hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-14 11:19:27 +02:00
Code Issues Packages Projects Releases Wiki Activity
87,211 Commits 1,759 Branches 167 Tags
5fbba0e9fedc698d4b9e68a9abbfe4cd426a3c34
Commit Graph

87211 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Anders Schack-Mulligen
5fbba0e9fe C#: Delete ParameterDefaultDefinition. 2026-05-01 10:24:23 +02:00
Anders Schack-Mulligen
d3df5ce110 C#: Deprecate ParameterDefinition in favour of SsaParameterInit. 2026-05-01 10:22:53 +02:00
Anders Schack-Mulligen
ff8ab191d1 C#: Drop caching for deprecated predicates. 2026-04-30 13:58:55 +02:00
Anders Schack-Mulligen
77807c83f8 C#: Exclude entry definitions from qualifier definitions. 2026-04-30 13:56:21 +02:00
Anders Schack-Mulligen
e0421dbf53 C#: Reinstate toString for SSA data flow nodes. 2026-04-30 13:56:16 +02:00
Anders Schack-Mulligen
bedadc9f04 C#: Deprecate some SSA internals. 2026-04-30 13:54:21 +02:00
Anders Schack-Mulligen
55b83ca22a C#: Deprecate Ssa::Definition in favour of SsaDefinition. 2026-04-30 13:54:20 +02:00
Anders Schack-Mulligen
de96b5acfd C#: Deprecate Ssa::ImplicitDefinition. 2026-04-30 13:54:20 +02:00
Anders Schack-Mulligen
80d5e27b46 C#: Deprecate Ssa::ImplicitEntryDefinition. 2026-04-30 13:54:15 +02:00
Anders Schack-Mulligen
65f647a8c0 C#: Replace Ssa::UncertainDefinition with SsaUncertainWrite. 2026-04-30 13:49:23 +02:00
Anders Schack-Mulligen
9a7eb8dfb9 C#: Replace Ssa::PhiNode with SsaPhiDefinition. 2026-04-30 13:49:23 +02:00
Anders Schack-Mulligen
6ecdf3fe32 C#: Replace Ssa::ImplicitParameterDefinition with SsaParameterInit. 2026-04-30 13:49:19 +02:00
Anders Schack-Mulligen
31e06bc0a9 C#: Remove SSA location overrides. 2026-04-30 12:56:58 +02:00
Anders Schack-Mulligen
dc34b10cb6 C#: Replace Ssa::ExplicitDefinition with SsaExplicitWrite. 2026-04-30 12:52:51 +02:00
Anders Schack-Mulligen
a6c7f27fc1 C#: Deprecate Definition.getEnclosingCallable. 2026-04-30 12:46:28 +02:00
Anders Schack-Mulligen
ed6cdfc227 C#: Move isLiveOutRefParameterDefinition to top-level. 2026-04-30 12:46:27 +02:00
Anders Schack-Mulligen
9345c44e0f C#: Delete test for Definition.getElement. 2026-04-30 12:46:23 +02:00
Anders Schack-Mulligen
c88a22ccf8 C#: Replace most uses of Ssa::Definition with SsaDefinition. 2026-04-30 12:45:25 +02:00
Anders Schack-Mulligen
2545f06b52 C#: Deprecate member predicate Definition.getAReadAtNode. 2026-04-30 12:42:24 +02:00
Anders Schack-Mulligen
83c7a33e53 C#: Deprecate member predicates Definition.getAFirstRead and getAFirstReadAtNode. 2026-04-30 12:42:21 +02:00
Anders Schack-Mulligen
fb438bf512 C#: Remove references to getAFirstReadAtNode. 2026-04-30 11:55:55 +02:00
Anders Schack-Mulligen
e5d219a039 C#: Simplify library instantiations. 2026-04-30 11:50:59 +02:00
Anders Schack-Mulligen
72d21a9a56 C#: Instantiate shared SSA wrappers. 2026-04-30 11:48:27 +02:00
Anders Schack-Mulligen
7ef9e1b939 C#: Rename SsaImpl input. 2026-04-30 11:46:20 +02:00
Tom Hvitved
a473fdb709 Merge pull request #21759 from hvitved/csharp/cfg-params 
C#: Include parameters and their defaults in the CFG
 2026-04-30 11:31:06 +02:00
Owen Mansel-Chan
fed42d655f Merge pull request #21656 from MarkLee131/fix/trust-boundary-regexp-barrier 
Java: add RegexpCheckBarrier to trust-boundary-violation sanitizers
 2026-04-29 14:59:01 +01:00
Tom Hvitved
e14b654e8a Update shared/controlflow/codeql/controlflow/ControlFlowGraph.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2026-04-29 14:57:35 +02:00
MarkLee131
49d014cbac Merge branch 'main' into fix/trust-boundary-regexp-barrier 2026-04-29 20:48:22 +08:00
MarkLee131
d27ee86242 Java: refactor trust-boundary sanitizers into TrustBoundaryValidationSanitizer subclasses 
Address review feedback by introducing dedicated subclasses of
TrustBoundaryValidationSanitizer for SimpleTypeSanitizer, RegexpCheckBarrier,
and the HttpServletSession type check, so isBarrier only references the
abstract class.
 2026-04-29 20:46:11 +08:00
Jack Nørskov Jørgensen
0192ffab07 Merge pull request #21751 from github/jacknojo/move_java_generated_mads 
Move generated MaDs into modelgenerator/
 2026-04-29 14:33:58 +02:00
Tom Hvitved
99b5cecb18 Java: Adapt to changes in shared CFG library 2026-04-29 14:03:06 +02:00
Tom Hvitved
99023f8b59 C#: Add upgrade/downgrade scripts 2026-04-29 14:03:05 +02:00
Tom Hvitved
b6c464281b C#: Move internal logic into internal/ControlFlowGraph.qll 2026-04-29 14:01:14 +02:00
Tom Hvitved
d4a32476da C#: No need to special-case default arguments in nullness analysis 2026-04-29 14:01:13 +02:00
Tom Hvitved
6c42418faf C#: Use parameter CFG nodes in SSA 2026-04-29 14:01:11 +02:00
Tom Hvitved
cbe207ab65 C#: Include parameters and their defaults in the CFG 2026-04-29 14:01:09 +02:00
Tom Hvitved
d792e11b7f C#: Add tests for methods with default parameters 2026-04-29 14:01:08 +02:00
Tom Hvitved
77639817fe C#: Remove unintended CP 2026-04-29 14:01:06 +02:00
Josef Svenningsson
68be006a29 Merge pull request #21641 from github/josefs/promptInjectionImprovements 
Improve prompt inject for Python
 2026-04-29 11:23:52 +01:00
Michael Nebel
bfd3683b0b Merge pull request #21372 from michaelnebel/csharp14/usercompoundassignment 
C# 14: User defined compound assignment operators.
 2026-04-29 11:22:35 +02:00
Asger F
c95083b176 Merge pull request #21697 from yearn/js/vercel-node-framework 
JS: Add support for @vercel/node serverless functions
 2026-04-29 10:58:53 +02:00
Jeroen Ketema
c2beef1900 Merge pull request #21765 from jketema/switch 
C++: Fix join-order problem in `getNextSwitchCase`
 2026-04-28 21:57:10 +02:00
Josef Svenningsson
25a8aa97b2 Fix openai prompt injection tests 2026-04-28 18:24:26 +01:00
Josef Svenningsson
691aeb0815 Remove the chat completion create logic. 2026-04-28 18:24:24 +01:00
Josef Svenningsson
a05e191518 Add tests for anthropic prompt injection models 2026-04-28 18:24:22 +01:00
Josef Svenningsson
e069c9c2ee Fix tests 2026-04-28 18:24:19 +01:00
Josef Svenningsson
bb18bb084c Improve prompt inject for Python 2026-04-28 18:24:16 +01:00
murderteeth
6f774470b3 Merge branch 'main' into js/vercel-node-framework 2026-04-28 12:30:27 -04:00
murderteeth
18b06f1cf4 Model res.json and res.jsonp as Vercel response sinks 
Vercel API handlers more often return JSON than HTML, so res.send is
not the only response body sink that matters. Mirror Express's
ResponseJsonCall by also matching res.json(...) and res.jsonp(...) on
the response (direct and chained), and exercise the new behavior in
the library-test fixture.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-28 16:14:53 +00:00
murderteeth
1b87140ce7 Regenerate DatabaseAccesses.expected for new vercel.ts fixture 
The CWE-089/untyped/vercel.ts fixture added in this PR introduces a
conn.query(...) call that DatabaseAccesses.ql reports, so its
.expected baseline needs the corresponding entry. Output produced by
`codeql test accept`.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-28 15:57:06 +00:00