codeql

mirror of https://github.com/github/codeql.git synced 2026-05-14 11:19:27 +02:00

Author	SHA1	Message	Date
murderteeth	a6dba9eb25	Merge branch 'main' into js/vercel-node-framework	2026-04-25 14:19:43 -04:00
murderteeth	f15d53f3b9	Update javascript/ql/lib/change-notes/2026-04-12-vercel-node.md Co-authored-by: Asger F <asgerf@github.com>	2026-04-25 14:19:01 -04:00
Owen Mansel-Chan	0daefb778b	Merge pull request #21755 from github/workflow/coverage/update Update CSV framework coverage reports	2026-04-25 07:42:44 +01:00
github-actions[bot]	be8c35ad8c	Add changed framework coverage reports	2026-04-25 00:39:28 +00:00
Tom Hvitved	cbc12324bb	Merge pull request #21703 from hvitved/rust/type-inference-sibling Rust: Refine `implSiblings`	2026-04-24 12:36:51 +02:00
Owen Mansel-Chan	9fbe447428	Merge pull request #21749 from github/copilot/add-hibernate-sql-injection-tests Add Hibernate SQL injection sink models and coverage	2026-04-24 09:36:46 +01:00
Jeroen Ketema	ae89b2ee79	Merge pull request #21747 from jketema/join-order Fix two `QualifiedName` join orders	2026-04-24 08:05:24 +02:00
Mathias Vorreiter Pedersen	82c99a594d	Merge pull request #21750 from github/fix-join-in-assertions-in-ir C++: Fix join in `TranslatedAssertion::getVariable`	2026-04-23 17:25:15 +01:00
copilot-swe-agent[bot]	083909ee3b	Add Java change note for Hibernate sinks Agent-Logs-Url: https://github.com/github/codeql/sessions/41769e74-a435-4aaf-b5f7-92060f6cd84e Co-authored-by: owen-mc <62447351+owen-mc@users.noreply.github.com>	2026-04-23 14:10:29 +00:00
copilot-swe-agent[bot]	25d232b815	Model additional Hibernate query sinks Agent-Logs-Url: https://github.com/github/codeql/sessions/fc2c7f71-3493-4bf7-9136-34571a1d4b47 Co-authored-by: owen-mc <62447351+owen-mc@users.noreply.github.com>	2026-04-23 13:41:03 +00:00
Tom Hvitved	c64223ae56	Merge pull request #21748 from hvitved/shared/remove-deprecated Shared: Remove deprecated code	2026-04-23 14:44:17 +02:00
Anders Schack-Mulligen	cb21044900	Merge pull request #21744 from aschackmull/csharp/ssa C#: Replace BaseSSA classes with shared code.	2026-04-23 14:39:54 +02:00
Tom Hvitved	eee5b067b3	Merge pull request #21743 from hvitved/cfg/body-parts C#: Move handling of callables into shared control flow library	2026-04-23 14:10:46 +02:00
Mathias Vorreiter Pedersen	14efb4502b	C++: Fix join in getVariable.	2026-04-23 12:10:09 +01:00
Owen Mansel-Chan	bf960b8c76	Merge pull request #21652 from MarkLee131/fix/path-injection-torealpath Java: recognize Path.toRealPath() as path normalization sanitizer	2026-04-23 11:18:23 +01:00
copilot-swe-agent[bot]	081ad03b4b	Add Hibernate SQL injection sink tests Agent-Logs-Url: https://github.com/github/codeql/sessions/2e7aecca-63ea-489f-8b87-4cc557655919 Co-authored-by: owen-mc <62447351+owen-mc@users.noreply.github.com>	2026-04-23 10:04:52 +00:00
copilot-swe-agent[bot]	7b897add22	Initial plan	2026-04-23 09:50:34 +00:00
Owen Mansel-Chan	9f19791d8c	Merge branch 'main' into fix/path-injection-torealpath	2026-04-23 10:40:47 +01:00
Tom Hvitved	61f1ef877f	Swift: Remove deprecated references to deprecated shared code	2026-04-23 11:29:10 +02:00
Tom Hvitved	18da5f61cd	Ruby: Remove deprecated references to deprecated shared code	2026-04-23 11:29:04 +02:00
Tom Hvitved	14dd72b3b1	C#: Remove deprecated references to deprecated shared code	2026-04-23 11:28:33 +02:00
Tom Hvitved	90ae086822	Shared: Remove deprecated code	2026-04-23 11:24:14 +02:00
Tom Hvitved	1a84b2b555	CFG: Use dense ranking	2026-04-23 11:22:38 +02:00
Jeroen Ketema	076b020dc4	Fix two `QualifiedName` join orders Before on `StanfordLegion__legion` with `cpp/throwing-pointer`: ``` Pipeline standard for QualifiedName::Namespace.getQualifiedName/0#cbc0648a@7ff329j5 was evaluated in 2 iterations totaling 0ms (delta sizes total: 70). 162061 ~0% {2} r1 = JOIN `QualifiedName::Namespace.getQualifiedName/0#cbc0648a#prev_delta` WITH namespacembrs ON FIRST 1 OUTPUT Rhs.1, Lhs.1 70 ~2% {4} \| JOIN WITH namespaces ON FIRST 1 OUTPUT Lhs.0, _, Lhs.1, Rhs.1 70 ~0% {2} \| REWRITE WITH Tmp.1 := "::", Out.1 := (In.2 ++ Tmp.1 ++ In.3) KEEPING 2 70 ~0% {2} \| AND NOT `QualifiedName::Namespace.getQualifiedName/0#cbc0648a#prev`(FIRST 2) return r1 Pipeline standard for QualifiedName::Namespace.getAQualifierForMembers/0#132b16e1@cfd47189 was evaluated in 2 iterations totaling 3ms (delta sizes total: 85). 12 ~0% {2} r1 = JOIN `QualifiedName::Namespace.getAQualifierForMembers/0#132b16e1#prev_delta` WITH _#namespace_inlineMerge_#namespacembrsMerge#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1 162417 ~0% {2} r2 = JOIN `QualifiedName::Namespace.getAQualifierForMembers/0#132b16e1#prev_delta` WITH namespacembrs ON FIRST 1 OUTPUT Rhs.1, Lhs.1 73 ~1% {4} \| JOIN WITH namespaces ON FIRST 1 OUTPUT Lhs.0, _, Lhs.1, Rhs.1 73 ~0% {2} \| REWRITE WITH Tmp.1 := "::", Out.1 := (In.2 ++ Tmp.1 ++ In.3) KEEPING 2 85 ~0% {2} r3 = r1 UNION r2 85 ~0% {2} \| AND NOT `QualifiedName::Namespace.getAQualifierForMembers/0#132b16e1#prev`(FIRST 2) return r3 ``` After: ``` Pipeline standard for QualifiedName::Namespace.getQualifiedName/0#cbc0648a@91677d3f was evaluated in 2 iterations totaling 0ms (delta sizes total: 70). 70 ~0% {4} r1 = JOIN `QualifiedName::Namespace.getQualifiedName/0#cbc0648a#prev_delta` WITH _#namespacembrsMerge_1#antijoin_rhs_#namespacembrsMerge_10#join_rhs_#namespacesMerge#join_rhs ON FIRST 1 OUTPUT Rhs.1, _, Lhs.1, Rhs.2 70 ~0% {2} \| REWRITE WITH Tmp.1 := "::", Out.1 := (In.2 ++ Tmp.1 ++ In.3) KEEPING 2 70 ~0% {2} \| AND NOT `QualifiedName::Namespace.getQualifiedName/0#cbc0648a#prev`(FIRST 2) return r1 Pipeline standard for QualifiedName::Namespace.getAQualifierForMembers/0#132b16e1@3bbc99mb was evaluated in 2 iterations totaling 0ms (delta sizes total: 85). 12 ~0% {2} r1 = JOIN `QualifiedName::Namespace.getAQualifierForMembers/0#132b16e1#prev_delta` WITH _#namespace_inlineMerge_#namespacembrsMerge_1#antijoin_rhs__#namespacembrsMerge_#namespacembrsMerge___#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1 73 ~0% {4} r2 = JOIN `QualifiedName::Namespace.getAQualifierForMembers/0#132b16e1#prev_delta` WITH _#namespacembrsMerge_1#antijoin_rhs_#namespacesMerge__#namespacembrsMerge_#namespacembrsMerge_10#joi__#join_rhs ON FIRST 1 OUTPUT Rhs.1, _, Lhs.1, Rhs.2 73 ~1% {2} \| REWRITE WITH Tmp.1 := "::", Out.1 := (In.2 ++ Tmp.1 ++ In.3) KEEPING 2 85 ~0% {2} r3 = r1 UNION r2 85 ~0% {2} \| AND NOT `QualifiedName::Namespace.getAQualifierForMembers/0#132b16e1#prev`(FIRST 2) return r3 ```	2026-04-23 10:37:12 +02:00
Tom Hvitved	71fa2166ee	Apply suggestions from code review Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2026-04-22 17:06:31 +02:00
Owen Mansel-Chan	d6abd4c72d	Merge pull request #21745 from owen-mc/go/refactor-encryption-operation Go: refactor `EncryptionOperation`	2026-04-22 15:46:49 +01:00
Owen Mansel-Chan	57eaed4dcc	Refactor: remove fields from `EncryptionOperation` Co-authored-by: Copilot <copilot@github.com>	2026-04-22 13:37:35 +01:00
Tom Hvitved	6ebf4ee394	Java: Adapt to changes in CFG library	2026-04-22 14:11:58 +02:00
Tom Hvitved	39cd86a48e	C#: Move handling of callables into shared control flow library	2026-04-22 14:11:57 +02:00
Anders Schack-Mulligen	4b8e4b40af	C#: Fix test.	2026-04-22 14:00:13 +02:00
Tom Hvitved	e60275c4de	Rust: Refine `implSiblings` Consider two implementations of the same trait to be siblings when the type being implemented by one is an instantiation of the type being implemented by the other.	2026-04-22 13:32:56 +02:00
Anders Schack-Mulligen	b0c31badc2	C#: Bugfix for multi-body baseSsa entry defs.	2026-04-22 11:53:44 +02:00
Anders Schack-Mulligen	ae7904f0c8	C#: Fix BaseSSA caching.	2026-04-22 11:53:44 +02:00
Anders Schack-Mulligen	bbd60031b1	C#: Replace references to old BaseSSA classes.	2026-04-22 11:53:40 +02:00
Anders Schack-Mulligen	145d3242a6	C#: Instantiate shared SSA wrappers for BaseSSA.	2026-04-22 11:51:44 +02:00
Michael Nebel	bca51a986c	Merge pull request #21612 from michaelnebel/csharp/legacyasptaintedmember C#: Taint members of types in ASP.NET user context.	2026-04-22 09:28:27 +02:00
Owen Mansel-Chan	62f15d0166	Merge pull request #21742 from owen-mc/docs/fixes Docs: several minor fixes	2026-04-21 17:40:11 +01:00
Owen Mansel-Chan	b47afafe8e	Fix duplicated quotation mark	2026-04-21 14:53:11 +01:00
Owen Mansel-Chan	3a13f77058	Fix typo "passd" -> "passed"	2026-04-21 14:52:48 +01:00
Owen Mansel-Chan	424b7decb1	Fix wrong parameter name	2026-04-21 14:52:22 +01:00
Owen Mansel-Chan	91f9f23138	Fix wrong function name	2026-04-21 14:52:10 +01:00
Anders Schack-Mulligen	f912731cd4	Merge pull request #21565 from aschackmull/csharp/cfg2 C#: Replace CFG with the shared implementation	2026-04-21 15:50:38 +02:00
Owen Mansel-Chan	6efb21314a	Merge pull request #21523 from owen-mc/docs/mad/barriers Document models-as-data barriers and barrier guards and add change notes	2026-04-21 13:49:19 +01:00
Owen Mansel-Chan	c91b5b3c2e	Merge pull request #21650 from MarkLee131/fix/sensitive-log-fp-regex Java: reduce false positives in sensitive-log	2026-04-21 13:48:32 +01:00
Michael Nebel	8b93ce2747	C#: Add ASP.NET test case for a collection type.	2026-04-21 14:27:06 +02:00
Michael Nebel	2d6197fd7d	C#: Generalize ASP.NET taint members to collection types.	2026-04-21 14:27:03 +02:00
Michael Nebel	f826262f1d	C#: Re-factor CollectionType into an abstract class and introduce getElementType predicate.	2026-04-21 14:26:59 +02:00
Michael Nebel	1055084305	C#: Address review comments.	2026-04-21 13:40:07 +02:00
Michael Nebel	dc0e7d4988	C#: Add change-note.	2026-04-21 13:40:04 +02:00
Michael Nebel	8060d2ff24	C#: Streamline the implementation for ASP.NET Core tainted members.	2026-04-21 13:40:02 +02:00

1 2 3 4 5 ...

87113 Commits