hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-20 20:31:09 +02:00
Code Issues Packages Projects Releases Wiki Activity
88,112 Commits 1,785 Branches 169 Tags
451fc2e4e7c379323c082caaee7ef82fd712b422
Commit Graph

88112 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Owen Mansel-Chan
451fc2e4e7 Undo conversion for queries that import LegacyPointsTo 2026-06-19 12:22:42 +01:00
Owen Mansel-Chan
5497f2c5fe Convert Python qlref tests to inline expectations 2026-06-19 12:22:40 +01:00
Owen Mansel-Chan
1496fb6b12 Shared: allow comment starting with # after inline expectation comment 2026-06-19 11:20:30 +01:00
Michael Nebel
2686026608 Merge pull request #21993 from michaelnebel/csharp/dropmono 
C#: Only use `nuget.exe` on Windows or machines with Mono.
 2026-06-19 09:53:04 +02:00
Owen Mansel-Chan
1d69c30ec1 Merge pull request #22010 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2026-06-19 03:26:14 +01:00
github-actions[bot]
65a3153066 Add changed framework coverage reports 2026-06-19 01:06:45 +00:00
Anders Schack-Mulligen
779309edb1 Merge pull request #21999 from aschackmull/cfg/parameter-pattern 
Cfg: Distinguish parameters from their patterns.
 2026-06-18 15:18:22 +02:00
Jeroen Ketema
5016fcb396 Merge pull request #21995 from jketema/jketema/tele 
Java: Update expected test results after extractor changes
 2026-06-18 12:51:29 +02:00
Michael Nebel
142a72c77b C#: Address review comments. 2026-06-18 12:48:09 +02:00
Owen Mansel-Chan
330e904449 Merge pull request #22004 from sauyon/go-model-log-slog 
Go: Model `log/slog` as a logging sink
 2026-06-18 11:20:08 +01:00
Anders Schack-Mulligen
f844cd3754 Java/C#: Adapt to signature change. 2026-06-18 11:00:30 +02:00
Anders Schack-Mulligen
3a3ec1be90 Cfg: Distinguish parameters from their patterns. 2026-06-18 11:00:30 +02:00
Michael Nebel
c747352f41 C#: Fix some code quality issues by replacing Path.Combine with Path.Join. 2026-06-18 08:28:58 +02:00
Michael Nebel
dfdd12190e C#: Rename NugetExeWrapper to PackagesConfigRestorer. 2026-06-18 08:28:56 +02:00
Michael Nebel
63057db753 C#: Only download and use nuget.exe in case of windows or mono is installed. 2026-06-18 08:28:54 +02:00
Michael Nebel
21f8caf153 C#: Re-factor the NugetExeWrapper, introduce an interface and a factory method for constructing package config restorers. 2026-06-18 08:28:51 +02:00
Michael Nebel
9b34cfa362 C#: Invert logic in HasPackageSource. 2026-06-18 08:28:49 +02:00
Michael Nebel
944d76de44 C#: Use the build actions IsWindows in the NugetExeWrapper. 2026-06-18 08:28:47 +02:00
sauyon
b7ef551b52 Address review: exercise variadic args/attrs in slog Log/LogAttrs tests 
Copilot review on #22004: the Log/LogAttrs test cases didn't pass any
variadic args/attrs, so the Argument[..3] portion of the sink range was
untested. Pass an ...any arg to slog.Log/Logger.Log and a slog.Attr to
slog.LogAttrs/Logger.LogAttrs, with inline expectations asserting they're
captured as logged components.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
 2026-06-17 20:27:00 -07:00
sauyon
00427d204c Go: Model log/slog as a logging sink 
The standard-library structured logger `log/slog` (Go 1.21+) was not
modeled, so `go/log-injection` and `go/clear-text-logging` were blind to
any code that logs through it.

Model its logging functions and `*slog.Logger` methods — `Debug`, `Info`,
`Warn`, `Error`, their `Context` variants, and `Log`/`LogAttrs` — as
`log-injection` sinks (the kind that feeds `LoggerCall`, powering both
queries). Adds `log/slog` cases to the `LoggerCall` library test.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
 2026-06-17 20:02:29 -07:00
Owen Mansel-Chan
e618883866 Merge pull request #21969 from github/copilot/investigate-missing-alerts 
Python: Track instance attributes through type tracking
 2026-06-18 00:04:45 +01:00
Owen Mansel-Chan
c7c1eca415 Merge branch 'main' into copilot/investigate-missing-alerts 2026-06-17 22:54:22 +01:00
Mathias Vorreiter Pedersen
3dd3e2c643 Merge pull request #21998 from MathiasVP/fix-autogenerated-dbschemes 
Shared/Python: #21935 follow up
 2026-06-17 17:30:20 +01:00
Mathias Vorreiter Pedersen
55f2f041ee Shared: Ensure that YAML comment extraction is properly reflected in the dbscheme template. 2026-06-17 17:05:04 +01:00
Mathias Vorreiter Pedersen
004a5b4645 Python: Ensure that YAML comment extraction is properly reflected in the dbscheme template. 2026-06-17 17:04:43 +01:00
Jeroen Ketema
fefe01ecbf Java: Update expected test results after extractor changes 2026-06-17 17:40:23 +02:00
Sotiris Dragonas
7960c5c291 Merge pull request #21953 from github/bazookamusic/cwe-1427 
[Javascript] Prompt Injection queries
 2026-06-17 18:05:18 +03:00
Sotiris Dragonas
57f20064ba Merge branch 'main' into bazookamusic/cwe-1427 2026-06-17 17:12:20 +03:00
Owen Mansel-Chan
1f9899d7db Extend added type tracking step to related types 2026-06-17 15:04:53 +01:00
Owen Mansel-Chan
dd61dd2d74 Fix FP for py/modification-of-locals 2026-06-17 14:24:18 +01:00
Owen Mansel-Chan
47c2c9e763 Add test for FP for py/modification-of-locals 2026-06-17 14:22:42 +01:00
Michael B. Gale
1cb5be52d0 Merge branch 'add-yaml-comments' 2026-06-17 13:59:08 +01:00
Owen Mansel-Chan
ea7510bf72 Refactor ReExposedInstance logic into one place 2026-06-17 13:10:47 +01:00
Owen Mansel-Chan
415857cacb Fix FP for py/should-use-with 2026-06-17 13:01:36 +01:00
Sotiris Dragonas
ac3e38e7ad Merge branch 'main' into bazookamusic/cwe-1427 2026-06-17 14:55:35 +03:00
Owen Mansel-Chan
d72144646a Add test for FP for py/should-use-with 2026-06-17 12:55:17 +01:00
Sotiris Dragonas
b15a1afa24 Merge branch 'bazookamusic/cwe-1427' of https://github.com/github/codeql into bazookamusic/cwe-1427 2026-06-17 14:55:04 +03:00
Sotiris Dragonas
c444f41a3f 1. Enable inline expectations for tests 
2. Add annotations for sources
2. Fix a modelling issue in the openai library - missing coverage for a legacy method when moving to MaDs and a mistake in the assistants.create models
 2026-06-17 14:53:48 +03:00
Owen Mansel-Chan
199fd864ad Fix FP for py/file-not-closed 2026-06-17 12:36:04 +01:00
Henry Mercer
929870d828 Merge pull request #21994 from github/henrymercer/mergeback-rc-3-22-into-main 
Merge `rc/3.22` into `main`
 2026-06-17 12:21:52 +01:00
Owen Mansel-Chan
1154db4f86 Merge pull request #21957 from owen-mc/go/fix-result-node 
Go: fix `DataFlow::ResultNode` and some related things
 2026-06-17 12:20:27 +01:00
Owen Mansel-Chan
890969433f Add test for FP for py/file-not-closed 2026-06-17 12:19:03 +01:00
Mathias Vorreiter Pedersen
71daa20313 Merge branch 'main' into add-yaml-comments 2026-06-17 12:07:21 +01:00
Owen Mansel-Chan
0a065c93de Update QLDoc for ResultNode 2026-06-17 11:03:23 +01:00
Owen Mansel-Chan
6161922ba4 Merge pull request #21940 from owen-mc/go/unhandled-writable-file-close 
Go: Improve precision of `go/unhandled-writable-file-close`
 2026-06-17 10:58:08 +01:00
Owen Mansel-Chan
df416fa542 Merge pull request #21977 from owen-mc/code-owners-actions 
Make alert coverage team the code owners for `/actions/`
 2026-06-17 10:56:52 +01:00
Sotiris Dragonas
274f014d31 Merge branch 'main' into bazookamusic/cwe-1427 2026-06-17 12:53:03 +03:00
Sotiris Dragonas
b9025a54af Fix prompt injection severity 2026-06-17 12:52:33 +03:00
Henry Mercer
1d11151135 Merge rc/3.22 into main 2026-06-17 10:41:44 +01:00
Jeroen Ketema
e6e5f0dffd Merge pull request #21992 from jketema/jketema/swift-filter 
Swift: Filter more clang options not recognized by off-the-shelf clang
 2026-06-17 11:32:58 +02:00