hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-12 05:01:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
85,764 Commits 1,690 Branches 160 Tags
6235edaa21a75d0afb25a46f95e79c4139feca29
Commit Graph

7150 Commits

Author SHA1 Message Date
github-actions[bot]
73d06f26cb Post-release preparation for codeql-cli-2.24.1 2026-02-02 14:04:26 +00:00
github-actions[bot]
0db542e9f0 Release preparation for version 2.24.1 2026-02-02 12:09:09 +00:00
Tom Hvitved
3b1e062985 C++: Adapt to changes in FlowSummaryImpl 2026-01-26 12:40:20 +01:00
Jeroen Ketema
ad590f30c1 Merge branch 'main' into cpp/mad-barriers 2026-01-23 14:14:22 +01:00
Jeroen Ketema
ccd07b8a63 C++: Simplify cpp/sql-injection barrier 
SQL sanitizers will not likely also be sources, so using `isBarrierIn` here
does not make a lot of sense.

I ran with and without this change on MRVA and got identical results.
 2026-01-23 09:03:48 +01:00
Owen Mansel-Chan
656ebab776 Allow MaD barriers 
This commit was done by Opus 4.5 with the following prompt:

In the commit 004d40ee93 I have made it so that C# CodeQL queries which use sinks defined using data extensions (also known as "models-as-data"), which are accessed using `sinkNode(Node node, string kind)`, also use barriers defined using models-as-data, which are accessed using `barrierNode(Node node, string kind)`, with the same `kind` string. Please do the same for C++. If there are any complicated cases then list them at the end for me to do manually.
 2026-01-21 14:45:05 +00:00
github-actions[bot]
48475e66af Post-release preparation for codeql-cli-2.24.0 2026-01-19 15:49:08 +00:00
github-actions[bot]
4142b9c4ce Release preparation for version 2.24.0 2026-01-19 14:49:14 +00:00
Mathias Vorreiter Pedersen
dc7ce3fba3 Merge pull request #21171 from MathiasVP/fix-conflation-in-guards 
C++: Fix conflation in barrier guards
 2026-01-19 11:29:05 +00:00
Mathias Vorreiter Pedersen
6da7890ff5 C++: Add indirect barrier guard to 'cpp/unbounded-write' to prevent FPs after fixing conflation. 2026-01-15 18:31:54 +00:00
Mathias Vorreiter Pedersen
27a437a514 C++: Modify test to reveal a bug. 2026-01-15 11:16:15 +00:00
Jeroen Ketema
17a453bb33 Merge pull request #21126 from jketema/subscript 
C++: Add predicates to support C++23 multidimensional subscript operators
 2026-01-14 14:48:14 +01:00
Ian Lynagh
dcd0a69759 Merge remote-tracking branch 'upstream/main' into igfoo/mb 2026-01-13 01:01:35 +00:00
Jeroen Ketema
9ceb091f85 C++: Update predicate after getAnArrayOffset/0 deprecation 2026-01-08 13:54:02 +01:00
github-actions[bot]
2cb932cf5d Post-release preparation for codeql-cli-2.23.9 2026-01-06 15:42:16 +00:00
Jeroen Ketema
d02ef7c6b1 C++: Add change notes 2026-01-06 13:53:47 +01:00
Jeroen Ketema
5117b5906b C++: Exclude comparisons from enum constants in `cpp/constant-comparison 2026-01-06 13:53:44 +01:00
Jeroen Ketema
90d6c9fc56 C++: Exclude more comparisons from cpp/constant-comparison 2026-01-06 13:53:40 +01:00
github-actions[bot]
c00663766e Release preparation for version 2.23.9 2026-01-05 11:57:06 +00:00
Óscar San José
d972af9ef8 Merge branch 'main' of https://github.com/github/codeql into oscarsj/mergeback-rc-3-20-into-main 2025-12-12 13:22:08 +01:00
github-actions[bot]
2854330759 Post-release preparation for codeql-cli-2.23.8 2025-12-08 15:49:10 +00:00
github-actions[bot]
66c51e979e Release preparation for version 2.23.8 2025-12-08 14:38:23 +00:00
Óscar San José
bc6133de5c Merge branch 'main' of https://github.com/github/codeql into oscarsj/merge-back-rc-3.20 2025-12-05 19:31:47 +01:00
Anders Schack-Mulligen
78e1879c9e Use more flowTo. 2025-12-03 14:12:08 +01:00
Anders Schack-Mulligen
dc6d3fe7ba Use flowFrom. 2025-12-03 14:04:18 +01:00
github-actions[bot]
085faa2bdb Post-release preparation for codeql-cli-2.23.7 2025-12-02 16:39:43 +00:00
github-actions[bot]
a045b317ac Release preparation for version 2.23.7 2025-12-02 15:31:27 +00:00
github-actions[bot]
19a13467e0 Release preparation for version 2.23.7 2025-12-01 16:07:37 +00:00
Felicity Chapman
caf6b950ac Remove trailing periods from @name metadata in query files 
Fixed 73 .ql query files where the @name metadata contained an ending period.
This ensures consistency with the CodeQL query metadata style guidelines.
 2025-11-26 14:29:51 +00:00
Mathias Vorreiter Pedersen
7f0fcb0c46 C++: Create a common base class for 'NonUnionContent' and 'UnionContent' called 'FieldContent'. 2025-11-18 18:53:37 +00:00
Mathias Vorreiter Pedersen
2af6db6320 C++: Rename 'FieldContent' to 'NonUnionContent'. 2025-11-18 18:51:33 +00:00
github-actions[bot]
5ee45af3aa Post-release preparation for codeql-cli-2.23.6 2025-11-18 09:53:12 +00:00
github-actions[bot]
18fa6799ce Release preparation for version 2.23.6 2025-11-17 16:38:07 +00:00
github-actions[bot]
4014df9a6e Post-release preparation for codeql-cli-2.23.4 2025-11-04 17:57:52 +00:00
github-actions[bot]
64fcdd1f2f Release preparation for version 2.23.4 2025-11-03 14:52:23 +00:00
Nora Dimitrijević
a0975e7e19 Constrain location overrides to actual sources/sinks 2025-10-28 09:42:20 +01:00
Nora Dimitrijević
96e1536769 C++/SqlTainted 2025-10-28 09:42:17 +01:00
Nora Dimitrijević
ec63547925 C++/UseOfHttp 2025-10-28 09:42:03 +01:00
Nora Dimitrijević
a65d4d5997 C++/TaintedAllocationSize 2025-10-28 09:42:01 +01:00
Nora Dimitrijević
f3d51e0151 C++/ArithmeticUncontrolled 2025-10-28 09:41:57 +01:00
Nora Dimitrijević
1321cbb021 C++/DecompressionBombs 2025-10-28 09:41:55 +01:00
Nora Dimitrijević
bbe2bf2b7f C++/CleartextTransmission 2025-10-28 09:41:52 +01:00
Nora Dimitrijević
b0180409f4 C++/CleartextFileWrite 2025-10-28 09:41:49 +01:00
Nora Dimitrijević
d89aa0f19d C++/CleartextBufferWrite 2025-10-28 09:41:46 +01:00
Nora Dimitrijević
17b261a506 C++/AuthenticationBypass 2025-10-28 09:41:43 +01:00
Nora Dimitrijević
0ed27f4e81 C++/CleartextSqliteDatabase 2025-10-28 09:41:40 +01:00
Nora Dimitrijević
f7a1a4cf75 C++/NonConstantFormat 2025-10-28 09:41:38 +01:00
Nora Dimitrijević
2756e8255f C++/UnboundedWrite 2025-10-28 09:41:35 +01:00
Nora Dimitrijević
a4ac0392a6 C++/OverflowDestination 2025-10-28 09:41:32 +01:00
Nora Dimitrijević
65d79ff6fc C++/ExecTainted 2025-10-28 09:41:29 +01:00