hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,500 Commits 1,671 Branches 157 Tags
aabbfce01014efcacc0bac1fc017634eed2de9da
Commit Graph

78500 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Aditya Sharad
aabbfce010 Actions: Exclude model-generator queries from query suites 
This change removes the model generator queries for Actions
sources/sinks/summaries from being run as part of the
`actions-security-and-quality.qls` query suite,
where they were accidentally included.

All languages will now exclude both `modelgenerator`
and `model-generator` tagged queries from their suites.
 2025-04-24 13:25:38 -07:00
Ian Lynagh
f9172ff493 Merge pull request #19368 from igfoo/igfoo/add-check-for-buildmode-none 
C++: Add exception for build-mode-none in various queries
 2025-04-24 20:30:09 +01:00
Jeroen Ketema
5920925041 Merge pull request #19363 from jketema/platform 
Update list of supported platforms
 2025-04-24 19:11:31 +02:00
Paolo Tranquilli
21170a1f6d Merge pull request #19370 from github/redsun82/go-remove-invalid-toolchain-diagnostic 
Go: remove invalid toolchain version diagnostics
 2025-04-24 17:32:34 +02:00
Jeroen Ketema
21c97085a1 Merge pull request #19361 from jketema/fieldflow 
Dataflow: Make default field flow branch limit configurable per language
 2025-04-24 16:45:49 +02:00
Jeroen Ketema
55a8a4444d Merge pull request #19365 from jketema/c23 
C++: Claim beta support for C23 and C++23
 2025-04-24 16:13:39 +02:00
Paolo Tranquilli
69b87a63b8 Go: remove invalid toolchain version diagnostics 
This diagnostic was introduced by https://github.com/github/codeql/pull/15979.
However in the meantime the Go team [has backtracked](https://github.com/golang/go/issues/62278#issuecomment-2062002018)
on their decision, which leads to confusing alerts for user (e.g. https://github.com/github/codeql-action/issues/2868).
Even using Go toolchains from 1.21 to 1.22 we weren't immediately able
to reproduce the problem that this diagnostics was meant to guard
against. Therefore it was deemed simpler to just remove it.

_En passant_ the `Makefile` now accepts `rtjo` not being set.
 2025-04-24 14:41:05 +02:00
Ian Lynagh
0cd859c559 C++: qlformat 2025-04-24 12:48:21 +01:00
Alexander Eyers-Taylor
ea83ecf802 Merge pull request #19327 from d10c/d10c/rtjo-csharp-jo-fix 
C#: Join order fix
 2025-04-24 12:34:22 +01:00
Ian Lynagh
063bff073b C++: Add checks for build mode in various queries 
Adds a check for the absence of build-mode-none in
    cpp/wrong-type-format-argument
    cpp/comparison-with-wider-type
    cpp/integer-multiplication-cast-to-long
    cpp/implicit-function-declaration
    cpp/suspicious-add-sizeof
 2025-04-24 12:15:31 +01:00
Jeroen Ketema
42c4252a3d C++: Claim beta support for C23 and C++23 
All features we can support, we currently do support.
 2025-04-24 11:44:16 +02:00
Jeroen Ketema
0357f3959b Update list of supported platforms 
I've effectively sync'ed this with the list of runners that are publicly
available. I did not yet add Windows 2025, as it is my understanding is that
we haven't really done any testing on that yet.
 2025-04-24 11:28:09 +02:00
Jeroen Ketema
46b21af3ef Dataflow: Make default field flow branch limit configurable per language 2025-04-24 11:02:49 +02:00
Jeroen Ketema
4093afbaab Merge pull request #19290 from jketema/typeof 
C++: Support C23 `typeof` and `typeof_unqual`
 2025-04-24 10:12:46 +02:00
Michael Nebel
17f58c90bd Merge pull request #19148 from michaelnebel/csharp/invalid-string-format 
C#: Improve `cs/invalid-string-formatting` and add to the Code Quality suite.
 2025-04-24 10:03:06 +02:00
Michael Nebel
65ac951964 C#: Remove all Sink tags after rebase. 2025-04-24 08:54:53 +02:00
Michael Nebel
dcf11c2d4b C#: Match up sources, alerts and sinks in the tests. 2025-04-24 08:54:51 +02:00
Michael Nebel
b6d2f14b9b C#: Add change note. 2025-04-24 08:54:49 +02:00
Michael Nebel
22ae3e7992 C#: Update string format item parameter expected test case. 2025-04-24 08:54:48 +02:00
Michael Nebel
f2dddd6d5c C#: Hide the abstract FormatMethod class. 2025-04-24 08:54:47 +02:00
Michael Nebel
6de5920172 C#: Update test expected output. 2025-04-24 08:54:45 +02:00
Michael Nebel
042c7e5186 C#: Generalize array logic to params collection like types. 2025-04-24 08:54:43 +02:00
Michael Nebel
930bb6b515 C#: Add FP for string.Format using params collection. 2025-04-24 08:54:42 +02:00
Michael Nebel
39abd5c004 C#: Update test expected output. 2025-04-24 08:54:40 +02:00
Michael Nebel
f31235db43 C#: Improve format logic to take CompositeFormat and generics into account. 2025-04-24 08:54:39 +02:00
Michael Nebel
11dffc6647 C#: Add more invalid-string-formatting testcases. 2025-04-24 08:54:37 +02:00
Michael Nebel
8fb5fe97aa C#: Update test expected output. 2025-04-24 08:54:36 +02:00
Michael Nebel
1d9d8780b3 C#: Remove some false positives and add more true positives for cs/invalid-string-format. 2025-04-24 08:54:34 +02:00
Michael Nebel
f73b7429c6 C#: Remove false positive example. 2025-04-24 08:54:33 +02:00
Michael Nebel
175e4ecb74 C#: Add more format testcases. 2025-04-24 08:54:31 +02:00
Michael Nebel
327ddb07a1 C#: Re-factor FormatMethod. 2025-04-24 08:54:30 +02:00
Michael Nebel
9cfd6e30b9 C#: Convert testing of cs/invalid-string-formatting to inline expectations and adjust some of the testcases. 2025-04-24 08:54:28 +02:00
Michael Nebel
68f93492b1 C#: Add cs/invalid-string-formatting to the codeql quality suite. 2025-04-24 08:54:27 +02:00
Michael Nebel
91f1183dfd Merge pull request #19354 from michaelnebel/csharp/matchlinenumbersonsinks 
Shared: Match line information on Alert and Sink locations.
 2025-04-24 08:53:01 +02:00
Jeroen Ketema
cad695868d C++: Add change note 2025-04-23 17:51:06 +02:00
Jeroen Ketema
0c313463b4 C++: Update stats file 2025-04-23 16:56:59 +02:00
Jeroen Ketema
a3e0c15c10 C++: Add upgrade and downgrade scripts 2025-04-23 16:56:57 +02:00
Jeroen Ketema
e97f9495d0 C++: Update expected test results 2025-04-23 16:56:56 +02:00
Jeroen Ketema
df3282c204 C++: Support C23 typeof and typeof_unqual 2025-04-23 16:56:47 +02:00
Michael Nebel
2e0ce44fde Javascript: Update test files. 2025-04-23 15:41:41 +02:00
Geoffrey White
37bcedcf11 Merge pull request #19353 from geoffw0/modelnoise2 
Rust: Remove unnecessary predicate.
 2025-04-23 12:34:40 +01:00
Tom Hvitved
4abdc13f79 Merge pull request #19193 from hvitved/rust/path-resolution-where-clause 
Rust: Take `where` clauses into account in path resolution
 2025-04-23 13:00:58 +02:00
Michael Nebel
617f4729d8 Shared: Match line information on Alert and Sink locations. 2025-04-23 12:35:17 +02:00
Mathias Vorreiter Pedersen
808141f7e8 Merge pull request #19295 from MathiasVP/cpp-add-mad-generation-library 
C++: Instantiate model generation library
 2025-04-23 11:32:16 +01:00
Geoffrey White
d6f1bd9792 Rust: Remove unnecessary predicate. 2025-04-23 11:24:29 +01:00
Mathias Vorreiter Pedersen
9e9a580d02 C++: Add MaD generation test with union content. 2025-04-23 11:11:17 +01:00
Mathias Vorreiter Pedersen
07d8f8dd0d C++: Add an empty model to prevent a warning. 2025-04-23 10:24:17 +01:00
Tom Hvitved
008dd3f4e3 Merge pull request #19272 from hvitved/ql4ql/qlref-inline-exp-kind-restrict 
QL4QL: Restrict `ql/qlref-inline-expectations` to `(path-)problem` queries
 2025-04-23 09:11:24 +02:00
Michael Nebel
62cb4bfd02 Merge pull request #19302 from michaelnebel/csharp/missing-access-control 
C#: Relax condition for authorize attributes on `cs/web/missing-function-level-access-control`.
 2025-04-23 09:09:32 +02:00
Tom Hvitved
959a79f995 Merge pull request #19345 from hvitved/shared/file-system-append-join-fix 
Shared: Fix join in `FileSystem.qll`
 2025-04-23 09:01:40 +02:00