codeql

mirror of https://github.com/github/codeql.git synced 2026-04-26 17:25:19 +02:00

Author	SHA1	Message	Date
Nora Dimitrijević	4199859eaa	Merge pull request #20079 from d10c/d10c/diff-informed-phase-3-python Python: Diff-informed queries: phase 3 (non-trivial locations)	2025-08-18 09:33:57 +02:00
Napalys Klicius	b19d1e0f57	Merge pull request #20151 from Napalys/js/command-line-libs JS: Enhance command injection detection for CLI argument parsing libraries	2025-08-18 09:32:29 +02:00
Napalys Klicius	b2346183d6	Merge pull request #20148 from Napalys/js/reg-exp-env-variable-threat-model JS: Exclude environment variables from `js/regex-injection` query by default	2025-08-18 09:32:15 +02:00
Nora Dimitrijević	bb9daa00c3	Merge pull request #20072 from d10c/d10c/diff-informed-phase-3-actions Actions: Diff-informed queries: phase 3 (non-trivial locations)	2025-08-15 14:05:44 +02:00
Jeroen Ketema	84119baa50	Merge pull request #20223 from jketema/go-1.25-doc Go: Mention Go 1.25 as supported	2025-08-15 13:47:40 +02:00
Nora Dimitrijević	0512940c0c	Merge pull request #20075 from d10c/d10c/diff-informed-phase-3-go Go: Diff-informed queries: phase 3 (non-trivial locations)	2025-08-15 12:23:53 +02:00
Nora Dimitrijević	8000e7c442	Merge pull request #20074 from d10c/d10c/diff-informed-phase-3-csharp C#: Diff-informed queries: phase 3 (non-trivial locations)	2025-08-15 12:07:47 +02:00
Nora Dimitrijević	126d24a522	[DIFF-INFORMED] Actions: EnvVarInjection https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/Security/CWE-077/EnvVarInjectionMedium.ql#L35 https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/Security/CWE-077/EnvVarInjectionCritical.ql#L46	2025-08-15 11:11:12 +02:00
Nora Dimitrijević	f1445eb52f	[DIFF-INFORMED] Actions: EnvPathInjection https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/Security/CWE-077/EnvPathInjectionMedium.ql#L30 https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/Security/CWE-077/EnvPathInjectionCritical.ql#L37	2025-08-15 11:11:07 +02:00
Nora Dimitrijević	f1b995a736	[DIFF-INFORMED] Actions: CommandInjection https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/experimental/Security/CWE-078/CommandInjectionMedium.ql#L24 https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/experimental/Security/CWE-078/CommandInjectionCritical.ql#L28	2025-08-15 11:11:03 +02:00
Nora Dimitrijević	418e4b4a3a	[DIFF-INFORMED] Actions: CodeInjection Query: https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/Security/CWE-349/CachePoisoningViaCodeInjection.ql#L46	2025-08-15 11:10:58 +02:00
Nora Dimitrijević	bbda2902be	[DIFF-INFORMED] Actions: ArtifactPoisoning Queries: - https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/Security/CWE-829/ArtifactPoisoningMedium.ql#L23 - https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/Security/CWE-829/ArtifactPoisoningCritical.ql#L26	2025-08-15 11:10:42 +02:00
Nora Dimitrijević	896819fdf3	[DIFF-INFORMED] Actions: ArgumentInjection Query: - https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/experimental/Security/CWE-088/ArgumentInjectionMedium.ql#L23 - https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/experimental/Security/CWE-088/ArgumentInjectionCritical.ql#L27	2025-08-15 11:10:14 +02:00
Michael B. Gale	ec605b2c95	Merge pull request #20229 from github/mbg/ci/fix/csharp-create-extractor-pack C#: Replace input interpolation with environment variable	2025-08-15 09:19:41 +01:00
Michael B. Gale	e1ffb323a0	C#: Replace input interpolation with environment variable	2025-08-15 09:00:28 +01:00
Tom Hvitved	f1bff93bc5	Merge pull request #20203 from hvitved/rust/if-let-chain-test Rust: Handle chained `let` expressions	2025-08-14 19:51:43 +02:00
Anders Schack-Mulligen	b67394a450	Merge pull request #20183 from aschackmull/java/barrierguard-wrappers Java: Enable BarrierGuard wrappers	2025-08-14 16:06:21 +02:00
Tom Hvitved	5c0300cbdf	Merge pull request #20224 from hvitved/rust/remove-extractor-resolution-references Rust: Remove references to `getResolvedPath` and `getExtendedCanonicalPath`	2025-08-14 14:45:33 +02:00
Tom Hvitved	d09645bc96	Add change note	2025-08-14 14:38:44 +02:00
Geoffrey White	6951f585c8	Merge pull request #20226 from geoffw0/stdlib Rust: Update StartswithCall to use getCanonicalPath	2025-08-14 13:04:30 +01:00
Geoffrey White	02b9229be7	Rust: Update StartswithCall.	2025-08-14 12:09:49 +01:00
Geoffrey White	6941e7fef1	Rust: Add tags to intermediate steps in the test.	2025-08-14 11:37:22 +01:00
Geoffrey White	ecf0e08f55	Rust: Add some more path injection test case variants.	2025-08-14 11:05:48 +01:00
Tom Hvitved	51fb2157ef	Rust: Remove references to `getResolvedPath` and `getExtendedCanonicalPath`	2025-08-14 11:31:42 +02:00
Jeroen Ketema	28f2157a8c	Go: Mention Go 1.25 as supported	2025-08-14 10:49:19 +02:00
Tom Hvitved	f63e55c1fd	Rust: Handle chained `let` expressions	2025-08-14 10:36:43 +02:00
Tom Hvitved	fd1d9401c0	Rust: Add tests for chained `let` expressions	2025-08-14 10:36:41 +02:00
Jeroen Ketema	72c89ec076	Merge pull request #20218 from MathiasVP/fix-guard-conditions-for-likely C++: Improvements to `IRGuard`s	2025-08-14 10:24:48 +02:00
Jon Janego	603f0f2d55	Merge pull request #20219 from github/changedocs-2.22.3 Sitedocs for 2.22.3	2025-08-13 11:54:05 -05:00
Jon Janego	cc302c0d1d	Sitedocs for 2.22.3	2025-08-13 11:32:31 -05:00
Mathias Vorreiter Pedersen	39f5e33dea	C++: Accept more test changes.	2025-08-13 17:46:06 +02:00
Mathias Vorreiter Pedersen	9c3bb87b89	C++: Add change note.	2025-08-13 16:42:39 +02:00
Mathias Vorreiter Pedersen	9ee313ff0a	C++: Remove code that is now subsumed.	2025-08-13 16:29:49 +02:00
Mathias Vorreiter Pedersen	bf4a84ba8f	C++: Drive-by: Add forgotten disjuncts involving '__builtin_expect'.	2025-08-13 16:29:42 +02:00
Mathias Vorreiter Pedersen	e6cd27a992	C++: Skip non-Boolean instructions in the new inference step.	2025-08-13 16:20:21 +02:00
Mathias Vorreiter Pedersen	e67b6d6c9a	C++: Add another inference step.	2025-08-13 16:20:19 +02:00
Jeroen Ketema	ff288d799e	Merge pull request #20210 from github/jketema/go-1.25 Go: Update Go version to 1.25.0	2025-08-13 16:07:36 +02:00
Chuan-kai Lin	4c263c0535	Merge pull request #20047 from github/cklin/alert-filtering-qldoc Shared: Overhaul the AlertFiltering QLDoc	2025-08-13 06:58:38 -07:00
Jeroen Ketema	4b215d50e2	Go: Update `maxGoVersion` in the autobuilder	2025-08-13 14:09:53 +02:00
Jeroen Ketema	5e2a5600a7	Update `go_rules` to the latest version This version includes https://github.com/bazel-contrib/rules_go/pull/4397 which addresses the build fialure we were seeing.	2025-08-13 13:40:14 +02:00
Jeroen Ketema	976ef99d60	Go: Request go1.25.0 toolchain	2025-08-13 13:39:35 +02:00
Jeroen Ketema	4baf115c3a	Go: Use Go 1.25.0 to build the Go extractor	2025-08-13 13:39:34 +02:00
Jeroen Ketema	d5f8289bcd	Go: Update Go version in tests to 1.25.0	2025-08-13 13:39:32 +02:00
Jeroen Ketema	653a99779e	Merge pull request #20216 from github/redsun82/rust-fix-bazel Bazel: regenerate cargo vendored files	2025-08-13 13:36:20 +02:00
Tom Hvitved	dc6e76a0d7	Merge pull request #20182 from hvitved/rust/type-inference-tuple-types-follow-up Rust: Unify type inference for tuple indexing expressions	2025-08-13 13:32:53 +02:00
Paolo Tranquilli	ea320c2a7b	Bazel: regenerate cargo vendored files	2025-08-13 13:30:01 +02:00
Mathias Vorreiter Pedersen	a27135495c	C++: Add tests.	2025-08-13 12:54:23 +02:00
Jeroen Ketema	fcbd333144	Merge pull request #20215 from github/redsun82/rust-fix-bazel Rust: regenerate bazel files	2025-08-13 12:40:03 +02:00
Paolo Tranquilli	c997b29c1e	Rust: regenerate bazel files	2025-08-13 11:51:11 +02:00
Geoffrey White	17b468239b	Merge pull request #20208 from geoffw0/sqlmodels Rust: Fill some gaps in our database models.	2025-08-13 08:54:23 +01:00

1 2 3 4 5 ...

81744 Commits