Paolo Tranquilli
cf317edfbb
Just: modernize justfiles for just 1.48.1
...
Use f-strings instead of `+` concatenation, remove `set unstable`
(all previously unstable features are now stable), and add `[parallel]`
to swift `extra-tests` recipe.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com >
2026-04-02 17:26:00 +02:00
Paolo Tranquilli
b4dac99920
Just: add integration-tests justfiles for all languages
...
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com >
2026-04-02 15:17:21 +02:00
Paolo Tranquilli
8a896ef775
Merge remote-tracking branch 'origin/main' into redsun82/just2
2026-04-02 14:31:09 +02:00
Paolo Tranquilli
72d9afeb34
Just: port csharp, go, javascript and ruby to new language test definition
...
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com >
2026-04-02 12:10:05 +02:00
Óscar San José
59eec7ffa2
Merge branch 'main' of https://github.com/github/codeql into post-release-prep/codeql-cli-2.25.1
2026-03-30 10:51:12 +02:00
github-actions[bot]
ce6e6d5db3
Post-release preparation for codeql-cli-2.25.1
2026-03-30 08:43:48 +00:00
github-actions[bot]
fb011842c9
Release preparation for version 2.25.1
2026-03-25 23:43:06 +00:00
github-actions[bot]
8cf0954796
Release preparation for version 2.25.1
2026-03-25 08:28:30 +00:00
Tom Hvitved
cc99867969
Merge pull request #21511 from hvitved/ruby/empty-stats
...
Ruby: Use empty DB stats
2026-03-24 08:25:43 +01:00
Tom Hvitved
4b364639a2
Ruby: Fix join orders following DB stats removal
2026-03-20 13:13:38 +01:00
Óscar San José
2139b97628
Merge branch 'main' into post-release-prep/codeql-cli-2.25.0
2026-03-19 13:07:00 +01:00
Tom Hvitved
750f1ae8e9
Ruby: Use empty DB stats
2026-03-19 10:18:42 +01:00
github-actions[bot]
e3dbf5b022
Post-release preparation for codeql-cli-2.25.0
2026-03-16 16:03:22 +00:00
github-actions[bot]
d6055754b6
Release preparation for version 2.25.0
2026-03-16 12:15:34 +00:00
Owen Mansel-Chan
52809133f5
Add change notes
2026-03-13 11:10:43 +00:00
Owen Mansel-Chan
056aa342fe
Change @security-severity for log injection queries from 7.8 to 6.1
2026-03-13 10:02:01 +00:00
Owen Mansel-Chan
f58a6e5d3a
Change @security-severity for XSS queries from 6.1 to 7.8
2026-03-13 10:01:02 +00:00
Óscar San José
3b9eba2afc
Merge branch 'main' of https://github.com/github/codeql into oscarsj/merge-back-rc-3.21
2026-03-06 16:20:36 +01:00
Owen Mansel-Chan
c82f75604a
Add change notes
2026-03-05 10:34:30 +00:00
Owen Mansel-Chan
1950fd33db
Ruby: Inline expectation should have space before $
2026-03-04 13:11:41 +00:00
Owen Mansel-Chan
6001c735ff
Ruby: Inline expectation should have space after $
...
This was a regex-find-replace from `# \$(?! )` (using a negative lookahead) to `# $ `.
2026-03-04 12:45:06 +00:00
github-actions[bot]
e152f08468
Post-release preparation for codeql-cli-2.24.3
2026-03-02 22:51:27 +00:00
github-actions[bot]
7795badd18
Release preparation for version 2.24.3
2026-03-02 13:23:40 +00:00
Owen Mansel-Chan
12bd709219
Merge pull request #21341 from owen-mc/rb/accept-mad-sanitizers
...
Ruby: Accept MaD sanitizers for queries with MaD sinks and convert some existing sanitizers
2026-02-23 11:44:05 +00:00
Owen Mansel-Chan
1d6b8c5120
Use postprocessing queries for unrelated test
...
Need to do this because the model numbering was changing. At the same
time we may as well use inline expectations.
2026-02-18 13:49:53 +00:00
Owen Mansel-Chan
05d681fe19
Update taintstep test for models becoming MaD
2026-02-18 13:49:50 +00:00
Owen Mansel-Chan
f577e973bc
Update other test in same folder
2026-02-18 13:39:06 +00:00
Owen Mansel-Chan
1bff7a3eb8
Add change note
2026-02-17 22:29:35 +00:00
Owen Mansel-Chan
eb7f1989c7
Reinstate ql model for String#shellescape
2026-02-17 22:27:15 +00:00
Owen Mansel-Chan
de5470a85c
Add MaD barriers for Shellwords.escape and shellescape
...
Note that this will only block flow for queries that use the kind `command-injection`.
2026-02-17 22:27:13 +00:00
Owen Mansel-Chan
b3681f7a0c
Model flow through Shellwords escape and shellescape
2026-02-17 22:27:11 +00:00
Owen Mansel-Chan
6294c3b3b8
Remove Shellwords sanitizer in ql
...
Note that some sanitizers had no effect because flow through those functions wasn't modeled.
2026-02-17 22:27:10 +00:00
Owen Mansel-Chan
4aee99f0eb
Reinstate SQLite3 sanitizer in MaD
2026-02-17 22:27:08 +00:00
Owen Mansel-Chan
5df695bec9
Move SQLite3 flow model to MaD and remove ql sanitizer
2026-02-17 22:27:06 +00:00
Owen Mansel-Chan
1fa183ee2a
Improve Sqlite3 test
2026-02-17 22:27:04 +00:00
Owen Mansel-Chan
d4bb92b038
Reinstate Mysql2 sanitizer in MaD
2026-02-17 22:27:03 +00:00
Owen Mansel-Chan
3e4f42f8a3
Move Mysql2 flow model to MaD and remove ql sanitizer
2026-02-17 22:27:01 +00:00
Owen Mansel-Chan
fc429c1757
Improve Mysql2 test
2026-02-17 22:27:00 +00:00
Owen Mansel-Chan
1d7a39a093
Change how sql-injection barriers are accepted
2026-02-17 22:26:58 +00:00
Owen Mansel-Chan
3dc465f167
Accept MaD sanitizers for queries with MaD sinks
2026-02-17 12:48:36 +00:00
github-actions[bot]
b5898c5a30
Post-release preparation for codeql-cli-2.24.2
2026-02-16 17:07:45 +00:00
github-actions[bot]
ef04f927fb
Release preparation for version 2.24.2
2026-02-16 13:29:25 +00:00
Simon Friis Vindum
bf02e478fd
Rust: Comment out tests with parse errors
2026-02-12 14:49:09 +01:00
Simon Friis Vindum
218585b52a
Ruby: Add additonal tests with operators at the start of lines
2026-02-12 12:30:43 +01:00
Simon Friis Vindum
a27d20dbcd
Rust: Add test cases for binary operator at start of line
2026-02-12 09:31:59 +01:00
github-actions[bot]
73d06f26cb
Post-release preparation for codeql-cli-2.24.1
2026-02-02 14:04:26 +00:00
github-actions[bot]
0db542e9f0
Release preparation for version 2.24.1
2026-02-02 12:09:09 +00:00
Tom Hvitved
b974a84bef
Merge pull request #21051 from hvitved/shared/flow-summary-provenance-filtering
...
Shared: Provenance-based filtering of flow summaries
2026-01-26 17:24:34 +01:00
Tom Hvitved
0f6bae0ae1
Add change notes
2026-01-26 12:40:22 +01:00
Tom Hvitved
c975ae5231
Ruby: Adapt to changes in FlowSummaryImpl
2026-01-26 12:40:14 +01:00
