hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-18 21:44:02 +02:00
Code Issues Packages Projects Releases Wiki Activity
81,168 Commits 1,740 Branches 165 Tags
58aa7588e5799c303bb91bd34a8adaef3ca47353
Commit Graph

81168 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jeroen Ketema
58aa7588e5 Merge pull request #20059 from MathiasVP/no-more-as-expr-inUncontrolledProcessOperation 
C++: Reduce duplication in `cpp/uncontrolled-process-operation`
 2025-07-15 21:17:08 +02:00
Chris Smowton
16f3fc6c33 Merge pull request #20056 from github/smowton/fix/tainted-path-is-local 
Golang: Mark filepath.IsLocal as a tainted-path sanitizer guard
 2025-07-15 17:40:07 +01:00
Mathias Vorreiter Pedersen
327c4b345d Merge pull request #20058 from jketema/typeid-test 
C++: Add test showing that the IR translation for `typeid` is broken
 2025-07-15 16:55:16 +01:00
Chris Smowton
b71f9ae240 Fix function qname 2025-07-15 16:37:30 +01:00
Jeroen Ketema
477edd215c C++: Add test showing that the IR translation for typeid is broken 2025-07-15 17:29:00 +02:00
Kasper Svendsen
9c3e275e66 Merge pull request #20011 from kaspersv/kaspersv/discard-xml 
Overlay: Add XML and Java property discarding
 2025-07-15 16:13:38 +02:00
Chris Smowton
ac72f8523a Change note 2025-07-15 14:51:19 +01:00
Chris Smowton
c8eefb7c5c Golang: Mark filepath.IsLocal as a tainted-path sanitizer guard 2025-07-15 14:47:17 +01:00
Kasper Svendsen
f84a3084f0 Address review comment about ignored QL variable 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2025-07-15 15:34:08 +02:00
Anders Schack-Mulligen
b13f11883c Merge pull request #20054 from aschackmull/java/fixup-control-char-query 
Java: Restrict results to source literals.
 2025-07-15 15:28:46 +02:00
Anders Schack-Mulligen
9e87095bed Java: Restrict results to source literals. 2025-07-15 14:54:02 +02:00
Nick Rolfe
16e9e8e836 Merge pull request #20049 from github/nickrolfe/java-deleted-files 
Java: use `overlayChangedFiles` in discard prediactes
 2025-07-15 07:42:54 -04:00
Nick Rolfe
c199d0cbbe Java: use overlayChangedFiles in discard prediactes 2025-07-15 10:10:32 +01:00
Mathias Vorreiter Pedersen
29cceeba1a C++: Don't use asExpr to mark the sink in 'cpp/uncontrolled-process-operation'. 2025-07-14 18:08:58 +01:00
Jeroen Ketema
2ed54d52ad Merge pull request #20040 from MathiasVP/fix-global-variable-recursion-fp 
C++: Fix global variable dataflow FP
 2025-07-14 18:59:34 +02:00
Jeroen Ketema
d33cd71685 Merge pull request #20030 from github/tausbn/javascript-ignore-tsconfig-outdirs-that-exclude-everything 
JavaScript: Ignore `outDir`s that would exclude everything
 2025-07-14 17:36:30 +02:00
Paolo Tranquilli
85d1e06335 Merge pull request #20039 from github/redsun82/kotlin-plugin-test 
Kotlin: tweak plugin test
 2025-07-14 17:20:27 +02:00
Mathias Vorreiter Pedersen
c83895fdd2 Merge branch 'main' into fix-global-variable-recursion-fp 2025-07-14 16:08:46 +01:00
Mathias Vorreiter Pedersen
1d36405084 C++: Accept path changes. 2025-07-14 15:47:06 +01:00
Mathias Vorreiter Pedersen
a825213c05 C++: Fix FP by not generating a global def entry node for variable 'v' in the 'IRfunction' for 'v' itself. 2025-07-14 15:22:52 +01:00
Mathias Vorreiter Pedersen
46627c677d C++: Add FP in dataflow through global variables. 2025-07-14 15:20:08 +01:00
Simon Friis Vindum
87a8dccf7a Merge pull request #20037 from paldepind/rust/type-inference-rename-expectations 
Rust: Rename type inference test inline expectation tag
 2025-07-14 15:54:18 +02:00
Paolo Tranquilli
31d0897f74 Kotlin: disable bazel cache in plugin test 2025-07-14 15:30:11 +02:00
Nick Rolfe
c941e917e7 Merge pull request #19731 from github/nickrolfe/ruby-compile-for-overlay-eval 
Ruby: enable overlay compilation
 2025-07-14 08:20:28 -04:00
Simon Friis Vindum
72854537f4 Merge branch 'main' into rust/type-inference-rename-expectations 2025-07-14 14:15:59 +02:00
Paolo Tranquilli
77cab9d068 Kotlin: tweak plugin test 
Put less emphasis on plugin build isolation, to get a better DevEx out
of it. The crux of the test is the database extraction part, not the
plugin build.
 2025-07-14 13:52:22 +02:00
Geoffrey White
b43a0e758b Merge pull request #19946 from geoffw0/models3b 
Rust: Update legacy MaD models 3
 2025-07-14 11:19:47 +01:00
Geoffrey White
be7db8079a Rust: Accept consistency check change (from CI). 2025-07-14 10:59:03 +01:00
Ian Lynagh
86ebf3d9f6 Merge pull request #20034 from github/igfoo/fix_regex_in_dbscheme_parser 
Kotlin: Update regex patterns to use raw string notation
 2025-07-14 10:43:45 +01:00
Michael B. Gale
27f2000eff Merge pull request #20035 from github/dependabot/go_modules/go/extractor/extractor-dependencies-5538d87460 
Bump golang.org/x/tools from 0.34.0 to 0.35.0 in /go/extractor in the extractor-dependencies group
 2025-07-14 10:12:38 +01:00
Simon Friis Vindum
1f2e0683e7 Rust: Rename type inference test inline expectation tag 2025-07-14 11:02:22 +02:00
Napalys Klicius
cb6978063e Merge pull request #19388 from AdnaneKhan/patch-1 
Actions: Fix Critical Artifact poisoning False Positive
 2025-07-14 09:58:18 +02:00
dependabot[bot]
c267a88f88 Bump golang.org/x/tools 
---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-version: 0.35.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-07-14 03:37:24 +00:00
Ian Lynagh
a6701ced8d Kotlin: Update regex patterns to use raw string notation 
Fixes warnings like
SyntaxWarning: invalid escape sequence '\S'
 2025-07-13 23:42:50 +01:00
Jeroen Ketema
d82d5c23bf Merge pull request #20026 from jketema/concept-fix 
C++: Fix C++20 concept related class extensions
 2025-07-13 10:20:10 +02:00
Owen Mansel-Chan
391e9f7471 Merge pull request #20000 from owen-mc/go/request-forgery 
Go: Add `Head` and `Client.Head` from `net/http` as request forgery sinks
 2025-07-12 00:30:23 +01:00
Owen Mansel-Chan
03e8865933 Merge pull request #20025 from owen-mc/java/unsafe-deserialization 
Java: add extra sink for `java/unsafe-deserialization`
 2025-07-11 23:59:22 +01:00
Geoffrey White
05e1cd437d Rust: Fix garbled merge. 2025-07-11 17:50:24 +01:00
Geoffrey White
e20ae48699 Merge branch 'main' into models3b 2025-07-11 17:37:52 +01:00
Adnan Khan
c95b5ce598 Merge branch 'main' into patch-1 2025-07-11 09:12:39 -07:00
AdnaneKhan
6ac0f0e031 Fix change note filename. 2025-07-11 12:11:58 -04:00
Geoffrey White
68a37f99e3 Rust: Add something similar as a type inference test case. 2025-07-11 17:08:05 +01:00
Arthur Baars
14a362d1bc Merge pull request #20029 from github/aibaars/more-pattern-tests 
Rust: add more type inference tests for patterns and a simple one for a closure call
 2025-07-11 17:35:37 +02:00
Geoffrey White
33ea822f40 Rust: Workaround for type inference issue in the test. 2025-07-11 16:09:43 +01:00
Taus
30f705822d JavaScript: Add test where outDir resolves to an unwanted path 2025-07-11 14:58:03 +00:00
Taus
344535b559 Merge pull request #19672 from github/tausbn/python-support-type-annotations-in-call-graph 
Python: Support type annotations in call graph
 2025-07-11 16:44:10 +02:00
Tom Hvitved
88b4f971b5 Merge pull request #20027 from hvitved/rust/remove-resolves-as-item 
Rust: Remove `Resolvable.resolvesAsItem`
 2025-07-11 16:39:12 +02:00
Mathias Vorreiter Pedersen
1da42cb590 Merge pull request #20023 from MathiasVP/dataflow-for-functors 
C++: Better dataflow for function objects
 2025-07-11 15:14:27 +01:00
Arthur Baars
519905ee9e Rust: type inference: add test for closure argument 2025-07-11 15:59:43 +02:00
Arthur Baars
32e7a9d445 Rust: type inference: more pattern matching tests 
Thanks to co-pilot for generating the examples
 2025-07-11 15:55:45 +02:00