4717 Commits

Author	SHA1	Message	Date
Owen Mansel-Chan	12bd709219	Merge pull request #21341 from owen-mc/rb/accept-mad-sanitizers ... Ruby: Accept MaD sanitizers for queries with MaD sinks and convert some existing sanitizers	2026-02-23 11:44:05 +00:00
Owen Mansel-Chan	1d6b8c5120	Use postprocessing queries for unrelated test ... Need to do this because the model numbering was changing. At the same time we may as well use inline expectations.	2026-02-18 13:49:53 +00:00
Owen Mansel-Chan	05d681fe19	Update taintstep test for models becoming MaD	2026-02-18 13:49:50 +00:00
Owen Mansel-Chan	f577e973bc	Update other test in same folder	2026-02-18 13:39:06 +00:00
Owen Mansel-Chan	1bff7a3eb8	Add change note	2026-02-17 22:29:35 +00:00
Owen Mansel-Chan	eb7f1989c7	Reinstate ql model for String#shellescape	2026-02-17 22:27:15 +00:00
Owen Mansel-Chan	de5470a85c	Add MaD barriers for Shellwords.escape and shellescape ... Note that this will only block flow for queries that use the kind `command-injection`.	2026-02-17 22:27:13 +00:00
Owen Mansel-Chan	b3681f7a0c	Model flow through Shellwords escape and shellescape	2026-02-17 22:27:11 +00:00
Owen Mansel-Chan	6294c3b3b8	Remove Shellwords sanitizer in ql ... Note that some sanitizers had no effect because flow through those functions wasn't modeled.	2026-02-17 22:27:10 +00:00
Owen Mansel-Chan	4aee99f0eb	Reinstate SQLite3 sanitizer in MaD	2026-02-17 22:27:08 +00:00
Owen Mansel-Chan	5df695bec9	Move SQLite3 flow model to MaD and remove ql sanitizer	2026-02-17 22:27:06 +00:00
Owen Mansel-Chan	1fa183ee2a	Improve Sqlite3 test	2026-02-17 22:27:04 +00:00
Owen Mansel-Chan	d4bb92b038	Reinstate Mysql2 sanitizer in MaD	2026-02-17 22:27:03 +00:00
Owen Mansel-Chan	3e4f42f8a3	Move Mysql2 flow model to MaD and remove ql sanitizer	2026-02-17 22:27:01 +00:00
Owen Mansel-Chan	fc429c1757	Improve Mysql2 test	2026-02-17 22:27:00 +00:00
Owen Mansel-Chan	1d7a39a093	Change how sql-injection barriers are accepted	2026-02-17 22:26:58 +00:00
Owen Mansel-Chan	3dc465f167	Accept MaD sanitizers for queries with MaD sinks	2026-02-17 12:48:36 +00:00
github-actions[bot]	b5898c5a30	Post-release preparation for codeql-cli-2.24.2	2026-02-16 17:07:45 +00:00
github-actions[bot]	ef04f927fb	Release preparation for version 2.24.2	2026-02-16 13:29:25 +00:00
Simon Friis Vindum	bf02e478fd	Rust: Comment out tests with parse errors	2026-02-12 14:49:09 +01:00
Simon Friis Vindum	218585b52a	Ruby: Add additonal tests with operators at the start of lines	2026-02-12 12:30:43 +01:00
Simon Friis Vindum	a27d20dbcd	Rust: Add test cases for binary operator at start of line	2026-02-12 09:31:59 +01:00
github-actions[bot]	73d06f26cb	Post-release preparation for codeql-cli-2.24.1	2026-02-02 14:04:26 +00:00
github-actions[bot]	0db542e9f0	Release preparation for version 2.24.1	2026-02-02 12:09:09 +00:00
Tom Hvitved	b974a84bef	Merge pull request #21051 from hvitved/shared/flow-summary-provenance-filtering ... Shared: Provenance-based filtering of flow summaries	2026-01-26 17:24:34 +01:00
Tom Hvitved	0f6bae0ae1	Add change notes	2026-01-26 12:40:22 +01:00
Tom Hvitved	c975ae5231	Ruby: Adapt to changes in FlowSummaryImpl	2026-01-26 12:40:14 +01:00
yoff	d05901ad3f	python/javascript/ruby: mark internal predicates	2026-01-22 17:30:24 +01:00
yoff	b08c972cc3	ruby: Add back sanitizer as MaD model	2026-01-22 17:30:24 +01:00
yoff	15980cb1da	ruby: remove sanitizer to be replaced by MaD model	2026-01-22 17:30:24 +01:00
yoff	3dbfb9fa4b	python: add machinery for MaD barriers ... and reinstate previously removed barrier now as a MaD row	2026-01-22 17:30:24 +01:00
Ian Lynagh	1fd60c7671	Ruby: Add up/downgrade scripts	2026-01-20 11:56:16 +00:00
Ian Lynagh	4b9c9e7a5a	Ruby: Regenerate dbscheme	2026-01-20 11:56:15 +00:00
github-actions[bot]	48475e66af	Post-release preparation for codeql-cli-2.24.0	2026-01-19 15:49:08 +00:00
github-actions[bot]	4142b9c4ce	Release preparation for version 2.24.0	2026-01-19 14:49:14 +00:00
Asger F	ff580410fe	Merge pull request #20733 from asgerf/js/incremental-api-graphs ... JS: Incremental API graph	2026-01-14 12:49:41 +01:00
Ian Lynagh	dcd0a69759	Merge remote-tracking branch 'upstream/main' into igfoo/mb	2026-01-13 01:01:35 +00:00
Asger F	869efb8a48	JS: Sync ApiGraphModels.qll	2026-01-07 11:05:41 +01:00
github-actions[bot]	2cb932cf5d	Post-release preparation for codeql-cli-2.23.9	2026-01-06 15:42:16 +00:00
Tom Hvitved	358339427b	Ruby: Fix bad join ... Before ``` Evaluated relational algebra for predicate Filters::Filters::FilterCall.getAnAction/0#dispred#9c0da667@85a4cbtp with tuple counts: 394650 ~2% {2} r1 = `__#Module::ModuleBase.getAMethod/0#dispred#56626ed3Merge_Module::ModuleBase.getModule/0#dispred#4f2c__#shared` AND NOT `_Filters::Filters::FilterCall.getExceptArgument/0#dispred#515c95c0__#Method::Method.getName/0#dispre__#antijoin_rhs`(FIRST 2) {2} | AND NOT `project#Filters::Filters::FilterCall.getOnlyArgument/0#dispred#f337e70f`(FIRST 1) 380366 ~0% {2} | SCAN OUTPUT In.1, In.0 29453 ~0% {2} r2 = JOIN `_#Module::ModuleBase.getAMethod/0#dispred#56626ed3Merge__#AST::AstNode.getEnclosingModule/0#dispred#__#shared` WITH project#ActionController::ActionControllerActionMethod#6db6f5e0 ON FIRST 1 OUTPUT Lhs.0, Lhs.1 366017 ~0% {2} r3 = JOIN `_#Module::ModuleBase.getAMethod/0#dispred#56626ed3Merge_Module::ModuleBase.getModule/0#dispred#4f2ca__#shared` WITH project#ActionController::ActionControllerActionMethod#6db6f5e0 ON FIRST 1 OUTPUT Lhs.0, Lhs.1 395470 ~0% {2} r4 = r2 UNION r3 395470 ~0% {3} | JOIN WITH `Method::Method.getName/0#dispred#2acbf239` ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Lhs.0 2227 ~0% {2} | JOIN WITH `Filters::Filters::FilterCall.getOnlyArgument/0#dispred#f337e70f` ON FIRST 2 OUTPUT Lhs.2, Lhs.0 382593 ~0% {2} r5 = r1 UNION r4 133735 ~4% {2} | JOIN WITH `project#ActionController::ActionControllerActionMethod.getARoute/0#dispred#9eb85e56` ON FIRST 1 OUTPUT Lhs.1, Lhs.0 540556870 ~2% {3} | JOIN WITH Filters::Filters::Filter#a42c5138 CARTESIAN PRODUCT OUTPUT Rhs.0, Lhs.0, Lhs.1 525979755 ~127% {3} | JOIN WITH `Filters::Filters::FilterImpl.getFilterCallable/0#dispred#451bf7d7` ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Rhs.1 {3} | REWRITE WITH TEST InOut.1 != InOut.2 525979755 ~407036% {2} | SCAN OUTPUT In.0, In.1 return r5 ``` After ``` Evaluated relational algebra for predicate Filters::Filters::FilterCall.getAnAction/0#91dba45c@74dfcepp with tuple counts: 1363 ~4% {2} r1 = JOIN `Filters::Filters::FilterCall.getAnActionCand/1#f053150d` WITH `Filters::Filters::FilterCall.getOnlyArgument/0#dispred#f337e70f` ON FIRST 2 OUTPUT Lhs.0, Lhs.2 140978 ~0% {3} r2 = `Filters::Filters::FilterCall.getAnActionCand/1#f053150d` AND NOT `Filters::Filters::FilterCall.getExceptArgument/0#dispred#515c95c0#fb`(FIRST 2) {3} | AND NOT `project#Filters::Filters::FilterCall.getOnlyArgument/0#dispred#f337e70f`(FIRST 1) 132372 ~3% {2} | SCAN OUTPUT In.0, In.2 133735 ~4% {2} r3 = r1 UNION r2 return r3 ```	2026-01-06 11:42:49 +01:00
github-actions[bot]	c00663766e	Release preparation for version 2.23.9	2026-01-05 11:57:06 +00:00
Óscar San José	d972af9ef8	Merge branch 'main' of https://github.com/github/codeql into oscarsj/mergeback-rc-3-20-into-main	2025-12-12 13:22:08 +01:00
github-actions[bot]	2854330759	Post-release preparation for codeql-cli-2.23.8	2025-12-08 15:49:10 +00:00
github-actions[bot]	66c51e979e	Release preparation for version 2.23.8	2025-12-08 14:38:23 +00:00
Óscar San José	bc6133de5c	Merge branch 'main' of https://github.com/github/codeql into oscarsj/merge-back-rc-3.20	2025-12-05 19:31:47 +01:00
Anders Schack-Mulligen	78e1879c9e	Use more flowTo.	2025-12-03 14:12:08 +01:00
github-actions[bot]	085faa2bdb	Post-release preparation for codeql-cli-2.23.7	2025-12-02 16:39:43 +00:00
github-actions[bot]	a045b317ac	Release preparation for version 2.23.7	2025-12-02 15:31:27 +00:00
github-actions[bot]	19a13467e0	Release preparation for version 2.23.7	2025-12-01 16:07:37 +00:00
Felicity Chapman	caf6b950ac	Remove trailing periods from @name metadata in query files ... Fixed 73 .ql query files where the @name metadata contained an ending period. This ensures consistency with the CodeQL query metadata style guidelines.	2025-11-26 14:29:51 +00:00