hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-23 18:33:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
86,052 Commits 1,693 Branches 161 Tags
8947f7afd8f08b32218631b10b2b2979ed6d54f4
Commit Graph

12052 Commits

Author SHA1 Message Date
Paolo Tranquilli
dfe451128e Merge branch 'main' into redsun82/bazel-9 2026-02-19 11:05:32 +01:00
github-actions[bot]
b5898c5a30 Post-release preparation for codeql-cli-2.24.2 2026-02-16 17:07:45 +00:00
github-actions[bot]
ef04f927fb Release preparation for version 2.24.2 2026-02-16 13:29:25 +00:00
Paolo Tranquilli
10a2824b82 refactor: migrate BUILD files to explicit rules_java imports 
Add explicit load statements for java_library and java_test from
@rules_java//java:defs.bzl in:
- javascript/extractor/BUILD.bazel
- javascript/extractor/test/com/semmle/js/extractor/test/BUILD.bazel
 2026-02-10 13:44:06 +01:00
github-actions[bot]
73d06f26cb Post-release preparation for codeql-cli-2.24.1 2026-02-02 14:04:26 +00:00
github-actions[bot]
0db542e9f0 Release preparation for version 2.24.1 2026-02-02 12:09:09 +00:00
Tom Hvitved
b974a84bef Merge pull request #21051 from hvitved/shared/flow-summary-provenance-filtering 
Shared: Provenance-based filtering of flow summaries
 2026-01-26 17:24:34 +01:00
Tom Hvitved
0f6bae0ae1 Add change notes 2026-01-26 12:40:22 +01:00
Tom Hvitved
93dad867cd JS: Adapt to changes in FlowSummaryImpl 2026-01-26 12:40:21 +01:00
yoff
d05901ad3f python/javascript/ruby: mark internal predicates 2026-01-22 17:30:24 +01:00
yoff
75bd4a7a12 javascript: add MaD model 
- consider if the model is in the right place
- consider if the barrier kind (sink kind) is the appropriate one
 2026-01-22 17:30:24 +01:00
yoff
da2f77d615 javascript: remove sanitizer to be replaced by model 2026-01-22 17:30:24 +01:00
yoff
3dbfb9fa4b python: add machinery for MaD barriers 
and reinstate previously removed barrier
now as a MaD row
 2026-01-22 17:30:24 +01:00
Ian Lynagh
a299174f4d javascript: Add up/downgrade scripts 2026-01-20 11:56:15 +00:00
Ian Lynagh
4140121e96 javascript: Use more standard shared dbscheme sections 
We now use the shared "Overlay support" and "Database metadata".
 2026-01-20 11:56:14 +00:00
github-actions[bot]
48475e66af Post-release preparation for codeql-cli-2.24.0 2026-01-19 15:49:08 +00:00
Nick Rolfe
1739e135f5 Fix list formatting inconsistency 2026-01-19 15:17:11 +00:00
github-actions[bot]
4142b9c4ce Release preparation for version 2.24.0 2026-01-19 14:49:14 +00:00
Asger F
bedb80346a Merge pull request #20940 from asgerf/js/detect-minified-files 
JS: Skip minified file if avg line length > 200
 2026-01-19 14:31:09 +01:00
Asger F
077bbb24ac Merge pull request #21159 from asgerf/js/vue-prop-function 
JS: Add support for props callbacks in Vue router configs
 2026-01-19 10:13:49 +01:00
Asger F
ff580410fe Merge pull request #20733 from asgerf/js/incremental-api-graphs 
JS: Incremental API graph
 2026-01-14 12:49:41 +01:00
Asger F
06cc323aee Update javascript/ql/src/change-notes/2025-12-05-skip-minified-files.md 
Co-authored-by: Taus <tausbn@github.com>
 2026-01-14 11:40:01 +01:00
Asger F
b47ae420ca Update javascript/ql/src/change-notes/2025-12-05-skip-minified-files.md 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-01-14 11:40:01 +01:00
Asger F
0eadebcabd Update javascript/extractor/src/com/semmle/js/extractor/FileExtractor.java 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-01-14 11:40:01 +01:00
Asger F
739ed4b3bb JS: Change note 2026-01-14 11:40:01 +01:00
Asger F
7ab52a81a7 JS: Add environment variable to opt out of the behaviour if needed 2026-01-14 11:40:01 +01:00
Asger F
2892ab61ae JS: Make sure a file is not seen as minified 2026-01-14 11:40:01 +01:00
Asger F
84f6b6f67a JS: Accept test change due to file no longer being extracted 2026-01-14 11:40:01 +01:00
Asger F
98c8b4c080 JS: Skip minified file if avg line length > 200 2026-01-14 11:40:01 +01:00
Asger F
e430aa97f3 Merge pull request #20916 from asgerf/js/next-folders2 
JS: Handle Next.js files named 'page' or 'route'
 2026-01-14 11:10:57 +01:00
Ian Lynagh
63f78e7609 Merge pull request #21156 from igfoo/igfoo/mb 
Merge rc/3.20 into main
 2026-01-13 12:11:37 +00:00
Asger F
9fa856f974 JS: Change note 2026-01-13 11:49:33 +01:00
Asger F
7cd820ea86 JS: Add support for props callbacks in router configs 2026-01-13 11:46:12 +01:00
Asger F
40c35341d1 JS: Add props to Vue router test case 2026-01-13 11:44:07 +01:00
Asger F
da9aafc3b0 JS: Also track additional use-steps crossing the overlay boundary 2026-01-13 10:54:16 +01:00
Asger F
ca52fe59e8 Merge pull request #20918 from asgerf/js/response-default-content-type 
JS: Handle default 'content-type' header in Response() objects
 2026-01-13 10:34:40 +01:00
Asger F
d2e6ae5e14 Update javascript/ql/lib/semmle/javascript/frameworks/Next.qll 
Co-authored-by: Napalys Klicius <napalys@github.com>
 2026-01-13 10:34:25 +01:00
Ian Lynagh
dcd0a69759 Merge remote-tracking branch 'upstream/main' into igfoo/mb 2026-01-13 01:01:35 +00:00
Asger F
cf0b77074f JS: Workaround forceLocal not supporting 'result' column 
A bug made it into the release which causes compilation errors when
forceLocal is used on a predicate with a result column.

This commit works around the issue by converting the result column
to a positional parameter, for the predicates that we use forceLocal on.

It should be safe to revert this commit once the compiler fix has made
it into a stable release.
 2026-01-07 11:05:41 +01:00
Asger F
e16cacd48d JS: Rename "in scope" to "in active file" 2026-01-07 11:05:41 +01:00
Asger F
87049bd07e Update javascript/ql/lib/semmle/javascript/ApiGraphs.qll 
Co-authored-by: Taus <tausbn@github.com>
 2026-01-07 11:05:41 +01:00
Asger F
56a6fe4c08 Update javascript/ql/lib/semmle/javascript/ApiGraphs.qll 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-01-07 11:05:41 +01:00
Asger F
d0dbc91aa9 Update javascript/ql/lib/semmle/javascript/ApiGraphs.qll 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-01-07 11:05:41 +01:00
Asger F
9721b4e0f5 JS: Fix bad join in export logic 2026-01-07 11:05:41 +01:00
Asger F
cae27c40be JS: Add a missing needsDefNode restriction 
Previously this was implied by MkClassInstance but that's no longer
the case.
 2026-01-07 11:05:41 +01:00
Asger F
369848a870 JS: Fix some QL4QL alerts 2026-01-07 11:05:41 +01:00
Asger F
97d369cf4e JS: Make API::Node overlay[local?] 
We want the type itself to be local but nearly all its member predicates
are global.
 2026-01-07 11:05:41 +01:00
Asger F
27e8bcb347 JS: Add back promisify-all support 
This was somehow lost in a rebase
 2026-01-07 11:05:41 +01:00
Asger F
8731eee10e JS: Work around an issue with overlay-invariance 2026-01-07 11:05:41 +01:00
Asger F
962c128f20 JS: Update test output to reflect Node.toString() change 2026-01-07 11:05:41 +01:00