hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-28 21:03:50 +01:00
Code Issues Packages Projects Releases Wiki Activity
81,305 Commits 1,697 Branches 161 Tags
92a730c9acd6397cfa01db80eef56f72b762df73
Commit Graph

81305 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
92a730c9ac C++: Add a false positive. 2025-07-22 18:35:21 +01:00
Nick Rolfe
96a32c0179 Merge pull request #20103 from github/post-release-prep/codeql-cli-2.22.2 
Post-release preparation for codeql-cli-2.22.2
 2025-07-22 06:01:34 -04:00
github-actions[bot]
deb035cf4e Post-release preparation for codeql-cli-2.22.2 2025-07-22 09:36:07 +00:00
Nick Rolfe
0b7111b867 Merge pull request #20100 from github/release-prep/2.22.2 
Release preparation for version 2.22.2
 2025-07-22 04:55:58 -04:00
Nick Rolfe
74cd982aca Tweak changenotes 2025-07-22 09:51:52 +01:00
Simon Friis Vindum
79cc7318ba Merge pull request #20096 from paldepind/rust/path-resolution-associated-type-fix 
Rust: Path resolution associated type fix
 2025-07-22 10:12:07 +02:00
github-actions[bot]
c8632b70b7 Release preparation for version 2.22.2 2025-07-21 16:45:45 +00:00
Nick Rolfe
05572b49de Merge pull request #20099 from github/nickrolfe/revert-2.22.2-prep 
Revert post-release preparation for codeql-cli-2.22.2
 2025-07-21 10:58:49 -04:00
Nick Rolfe
ad9b637bec Revert "Merge pull request #19994 from github/post-release-prep/codeql-cli-2.22.2" 
This reverts commit e5b4a15e35, reversing
changes made to 33e63109bb.
 2025-07-21 15:18:59 +01:00
Simon Friis Vindum
ad5c5acae5 Merge pull request #20094 from paldepind/rust/type-inference-path-mention 
Rust: Refactor `PathTypeMention`
 2025-07-21 14:00:20 +02:00
Owen Mansel-Chan
472a6b5fe1 Merge pull request #20018 from owen-mc/java/snakeyaml-safe-unsafe-deserialization 
Java: Update qhelp: SnakeYaml is safe from version 2.0
 2025-07-21 12:22:36 +01:00
Simon Friis Vindum
28850460b2 Rust: Accept test changes 2025-07-21 12:07:08 +02:00
Anders Schack-Mulligen
d5cdfc673e Merge pull request #20092 from aschackmull/java/joinorder2 
Java: Improve more join-orders
 2025-07-21 11:27:14 +02:00
Nora Dimitrijević
fbee6bbe21 Merge pull request #20077 from d10c/d10c/diff-informed-phase-3-java 
Java: Diff-informed queries: phase 3 (non-trivial locations)
 2025-07-21 11:23:12 +02:00
Simon Friis Vindum
8ebebf03c2 Rust: Add type inference test with associated type that collides with type parameter 2025-07-21 10:11:41 +02:00
Simon Friis Vindum
ac6715fb3a Rust: Avoid mixing up type parameters and associated types in path resolution 2025-07-21 10:07:41 +02:00
Simon Friis Vindum
71a5e410d7 Rust: Add path resolution test 2025-07-21 09:59:12 +02:00
Anders Schack-Mulligen
937e3dc469 Merge pull request #20091 from aschackmull/java/fix-cfg-cp-assert 
Java: Fix accidental CP in CFG for asserts.
 2025-07-21 09:07:19 +02:00
Simon Friis Vindum
441cefd0bd Rust: Accept test changes 2025-07-21 08:34:16 +02:00
Simon Friis Vindum
27e5251285 Rust: Add resolveRootType predicate instead of using resolveType recursively 2025-07-19 13:57:31 +02:00
Simon Friis Vindum
804ffdb682 Rust: Split PathTypeMention into an alias and a non-alias subclass 2025-07-19 13:43:56 +02:00
Simon Friis Vindum
0e8c137a98 Rust: Only include paths as type mentions when they're used as such 
On databend this changes the number of `PathTypeMention`s from 3,777,464 to 3,330,024. Not a huge difference, but there's also downstream predicates that are reduced as well.
 2025-07-19 11:57:13 +02:00
Simon Friis Vindum
620d228ffa Rust: Factor out getTypeMentionForTypeParameter 2025-07-19 08:41:38 +02:00
Anders Schack-Mulligen
46ebf503c7 Java: Improve join-order by controlling magic and breaking up TCs. 2025-07-18 16:13:11 +02:00
Anders Schack-Mulligen
ca8fe033d7 Java: Improve join by preventing ssa use-pair join. 2025-07-18 16:12:00 +02:00
Anders Schack-Mulligen
d64a9368d2 Merge pull request #20088 from aschackmull/java/joinorders1 
Java: Improve several join-orders
 2025-07-18 14:54:26 +02:00
Anders Schack-Mulligen
bc2e7d4e0d Java: Fix accidental CP in CFG for asserts. 2025-07-18 13:53:15 +02:00
Anders Schack-Mulligen
f6975117fe Merge pull request #20083 from aschackmull/java/prune-csrf-unprotected-request-type 
Java: Prune PathGraph for CsrfUnprotectedRequestType.ql
 2025-07-18 13:25:00 +02:00
Anders Schack-Mulligen
d9f47bdec9 Java: Improve join-order by properly annotating haveIntersection. 2025-07-18 11:48:50 +02:00
Anders Schack-Mulligen
7883124abd Java: getSourceDeclaration() and getASourceSupertype*() commute and this yields much better join-order. 2025-07-18 11:47:14 +02:00
Anders Schack-Mulligen
12732525b5 Java: Allow 2-column join on delta to improve join-order. 2025-07-18 11:45:45 +02:00
Michael Nebel
ededa3c006 Merge pull request #20087 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2025-07-18 08:34:04 +02:00
github-actions[bot]
2f84a4a5b5 Add changed framework coverage reports 2025-07-18 00:25:03 +00:00
Nora Dimitrijević
05df1d3cb9 [DIFF-INFORMED] Java: AndroidWebViewSettingsAllowsContentAccess 2025-07-17 19:02:15 +02:00
Nora Dimitrijević
24c28ed873 [DIFF-INFORMED] Java: UnsafeCertTrust 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-273/UnsafeCertTrust.ql#L21
 2025-07-17 19:02:13 +02:00
Nora Dimitrijević
ea4af8323c [DIFF-INFORMED] Java: TrustBoundaryViolation 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-501/TrustBoundaryViolation.ql#L18
 2025-07-17 19:02:09 +02:00
Nora Dimitrijević
7888dcbce2 [DIFF-INFORMED] Java: TempDirLocalInformationDisclosure 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql#L56
 2025-07-17 19:02:07 +02:00
Nora Dimitrijević
3785dbec9e [DIFF-INFORMED] Java: TaintedEnvironmentVariable 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-078/ExecTaintedEnvironment.ql#L22
 2025-07-17 19:02:05 +02:00
Nora Dimitrijević
b3b139bb02 [DIFF-INFORMED] Java: SqlConcatenated 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-089/SqlConcatenated.ql#L27
 2025-07-17 19:02:04 +02:00
Nora Dimitrijević
45b627df1d [DIFF-INFORMED] Java: SensitiveLogging 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-532/SensitiveInfoLog.ql#L20
 2025-07-17 19:02:02 +02:00
Nora Dimitrijević
bc0b383595 [DIFF-INFORMED] Java: MaybeBrokenCryptoAlgorithm 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql#L25
 2025-07-17 19:02:00 +02:00
Nora Dimitrijević
b688df9dec [DIFF-INFORMED] Java: LogInjection 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-117/LogInjection.ql#L20
 2025-07-17 19:01:58 +02:00
Nora Dimitrijević
2d734056b1 [DIFF-INFORMED] Java: InsecureLdapAuth 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-522/InsecureLdapAuth.ql#L21
 2025-07-17 19:01:56 +02:00
Nora Dimitrijević
74b37e71a0 [DIFF-INFORMED] Java: InsecureCookie 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql#L21
 2025-07-17 19:01:52 +02:00
Nora Dimitrijević
19e5c3d805 [DIFF-INFORMED] Java: ImproperValidationOfArray… 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexCodeSpecified.ql#L48
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionCodeSpecified.ql#L28
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql#L26
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql#L24
 2025-07-17 19:01:50 +02:00
Nora Dimitrijević
919fea53f0 [DIFF-INFORMED] Java: ExternallyControlledFormatString 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql#L24
 2025-07-17 19:01:34 +02:00
Nora Dimitrijević
1c6ecf1216 [DIFF-INFORMED] Java: UntrustedDataToExternalAPI 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql#L20
 2025-07-17 18:59:15 +02:00
Nora Dimitrijević
0cf1195678 [DIFF-INFORMED] Java: ConditionalBypass 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql#L26
 2025-07-17 18:59:14 +02:00
Nora Dimitrijević
0bcdb421ed [DIFF-INFORMED] Java: ArithmeticUncontrolled 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql#L36
 2025-07-17 18:59:11 +02:00
Nora Dimitrijević
54546f6e99 [DIFF-INFORMED] Java: ArithmeticTainted 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql#L35
 2025-07-17 18:59:09 +02:00