hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,686 Commits 1,673 Branches 157 Tags
c2ebdf5266a900b27c8b439d58cce99a2ea52eee
Commit Graph

78686 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Owen Mansel-Chan
c2ebdf5266 Change query id to go/html-template-escaping-bypass-xss 2025-05-01 15:39:20 +01:00
Owen Mansel-Chan
1926ffd450 Convert XSS tests to use inline expectations 2025-05-01 15:39:19 +01:00
Owen Mansel-Chan
1530ac123c Update path in qlref and update test results 2025-05-01 15:39:17 +01:00
Owen Mansel-Chan
5bce70f78c Move files out of experimental (no changes) 2025-05-01 15:39:15 +01:00
yoff
d7e6e1dd66 Merge pull request #19432 from yoff/python/model-http-server-header-write 
python: model `send_header` from `http.server`
 2025-05-01 15:34:05 +02:00
Taus
481adcea0a Merge pull request #18449 from github/tausbn/misc-add-script-for-calculating-mrva-totals 
Misc: Add script for calculating totals for a MRVA run
 2025-05-01 15:17:19 +02:00
Owen Mansel-Chan
e0549483fd Merge pull request #19429 from owen-mc/fix-cwe-tags-missing-leading-zero 
Fix cwe tags to include leading zero
 2025-05-01 14:09:54 +01:00
Nick Rolfe
817237ce54 Merge pull request #19441 from github/nickrolfe/mergeback-2.21.2 
Merge back 2.21.2 release branch
 2025-05-01 11:55:29 +01:00
Napalys Klicius
6ba0dc20a3 Merge pull request #19439 from Napalys/js/fastify-all 
JS: Modeling of `fastify`
 2025-05-01 12:11:52 +02:00
Owen Mansel-Chan
0863c87572 Add change notes 2025-05-01 10:33:24 +01:00
Napalys Klicius
68a9dd9f9e Address comments 2025-05-01 11:19:41 +02:00
Tom Hvitved
1770f568a2 Merge pull request #19367 from hvitved/rust/type-inference-try-expr 
Rust: Type inference for `?` expressions
 2025-05-01 10:27:49 +02:00
Nick Rolfe
20f7781d9f Merge pull request #19437 from adityasharad/docs/fix/2.21.0-escaping 
Docs: Fix escaping in 2.21.0 changelog
 2025-05-01 09:27:41 +01:00
Nick Rolfe
005a27bff9 Merge pull request #19436 from adityasharad/actions/ga-change-note 
Actions: Retroactively add GA changenote
codeql-cli/v2.21.2 		2025-05-01 09:21:15 +01:00
Simon Friis Vindum
bab84d03d1 Merge pull request #19419 from paldepind/rust-precise-implicit-deref-borrow 
Rust: Use type inference to insert implicit borrows and derefs
 2025-05-01 08:41:37 +02:00
Aditya Sharad
36199b3f06 Docs: Fix escaping in 2.21.0 changelog 
These break when the RST is processed.
Escape the backslashes and consistently add
inline code blocks.
 2025-04-30 16:40:36 -07:00
Aditya Sharad
6285c2e502 Actions: Retroactively add GA changenote 
This was manually added in the docs site at the time of 2.21.1 release and GA.
Include the change note in the relevant places so it remains
in future docs updates:
- codeql/actions-queries@0.5.4
- codeql/actions-all@0.4.7
- 2.21.1 changelog
 2025-04-30 16:24:22 -07:00
Tom Hvitved
a3c26b4bfe Rust: Type inference for ? expressions 2025-04-30 20:35:11 +02:00
Tom Hvitved
88075c4c8c Rust: Make manual tweaks to Copilot generated code 2025-04-30 20:35:10 +02:00
Tom Hvitved
51e70d0c3b Rust: Add Copilot generated test for ? operator expressions 2025-04-30 20:35:09 +02:00
Jeroen Ketema
359aa02602 Merge pull request #19410 from jketema/header-variant 
C++: Turn header variant tests that use PCH files into integration tests
 2025-04-30 20:10:30 +02:00
yoff
e63b38c515 python: add change note 2025-04-30 20:05:55 +02:00
yoff
cf45e771f3 python: remove copied comment 2025-04-30 20:01:43 +02:00
yoff
531f2a15a4 python: model send_header from http.server 2025-04-30 19:58:14 +02:00
Jeroen Ketema
3423a1072a C++: Address review comments 2025-04-30 19:10:35 +02:00
Owen Mansel-Chan
a9132c43d0 Fix incorrect CWE tags 2025-04-30 16:47:35 +01:00
Owen Mansel-Chan
cf614a596d Fix cwe tags to include leading zero 2025-04-30 16:43:03 +01:00
Simon Friis Vindum
c263d3faf9 Rust: Remove predicates unused after refactor 2025-04-30 17:39:22 +02:00
Tom Hvitved
302680cfb2 Merge pull request #19425 from hvitved/rust/type-inference-debug-predicates 
Rust: Add type inference debug predicates
 2025-04-30 17:03:05 +02:00
Jeroen Ketema
edd18dc052 C++: Address review comment 2025-04-30 16:23:06 +02:00
Jonas Jensen
c8e564b2ba Merge pull request #19416 from jbj/ruby-no-diff-informed-regex 
Ruby: disable diff-informed mode on regex queries
 2025-04-30 15:17:20 +02:00
Tom Hvitved
4f5b340278 Rust: Add type inference debug predicates 2025-04-30 15:12:58 +02:00
Tom Hvitved
389f15e670 Merge pull request #19362 from hvitved/rust/crate-extraction-workarounds 
Rust: Crate graph extraction workarounds
 2025-04-30 15:11:26 +02:00
Napalys Klicius
9624a413e4 Added change note 2025-04-30 14:57:00 +02:00
Napalys Klicius
71f1b82a56 Added support for fastify.all 2025-04-30 14:54:09 +02:00
Napalys Klicius
6d61766366 Added test case for fastify.all 2025-04-30 14:50:35 +02:00
Simon Friis Vindum
f584d22b53 Rust: Use type inference to insert implicit borrows and derefs 2025-04-30 14:43:51 +02:00
Asger F
8ebbfb198e Merge pull request #19412 from asgerf/js/promise-all 
JS: Better type-tracking through Promise.all()
 2025-04-30 14:19:12 +02:00
Jeroen Ketema
c7e4853c38 Merge pull request #19269 from jketema/non-second-level-limits 
C++: Do not limit second level scopes to the top-level
 2025-04-30 13:50:36 +02:00
Paolo Tranquilli
1c1ccdacb8 Merge pull request #19418 from github/redsun82/improve-codegen-codeql-requirement-message 
Codegen: make missing `codeql` error clearer
 2025-04-30 12:14:37 +02:00
Asger F
da5d799152 JS: Change note 2025-04-30 11:59:47 +02:00
Paolo Tranquilli
9958cc7784 Codegen: consider windows paths in local codeql binary heuristic 2025-04-30 11:43:03 +02:00
Paolo Tranquilli
ba89a5de6f Codegen: make missing codeql error clearer 2025-04-30 11:38:52 +02:00
Tom Hvitved
52bd99b852 Address review comments 2025-04-30 11:04:12 +02:00
Tom Hvitved
97532525d8 Rust: Crate graph extraction workarounds 2025-04-30 11:01:43 +02:00
Joe Farebrother
7106475033 Merge pull request #19411 from joefarebrother/python-qual-file-not-closed 
Python: Improve performance of FileNotClosed query by using an explicit fastTC
 2025-04-30 09:51:48 +01:00
Jonas Jensen
eb7cd3d221 Ruby: disable diff-informed mode on regex queries 
These queries were failing in `codeql test run --check-diff-informed`
because they can select locations inside the regex. Until that can be
fixed, diff-informed mode is disabled for these queries.
 2025-04-30 08:54:57 +02:00
Paolo Tranquilli
2c95f00432 Merge pull request #19414 from github/revert-19385-redsun82/update-rules-kotlin 
Revert "Bazel: update `rules_kotlin` to 2.1.3"
 2025-04-29 22:02:04 +02:00
Tom Hvitved
64145ab98a Merge pull request #19369 from hvitved/rust/crate-graph-self-param 
Rust: Extract `SelfParam`s from crate graph
 2025-04-29 21:23:27 +02:00
Napalys Klicius
6de38b1827 Merge pull request #19300 from Napalys/js/fastify 
JS: Added support for `fastify.addHook`
 2025-04-29 18:32:25 +02:00