hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-23 18:33:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
85,890 Commits 1,693 Branches 161 Tags
6c0c1d558ec49f3924defdc92ca68c95caa9ae7a
Commit Graph

85890 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Owen Mansel-Chan
6c0c1d558e Refactor logInjectionGuard part 1 2026-02-16 12:01:08 +00:00
Owen Mansel-Chan
146fc7a8c0 Add failing log injection test for @Pattern validation 2026-02-16 12:01:07 +00:00
Tom Hvitved
149f3ed5b6 Merge pull request #21301 from hvitved/rust/type-inference-trait-call-perf 
Rust: Speedup type inference for `Trait::function()` calls
 2026-02-16 10:20:50 +01:00
Owen Mansel-Chan
47a9f87d9b Merge pull request #21310 from owen-mc/java/regex-execution 
Java: Add RegexMatch concept and recognise `@Pattern` annotation as sanitizer
 2026-02-16 09:11:47 +00:00
Simon Friis Vindum
6f609a5ed6 Merge pull request #21316 from paldepind/ruby/binary-of-at-start-of-line 
Ruby: Add test cases for binary operator at start of line
 2026-02-16 09:49:48 +01:00
Owen Mansel-Chan
16ddb5658f Small refactor for stylistic consistency 2026-02-15 14:39:23 +00:00
Owen Mansel-Chan
d6b71a346e Extend RegexMatch framework to allow for MatcherMatchesCall edge case 2026-02-15 14:39:21 +00:00
Owen Mansel-Chan
8f8f4c2d52 Fix Matcher.matches edge case 2026-02-14 00:28:37 +00:00
Owen Mansel-Chan
90befa0c00 Add failing test for Matcher.matches() edge case 2026-02-14 00:28:34 +00:00
Owen Mansel-Chan
ca4c988e97 Remove redundant variable 2026-02-13 22:58:09 +00:00
Owen Mansel-Chan
2e0f244376 Improve QLDoc on RegexMatch.getName() 2026-02-13 22:55:01 +00:00
Owen Mansel-Chan
c7099584b4 Put imports implementing abstract classes in private module 2026-02-13 22:51:53 +00:00
Owen Mansel-Chan
3c161f9c93 Make contract of RegexMatch clear 2026-02-13 22:47:44 +00:00
Owen Mansel-Chan
1fefa989d7 Rename RegexMatch and only include expressions 2026-02-13 22:45:48 +00:00
Owen Mansel-Chan
953ff9f0d0 PatternAnnotation.getString() should only be field reads 2026-02-13 22:41:20 +00:00
Owen Mansel-Chan
106254b220 Improve QLDocs 2026-02-13 22:40:36 +00:00
Owen Mansel-Chan
5bdf550317 Fix QLDocs 2026-02-12 16:57:14 +00:00
Owen Mansel-Chan
c539c2f4fd Add change note 2026-02-12 16:57:12 +00:00
Owen Mansel-Chan
bfe26c1989 Add @Pattern as RegexExecution => SSRF sanitizer 2026-02-12 16:57:11 +00:00
Owen Mansel-Chan
d0999e3abd Add failing test for @Pattern validation 2026-02-12 16:57:04 +00:00
Simon Friis Vindum
bf02e478fd Rust: Comment out tests with parse errors 2026-02-12 14:49:09 +01:00
Taus
7d17454a3b Merge pull request #21138 from github/tausbn/python-prepare-for-overlay-annotations 
Prepare dataflow for local annotations
 2026-02-12 14:23:45 +01:00
Taus
3e5c2ddeaf Merge pull request #21308 from github/smowton/admin/path-injection-use-autofix-qhelp 
Python: use path-injection qhelp variant employed by autofix
 2026-02-12 13:17:08 +01:00
Chris Smowton
5f970d9f2f Rewordings per copilot 2026-02-12 12:01:33 +00:00
Simon Friis Vindum
218585b52a Ruby: Add additonal tests with operators at the start of lines 2026-02-12 12:30:43 +01:00
Anders Schack-Mulligen
a945f15987 Merge pull request #21317 from aschackmull/java/deprecate-unreachableblocks 
Java: Deprecate UnreachableBlocks.
 2026-02-12 11:43:37 +01:00
Anders Schack-Mulligen
5c53677051 Java: Deprecate UnreachableBlocks. 2026-02-12 11:06:34 +01:00
Mathias Vorreiter Pedersen
90a16cfaee Merge pull request #21314 from MathiasVP/remove-tc 
C++: Remove redundant transitive closure
 2026-02-12 09:21:56 +00:00
Simon Friis Vindum
a27d20dbcd Rust: Add test cases for binary operator at start of line 2026-02-12 09:31:59 +01:00
Michael Nebel
76ed386246 Merge pull request #21315 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2026-02-12 08:29:25 +01:00
github-actions[bot]
fea07ebfcb Add changed framework coverage reports 2026-02-12 00:32:08 +00:00
Mathias Vorreiter Pedersen
9596b7b921 C++: No need to compute this TC. 2026-02-11 20:18:03 +00:00
Owen Mansel-Chan
6a8204d28c "dataflow" -> "data flow" in QLDoc 2026-02-11 13:41:14 +00:00
Owen Mansel-Chan
1ee5728311 Add missing QLDoc 2026-02-11 13:40:20 +00:00
Owen Mansel-Chan
a22fd39230 Use RegexExecution in sanitizer definitions (expands scope) 2026-02-11 13:09:48 +00:00
Owen Mansel-Chan
fa3fba4a00 Use new regex-related classes (no functional change) 2026-02-11 13:09:46 +00:00
Owen Mansel-Chan
44eeee5757 Add and improve classes for regex-related methods 2026-02-11 13:09:45 +00:00
Owen Mansel-Chan
e6dbd525c3 Add RegexExecution in Concepts.qll 2026-02-11 13:09:42 +00:00
Simon Friis Vindum
522e4d64de Merge pull request #21273 from paldepind/rust/tp-assoc 
Rust: Implement support for associated types accessed on type parameters
 2026-02-11 13:39:55 +01:00
Chris Smowton
bed1ec8981 Enhance path validation recommendations 
Expanded recommendations for validating user input when constructing file paths, including normalization and using allowlists.
 2026-02-11 12:10:08 +00:00
Simon Friis Vindum
6c67475352 Rust: Minor tweaks in type inference 2026-02-11 12:32:54 +01:00
Simon Friis Vindum
287a8717a8 Rust: Apply suggestions from code review 
Co-authored-by: Tom Hvitved <hvitved@github.com>
 2026-02-11 12:19:22 +01:00
Philip Ginsbach-Chen
9ed22610a3 Merge pull request #21306 from github/ginsbach/avoid-nontrivially-shadowing-toString 
Avoid non-trivially shadowing `string.toString()`
 2026-02-11 11:03:07 +00:00
Tom Hvitved
36c3084435 Merge pull request #21305 from hvitved/rust/type-inference-speedup 
Rust: Speedup `inferMethodCallTypeSelf`
 2026-02-11 11:03:06 +01:00
Tom Hvitved
37af38eed5 Merge pull request #21282 from hvitved/rust/path-resolution/type-inference-expectations 
Rust: Distinguish path resolution expectations from type inference expectations
 2026-02-11 11:00:28 +01:00
Tom Hvitved
89e9a253eb Rust: Distinguish path resolution expectations from type inference expectations 2026-02-11 10:33:41 +01:00
Simon Friis Vindum
2fa71f0c17 Rust: Add examples with associated type accessed on associated type 2026-02-11 09:10:21 +01:00
Simon Friis Vindum
2b10c8aef3 Rust: Fix gramar in qldoc 2026-02-11 09:09:34 +01:00
Michael Nebel
0ac1bc4c57 Merge pull request #21299 from microsoft/lwsimpkins/csharp-mad-httputility-upstream 
Update MaD for System.Web.HttpUtility
 2026-02-11 08:47:29 +01:00
Anders Schack-Mulligen
cfa62ae434 Merge pull request #21304 from aschackmull/java/deprecation-followup 
Java: Add delayed deprecation annotation.
 2026-02-11 08:40:01 +01:00