hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 08:43:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,644 Commits 1,670 Branches 157 Tags
ce9c8e6e9fd41ef0967b13849bb6ae2183caf9ad
Commit Graph

82644 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ian Lynagh
ce9c8e6e9f Merge pull request #20447 from github/release-prep/2.23.1 
Release preparation for version 2.23.1
codeql-cli/v2.23.1 		2025-09-17 10:26:24 +01:00
github-actions[bot]
02a1b1efcb Release preparation for version 2.23.1 2025-09-16 14:14:42 +00:00
Asger F
7670a2bd77 Merge pull request #20375 from asgerf/js/promise-try 
JS: Support Promise.try and Array.prototype.with
 2025-09-16 14:44:07 +02:00
Jonas Jensen
eac8a79d49 Merge pull request #20420 from jbj/no-qll-deprecation 
Docs: remove 1-year deprecation period for QL libraries
 2025-09-16 14:18:36 +02:00
Napalys Klicius
97a11de1e3 Merge pull request #20435 from Napalys/js/promisification_modeling 
JS: Promisification library modeling and enhance flow
 2025-09-16 14:07:53 +02:00
Asger F
edf79a3730 JS: Change note 2025-09-16 13:53:31 +02:00
Michael Nebel
6d9e489e7c Merge pull request #20445 from michaelnebel/csharp/fixintegrationtest 
C#: Fix failing integration test after new version of `NewtonSoft.JSon` has been released.
 2025-09-16 13:38:55 +02:00
Tom Hvitved
a2d83274bc Merge pull request #20441 from geoffw0/fixrfquery 
Rust: Fix a minor issue with the test for rust/request-forgery
 2025-09-16 13:22:58 +02:00
Michael Nebel
8fbd720fe5 C#: Fix failing integration test after new version of NewtonSoft.JSon has been released. 2025-09-16 13:14:23 +02:00
Napalys Klicius
49ccb8ce2b JS: Simplify exist clause to use Promisify::PromisifyAllCall instead of DataFlow::SourceNode 2025-09-16 13:13:15 +02:00
Asger F
429c4eac96 JS: Add support for Array.prototype.with 
Note: This was authored by Copilot
 2025-09-16 13:06:59 +02:00
Asger F
ee78b7dc96 JS: Add support for Promise.try 2025-09-16 13:06:57 +02:00
Asger F
45eff3dac8 Merge pull request #20399 from asgerf/js/default-interop2 
JS: Refactor handling of ambiguous default imports
 2025-09-16 13:02:22 +02:00
Asger F
78bfdfd931 Merge pull request #20390 from asgerf/post-update-consistency 
DataFlow: Permit local flow between post-update nodes
 2025-09-16 13:00:29 +02:00
Mathias Vorreiter Pedersen
fa36d9f84e Merge pull request #20438 from MathiasVP/remove-antijoin-in-shared-guards 
Shared: Remove antijoin from `Guards.qll`
 2025-09-16 10:40:45 +01:00
Anders Schack-Mulligen
0ceb2f3f72 Merge pull request #20442 from aschackmull/csharp/default-tostring-enum 
C#: Exclude enum types as they don't inherit the default toString.
 2025-09-16 11:12:21 +02:00
Anders Schack-Mulligen
57e15b9a91 Merge pull request #20367 from aschackmull/shared/controlflow 
Shared/Java: Introduce a shared control flow reachability library and replace the Java Nullness implementation.
 2025-09-16 10:44:44 +02:00
Anders Schack-Mulligen
107d142b24 C#: Exclude enum types as they don't inherit the default toString. 2025-09-16 10:33:25 +02:00
Jeroen Ketema
6264f46970 Merge pull request #20440 from MathiasVP/converted-barrier-in-unbounded-write 
C++: Fix barrier in `cpp/unbounded-write`
 2025-09-16 10:19:21 +02:00
Geoffrey White
61faeef1d3 Rust: Pretty print models, so that the MaD IDs aren't reported raw / in continual flux. 2025-09-16 09:00:40 +01:00
Geoffrey White
5c33af32e3 Rust: Update .expected file. 2025-09-16 08:55:49 +01:00
Asger F
65102a073a Merge pull request #19770 from trailofbits/VF/async-package-improvements 
Improve data flow in the `async` package
 2025-09-16 08:55:52 +02:00
Asger F
f587273828 Merge pull request #19768 from trailofbits/VF/lodash-group-by 
Add lodash GroupBy as taint step
 2025-09-16 08:55:13 +02:00
Chris Smowton
c375f24598 Merge pull request #20423 from smowton/smowton/fix/length-comparison-off-by-one-fp 
JS: Recognise that a less-than test is as good as a non-equal test for mitigating off-by-one array access
 2025-09-15 18:24:45 +01:00
Napalys Klicius
278a1efb4b JS: Add change note 2025-09-15 18:21:45 +02:00
Mathias Vorreiter Pedersen
18c96fd7d4 Shared: Remove antijoin. 2025-09-15 17:12:23 +01:00
Ian Lynagh
9231119b07 Merge pull request #20437 from github/igfoo/tweak-release-note 
C++: Tweak a release note
 2025-09-15 16:39:51 +01:00
Mathias Vorreiter Pedersen
a4c845c418 C++: Fix barrier in 'cpp/unbounded-write'. 2025-09-15 16:34:05 +01:00
Ian Lynagh
cc72314219 C++: Tweak a release note 2025-09-15 16:26:32 +01:00
Ian Lynagh
7860857b55 Merge pull request #20434 from github/igfoo/fix-typo 
javascript: Fix spelling error in documentation
 2025-09-15 16:21:57 +01:00
Ian Lynagh
b797df6ad5 Merge pull request #20436 from github/igfoo/fix-typo-substract 
Csharp: Fix typo in LeapYear qhelp
 2025-09-15 16:21:26 +01:00
Napalys Klicius
3a75500f54 JS: Add modeling for call-me-maybe 2025-09-15 17:15:31 +02:00
Napalys Klicius
0d23ab07db JS: Add data flow modeling for promisified user-defined functions 2025-09-15 17:13:13 +02:00
Napalys Klicius
2c6db00cbc JS: Add modeling for util promisify* 2025-09-15 17:09:28 +02:00
Napalys Klicius
e002f2088f JS: Add modeling for es6-promisify 2025-09-15 17:04:34 +02:00
Napalys Klicius
35c75c00ba JS: Add modeling for @gar/promisify 2025-09-15 16:58:11 +02:00
Napalys Klicius
312471e9db JS: Add modeling for @google-cloud/promisify 2025-09-15 16:55:27 +02:00
Napalys Klicius
d37425ae3e JS: Treat promisify(obj).member as obj.member 2025-09-15 16:51:19 +02:00
Ian Lynagh
5cf052dec1 Csharp: Fix typo in LeapYear qhelp 
Corrects "add/substract" to "add/subtract" in the UnsafeYearConstruction.qhelp
file to improve clarity.
 2025-09-15 15:44:11 +01:00
Napalys Klicius
22b61852a1 JS: Add modeling for thenify-all 2025-09-15 16:31:14 +02:00
Napalys Klicius
d6a14e63ba JS: Add test cases for promisification libraries. 2025-09-15 16:21:12 +02:00
Ian Lynagh
d0091e1b3c javascript: Fix spelling error in documentation 
Corrects the spelling of "occurrences" in the Incomplete Multi-Character
Sanitization documentation to improve clarity.
 2025-09-15 14:53:22 +01:00
Simon Friis Vindum
78389c8897 Merge pull request #20133 from paldepind/rust/type-inference-blanket-impl 
Rust: Support blanket implementations
 2025-09-15 12:46:41 +02:00
Simon Friis Vindum
af49301332 Merge pull request #20381 from paldepind/rust/request-forgery-query 
Rust: Add basic request forgery query
 2025-09-15 12:46:23 +02:00
Geoffrey White
00f644888c Merge pull request #20426 from geoffw0/cookie2 
Rust: cookie and biscotti crypto query sinks
 2025-09-15 11:07:46 +01:00
Anders Schack-Mulligen
acb4d9f681 Shared: Copy some qldoc from Guards.qll 2025-09-15 11:41:23 +02:00
Simon Friis Vindum
35438294d1 Rust: Remove condition that always holds 2025-09-15 10:58:27 +02:00
Anders Schack-Mulligen
be39c4c0cd Shared: Minor precision improvement. 2025-09-15 10:38:49 +02:00
Simon Friis Vindum
875c7da87c Rust: Improve comments in type inference 2025-09-15 10:37:38 +02:00
Anders Schack-Mulligen
b308c5438f Java: Add a change note, and a minor ql comment. 2025-09-15 10:14:26 +02:00