hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-12 05:01:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
85,475 Commits 1,690 Branches 160 Tags
d05901ad3f84c529791275df2b64c52fd1797613
Commit Graph

4690 Commits

Author SHA1 Message Date
yoff
d05901ad3f python/javascript/ruby: mark internal predicates 2026-01-22 17:30:24 +01:00
yoff
b08c972cc3 ruby: Add back sanitizer as MaD model 2026-01-22 17:30:24 +01:00
yoff
15980cb1da ruby: remove sanitizer to be replaced by MaD model 2026-01-22 17:30:24 +01:00
yoff
3dbfb9fa4b python: add machinery for MaD barriers 
and reinstate previously removed barrier
now as a MaD row
 2026-01-22 17:30:24 +01:00
Ian Lynagh
1fd60c7671 Ruby: Add up/downgrade scripts 2026-01-20 11:56:16 +00:00
Ian Lynagh
4b9c9e7a5a Ruby: Regenerate dbscheme 2026-01-20 11:56:15 +00:00
github-actions[bot]
48475e66af Post-release preparation for codeql-cli-2.24.0 2026-01-19 15:49:08 +00:00
github-actions[bot]
4142b9c4ce Release preparation for version 2.24.0 2026-01-19 14:49:14 +00:00
Asger F
ff580410fe Merge pull request #20733 from asgerf/js/incremental-api-graphs 
JS: Incremental API graph
 2026-01-14 12:49:41 +01:00
Ian Lynagh
dcd0a69759 Merge remote-tracking branch 'upstream/main' into igfoo/mb 2026-01-13 01:01:35 +00:00
Asger F
869efb8a48 JS: Sync ApiGraphModels.qll 2026-01-07 11:05:41 +01:00
github-actions[bot]
2cb932cf5d Post-release preparation for codeql-cli-2.23.9 2026-01-06 15:42:16 +00:00
Tom Hvitved
358339427b Ruby: Fix bad join 
Before
```
Evaluated relational algebra for predicate Filters::Filters::FilterCall.getAnAction/0#dispred#9c0da667@85a4cbtp with tuple counts:
           394650       ~2%    {2} r1 = `__#Module::ModuleBase.getAMethod/0#dispred#56626ed3Merge_Module::ModuleBase.getModule/0#dispred#4f2c__#shared` AND NOT `_Filters::Filters::FilterCall.getExceptArgument/0#dispred#515c95c0__#Method::Method.getName/0#dispre__#antijoin_rhs`(FIRST 2)
                               {2}    | AND NOT `project#Filters::Filters::FilterCall.getOnlyArgument/0#dispred#f337e70f`(FIRST 1)
           380366       ~0%    {2}    | SCAN OUTPUT In.1, In.0

            29453       ~0%    {2} r2 = JOIN `_#Module::ModuleBase.getAMethod/0#dispred#56626ed3Merge__#AST::AstNode.getEnclosingModule/0#dispred#__#shared` WITH project#ActionController::ActionControllerActionMethod#6db6f5e0 ON FIRST 1 OUTPUT Lhs.0, Lhs.1

           366017       ~0%    {2} r3 = JOIN `_#Module::ModuleBase.getAMethod/0#dispred#56626ed3Merge_Module::ModuleBase.getModule/0#dispred#4f2ca__#shared` WITH project#ActionController::ActionControllerActionMethod#6db6f5e0 ON FIRST 1 OUTPUT Lhs.0, Lhs.1

           395470       ~0%    {2} r4 = r2 UNION r3
           395470       ~0%    {3}    | JOIN WITH `Method::Method.getName/0#dispred#2acbf239` ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Lhs.0
             2227       ~0%    {2}    | JOIN WITH `Filters::Filters::FilterCall.getOnlyArgument/0#dispred#f337e70f` ON FIRST 2 OUTPUT Lhs.2, Lhs.0

           382593       ~0%    {2} r5 = r1 UNION r4
           133735       ~4%    {2}    | JOIN WITH `project#ActionController::ActionControllerActionMethod.getARoute/0#dispred#9eb85e56` ON FIRST 1 OUTPUT Lhs.1, Lhs.0
        540556870       ~2%    {3}    | JOIN WITH Filters::Filters::Filter#a42c5138 CARTESIAN PRODUCT OUTPUT Rhs.0, Lhs.0, Lhs.1
        525979755     ~127%    {3}    | JOIN WITH `Filters::Filters::FilterImpl.getFilterCallable/0#dispred#451bf7d7` ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Rhs.1
                               {3}    | REWRITE WITH TEST InOut.1 != InOut.2
        525979755  ~407036%    {2}    | SCAN OUTPUT In.0, In.1
                               return r5
```

After
```
Evaluated relational algebra for predicate Filters::Filters::FilterCall.getAnAction/0#91dba45c@74dfcepp with tuple counts:
          1363   ~4%    {2} r1 = JOIN `Filters::Filters::FilterCall.getAnActionCand/1#f053150d` WITH `Filters::Filters::FilterCall.getOnlyArgument/0#dispred#f337e70f` ON FIRST 2 OUTPUT Lhs.0, Lhs.2

        140978   ~0%    {3} r2 = `Filters::Filters::FilterCall.getAnActionCand/1#f053150d` AND NOT `Filters::Filters::FilterCall.getExceptArgument/0#dispred#515c95c0#fb`(FIRST 2)
                        {3}    | AND NOT `project#Filters::Filters::FilterCall.getOnlyArgument/0#dispred#f337e70f`(FIRST 1)
        132372   ~3%    {2}    | SCAN OUTPUT In.0, In.2

        133735   ~4%    {2} r3 = r1 UNION r2
                        return r3
```
 2026-01-06 11:42:49 +01:00
github-actions[bot]
c00663766e Release preparation for version 2.23.9 2026-01-05 11:57:06 +00:00
Óscar San José
d972af9ef8 Merge branch 'main' of https://github.com/github/codeql into oscarsj/mergeback-rc-3-20-into-main 2025-12-12 13:22:08 +01:00
github-actions[bot]
2854330759 Post-release preparation for codeql-cli-2.23.8 2025-12-08 15:49:10 +00:00
github-actions[bot]
66c51e979e Release preparation for version 2.23.8 2025-12-08 14:38:23 +00:00
Óscar San José
bc6133de5c Merge branch 'main' of https://github.com/github/codeql into oscarsj/merge-back-rc-3.20 2025-12-05 19:31:47 +01:00
Anders Schack-Mulligen
78e1879c9e Use more flowTo. 2025-12-03 14:12:08 +01:00
github-actions[bot]
085faa2bdb Post-release preparation for codeql-cli-2.23.7 2025-12-02 16:39:43 +00:00
github-actions[bot]
a045b317ac Release preparation for version 2.23.7 2025-12-02 15:31:27 +00:00
github-actions[bot]
19a13467e0 Release preparation for version 2.23.7 2025-12-01 16:07:37 +00:00
Felicity Chapman
caf6b950ac Remove trailing periods from @name metadata in query files 
Fixed 73 .ql query files where the @name metadata contained an ending period.
This ensures consistency with the CodeQL query metadata style guidelines.
 2025-11-26 14:29:51 +00:00
Owen Mansel-Chan
05085a8e82 Merge pull request #20666 from owen-mc/go/promote-weak-crypto-algorithm 
Go: promote `go/weak-crypto-algorithm`
 2025-11-20 11:03:05 +00:00
Asger F
613895e0c0 Merge pull request #20424 from asgerf/js/overlay-manual-v4 
JS: Add overlay annotations
 2025-11-20 11:10:46 +01:00
Owen Mansel-Chan
7d7af193dc Fix small mistake in Ruby query help 2025-11-19 14:36:26 +00:00
Owen Mansel-Chan
2cfafe53ca Fix failing ruby crypto test that lists all algorithms 2025-11-19 14:36:26 +00:00
github-actions[bot]
5ee45af3aa Post-release preparation for codeql-cli-2.23.6 2025-11-18 09:53:12 +00:00
github-actions[bot]
18fa6799ce Release preparation for version 2.23.6 2025-11-17 16:38:07 +00:00
Asger F
ecfa94600f Sync ApiGraphModels.qll 2025-11-13 09:46:23 +01:00
Asger F
16e7dc1b8a Sync ApiGraphModelsExtensions.qll 2025-11-13 09:46:21 +01:00
Napalys Klicius
d122534398 Merge pull request #20671 from github/napalys/adjust_query_severity 
Adjust query severity ratings
 2025-11-11 12:37:31 +01:00
github-actions[bot]
4014df9a6e Post-release preparation for codeql-cli-2.23.4 2025-11-04 17:57:52 +00:00
github-actions[bot]
64fcdd1f2f Release preparation for version 2.23.4 2025-11-03 14:52:23 +00:00
Nora Dimitrijević
6ede0a7950 Ruby/WeakFilePermissions 2025-10-28 09:40:46 +01:00
Nora Dimitrijević
495be51ae7 Ruby/WeakParams 2025-10-28 09:40:43 +01:00
Nora Dimitrijević
50f2540db1 Ruby/ManuallyCheckHttpVerb 2025-10-28 09:40:41 +01:00
Nora Dimitrijević
6519bd9909 Ruby/PolynomialReDoSQuery 
ruby/ql/src/queries/security/cwe-1333/PolynomialReDoS.ql
 2025-10-28 09:40:38 +01:00
Chris Smowton
2e0e9e0834 Merge pull request #20550 from github/smowton/admin/document-rails-5-csrf 
Ruby: Update CSRF protection notes in documentation
 2025-10-27 12:19:16 +00:00
Napalys Klicius
9c70ae04fb Add change note 2025-10-22 11:48:16 +00:00
Napalys Klicius
fa47174013 CWE-020: Lower security-severity for OverlyLargeRange queries to 4.0 2025-10-22 11:32:33 +00:00
Owen Mansel-Chan
66f95bcbcd Merge pull request #20603 from owen-mc/update-broken-algo-qhelp 
Many languages: Update broken algo qhelp
 2025-10-17 12:30:43 +01:00
github-actions[bot]
6dd07790ac Post-release preparation for codeql-cli-2.23.3 2025-10-14 11:16:33 +00:00
Henry Mercer
9507ec0853 Fix "be be" typos 2025-10-14 11:09:43 +01:00
github-actions[bot]
33542f7d40 Release preparation for version 2.23.3 2025-10-14 09:30:24 +00:00
Owen Mansel-Chan
2f22acdd06 Remove hashing example when not covered by query 2025-10-08 16:48:57 +01:00
Owen Mansel-Chan
0bcdb91639 Improve qhelp for broken crypto algo queries 
Previously it focussed too much on the risk of data being decrypted,
and didn't explain why using weak algorithms is a problem in other
contexts.
 2025-10-08 14:10:54 +01:00
Owen Mansel-Chan
2a1c9d8ec1 Remove erroneous comma 2025-10-08 14:08:36 +01:00
Owen Mansel-Chan
90db349f4b State that ruby broken crypto algo doesn't deal with hashing 2025-10-08 14:05:00 +01:00
Chris Smowton
ff4b97bf2d Reword 2025-09-30 13:08:03 +01:00