hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-12 18:44:00 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,516 Commits 1,740 Branches 164 Tags
5a77128a8bcf9b090d76b6dc09cf53f0ecd20815
Commit Graph

7200 Commits

Author SHA1 Message Date
Geoffrey White
5a77128a8b C++: Disable cpp/implicit-function-declaration on BMN databases. 2026-03-23 11:27:15 +00:00
Geoffrey White
208ae7aa01 Merge pull request #21514 from geoffw0/suspicioussizeof 
C++: Fix an issue with cpp/suspicious-add-sizeof in BMN databases
 2026-03-20 09:41:39 +00:00
Kaixuan Li
6452cc549f Merge branch 'github:main' into fix/format-string-fp-in-printf-impl 2026-03-20 10:15:56 +08:00
Geoffrey White
9c6276ef48 C++: Change note. 2026-03-19 16:24:35 +00:00
Geoffrey White
07db9cf3c4 Merge pull request #21421 from geoffw0/wrongtypeformat 
C++: Add some test cases for cpp/wrong-type-format-argument
 2026-03-19 14:25:33 +00:00
Geoffrey White
21cb11ea5d C++: Change note. 2026-03-19 13:29:41 +00:00
Geoffrey White
0f794b57ed C++: Fix the issue. 2026-03-19 13:16:16 +00:00
Kaixuan Li
1ddf81c58c Merge branch 'main' into fix/format-string-fp-in-printf-impl 2026-03-19 14:36:50 +08:00
Kaixuan Li
c155394f25 the [] syntax directly 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2026-03-19 14:36:28 +08:00
Kaixuan Li
2c76e6e637 use American spellings in documentation 
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
 2026-03-19 14:35:45 +08:00
Owen Mansel-Chan
5b17d8cf76 Merge pull request #21472 from owen-mc/adjust-severity/xss-log-injection 
Adjust `@security-severity` metadata for XSS and log injection queries
 2026-03-18 16:51:14 +00:00
MarkLee131
ff48ac5434 C++: exclude printf implementation internals from format string sinks 2026-03-17 22:45:38 +08:00
Geoffrey White
9cb1c89a02 C++: Change note. 2026-03-16 19:11:27 +00:00
Geoffrey White
a57f803b37 C++: Address false positive results. 2026-03-16 19:03:10 +00:00
Geoffrey White
2f7526d70b C++: Clarify doc comment and make build-mode: nonereferences more consistent. 2026-03-16 16:38:59 +00:00
Owen Mansel-Chan
52809133f5 Add change notes 2026-03-13 11:10:43 +00:00
Owen Mansel-Chan
f58a6e5d3a Change @security-severity for XSS queries from 6.1 to 7.8 2026-03-13 10:01:02 +00:00
Geoffrey White
4a39055322 C++: Change note. 2026-03-11 17:52:34 +00:00
Geoffrey White
6552c849f0 C++: Fix BMN issue in cpp/integer-multiplication-cast-to-long. 2026-03-11 17:49:36 +00:00
Óscar San José
3b9eba2afc Merge branch 'main' of https://github.com/github/codeql into oscarsj/merge-back-rc-3.21 2026-03-06 16:20:36 +01:00
github-actions[bot]
e152f08468 Post-release preparation for codeql-cli-2.24.3 2026-03-02 22:51:27 +00:00
github-actions[bot]
7795badd18 Release preparation for version 2.24.3 2026-03-02 13:23:40 +00:00
Mathias Vorreiter Pedersen
26e8701ae3 C++: Fix a few qualifiers. 2026-02-27 16:22:51 +00:00
Mathias Vorreiter Pedersen
cdb41588a9 C++: Fix some imports. 2026-02-27 16:22:49 +00:00
Mathias Vorreiter Pedersen
1dba99f47d Merge pull request #21292 from microsoft/UncheckedLeaprYearAfterModification_Refactor_Upstream 
C++: Refactor of UncheckedLeapYearAfterModification
 2026-02-20 12:11:45 +00:00
Ben Rodes
ea0d1bf262 Apply suggestion from @bdrodes 2026-02-17 12:38:59 -05:00
Ben Rodes
0106072b88 Update cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2026-02-17 12:35:27 -05:00
Ben Rodes
779fd757a3 Update cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2026-02-17 12:35:15 -05:00
Jeroen Ketema
61dc1d673e Merge pull request #21331 from jketema/must-flow 
C++: Modernize `MustFlow` and fix `allowInterproceduralFlow` in the case of direct recursion
 2026-02-17 17:36:58 +01:00
Ben Rodes
1072d6a7b7 Apply suggestion from @geoffw0 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2026-02-17 10:49:58 -05:00
Ben Rodes
c811fae876 Update cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2026-02-17 10:14:11 -05:00
Ben Rodes
549dcb31be Update cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2026-02-17 10:13:55 -05:00
github-actions[bot]
b5898c5a30 Post-release preparation for codeql-cli-2.24.2 2026-02-16 17:07:45 +00:00
Jeroen Ketema
26a1f4888a C++: Modernize MustFlow using parameterized modules 2026-02-16 17:27:41 +01:00
github-actions[bot]
ef04f927fb Release preparation for version 2.24.2 2026-02-16 13:29:25 +00:00
REDMOND\brodes
d1811bc1fe C++: Removing unnecessary post update node. 2026-02-12 11:19:24 -05:00
REDMOND\brodes
febc82dc19 Merge branch 'UncheckedLeaprYearAfterModification_Refactor_Upstream' of https://github.com/microsoft/codeql into UncheckedLeaprYearAfterModification_Refactor_Upstream 2026-02-12 11:12:01 -05:00
REDMOND\brodes
4a7395b017 C++ Suggested code clean up. 2026-02-12 11:11:43 -05:00
Ben Rodes
9bbbbefd34 Apply suggestion from @geoffw0 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2026-02-12 10:20:59 -05:00
Ben Rodes
36e4efe77e Apply suggestion from @geoffw0 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2026-02-12 10:20:32 -05:00
Ben Rodes
f5a38b4701 Apply suggestion from @geoffw0 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2026-02-12 10:17:56 -05:00
Ben Rodes
b39732ba02 Update cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2026-02-12 10:10:11 -05:00
Ben Rodes
dfe6ed2171 Update cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2026-02-12 10:09:25 -05:00
REDMOND\brodes
c64a6762d0 Merge branch 'UncheckedLeaprYearAfterModification_Refactor_Upstream' of https://github.com/microsoft/codeql into UncheckedLeaprYearAfterModification_Refactor_Upstream 2026-02-12 09:52:49 -05:00
REDMOND\brodes
f7231f40eb C++: misc comment clean up per PR suggestions. Unified additional flow steps for two similar flows into a common additional step predicate. 2026-02-12 09:52:19 -05:00
Ben Rodes
d1eb9ab5d2 Update cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2026-02-12 09:36:36 -05:00
REDMOND\brodes
e2ad1f6511 C++: Updating comment per PR reveiw suggestions. 2026-02-12 09:20:55 -05:00
REDMOND\brodes
8e36316ebf C++: Addressing Copilot PR suggestions. 2026-02-09 10:42:34 -05:00
REDMOND\brodes
ca18179bd2 C++: Correct false positive. Only TimeConversionFunction that do not auto correct for leap year should be considered. 2026-02-06 16:07:07 -05:00
REDMOND\brodes
95d4a541bc C++: Refactor leap year logic for UncheckedLeapYearAfterYearModification. Includes new logic for detecting leap year checks, new forms of leap year checks detected, and various heuristics to remove false postives. Move TimeConversionFunction into LeapYear.qll and refactored to separate conversion functions that are expected to be checked for failure from those that auto correct leap year dates if feb 29 is provided on a non-leap year. Increas the set of known TimeConversionFunctions. 2026-02-06 16:03:37 -05:00