hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 08:43:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
81,788 Commits 1,670 Branches 157 Tags
57378ec4e4fea5949e18db35b4c84123ad950065
Commit Graph

81788 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Chris Smowton
57378ec4e4 Merge pull request #20240 from github/release-prep/2.22.4 
Release preparation for version 2.22.4
codeql-cli/v2.22.4 		2025-08-18 15:09:03 +01:00
github-actions[bot]
90d29994c8 Release preparation for version 2.22.4 2025-08-18 14:06:09 +00:00
Tom Hvitved
f1ca0ecc3c Merge pull request #20233 from hvitved/rust/remove-tc 
Rust: Remove TC from `ImplTraitTypeRepr.isInReturnPos`
 2025-08-18 14:46:26 +02:00
Ian Lynagh
fd020b52e4 Merge pull request #20232 from igfoo/igfoo/SloppyGlobal 
C++: SloppyGlobal: Don't alert on template instantiations, only the template
 2025-08-18 11:39:30 +01:00
Tom Hvitved
299ccb68f5 Merge pull request #20230 from hvitved/cfg/standard-tree-skip-non-tree-children 
Shared: Skip non-CFG children in `StandardTree`
 2025-08-18 12:13:31 +02:00
Geoffrey White
4eea4431b5 Merge pull request #20222 from geoffw0/pathbuf 
Rust: Add a type inference test case resembling PathBuf.canonicalize.
 2025-08-18 11:06:41 +01:00
Anders Schack-Mulligen
877d397eb9 Merge pull request #20228 from 5idg5/java/data-extensions-change 
Add data extensions for remote tainted sources
 2025-08-18 11:26:38 +02:00
Nora Dimitrijević
f1b55641e1 Merge pull request #20073 from d10c/d10c/diff-informed-phase-3-cpp 
C++: Diff-informed queries: phase 3 (non-trivial locations)
 2025-08-18 09:41:38 +02:00
Nora Dimitrijević
4199859eaa Merge pull request #20079 from d10c/d10c/diff-informed-phase-3-python 
Python: Diff-informed queries: phase 3 (non-trivial locations)
 2025-08-18 09:33:57 +02:00
Napalys Klicius
b19d1e0f57 Merge pull request #20151 from Napalys/js/command-line-libs 
JS: Enhance command injection detection for CLI argument parsing libraries
 2025-08-18 09:32:29 +02:00
Napalys Klicius
b2346183d6 Merge pull request #20148 from Napalys/js/reg-exp-env-variable-threat-model 
JS: Exclude environment variables from `js/regex-injection` query by default
 2025-08-18 09:32:15 +02:00
Sid Gawri
d84e5319c3 changenote 2025-08-15 15:59:05 -04:00
Sid Gawri
e697e89171 Merge branch 'main' of https://github.com/5idg5/codeql into java/data-extensions-change 2025-08-15 15:50:12 -04:00
Nora Dimitrijević
bb9daa00c3 Merge pull request #20072 from d10c/d10c/diff-informed-phase-3-actions 
Actions: Diff-informed queries: phase 3 (non-trivial locations)
 2025-08-15 14:05:44 +02:00
Jeroen Ketema
84119baa50 Merge pull request #20223 from jketema/go-1.25-doc 
Go: Mention Go 1.25 as supported
 2025-08-15 13:47:40 +02:00
Ian Lynagh
0870cc370b C++: Add a changenote for the change to cpp/short-global-name 2025-08-15 12:09:37 +01:00
Ian Lynagh
3157fcdf79 C++: Add some BAD annotations to SloppyGlobal test 2025-08-15 12:07:09 +01:00
Tom Hvitved
1af6ddd8e3 Rust: Remove TC from ImplTraitTypeRepr.isInReturnPos 2025-08-15 12:45:13 +02:00
Ian Lynagh
bfd4c41ed9 C++: SloppyGlobal: Accept test changes 
We no longer alert on template instantiations, just the template.
 2025-08-15 11:24:19 +01:00
Nora Dimitrijević
0512940c0c Merge pull request #20075 from d10c/d10c/diff-informed-phase-3-go 
Go: Diff-informed queries: phase 3 (non-trivial locations)
 2025-08-15 12:23:53 +02:00
Ian Lynagh
4b786061d6 C++: SloppyGlobal: Don't alert on template instantiations, only the template 2025-08-15 11:23:48 +01:00
Ian Lynagh
0b68c1c974 C++: Add some more tests for SloppyGlobal 2025-08-15 11:20:31 +01:00
Nora Dimitrijević
8000e7c442 Merge pull request #20074 from d10c/d10c/diff-informed-phase-3-csharp 
C#: Diff-informed queries: phase 3 (non-trivial locations)
 2025-08-15 12:07:47 +02:00
Nora Dimitrijević
89788206d1 [DIFF-INFORMED] C++: TypeConfusion 2025-08-15 12:01:30 +02:00
Nora Dimitrijević
5b9e37cd8f [DIFF-INFORMED] C++: TaintedCondition 2025-08-15 12:01:28 +02:00
Nora Dimitrijević
0c636dd400 [DIFF-INFORMED] C++: UnsafeDaclSecurityDescriptor 2025-08-15 12:01:25 +02:00
Nora Dimitrijević
194d9a9f44 [DIFF-INFORMED] C++: UnsafeCreateProcessCall 2025-08-15 12:01:23 +02:00
Nora Dimitrijević
39b430aa7e [DIFF-INFORMED] C++: IteratorToExpiredContainer 2025-08-15 12:01:21 +02:00
Nora Dimitrijević
ec85e55069 [DIFF-INFORMED] C++: InsufficientKeySize 2025-08-15 12:01:19 +02:00
Nora Dimitrijević
c0c96eaf5b [DIFF-INFORMED] C++: UseOfHttp 2025-08-15 12:01:17 +02:00
Nora Dimitrijević
8560868e95 [DIFF-INFORMED] C++: CleartextSqliteDatabase 2025-08-15 12:01:15 +02:00
Nora Dimitrijević
05df2f2216 [DIFF-INFORMED] C++: CWE-311/Cleartext… 2025-08-15 12:01:13 +02:00
Nora Dimitrijević
21914030e8 [DIFF-INFORMED] C++: SSLResultConflation (has secondary config but passes test) 2025-08-15 12:01:11 +02:00
Nora Dimitrijević
87016f399c [DIFF-INFORMED] C++: AuthenticationBypass 2025-08-15 12:01:09 +02:00
Nora Dimitrijević
861a768b2c [DIFF-INFORMED] C++: CWE-190/ArithmeticTainted,etc. 2025-08-15 12:01:07 +02:00
Nora Dimitrijević
62fa7301c3 [DIFF-INFORMED] C++: ImproperNullTerminationTainted 2025-08-15 12:01:05 +02:00
Nora Dimitrijević
f3098e7695 [DIFF-INFORMED] C++: UnboundedWrite 2025-08-15 12:01:03 +02:00
Nora Dimitrijević
7df09f369f [DIFF-INFORMED] C++: SqlTainted 2025-08-15 12:01:01 +02:00
Nora Dimitrijević
36d43a4830 [DIFF-INFORMED] C++: CgiXss 2025-08-15 12:00:59 +02:00
Nora Dimitrijević
80da00b599 [DIFF-INFORMED] C++: ExecTainted 2025-08-15 12:00:57 +02:00
Nora Dimitrijević
a77cab6981 [DIFF-INFORMED] C++: TaintedPath 2025-08-15 12:00:54 +02:00
Nora Dimitrijević
91b9c3e647 [DIFF-INFORMED] C++: LeapYear 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/cpp/ql/src/Likely%20Bugs/Leap%20Year/UncheckedLeapYearAfterYearModification.ql#L57
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/cpp/ql/src/Likely%20Bugs/Leap%20Year/Adding365DaysPerYear.ql#L21
 2025-08-15 12:00:52 +02:00
Nora Dimitrijević
2f56baace2 [DIFF-INFORMED] C++: NonConstantFormat 2025-08-15 12:00:50 +02:00
Nora Dimitrijević
e382cb5696 [DIFF-INFORMED] C++: DecompressionBombs 2025-08-15 12:00:48 +02:00
Nora Dimitrijević
fabdf9923c [DIFF-INFORMED] C++: ConstantSizeArrayOffByOne 2025-08-15 12:00:46 +02:00
Nora Dimitrijević
448a1ea87a [DIFF-INFORMED] C++: OverflowDestination 2025-08-15 12:00:39 +02:00
Nora Dimitrijević
43e99d0872 [TEST] C++: CleartextSqliteDatabase: add new test 2025-08-15 12:00:26 +02:00
Nora Dimitrijević
126d24a522 [DIFF-INFORMED] Actions: EnvVarInjection 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/Security/CWE-077/EnvVarInjectionMedium.ql#L35
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/Security/CWE-077/EnvVarInjectionCritical.ql#L46
 2025-08-15 11:11:12 +02:00
Nora Dimitrijević
f1445eb52f [DIFF-INFORMED] Actions: EnvPathInjection 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/Security/CWE-077/EnvPathInjectionMedium.ql#L30
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/Security/CWE-077/EnvPathInjectionCritical.ql#L37
 2025-08-15 11:11:07 +02:00
Nora Dimitrijević
f1b995a736 [DIFF-INFORMED] Actions: CommandInjection 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/experimental/Security/CWE-078/CommandInjectionMedium.ql#L24
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/experimental/Security/CWE-078/CommandInjectionCritical.ql#L28
 2025-08-15 11:11:03 +02:00