codeql

mirror of https://github.com/github/codeql.git synced 2026-06-10 23:41:09 +02:00

Author	SHA1	Message	Date
Asger F	b60bf8c79f	Merge pull request #21950 from tonghuaroot/experimental-ssrf-ipv6-transition-js Add experimental query: SSRF host guard missing IPv6-transition unwrap (CWE-918/CWE-1389)	2026-06-10 21:42:54 +02:00
tonghuaroot (童话)	4c1a0058bf	Add SsrfIpv6TransitionIncompleteGuard.ql to not_included_in_qls.expected Fix the JS integration test failure flagged in review by listing the new experimental CWE-918 query in the expected not-included-in-qls suite, in sorted order.	2026-06-10 08:42:42 +08:00
Tom Hvitved	f5919875b7	Merge pull request #21941 from hvitved/python/content-approx Python: Implement `ContentApprox`	2026-06-09 15:46:04 +02:00
Owen Mansel-Chan	8d456df26f	Merge pull request #21960 from github/dependabot/go_modules/go/extractor/extractor-dependencies-28a04969f3 Bump golang.org/x/mod from 0.36.0 to 0.37.0 in /go/extractor in the extractor-dependencies group	2026-06-09 05:30:45 +01:00
dependabot[bot]	72fcf27d1a	Bump golang.org/x/mod Bumps the extractor-dependencies group in /go/extractor with 1 update: [golang.org/x/mod](https://github.com/golang/mod). Updates `golang.org/x/mod` from 0.36.0 to 0.37.0 - [Commits](https://github.com/golang/mod/compare/v0.36.0...v0.37.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-version: 0.37.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: extractor-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>	2026-06-09 03:03:37 +00:00
yoff	0cea01c22f	Merge pull request #21926 from github/yoff/python-simplify-decorator-predicates Python: simplify decorator-detection predicates to pure AST match	2026-06-08 22:04:33 +02:00
Anders Schack-Mulligen	a473565256	Merge pull request #21954 from aschackmull/cfg/consistency-child-idx Cfg: Add consistency check for relevant child indices.	2026-06-08 14:44:20 +02:00
Anders Schack-Mulligen	c47135a40b	Cfg: Add consistency check for relevant child indices.	2026-06-08 13:40:33 +02:00
Owen Mansel-Chan	3cbc8f0262	Merge pull request #21951 from github/workflow/go-version-update Go: Update to 1.26.4	2026-06-08 11:47:47 +01:00
Tom Hvitved	cc1ea25856	Python: Implement `ContentApprox`	2026-06-08 08:41:28 +02:00
github-actions[bot]	5a38cbd5d5	Go: Update to 1.26.4	2026-06-08 04:30:10 +00:00
tonghuaroot	e93bc11f6f	Add experimental JS query for SSRF guards missing IPv6-transition unwrap Add javascript/ssrf-ipv6-transition-incomplete-guard, an experimental @kind problem query that flags hand-rolled SSRF host guards which reject private/loopback IPv4 ranges but never unwrap IPv6-transition forms (IPv4-mapped ::ffff:, NAT64 64:ff9b::, 6to4 2002::). Such guards can be bypassed by wrapping an internal IPv4 address in a transition literal. Includes a .qhelp with good/bad examples, a change note, and a test pack with two true-positive fixtures (private-ip package guard and a hand-written RFC 1918 denylist) and two negative-control fixtures (ipaddr.js range classifier and an explicit ::ffff: unwrap). Signed-off-by: tonghuaroot <23011166+tonghuaroot@users.noreply.github.com>	2026-06-06 21:47:24 +08:00
Owen Mansel-Chan	cf6d94cf8a	Merge pull request #21324 from github/copilot/automate-go-version-updates-again Automate Go version updates via scheduled workflow	2026-06-06 03:03:03 +01:00
Owen Mansel-Chan	292fc8b777	Fix detection of failed text replacement I checked and the comment seems to be correct. Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>	2026-06-06 02:52:21 +01:00
Owen Mansel-Chan	a1759d9834	Use --force-with-lease for slightly improved safety Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>	2026-06-06 02:51:36 +01:00
Owen Mansel-Chan	6b74874372	Minor improvement to PR text	2026-06-06 02:32:43 +01:00
copilot-swe-agent[bot]	ef29d22c75	Update Go version workflow to include patch numbers in messages	2026-06-06 01:03:44 +00:00
Owen Mansel-Chan	1f91f915c7	Merge pull request #21888 from owen-mc/py/remove-imprecise-container-steps Python: Remove imprecise container steps #2	2026-06-04 22:16:24 +01:00
Jon Janego	ba8eebe2b5	Merge pull request #21948 from github/codeql-spark-run-26974832191 Update changelog documentation site for codeql-cli-2.25.6	2026-06-04 14:55:17 -05:00
github-actions[bot]	dc1409e5f4	update codeql documentation	2026-06-04 19:36:45 +00:00
Mario Campos	284f42bb9e	Merge pull request #21945 from github/codeql-spark-run-26947645690 Update changelog documentation site for codeql-cli-2.25.6	2026-06-04 13:09:04 -05:00
Henry Mercer	2f3524de74	Merge branch 'rc/3.22' into codeql-spark-run-26947645690	2026-06-04 16:01:11 +01:00
github-actions[bot]	b32573b060	update codeql documentation	2026-06-04 14:57:38 +00:00
Owen Mansel-Chan	cd2398aeea	Merge pull request #21936 from github/workflow/coverage/update Update CSV framework coverage reports	2026-06-04 12:45:21 +01:00
Sotiris Dragonas	d6892eaf0d	Merge pull request #21900 from github/bazookamusic/range-analysis-bound-move-to-shared Bound.qll - Replace utility for range analysis duplicate across java and cs with shared file	2026-06-04 12:45:11 +02:00
BazookaMusic	d2972cb53f	Add back alias for module	2026-06-04 11:08:49 +02:00
github-actions[bot]	5576d30780	Add changed framework coverage reports	2026-06-04 01:04:50 +00:00
Owen Mansel-Chan	da999ee440	Address review comments	2026-06-03 21:24:16 +01:00
Tom Hvitved	3da195f50f	Merge pull request #21918 from hvitved/rust/expose-resolution Rust: Add `Impl::getSelf()` and `Impl::getTrait()`	2026-06-03 20:18:05 +02:00
Henry Mercer	93a4b427e3	Merge pull request #21933 from github/post-release-prep/codeql-cli-2.25.6 Post-release preparation for codeql-cli-2.25.6	2026-06-03 16:57:48 +01:00
Tom Hvitved	0430c71318	Merge pull request #21922 from hvitved/rust/static-const-resolution Rust: Path resolution for `static` items	2026-06-03 17:48:21 +02:00
Owen Mansel-Chan	52f2a5825a	Merge pull request #21804 from github/copilot/add-tests-for-models Java: Update CWE-918 model coverage for Apache HttpClient `execute` sinks	2026-06-03 12:55:56 +01:00
Owen Mansel-Chan	d55ff83568	Merge pull request #21269 from owen-mc/go/improve-tests-for-varargs-flow Go: improve tests for varargs flow	2026-06-03 12:39:46 +01:00
BazookaMusic	f34275636c	No duplicate Ssa and remove release changenot	2026-06-03 11:54:24 +02:00
BazookaMusic	0a801440b9	review comments	2026-06-03 10:48:50 +02:00
Asger F	7edf0100cc	Merge pull request #21924 from asgerf/asgerf/yeast-changes Yeast: some fixes	2026-06-03 10:32:38 +02:00
Owen Mansel-Chan	167c837088	Merge pull request #21914 from owen-mc/shared/cfg/if-init Shared CFG: allow init stmts for IfStmt	2026-06-02 22:01:02 +01:00
Owen Mansel-Chan	6f2cc43f32	Remove imprecise model for `tuple()`	2026-06-02 21:59:48 +01:00
Owen Mansel-Chan	5042fdee84	Remove imprecise model for `list()`	2026-06-02 21:59:46 +01:00
Owen Mansel-Chan	04341c47bd	Tweak model for str.join	2026-06-02 21:59:44 +01:00
Tom Hvitved	af45e53e77	Rust: Rename parameter in DB upgrade script	2026-06-02 21:18:53 +02:00
Owen Mansel-Chan	b27d08ee32	Update edges in expected test output	2026-06-02 18:29:56 +01:00
Jeroen Ketema	d11fc3a00e	Merge pull request #21932 from jketema/jketema/vue JS: Add Vue to `file_coverage_languages` and `github_api_languages`	2026-06-02 17:53:25 +02:00
Owen Mansel-Chan	20ce679d61	Accept changed edges in test output No changes to alerts	2026-06-02 16:15:08 +01:00
Owen Mansel-Chan	f62ebef9e0	Adjust expected test output	2026-06-02 16:15:06 +01:00
Owen Mansel-Chan	c3ef1ddd64	Add MaD models for lxml and xml etree.fromstringlist	2026-06-02 16:15:01 +01:00
Owen Mansel-Chan	dede5bc49b	Track flow through `tuple()` with list with tainted elements	2026-06-02 16:14:59 +01:00
Owen Mansel-Chan	ad97b6dd64	Use access path for `str.join` model	2026-06-02 16:14:56 +01:00
Jeroen Ketema	9d5dfea5c5	JS: Add Vue to `file_coverage_languages` and `github_api_languages`	2026-06-02 16:57:51 +02:00
Tom Hvitved	dc0c7d7ec2	Fix `commment` typos	2026-06-02 14:41:27 +02:00

1 2 3 4 5 ...

87865 Commits