hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,294 Commits 1,671 Branches 157 Tags
aa3000df1310b332ba1c84afec3bacb0aeb4dbbd
Commit Graph

83294 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Asger F
587ad5c600 JS: Refine criteria so that explicit this-passing is not affected 2025-10-06 11:43:18 +02:00
Asger F
4d33190241 JS: Restrict this-argument passing in API graphs 2025-10-06 11:42:36 +02:00
Asger F
84c788a027 JS: Add API graph test for explicit 'this' passing 2025-10-06 11:40:40 +02:00
idrissrio
a22ec2d9c6 Java: Accept new test results after extractor changes 2025-10-06 11:18:16 +02:00
idrissrio
f6b6a007b1 Java: Add integration tests for Maven 4 2025-10-06 11:18:15 +02:00
Simon Friis Vindum
1f2cca7d00 Merge pull request #20547 from paldepind/rust/function-as-lambda 
Rust: Handle functions as data flow lambdas
 2025-10-06 10:15:55 +02:00
REDMOND\brodes
9fa30a3884 Crypto: Updating algorithm string literals and key generation algorithm literal sources to include signatures. 2025-10-03 18:09:27 -04:00
REDMOND\brodes
9c5765a48c Crypto: Add missing string constants for signature algorithms. 2025-10-03 17:17:07 -04:00
REDMOND\brodes
66e9d7671d Crypto: Add jca unit tests. 2025-10-03 13:32:02 -04:00
REDMOND\brodes
f4fea6d635 Crypto: Fix consistency update with "other" vs "unknown" naming convetions for openssl. 2025-10-03 12:10:48 -04:00
REDMOND\brodes
f1eb6511a7 Crypto: Add modeling for JCA signatures. Make consistent use of "unknown" or "other" for unrecognized types. 2025-10-03 12:07:37 -04:00
Simon Friis Vindum
402d58bc3a Merge pull request #20553 from paldepind/rust-ruby/update-cargo-deps 
Rust, ruby: Update cargo dependencies
 2025-10-03 14:50:55 +02:00
Owen Mansel-Chan
ef1fe6cabc Add code owners for /shared/ 2025-10-03 10:40:45 +01:00
Anders Schack-Mulligen
2e9e357d7e Rangeanalysis: Fix a join-order. 2025-10-03 10:52:52 +02:00
Jeroen Ketema
7807804f4d Merge pull request #20573 from MathiasVP/fix-bad-magic-on-get-file 
C++: Fix bad magic on `Element.getFile`
 2025-10-03 01:21:32 +02:00
Owen Mansel-Chan
218c2a59eb Merge pull request #14751 from owen-mc/go/feature/use-use-flow 
Go: Switch from def-use flow to use-use flow
 2025-10-02 23:53:54 +01:00
REDMOND\brodes
a46bd4c4ca Crypto: JCA random number generation model. 2025-10-02 15:21:28 -04:00
REDMOND\brodes
507174e44f Crypto: Fix bug in MacOperationNode constructor with detecting if the operation is also used for signatures. 2025-10-02 15:20:59 -04:00
Geoffrey White
479e735e77 Rust: Mirror information from supported-versions-compilers.rst in system-requirements.rst. 2025-10-02 19:00:30 +01:00
Geoffrey White
fb738f2d02 Rust: Update creating-path-queries.rst. 2025-10-02 18:36:39 +01:00
Ben Rodes
e823d80f0c Merge branch 'main' into java_nonce_reuse_tests 2025-10-02 13:31:40 -04:00
Geoffrey White
3b1d6cd3d9 Rust: Add missing link (to existing doc). 2025-10-02 18:31:26 +01:00
Nicolas Will
cbe34f101b Merge pull request #19944 from bdrodes/signature_model_refactor 
Crypto: Refactor Model and signatures, fix models, add unit tests
 2025-10-02 19:30:46 +02:00
Geoffrey White
4ec18c8a79 Rust: Remove the experimental note in supported-frameworks.rst. 2025-10-02 18:21:52 +01:00
Nicolas Will
4901cdf929 Crypto: Refactor and change casts to super 2025-10-02 18:43:38 +02:00
Mathias Vorreiter Pedersen
bc0b87632d C++: Fix bad magic on Element.getFile when running on InconsistentCheckReturnNull.qll: 
Evaluated non-recursive predicate Element::Element.getFile/0#dispred#536cb5f3#bb@f6f5329i in 182326ms (size: 50437).
Evaluated relational algebra for predicate Element::Element.getFile/0#dispred#536cb5f3#bb@f6f5329i with tuple counts:
           2029351   ~0%    {2} r1 = SCAN `Expr::Expr.getLocation/0#dispred#0a3d90c6` OUTPUT In.1, In.0
           2029351   ~0%    {2}    | JOIN WITH `Location::Location.getStartLine/0#d54f9e6c` ON FIRST 1 OUTPUT Rhs.1, Lhs.1
           1168789   ~0%    {2}    | JOIN WITH `InconsistentCheckReturnNull::assertInvocation/2#b2a4c9e3_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1
        5533128288   ~0%    {3}    | JOIN WITH `Location::Location.getContainer/0#9edabfb6_10#join_rhs` ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Lhs.0
             50413   ~0%    {2}    | JOIN WITH `Element::Element.getLocation/0#dispred#6c3f5b09#bf` ON FIRST 2 OUTPUT Lhs.0, Lhs.2

              3043   ~0%    {2} r2 = JOIN `project#InconsistentCheckReturnNull::relevantFunctionCall/2#d18cd566` WITH `Expr::Expr.getLocation/0#dispred#0a3d90c6` ON FIRST 1 OUTPUT Rhs.1, Lhs.0

              3043   ~0%    {2} r3 = JOIN r2 WITH locations_default ON FIRST 1 OUTPUT Rhs.4, Lhs.1
              1945   ~3%    {2}    | JOIN WITH `InconsistentCheckReturnNull::assertInvocation/2#b2a4c9e3_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1
           9106248   ~2%    {3}    | JOIN WITH `Location::Location.getContainer/0#9edabfb6_10#join_rhs` ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Lhs.0
                 0   ~0%    {2}    | JOIN WITH `Element::Element.getLocation/0#dispred#6c3f5b09#bf` ON FIRST 2 OUTPUT Lhs.0, Lhs.2

              3043   ~0%    {3} r4 = JOIN r2 WITH locations_default ON FIRST 1 OUTPUT _, Lhs.1, Rhs.4
              3043   ~0%    {2}    | REWRITE WITH Tmp.0 := 1, Out.0 := (In.2 + Tmp.0) KEEPING 2
              2013   ~0%    {2}    | JOIN WITH `InconsistentCheckReturnNull::assertInvocation/2#b2a4c9e3_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1
           9621327   ~0%    {3}    | JOIN WITH `Location::Location.getContainer/0#9edabfb6_10#join_rhs` ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Lhs.0
                24   ~3%    {2}    | JOIN WITH `Element::Element.getLocation/0#dispred#6c3f5b09#bf` ON FIRST 2 OUTPUT Lhs.0, Lhs.2

             50437   ~0%    {2} r5 = r1 UNION r3 UNION r4
                            return r5
 2025-10-02 17:36:21 +01:00
Owen Mansel-Chan
f35d28de45 Change note for bug fix in go/unvalidated-url-redirection 2025-10-02 17:03:55 +01:00
Owen Mansel-Chan
cce44b1f54 Update change notes for api changes 2025-10-02 16:52:16 +01:00
Owen Mansel-Chan
4d4862899e Preserve old behaviour of Write.writesComponent 2025-10-02 16:50:18 +01:00
REDMOND\brodes
9673b81677 Crypto: Update JCA 'wihHmac" raw name to be the entire raw string, not just "Hmac" 2025-10-02 11:49:23 -04:00
REDMOND\brodes
704a06e1fa Crypto: Update JCA PBKDF2 modeling: 1) add further inheritance structures to make the inheritance decomposition and caveats clearer, and 2) use getConsumer to establish the hash and hmac consumer. Update the Model to expect hash node types specifically for HMAC getHashALgorithmOrUnknown. 2025-10-02 11:45:13 -04:00
Owen Mansel-Chan
d8891e34d1 Small improvement to go/unhandled-writable-file-close 2025-10-02 15:15:51 +01:00
REDMOND\brodes
850c1ec12d Crypto: Fix use of a member where a singleton set literal exists 2025-10-02 09:20:40 -04:00
REDMOND\brodes
b08533b322 Crypto: Fix missing output variable 2025-10-02 09:10:50 -04:00
REDMOND\brodes
c37b7c1389 Merge branch 'signature_model_refactor' of https://github.com/bdrodes/codeql into signature_model_refactor 2025-10-02 09:05:09 -04:00
REDMOND\brodes
38421cec94 Crypto: Missing casing fix for JCA classes 2025-10-02 09:04:23 -04:00
Ben Rodes
d251b3f9f7 Merge branch 'main' into signature_model_refactor 2025-10-02 09:02:34 -04:00
REDMOND\brodes
329a7dee1c Crypto: Fixing JCA class naming casing for PBKDF2 classes. 2025-10-02 09:02:17 -04:00
Tom Hvitved
b4c979f586 Merge pull request #20548 from hvitved/rust/macro-call-resolution 
Rust: Macro call resolution
 2025-10-02 14:54:10 +02:00
Jeroen Ketema
a34d6d484a Merge pull request #20485 from MathiasVP/use-shared-guards-library 
C++: Switch to the shared Guards library
 2025-10-02 14:19:49 +02:00
Owen Mansel-Chan
7fdda87b06 Fix go/impossible-interface-nil-check for separate post-update nodes 
When tracing back from nil checks on interfaces, ignore post-update
nodes. There will always be a corresponding pre-update node that
contains the information we want.
 2025-10-02 12:34:58 +01:00
Michael Nebel
b5aa972bd1 Merge pull request #20525 from michaelnebel/csharp/reducelocationtuples 
C#: Reduce location tuples.
 2025-10-02 12:32:35 +02:00
Michael Nebel
57efa05215 C#: Add change note. 2025-10-02 11:34:14 +02:00
Tom Hvitved
f8b104d174 Rust: Use doubleBoundedFastTC for resolving $crate paths 2025-10-02 11:22:56 +02:00
Philip Ginsbach
d889fa8d39 Merge pull request #20571 from github/ginsbach/MoreAnnotationDocs 
document `extensible` and `additional` in QL reference and spec
 2025-10-02 09:11:06 +01:00
Philip Ginsbach
a2d31be152 improve the wording based on PR review feedback 2025-10-02 09:02:20 +01:00
Michael Nebel
4f833ca7fe Merge pull request #20513 from ewillonermsft/systemwebhttprequest-test-stubs 
Add additional SystemWeb HttpRequset properties to C# test stubs
 2025-10-02 09:22:55 +02:00
Michael Nebel
191dae47fd C#: Add a stub for the System.Uri class for the CWE-611 test. 2025-10-01 14:44:54 -07:00
ewillonermsft
6f57e5a13e Merge branch 'main' into systemwebhttprequest-test-stubs 2025-10-01 14:33:09 -07:00
REDMOND\brodes
d49efefefa Crypto: Fix for non-monotonic recursion in JCA 2025-10-01 14:36:26 -04:00