hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-31 12:48:17 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,731 Commits 1,723 Branches 164 Tags
b83d4e010bfbe03c2da488a118d1fb7612d91a8f
Commit Graph

86731 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
b83d4e010b Merge pull request #21611 from MathiasVP/nsdmi-dataflow-3 
C++: Add dataflow through NSDMI
 2026-03-30 15:48:31 +01:00
Jeroen Ketema
095a9cbc73 Merge pull request #21588 from jketema/jketema/compiler-error-bmn 
C++: Silence `ExtractionRecoverableWarning`s when BMN is active
 2026-03-30 14:17:26 +02:00
Mathias Vorreiter Pedersen
5db069eb56 C++: Fix more consistency errors. 2026-03-30 12:08:08 +01:00
Óscar San José
9f27a5278f Merge pull request #21579 from github/post-release-prep/codeql-cli-2.25.1 
Post-release preparation for codeql-cli-2.25.1
 2026-03-30 12:47:59 +02:00
Mathias Vorreiter Pedersen
9247e6af0c C++: Add change note. 2026-03-30 11:30:17 +01:00
Mathias Vorreiter Pedersen
29768bbed4 Update cpp/ql/test/library-tests/dataflow/dataflow-tests/type-bugs.ql 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-03-30 11:26:24 +01:00
Mathias Vorreiter Pedersen
78c0c7cb76 C++: Exclude flow summaries from 'irTypeBugs'. 2026-03-30 11:04:42 +01:00
Mathias Vorreiter Pedersen
503c15334a C++: Accept test changes. 2026-03-30 11:03:52 +01:00
Mathias Vorreiter Pedersen
599b7a6653 C++: Handle fields in 'getThisType'. 2026-03-30 11:00:40 +01:00
Mathias Vorreiter Pedersen
9cb8edb41a C++: Change 'Function' to 'Declaration' in a few places to handle enclosing callables being fields. 2026-03-30 11:00:38 +01:00
Mathias Vorreiter Pedersen
eb35fa0d5e C++: Unify 'isSourceParameterOf' for this parameters with the implementation for positional parameters. 2026-03-30 11:00:37 +01:00
Jeroen Ketema
6692f23cbd C++: Add change note 2026-03-30 11:50:31 +02:00
Jeroen Ketema
8349bd50ba Merge pull request #21391 from jketema/jketema/nsdmi 
C++: Handle field initialization via NSDMI in IR generation
 2026-03-30 11:35:06 +02:00
Óscar San José
59eec7ffa2 Merge branch 'main' of https://github.com/github/codeql into post-release-prep/codeql-cli-2.25.1 2026-03-30 10:51:12 +02:00
github-actions[bot]
ce6e6d5db3 Post-release preparation for codeql-cli-2.25.1 2026-03-30 08:43:48 +00:00
Owen Mansel-Chan
898d12b0be Merge pull request #21608 from MarkLee131/fix/tainted-arithmetic-bounds-check-barrier 
Exclude bounds-check arithmetic from tainted-arithmetic sinks
 2026-03-29 22:47:20 +01:00
MarkLee131
e6adfbca77 Address review: update QLDoc comment and fix expected test output 
- Clarify that arithmeticUsedInBoundsCheck applies to if-condition
  comparisons, not all comparisons
- Update expected test line numbers to reflect added test calls
 2026-03-29 11:53:06 +08:00
Kaixuan Li
b595a70384 Update java/ql/lib/change-notes/2026-03-28-tainted-arithmetic-bounds-check.md 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-03-29 11:45:27 +08:00
Kaixuan Li
938039d82c Merge branch 'main' into fix/tainted-arithmetic-bounds-check-barrier 2026-03-29 10:25:39 +08:00
Kaixuan Li
f5cfc5e282 Update java/ql/test/query-tests/security/CWE-190/semmle/tests/ArithmeticTainted.java 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2026-03-29 10:25:10 +08:00
Owen Mansel-Chan
58218ee630 Merge pull request #21594 from MarkLee131/fix/add-ec-to-secure-algorithm-whitelist 
Add EC to secure algorithm whitelist for Java CWE-327 query
 2026-03-28 17:13:19 +00:00
Owen Mansel-Chan
2b8558706f Add sentence to change note. 2026-03-28 16:39:16 +00:00
Owen Mansel-Chan
ea9b99f67c Rephrase change note 2026-03-28 16:36:39 +00:00
MarkLee131
0c5e89a68e Exclude bounds-check arithmetic from tainted-arithmetic sinks 
The java/tainted-arithmetic query now recognizes when an arithmetic
expression appears directly as an operand of a comparison (e.g.,
`if (off + len > array.length)`). Such expressions are bounds checks,
not vulnerable computations, and are excluded via the existing
overflowIrrelevant predicate.

Add test cases for bounds-checking patterns that should not be flagged.
 2026-03-28 17:39:40 +08:00
MarkLee131
da4a2238bc Address PR review: add Signature.getInstance sink, HMAC/PBKDF2 whitelist, fix test APIs 
- Model Signature.getInstance() as CryptoAlgoSpec sink (previously only
  Signature constructor was modeled)
- Add HMAC-based algorithms (HMACSHA1/256/384/512, HmacSHA1/256/384/512)
  and PBKDF2 to the secure algorithm whitelist
- Fix XDH/X25519/X448 tests to use KeyAgreement.getInstance() instead of
  KeyPairGenerator.getInstance() to match their key agreement semantics
- Add test cases for SHA384withECDSA, HMACSHA*, and PBKDF2WithHmacSHA1
  from user-reported false positives
- Update change note to document all additions
 2026-03-28 16:53:46 +08:00
MarkLee131
a9449cc991 Add EC to secure algorithm whitelist for Java CWE-327 query 2026-03-28 16:48:58 +08:00
Owen Mansel-Chan
a8b52acaa9 Merge pull request #21585 from github/copilot/convert-models-to-yml 
C++: Convert remaining CSV models to .model.yml and remove CSV model infrastructure
 2026-03-27 20:48:34 +00:00
Jeroen Ketema
0f8e39a236 C++: Silence ExtractionRecoverableWarnings when BMN is active 2026-03-27 13:42:44 +01:00
Owen Mansel-Chan
c07a814515 Add comments to converted MaD file 2026-03-27 11:23:33 +00:00
Mathias Vorreiter Pedersen
8fc914f636 Merge pull request #21591 from MathiasVP/restrict-pair-cand 
C++: Fix join orders in virtual dispatch computation
 2026-03-27 11:20:53 +00:00
Owen Mansel-Chan
7e1ad825c3 Fix model row with misaligned columns 
The original CSV had too many columns, and copilot cut off the last one, before adding the provenance column at the end.
 2026-03-27 11:17:15 +00:00
Owen Mansel-Chan
f897575d3f Update change note 2026-03-27 10:11:13 +00:00
Paolo Tranquilli
55b95d22e9 Merge pull request #21580 from github/dependabot/bazel/rules_shell-0.7.1 
Bump rules_shell from 0.6.1 to 0.7.1
 2026-03-27 11:08:39 +01:00
Michael Nebel
73360eefb3 Merge pull request #21452 from michaelnebel/csharp/expandedassignment 
C#: Remove expanded assignments.
 2026-03-27 09:18:55 +01:00
yoff
08e115056d Merge pull request #21519 from github/tausbn/python-port-no-alert-change 2026-03-27 08:44:28 +01:00
Michael Nebel
c4c363d4e5 Merge pull request #21589 from michaelnebel/csharp/updateintegrationtests 
C#: Update integration tests to use SDK 10.0.201.
 2026-03-26 19:51:22 +01:00
Mathias Vorreiter Pedersen
56153d583e C++: Switch to doublyBoundedFastTC when computing virtual dispatch edges and inline pairCand to avoid a giant tuple explosion. 2026-03-26 17:31:18 +00:00
Michael Nebel
1a4f333c4a C#: Update integration tests to use SDK 10.0.201. 2026-03-26 18:07:05 +01:00
Owen Mansel-Chan
8a99ef4531 Update csv model tests to use MaD 2026-03-26 16:44:58 +00:00
Owen Mansel-Chan
21ecf230ce Small tweaks 2026-03-26 16:39:10 +00:00
Óscar San José
7a4b88fadc Merge pull request #21586 from github/oscarsj/hotfix-2.25.1-base 
Release 2.25.1 preparations
codeql-cli/latest codeql-cli/v2.25.1 		2026-03-26 16:36:02 +01:00
Owen Mansel-Chan
de4fe6d25c Use inline expectations for query test 2026-03-26 15:27:17 +00:00
copilot-swe-agent[bot]
d69bcca687 Remove CSV model infrastructure from ExternalFlow.qll 
Remove SourceModelCsv, SinkModelCsv, SummaryModelCsv classes,
single-argument CSV predicates, CSV parsing in MadInput, and
CSV-specific validation checks. Simplify MadInput to only contain
the namespace separator. Convert test models to .ext.yml format.

Agent-Logs-Url: https://github.com/github/codeql/sessions/89ff81fe-5585-446d-99e2-6fe6966495c5

Co-authored-by: owen-mc <62447351+owen-mc@users.noreply.github.com>
 2026-03-26 15:07:39 +00:00
Óscar San José
fe565baf06 Apply suggestions from code review 
Co-authored-by: Óscar San José <oscarsj@github.com>
 2026-03-26 15:54:35 +01:00
Owen Mansel-Chan
64a52ba07f Update test that uses zmq models 2026-03-26 14:53:33 +00:00
Óscar San José
a5be35170b Missing file 2026-03-26 15:26:16 +01:00
Owen Mansel-Chan
6769f08f93 Remove blank line at end of file 2026-03-26 14:10:15 +00:00
Tom Hvitved
c66679c03b Merge pull request #21564 from hvitved/rust/type-inference-additional-constraints 
Rust: Take additional type parameter constraints into account
 2026-03-26 14:38:06 +01:00
Michael Nebel
41bb349a9b C#: Improve the downgrade script. 2026-03-26 14:34:54 +01:00
Óscar San José
805c2c3c3c Merge remote-tracking branch 'origin/codeql-cli-2.25.1' into oscarsj/hotfix-2.25.1-base 2026-03-26 14:29:44 +01:00