hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-12 02:24:00 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,756 Commits 1,740 Branches 164 Tags
84c01bc255b549f9b34fece46a588c3e1205f6d6
Commit Graph

86756 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
84c01bc255 C++: Upgrade query precision. 2026-04-02 11:26:49 +01:00
Paolo Tranquilli
2d76b41293 Merge pull request #21628 from github/redsun82/vendor-picosha2 
Vendor `PicoSHA2` into LFS
 2026-04-01 15:24:41 +02:00
Paolo Tranquilli
9a1156dd62 Vendor PicoSHA2 into LFS 
The upstream repo (`okdshin/PicoSHA2`) is a personal GitHub account,
at risk of suspension — the same scenario that hit `rules_antlr`.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-01 14:31:01 +02:00
Mathias Vorreiter Pedersen
43d002e6b5 Merge pull request #21619 from MathiasVP/more-http-remote-flow-sources 
C++: Add flow sources from Windows' `http.h`
 2026-03-31 15:44:39 +01:00
Mathias Vorreiter Pedersen
16a7e39e95 C++: Fix pointer indirection. Currently, this does not have any effect because of a conflation bug in taint-tracking. 2026-03-31 15:26:15 +01:00
Jeroen Ketema
17ab87d1fc Merge pull request #21618 from jketema/meson-silence 
C++: Add heuristics for meson configuration files
 2026-03-31 15:24:22 +02:00
Mathias Vorreiter Pedersen
dc8dc61196 C++: Fix type name. 2026-03-31 13:54:30 +01:00
Mathias Vorreiter Pedersen
ab34bd232e C++: Add change note. 2026-03-31 11:30:43 +01:00
Mathias Vorreiter Pedersen
9e97e0433e C++: Accept test changes. 2026-03-31 11:30:41 +01:00
Mathias Vorreiter Pedersen
102221d0aa C++: Add lots of taint inheriting content related to '_HTTP_REQUEST'. 2026-03-31 11:30:39 +01:00
Mathias Vorreiter Pedersen
c6d1ec5f64 C++: Add examples that need taint inheriting content. 2026-03-31 11:30:37 +01:00
Mathias Vorreiter Pedersen
21ea7ebe40 C++: Model a few more remote flow sources from 'http.h' and accept test changes. 2026-03-31 11:30:35 +01:00
Mathias Vorreiter Pedersen
18a25c5071 C++: Add tests with missing flow sources. 2026-03-31 11:30:33 +01:00
Jeroen Ketema
ceec44b819 Apply suggestion from @Copilot 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-03-31 11:08:38 +02:00
Jeroen Ketema
d2839f4ee4 C++: Add change note 2026-03-31 11:02:40 +02:00
Anders Schack-Mulligen
2bde364bdd Merge pull request #21599 from aschackmull/csharp/constantcondition-simplify 
C#: Simplify the ConstantCondition query.
 2026-03-31 11:02:30 +02:00
Jeroen Ketema
5122f7cf92 C++: Add heuristics for meson configuration files 2026-03-31 11:02:26 +02:00
Jeroen Ketema
afd33e4dcd C++: Add test for meson configuration files 2026-03-31 10:23:51 +02:00
Anders Schack-Mulligen
29500c7eb7 C#: Add change note. 2026-03-31 09:38:45 +02:00
Anders Schack-Mulligen
2a54dce5cb C#: Remove redundant ConstantComparison.ql query. 2026-03-31 09:38:44 +02:00
Anders Schack-Mulligen
056be6d504 C#: Simplify the ConstantCondition query. 2026-03-31 09:38:44 +02:00
Anders Schack-Mulligen
71b38b71bf Merge pull request #21613 from aschackmull/csharp/consistent-cs-abbrev 
C#: Fix inconsistent casing of Cs/CS.
 2026-03-31 09:22:49 +02:00
Florin Coada
cd7bb54039 Merge pull request #21615 from github/codeql-spark-run-23750999202 
Update changelog documentation site for codeql-cli-2.25.1
 2026-03-30 16:09:14 +01:00
github-actions[bot]
3c78d8a737 update codeql documentation 2026-03-30 14:50:44 +00:00
Mathias Vorreiter Pedersen
b83d4e010b Merge pull request #21611 from MathiasVP/nsdmi-dataflow-3 
C++: Add dataflow through NSDMI
 2026-03-30 15:48:31 +01:00
Anders Schack-Mulligen
40366042a5 C#: Fix inconsistent casing of Cs/CS. 2026-03-30 15:24:32 +02:00
Jeroen Ketema
095a9cbc73 Merge pull request #21588 from jketema/jketema/compiler-error-bmn 
C++: Silence `ExtractionRecoverableWarning`s when BMN is active
 2026-03-30 14:17:26 +02:00
Mathias Vorreiter Pedersen
5db069eb56 C++: Fix more consistency errors. 2026-03-30 12:08:08 +01:00
Óscar San José
9f27a5278f Merge pull request #21579 from github/post-release-prep/codeql-cli-2.25.1 
Post-release preparation for codeql-cli-2.25.1
 2026-03-30 12:47:59 +02:00
Mathias Vorreiter Pedersen
9247e6af0c C++: Add change note. 2026-03-30 11:30:17 +01:00
Mathias Vorreiter Pedersen
29768bbed4 Update cpp/ql/test/library-tests/dataflow/dataflow-tests/type-bugs.ql 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-03-30 11:26:24 +01:00
Mathias Vorreiter Pedersen
78c0c7cb76 C++: Exclude flow summaries from 'irTypeBugs'. 2026-03-30 11:04:42 +01:00
Mathias Vorreiter Pedersen
503c15334a C++: Accept test changes. 2026-03-30 11:03:52 +01:00
Mathias Vorreiter Pedersen
599b7a6653 C++: Handle fields in 'getThisType'. 2026-03-30 11:00:40 +01:00
Mathias Vorreiter Pedersen
9cb8edb41a C++: Change 'Function' to 'Declaration' in a few places to handle enclosing callables being fields. 2026-03-30 11:00:38 +01:00
Mathias Vorreiter Pedersen
eb35fa0d5e C++: Unify 'isSourceParameterOf' for this parameters with the implementation for positional parameters. 2026-03-30 11:00:37 +01:00
Jeroen Ketema
6692f23cbd C++: Add change note 2026-03-30 11:50:31 +02:00
Jeroen Ketema
8349bd50ba Merge pull request #21391 from jketema/jketema/nsdmi 
C++: Handle field initialization via NSDMI in IR generation
 2026-03-30 11:35:06 +02:00
Óscar San José
59eec7ffa2 Merge branch 'main' of https://github.com/github/codeql into post-release-prep/codeql-cli-2.25.1 2026-03-30 10:51:12 +02:00
github-actions[bot]
ce6e6d5db3 Post-release preparation for codeql-cli-2.25.1 2026-03-30 08:43:48 +00:00
Owen Mansel-Chan
898d12b0be Merge pull request #21608 from MarkLee131/fix/tainted-arithmetic-bounds-check-barrier 
Exclude bounds-check arithmetic from tainted-arithmetic sinks
 2026-03-29 22:47:20 +01:00
MarkLee131
e6adfbca77 Address review: update QLDoc comment and fix expected test output 
- Clarify that arithmeticUsedInBoundsCheck applies to if-condition
  comparisons, not all comparisons
- Update expected test line numbers to reflect added test calls
 2026-03-29 11:53:06 +08:00
Kaixuan Li
b595a70384 Update java/ql/lib/change-notes/2026-03-28-tainted-arithmetic-bounds-check.md 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-03-29 11:45:27 +08:00
Kaixuan Li
938039d82c Merge branch 'main' into fix/tainted-arithmetic-bounds-check-barrier 2026-03-29 10:25:39 +08:00
Kaixuan Li
f5cfc5e282 Update java/ql/test/query-tests/security/CWE-190/semmle/tests/ArithmeticTainted.java 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2026-03-29 10:25:10 +08:00
Owen Mansel-Chan
58218ee630 Merge pull request #21594 from MarkLee131/fix/add-ec-to-secure-algorithm-whitelist 
Add EC to secure algorithm whitelist for Java CWE-327 query
 2026-03-28 17:13:19 +00:00
Owen Mansel-Chan
2b8558706f Add sentence to change note. 2026-03-28 16:39:16 +00:00
Owen Mansel-Chan
ea9b99f67c Rephrase change note 2026-03-28 16:36:39 +00:00
MarkLee131
0c5e89a68e Exclude bounds-check arithmetic from tainted-arithmetic sinks 
The java/tainted-arithmetic query now recognizes when an arithmetic
expression appears directly as an operand of a comparison (e.g.,
`if (off + len > array.length)`). Such expressions are bounds checks,
not vulnerable computations, and are excluded via the existing
overflowIrrelevant predicate.

Add test cases for bounds-checking patterns that should not be flagged.
 2026-03-28 17:39:40 +08:00
MarkLee131
da4a2238bc Address PR review: add Signature.getInstance sink, HMAC/PBKDF2 whitelist, fix test APIs 
- Model Signature.getInstance() as CryptoAlgoSpec sink (previously only
  Signature constructor was modeled)
- Add HMAC-based algorithms (HMACSHA1/256/384/512, HmacSHA1/256/384/512)
  and PBKDF2 to the secure algorithm whitelist
- Fix XDH/X25519/X448 tests to use KeyAgreement.getInstance() instead of
  KeyPairGenerator.getInstance() to match their key agreement semantics
- Add test cases for SHA384withECDSA, HMACSHA*, and PBKDF2WithHmacSHA1
  from user-reported false positives
- Update change note to document all additions
 2026-03-28 16:53:46 +08:00