hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-12 05:01:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
85,678 Commits 1,690 Branches 160 Tags
83adf793e4bca2a0673dd0a50a67c6bd8fda3621
Commit Graph

85678 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Anders Schack-Mulligen
83adf793e4 Cfg: Fix compilation. 2026-02-04 15:28:37 +01:00
Anders Schack-Mulligen
2d61fc5309 Java: Add support for "View CFG". 2026-02-03 15:49:27 +01:00
Anders Schack-Mulligen
389cd5d648 Cfg: Extract CFG pretty-printing code. 2026-02-03 15:33:55 +01:00
Tom Hvitved
6fbf727309 Merge pull request #21251 from hvitved/rust/fix-bad-join 
Rust: Fix bad join
 2026-02-02 19:12:30 +01:00
Owen Mansel-Chan
e00390d23a Merge pull request #21224 from owen-mc/go/use-shared-basic-block-lib 
Go: Use shared basic block lib
 2026-02-02 16:31:06 +00:00
Henry Mercer
e712e62f14 Merge pull request #21250 from github/post-release-prep/codeql-cli-2.24.1 
Post-release preparation for codeql-cli-2.24.1
 2026-02-02 07:31:39 -08:00
Tom Hvitved
b16f1d3778 Rust: Fix bad join 
Before
```
Evaluated relational algebra for predicate _PathResolution::ImplItemNode.getTraitPath/0#dispred#3b7d1cb6_PathResolution::ImplOrTraitItemNode.ge__#shared@0d3de6d9 with tuple counts:
         395360270  ~2%    {5} r1 = JOIN Type::TAssociatedTypeTypeParameter#6da9e52a WITH `PathResolution::ImplItemNode.getTraitPath/0#dispred#3b7d1cb6` CARTESIAN PRODUCT OUTPUT Rhs.0, Lhs.0, Lhs.1, Lhs.2, Rhs.1
        1274237644  ~0%    {6}    | JOIN WITH `PathResolution::ItemNode.getASuccessor/1#8f430f71` ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Lhs.3, Lhs.4, Rhs.1, Rhs.2
        1274237644  ~0%    {6}    | JOIN WITH PathResolution::TraitItemNode#8d4ce62d ON FIRST 1 OUTPUT Lhs.0, Lhs.4, Lhs.1, Lhs.2, Lhs.3, Lhs.5
           6984871  ~0%    {5}    | JOIN WITH `PathResolution::ImplOrTraitItemNode.getAssocItem/1#f77bb9ed` ON FIRST 3 OUTPUT Lhs.2, Lhs.0, Lhs.3, Lhs.4, Lhs.5
           6984871  ~0%    {4}    | JOIN WITH TypeAlias::Generated::TypeAlias#1ca97780 ON FIRST 1 OUTPUT Lhs.4, Lhs.1, Lhs.2, Lhs.3
           6076675  ~0%    {4}    | JOIN WITH `TypeAlias::Generated::TypeAlias.getTypeRepr/0#dispred#5fd7e521` ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3
                           return r1
```

After
```
Evaluated relational algebra for predicate _PathResolution::ImplItemNode.getTraitPath/0#dispred#3b7d1cb6_PathResolution::ImplOrTraitItemNode.ge__#shared@760e0499 with tuple counts:
          443292  ~2%    {3} r1 = SCAN `PathResolution::ImplOrTraitItemNode.getAssocItem/1#f77bb9ed` OUTPUT In.0, In.2, In.1
            1258  ~1%    {3}    | JOIN WITH Type::TAssociatedTypeTypeParameter#6da9e52a ON FIRST 2 OUTPUT Lhs.2, Lhs.0, Rhs.2
        13656944  ~3%    {4}    | JOIN WITH `PathResolution::ItemNode.getASuccessor/1#8f430f71_102#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Rhs.2
         6984871  ~0%    {4}    | JOIN WITH `PathResolution::ImplItemNode.getTraitPath/0#dispred#3b7d1cb6` ON FIRST 1 OUTPUT Lhs.3, Lhs.1, Lhs.2, Rhs.1
         6076675  ~0%    {4}    | JOIN WITH `TypeAlias::Generated::TypeAlias.getTypeRepr/0#dispred#5fd7e521` ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3
                         return r1
```
 2026-02-02 15:26:32 +01:00
github-actions[bot]
73d06f26cb Post-release preparation for codeql-cli-2.24.1 2026-02-02 14:04:26 +00:00
Henry Mercer
fedb9464af Merge pull request #21248 from github/henrymercer/fix-mysql-typo 
Fix capitalization of MySQL
codeql-cli/latest codeql-cli/v2.24.1 		2026-02-02 05:33:39 -08:00
Simon Friis Vindum
8b03608a4f Merge pull request #21188 from paldepind/rust/self-path-assoc 
Rust: Implement type inference for associated types for concrete types
 2026-02-02 13:50:43 +01:00
Henry Mercer
1a6b2b9b82 Fix capitalization of MySQL 2026-02-02 12:37:32 +00:00
Henry Mercer
57c2208f7a Merge pull request #21246 from github/henrymercer/kotlin/version-range-formatting 
Fix formatting of Kotlin version ranges
 2026-02-02 04:30:52 -08:00
Henry Mercer
5f1fd57f84 Fix formatting of Kotlin version ranges 2026-02-02 12:22:50 +00:00
Henry Mercer
6b78313701 Merge pull request #21245 from github/release-prep/2.24.1 
Release preparation for version 2.24.1
 2026-02-02 04:12:14 -08:00
Henry Mercer
38fcc61817 Fix formatting in Kotlin changelog 2026-02-02 12:10:15 +00:00
github-actions[bot]
0db542e9f0 Release preparation for version 2.24.1 2026-02-02 12:09:09 +00:00
Tom Hvitved
4a04f7b66f Merge pull request #21243 from hvitved/csharp/insecure-object-tests 
C#: Add more tests for `InsecureDirectObjectReference.ql`
 2026-02-02 13:03:23 +01:00
Simon Friis Vindum
0567864a83 Rust: Make module private 
Co-authored-by: Tom Hvitved <hvitved@github.com>
 2026-02-02 12:57:26 +01:00
Simon Friis Vindum
18576838d4 Rust: Minor tweaks and improvements 2026-02-02 12:07:18 +01:00
Tom Hvitved
fe0634574d C#: Add more tests for InsecureDirectObjectReference.ql 2026-02-02 11:09:26 +01:00
Michael B. Gale
9a00c75460 Merge pull request #21236 from github/mbg/csharp/fix-registry-feeds 
C#: Make sure `allFeeds` contains at least `explicitFeeds`
 2026-02-02 07:49:33 +00:00
Owen Mansel-Chan
5204255615 Merge pull request #21234 from owen-mc/python/convert-sanitizers-to-mad 
Python: Allow models-as-data sanitizers
 2026-01-30 14:28:39 +00:00
Owen Mansel-Chan
0222159df5 Specify vulnerable args instead of safe ones 2026-01-30 14:10:03 +00:00
Michael B. Gale
454d13b485 Remove element check 2026-01-30 14:03:43 +00:00
Mathias Vorreiter Pedersen
16670511de Merge pull request #21239 from MathiasVP/logical-binary-fix-guards-cpp 
C++: Ensure that there are AST `GuardCondition`s for `||` and `&&`
 2026-01-30 13:50:55 +00:00
Michael B. Gale
ad2aa6d4f8 Accept expected diagnostic output 2026-01-30 13:38:50 +00:00
Michael B. Gale
3e0719609f Fix missing negation 2026-01-30 13:30:47 +00:00
Michael B. Gale
1aba0b20cd Add integration test 2026-01-30 13:19:47 +00:00
Michael B. Gale
1b5ed129ac Log and emit diagnostic if incorrectly named files are found 2026-01-30 13:19:46 +00:00
Mathias Vorreiter Pedersen
5f079c1d51 C++: Add change note. 2026-01-30 12:19:28 +00:00
Michael B. Gale
5ba3b679dd Move into if statement 2026-01-30 12:18:56 +00:00
yoff
8c0baefd3b Merge pull request #21141 from mbaluda/prompt-injection 
Python: Prompt injection in OpenAI clients
 2026-01-30 12:55:56 +01:00
Anders Peter Fugmann
78495035a6 Merge pull request #20965 from github/andersfugmann/kotlin_2.3.0-beta2 
Kotlin: Support Kotlin 2.3.0
 2026-01-30 11:37:19 +01:00
Owen Mansel-Chan
a3885cd8b2 Replace sanitizer by exclusion from sink definition 2026-01-30 09:28:02 +00:00
Owen Mansel-Chan
b4cb2c3f13 Make qldoc slightly more specific 2026-01-30 09:28:01 +00:00
Owen Mansel-Chan
ef6332c581 Allow MaD sanitizers for queries with MaD sinks 2026-01-30 09:27:59 +00:00
Owen Mansel-Chan
ad6f800022 Pretty print model numbers in tests 2026-01-30 09:21:24 +00:00
Owen Mansel-Chan
e5f52f086c Merge pull request #21235 from owen-mc/shared/docs/provenance-path-graph 
Shared: Add missing QLDocs
 2026-01-30 09:02:48 +00:00
Jon Janego
18a2aca42f Merge pull request #21237 from github/urllib-typo-fix 
Urllib typo fix
 2026-01-29 17:32:12 -06:00
yoff
e7a0fc7140 python: Add query for prompt injection 
This pull request introduces a new CodeQL query for detecting prompt injection vulnerabilities in Python code targeting AI prompting APIs such as agents and openai. The changes includes a new experimental query, new taint flow and type models, a customizable dataflow configuration, documentation, and comprehensive test coverage.
 2026-01-29 23:47:52 +01:00
Jon Janego
f14ccd8c81 Fix typo in taint flow model for urllib.parse 2026-01-29 16:21:14 -06:00
Jon Janego
e54d7c7c73 Update CHANGELOG.md 2026-01-29 16:20:25 -06:00
Jon Janego
813d4639ca Fix typo in taint flow model for urllib.parse 2026-01-29 16:18:21 -06:00
Michael B. Gale
76fe3fa502 C#: Make sure allFeeds contains at least explicitFeeds 2026-01-29 21:43:44 +00:00
Owen Mansel-Chan
8b936c5dbe Add missing QLDocs 2026-01-29 16:45:23 +00:00
Taus
34800d1519 Merge pull request #20945 from joefarebrother/python-websockets 
Python: Model remote flow sources for the `websockets` library
 2026-01-29 15:47:46 +01:00
Jon Janego
1644376cc9 Merge pull request #21222 from github/codeql-spark-run-21376405640 
Update changelog documentation site
 2026-01-29 08:44:11 -06:00
Mathias Vorreiter Pedersen
1b1c9c680c Merge pull request #21227 from MathiasVP/postfix-fix 
C++: Get rid of an ugly workaround in dataflow
 2026-01-29 12:25:02 +00:00
Mathias Vorreiter Pedersen
61a53fadc0 C++: Fix spelling. 2026-01-29 11:50:44 +00:00
Owen Mansel-Chan
2f29c905c3 Fix typo in change note 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-01-28 22:39:08 +00:00