13 +01:00
Owen Mansel-Chan	6d301f27d0	Merge pull request #20937 from owen-mc/actions/fix/code-injection-privileged-context Actions: fix filtering of code injection results between medium and critical version of query	2025-12-05 07:54:13 +00:00
Joe Farebrother	d70c596c86	Merge pull request #20914 from joefarebrother/python-socketio Python: Add models for socketio	2025-12-04 23:14:58 +00:00
Tom Hvitved	be1d756de4	Rust: Call refactor follow-up fixes	2025-12-04 21:15:28 +01:00
Owen Mansel-Chan	4a16de2bc8	Pull out logic into separate predicate	2025-12-04 16:50:39 +00:00
Owen Mansel-Chan	fb841ea591	Make predicates containing query logic more self-contained	2025-12-04 16:50:37 +00:00
Owen Mansel-Chan	8bac1dec83	Add change note	2025-12-04 16:50:36 +00:00
Owen Mansel-Chan	f6bdb3a126	Fix filtering of code injection alerts between medium and critical	2025-12-04 16:50:34 +00:00
Owen Mansel-Chan	e2acd1b668	Add test with push and workflow_dispatch triggers This is based on push.yml, and it should still be found by actions/code-injection/medium, but it isn't.	2025-12-04 16:50:33 +00:00
Tom Hvitved	8b89e15dfa	Merge pull request #20863 from hvitved/rust/call-refactor Rust: Restructure classes representing calls	2025-12-04 17:02:17 +01:00
Simon Friis Vindum	27ddc813af	Rust: Cleanup of raw pointer types based in PR feedback	2025-12-04 16:41:28 +01:00
Owen Mansel-Chan	5c8ab1f6d1	Merge pull request #20956 from owen-mc/java/improve-regex-sanitizer Java: improve regex sanitizer for `java/ssrf`	2025-12-04 15:32:12 +00:00
Michael Nebel	cdd8aa49e1	Merge pull request #20933 from michaelnebel/csharp/runtraceraftercompilation C#: Invoke the extractor after the compiler to ensure that source generators have been executed.	2025-12-04 13:41:38 +01:00
Tom Hvitved	bc6d38ebb4	Address review comments	2025-12-04 10:38:47 +01:00
Anders Schack-Mulligen	607ad1f886	Merge pull request #20961 from aschackmull/dataflow/flowfrom Dataflow: Add flowFrom predicates to mirror flowTo.	2025-12-04 10:09:29 +01:00
Michael Nebel	e74031bee4	Merge pull request #20936 from michaelnebel/csharp/nocrashdotnetinfo C#: Retry logic for `dotnet --info` when it fails with exit code 143.	2025-12-04 09:13:12 +01:00
Tom Hvitved	38a572dfa0	Rust: Run codegen	2025-12-03 20:47:05 +01:00
Tom Hvitved	a707527022	Address review comments in `annotations.py`	2025-12-03 20:46:30 +01:00
Geoffrey White	2665d8395a	Merge pull request #20939 from geoffw0/saltmodel Rust: Add heuristic sinks for passwords, initialization vectors etc	2025-12-03 18:01:48 +00:00
Tom Hvitved	ca9d327280	Merge pull request #20915 from hvitved/content-flow-ap-limit Shared: Improvements to content-sensitive model generation	2025-12-03 15:54:57 +01:00
Michael Nebel	a903420122	C#: Add change note.	2025-12-03 15:49:37 +01:00
Michael Nebel	0d08f24a2d	C#: Invoke the extractor after the compiler to ensure that source generators have been executed.	2025-12-03 15:49:35 +01:00
yoff	7fd4755e93	Merge pull request #20919 from yoff/python/header-splitting-experiments Python: detecting header splitting in synthetic app	2025-12-03 15:48:54 +01:00
Tom Hvitved	3ba256a72a	C#/Java: Go back to access path limit 2	2025-12-03 15:05:02 +01:00
Anders Schack-Mulligen	78e1879c9e	Use more flowTo.	2025-12-03 14:12:08 +01:00
Anders Schack-Mulligen	dc6d3fe7ba	Use flowFrom.	2025-12-03 14:04:18 +01:00
Anders Schack-Mulligen	4191b18410	Dataflow: Add flowFrom predicates to mirror flowTo.	2025-12-03 13:46:44 +01:00
Simon Friis Vindum	299fed5901	Rust: Apply fixes from code review	2025-12-03 13:04:54 +01:00
Simon Friis Vindum	a05d0a906c	Rust: Add change note for raw pointer type inference	2025-12-03 11:56:54 +01:00
Michael Nebel	c1793ab529	C#: Code quality improvement.	2025-12-03 11:48:32 +01:00
Paolo Tranquilli	5784a216a2	Merge pull request #20810 from github/redsun82/update-bazel Bazel: update to 8.4.2	2025-12-03 11:45:38 +01:00
Geoffrey White	3028e5dac0	Rust: CallExpr -> Call.	2025-12-02 17:31:35 +00:00
Owen Mansel-Chan	e710c150de	Add change note	2025-12-02 17:12:05 +00:00
Owen Mansel-Chan	a85d0ea8a3	Make tests pass	2025-12-02 17:08:16 +00:00
Owen Mansel-Chan	8fd8fc07b7	Add failing tests for more regex match methods	2025-12-02 17:06:34 +00:00
Owen Mansel-Chan	566aa8f201	Refactor regex sanitizer Move it to Sanitizers.qll and rename it to be more general (mostly following Go).	2025-12-02 16:04:39 +00:00
Michael Nebel	3197b50da7	C#: Address review comments.	2025-12-02 16:16:29 +01:00
Simon Friis Vindum	236df0ab65	Rust: Accept changes to expected files	2025-12-02 15:07:54 +01:00
Michael Nebel	1d9b88de8b	C#: Comment back in the .NET 10 tests.	2025-12-02 14:59:45 +01:00
Simon Friis Vindum	ea1b0a8476	Rust: Fix path resolution for raw pointer types	2025-12-02 14:43:52 +01:00
Simon Friis Vindum	c15e12c9ff	Rust: Accept test changes	2025-12-02 14:43:51 +01:00
Simon Friis Vindum	785025f1e3	Rust: Type inference for raw pointers	2025-12-02 14:43:50 +01:00
Michael Nebel	4a6ae216a4	C#: Gracefully handle non-zero exitcodes for dotnet --info.	2025-12-02 14:42:00 +01:00
Owen Mansel-Chan	e52f819df0	Merge pull request #20949 from owen-mc/go/reinstate-dummy-test Go: Reinstate dummy test so consistency tests are run	2025-12-02 12:55:36 +00:00
Simon Friis Vindum	3e7a7d541b	Rust: Include certain types in type inference tests	2025-12-02 13:16:33 +01:00
Simon Friis Vindum	6a2502c97a	Rust: Add type inference tests for raw pointers	2025-12-02 13:14:09 +01:00

1 2 3 4 5 ...

84632 Commits