hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-11 20:51:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
85,640 Commits 1,689 Branches 160 Tags
5531ef9bc15cbd9dd348f3ea0b583e89f3fc2a24
Commit Graph

85640 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
5531ef9bc1 C++: Accept test changes. 2026-02-03 11:17:23 +00:00
Mathias Vorreiter Pedersen
cbc2dbc14d C++: Add flow sources and summary models. 2026-02-03 11:14:16 +00:00
Mathias Vorreiter Pedersen
208cf716dc C++: Add tests with tests for remote flow sources from the Win32 API and from the Azure SDK. 2026-02-03 11:13:45 +00:00
Owen Mansel-Chan
5204255615 Merge pull request #21234 from owen-mc/python/convert-sanitizers-to-mad 
Python: Allow models-as-data sanitizers
 2026-01-30 14:28:39 +00:00
Owen Mansel-Chan
0222159df5 Specify vulnerable args instead of safe ones 2026-01-30 14:10:03 +00:00
Mathias Vorreiter Pedersen
16670511de Merge pull request #21239 from MathiasVP/logical-binary-fix-guards-cpp 
C++: Ensure that there are AST `GuardCondition`s for `||` and `&&`
 2026-01-30 13:50:55 +00:00
Mathias Vorreiter Pedersen
5f079c1d51 C++: Add change note. 2026-01-30 12:19:28 +00:00
yoff
8c0baefd3b Merge pull request #21141 from mbaluda/prompt-injection 
Python: Prompt injection in OpenAI clients
 2026-01-30 12:55:56 +01:00
Anders Peter Fugmann
78495035a6 Merge pull request #20965 from github/andersfugmann/kotlin_2.3.0-beta2 
Kotlin: Support Kotlin 2.3.0
 2026-01-30 11:37:19 +01:00
Owen Mansel-Chan
a3885cd8b2 Replace sanitizer by exclusion from sink definition 2026-01-30 09:28:02 +00:00
Owen Mansel-Chan
b4cb2c3f13 Make qldoc slightly more specific 2026-01-30 09:28:01 +00:00
Owen Mansel-Chan
ef6332c581 Allow MaD sanitizers for queries with MaD sinks 2026-01-30 09:27:59 +00:00
Owen Mansel-Chan
ad6f800022 Pretty print model numbers in tests 2026-01-30 09:21:24 +00:00
Owen Mansel-Chan
e5f52f086c Merge pull request #21235 from owen-mc/shared/docs/provenance-path-graph 
Shared: Add missing QLDocs
 2026-01-30 09:02:48 +00:00
Jon Janego
18a2aca42f Merge pull request #21237 from github/urllib-typo-fix 
Urllib typo fix
 2026-01-29 17:32:12 -06:00
yoff
e7a0fc7140 python: Add query for prompt injection 
This pull request introduces a new CodeQL query for detecting prompt injection vulnerabilities in Python code targeting AI prompting APIs such as agents and openai. The changes includes a new experimental query, new taint flow and type models, a customizable dataflow configuration, documentation, and comprehensive test coverage.
 2026-01-29 23:47:52 +01:00
Jon Janego
f14ccd8c81 Fix typo in taint flow model for urllib.parse 2026-01-29 16:21:14 -06:00
Jon Janego
e54d7c7c73 Update CHANGELOG.md 2026-01-29 16:20:25 -06:00
Jon Janego
813d4639ca Fix typo in taint flow model for urllib.parse 2026-01-29 16:18:21 -06:00
Owen Mansel-Chan
8b936c5dbe Add missing QLDocs 2026-01-29 16:45:23 +00:00
Taus
34800d1519 Merge pull request #20945 from joefarebrother/python-websockets 
Python: Model remote flow sources for the `websockets` library
 2026-01-29 15:47:46 +01:00
Jon Janego
1644376cc9 Merge pull request #21222 from github/codeql-spark-run-21376405640 
Update changelog documentation site
 2026-01-29 08:44:11 -06:00
Mathias Vorreiter Pedersen
1b1c9c680c Merge pull request #21227 from MathiasVP/postfix-fix 
C++: Get rid of an ugly workaround in dataflow
 2026-01-29 12:25:02 +00:00
Mathias Vorreiter Pedersen
61a53fadc0 C++: Fix spelling. 2026-01-29 11:50:44 +00:00
Mathias Vorreiter Pedersen
25647badbd C++: Fix the AST wrapper for binary logical operators. 2026-01-28 14:06:10 +00:00
Mathias Vorreiter Pedersen
6445fd805d C++: Fix IR -> AST mapping for basic blocks. 2026-01-28 14:01:34 +00:00
Owen Mansel-Chan
a35e7b27af Merge pull request #21226 from owen-mc/java/update-qhelp-unrelease-lock 
Java: Improve qhelp for `java/unreleased-lock` and add lock type exclusion
 2026-01-28 09:46:31 +00:00
Anders Fugmann
ab495fa843 Kotlin: Inline cast 2026-01-28 10:11:22 +01:00
Anders Fugmann
2320d502db Kotlin: Address detections from kotin internal queries 2026-01-28 10:11:21 +01:00
Anders Fugmann
31867a56fb Kotlin: Accept test changes 
Accept test changes from Kotlin 2.3.0 update

Updates expected test outputs for kotlin2 library tests to match
actual compiler output. Changes include:
- Location adjustments for properties/methods (now point to identifiers)
- CastExpr -> ImplicitCastExpr for implicit type casts
- Removed duplicate BlockStmt entries in loop ASTs
- Super constructor call location changes

Note that in Kotlin 2.3.0 super constructor calls now have locations spanning
entire class declarations instead of the actual super call site.
 2026-01-28 10:11:21 +01:00
Anders Fugmann
86d9c349ec Kotlin: Accept test changes 2026-01-28 10:11:21 +01:00
Anders Fugmann
59fa01e386 Kotlin: Add bitwise 'and' operation expected by Kotlin 2.3 compiler to exist in the stdlib 2026-01-28 10:11:20 +01:00
Anders Fugmann
a6f8af0de5 Kotlin: Accept column location changes in tests 2026-01-28 10:11:20 +01:00
Anders Fugmann
f6f5b7e1e9 Kotlin: Accept test changes after rebasing to include changes from https://github.com/github/codeql/pull/21216 2026-01-28 10:11:19 +01:00
Anders Fugmann
275724000b Kotlin: Update kotlin serialization integration test to use Kotlin compiler 1.8.10 and accept test changes 2026-01-28 09:30:22 +01:00
Anders Fugmann
939f3e83aa Kotlin: Update kotlin compiler version in integration tests 2026-01-28 09:30:22 +01:00
Anders Fugmann
d69fe20d7d Kotlin: Bump upper bound for supported kotlin version in integration test 2026-01-28 09:30:22 +01:00
Anders Fugmann
9f5de6b4f2 Kotlin: Bump versions in documentation 2026-01-28 09:30:21 +01:00
Anders Fugmann
6d60595d73 Kotlin: Add changenotes for Kotlin 2.3 support and removal of support for Kotlin 1.6 and 1.7 2026-01-28 09:30:21 +01:00
Anders Fugmann
e1f3d5b374 Kotlin: Do not skip writing of getter and setters if the local deligate is null 2026-01-28 09:30:20 +01:00
Anders Fugmann
5cdfb77504 Kotlin: Add additional warning suppresion to v1_9_0 and remove copy in v2_3_0 2026-01-28 09:30:20 +01:00
Anders Fugmann
8ee35231c2 Kotlin: Remove support for Kotlin versions 1.6 and 1.7 
This change rolls up all files from v1_6_0, v1_6_20, v1_7_0 and v_1_7_20.
In addition, versioned files that are not overridden by any later Kotlin versions (i.e. files that only have one copy under utils/versions) are inlined and removed to simplify list of changes.

List of removed/inlined files:
     allOverriddenIncludingSelf.kt
     copyTo.kt
     ExperimentalCompilerApi.kt
     getFileClassFqName.kt
     IsUnderscoreParameter.kt
     ReferenceEntity.kt
     SyntheticBodyKind.kt
     Types.kt
     withHasQuestionMark.kt
 2026-01-28 09:30:20 +01:00
Anders Fugmann
55525279ca Kotlin: Remove obsolete file 2026-01-28 09:30:19 +01:00
Anders Fugmann
4d7c84178a Kotlin: Fix spelling 2026-01-28 09:30:19 +01:00
Anders Fugmann
eb37255c4b Kotlin: Create IrSimpleType factory function to support constructor changes introduced in Kotlin 2.3 2026-01-28 09:30:18 +01:00
Anders Fugmann
164cae845d Kotlin: Strip prefix when building plugin 2026-01-28 09:30:18 +01:00
Anders Fugmann
b8d01ed21b Kotlin: Fix bazel format and address copilot review comments 2026-01-28 09:30:18 +01:00
Anders Fugmann
cc25d30fed Kotlin: Update compiler plugin for Kotlin 2.3.0 2026-01-28 09:30:17 +01:00
Anders Fugmann
07e5479aff Kotlin: Add support for Kotlin 2.3.0 2026-01-28 09:30:17 +01:00
Anders Fugmann
bc419fd35c Kotlin: Silence compilation warnings 2026-01-28 09:30:16 +01:00