hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-23 05:37:02 +02:00
Code Issues Packages Projects Releases Wiki Activity
88,153 Commits 1,785 Branches 169 Tags
7197cc56ddbd32f43bb128ddb8d09cc6c6ccf3e7
Commit Graph

88153 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Anders Schack-Mulligen
7197cc56dd Merge pull request #22014 from github/copilot/update-rescue-clause-exception-handling 
Ruby AST: preserve ExceptionList node in RescueClause for 2+ exceptions
 2026-06-22 13:28:29 +02:00
Anders Schack-Mulligen
48b0cbcf01 Merge pull request #22031 from github/copilot/tweak-csharp-extractor 
Extract `TypeMention` for `catch (Exception)` clauses
 2026-06-22 13:27:47 +02:00
Anders Schack-Mulligen
ac7ed0612d C#: Accept test change. 2026-06-22 13:00:55 +02:00
Jeroen Ketema
03187ae8be Merge pull request #22013 from jketema/swift/more-arguments 
Swift: Strip out more unknown clang arguments
 2026-06-22 12:35:36 +02:00
copilot-swe-agent[bot]
bd84fb31e1 Add regression for catch type mention extraction 2026-06-22 09:41:55 +00:00
copilot-swe-agent[bot]
4c9fa4dddc Emit catch type mentions without variables 2026-06-22 09:37:24 +00:00
Anders Schack-Mulligen
7d66ec0f39 Ruby: Clarify AST. 2026-06-22 11:14:53 +02:00
Idriss Riouak
568a147f77 Merge pull request #22007 from github/java-update-ferstl-depgraph-cves 
Java: update ferstl depgraph cves
 2026-06-22 10:08:05 +02:00
Sotiris Dragonas
d86ec1a4b4 Merge pull request #22012 from github/bazookamusic/js-prompt-injection-sinks 
JS Prompt Injection - Add some more sinks and reclassify legacy API
 2026-06-19 17:41:41 +03:00
Owen Mansel-Chan
b54d95d7c8 Merge pull request #21967 from github/copilot/conversion-of-codeql-queries 
Convert selected Python qlref tests to inline expectations
 2026-06-19 14:56:36 +01:00
Michael Nebel
a076ffcc9a Merge pull request #21996 from michaelnebel/csharp/fixpathcombineissues 
C#: Fix the `cs/path-combine` code quality issues in the extractor.
 2026-06-19 15:49:24 +02:00
Owen Mansel-Chan
f65d1e82cf Merge pull request #21554 from github/copilot/make-go-use-ssa-library 
Go: use shared SSA library (codeql.ssa.Ssa)
 2026-06-19 13:40:37 +01:00
Owen Mansel-Chan
27f6ffc00e Delete accidentally included text file 2026-06-19 13:24:06 +01:00
Owen Mansel-Chan
c9d45217d2 Fix order of comments in test 2026-06-19 13:23:52 +01:00
Jeroen Ketema
75328daf71 Swift: Match quotes 2026-06-19 13:55:19 +02:00
Anders Schack-Mulligen
6fbb572950 Ruby: Get rid of the change note. 2026-06-19 13:27:34 +02:00
Anders Schack-Mulligen
132b476acd Ruby: autoformat 2026-06-19 13:26:10 +02:00
copilot-swe-agent[bot]
65b4a4346b Add ExceptionList AST node for rescue clauses with 2+ exceptions 2026-06-19 13:26:06 +02:00
Owen Mansel-Chan
451fc2e4e7 Undo conversion for queries that import LegacyPointsTo 2026-06-19 12:22:42 +01:00
Owen Mansel-Chan
5497f2c5fe Convert Python qlref tests to inline expectations 2026-06-19 12:22:40 +01:00
Anders Schack-Mulligen
0834e640bb Ruby: Prepare qltest change by line renumbering. 2026-06-19 13:15:18 +02:00
Owen Mansel-Chan
1496fb6b12 Shared: allow comment starting with # after inline expectation comment 2026-06-19 11:20:30 +01:00
Sotiris Dragonas
38435fc3f2 Merge branch 'main' into bazookamusic/js-prompt-injection-sinks 2026-06-19 12:19:50 +03:00
Jeroen Ketema
b743ad9a49 Swift: Strip out more unknown clang arguments 2026-06-19 11:08:55 +02:00
Michael Nebel
03b525b689 C#: Handle the places where we could risk that Path.Combine would have thrown away the first argument. 2026-06-19 10:22:52 +02:00
Michael Nebel
f7b3f851e8 C#: Rename PathCombine to PathJoin. 2026-06-19 10:22:49 +02:00
Michael Nebel
131d4a0d81 C#: Fix the cs/path-combine code quality issues in the extractor. 2026-06-19 10:22:40 +02:00
Michael Nebel
2686026608 Merge pull request #21993 from michaelnebel/csharp/dropmono 
C#: Only use `nuget.exe` on Windows or machines with Mono.
 2026-06-19 09:53:04 +02:00
idrissrio
ebb74a56f6 Java: accept new test results 2026-06-19 09:38:16 +02:00
Owen Mansel-Chan
1d69c30ec1 Merge pull request #22010 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2026-06-19 03:26:14 +01:00
github-actions[bot]
65a3153066 Add changed framework coverage reports 2026-06-19 01:06:45 +00:00
Sotiris Dragonas
ea87f59480 JS: Add and reclassify prompt-injection sinks for AI SDKs 
Add missing system/user prompt-injection sinks across the OpenAI,
Anthropic, and Google GenAI JavaScript models:

- OpenAI videos.create/edit/extend/remix prompts (user)
- OpenAI beta.realtime.sessions.create instructions (system)
- Anthropic legacy completions.create prompt (user)
- Google GenAI caches.create config.systemInstruction (system)
- Google GenAI caches.create config.contents (user)

Also reclassify the OpenAI legacy completions.create prompt from
system-prompt-injection to user-prompt-injection: the legacy
/v1/completions endpoint takes a single free-form prompt with no role
separation, so it is the text-in/text-out equivalent of a user message.

Note: videos.remix takes the prompt in Argument[1] (remix(videoID, body)),
and Google GenAI caches.create nests both contents and systemInstruction
under config, so the model entries differ slightly from a naive mapping.

Add corresponding test cases with inline annotations and regenerate the
.expected files.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-06-18 17:32:10 +03:00
Owen Mansel-Chan
db5fac17bf Add QLDoc to MakeSsa to silence CI 2026-06-18 14:54:21 +01:00
Owen Mansel-Chan
fc06aa1a32 Update expected data flow consistency results 2026-06-18 14:54:19 +01:00
idrissrio
99fb3879b2 Java: update ferstl script 2026-06-18 15:43:30 +02:00
Henry Mercer
4e7e363067 Merge branch 'main' into copilot/make-go-use-ssa-library 2026-06-18 14:31:47 +01:00
Anders Schack-Mulligen
779309edb1 Merge pull request #21999 from aschackmull/cfg/parameter-pattern 
Cfg: Distinguish parameters from their patterns.
 2026-06-18 15:18:22 +02:00
Owen Mansel-Chan
2d34b0be1b Merge branch 'main' into copilot/make-go-use-ssa-library 2026-06-18 14:09:20 +01:00
Owen Mansel-Chan
8c07e95f05 Rename mayCapture to mayUpdateCapturedVariable 2026-06-18 12:41:25 +01:00
Owen Mansel-Chan
f04c8ccbc7 Use module already provided by BasicBlocks lib 2026-06-18 12:37:27 +01:00
Owen Mansel-Chan
7222f1d3ad Remove change note 2026-06-18 12:34:20 +01:00
Jeroen Ketema
5016fcb396 Merge pull request #21995 from jketema/jketema/tele 
Java: Update expected test results after extractor changes
 2026-06-18 12:51:29 +02:00
Michael Nebel
142a72c77b C#: Address review comments. 2026-06-18 12:48:09 +02:00
Owen Mansel-Chan
330e904449 Merge pull request #22004 from sauyon/go-model-log-slog 
Go: Model `log/slog` as a logging sink
 2026-06-18 11:20:08 +01:00
Anders Schack-Mulligen
f844cd3754 Java/C#: Adapt to signature change. 2026-06-18 11:00:30 +02:00
Anders Schack-Mulligen
3a3ec1be90 Cfg: Distinguish parameters from their patterns. 2026-06-18 11:00:30 +02:00
Michael Nebel
c747352f41 C#: Fix some code quality issues by replacing Path.Combine with Path.Join. 2026-06-18 08:28:58 +02:00
Michael Nebel
dfdd12190e C#: Rename NugetExeWrapper to PackagesConfigRestorer. 2026-06-18 08:28:56 +02:00
Michael Nebel
63057db753 C#: Only download and use nuget.exe in case of windows or mono is installed. 2026-06-18 08:28:54 +02:00
Michael Nebel
21f8caf153 C#: Re-factor the NugetExeWrapper, introduce an interface and a factory method for constructing package config restorers. 2026-06-18 08:28:51 +02:00