hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
81,807 Commits 1,671 Branches 157 Tags
d6f845ee178bb07ee9a412f2296a59df89f69d02
Commit Graph

81807 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Paolo Tranquilli
d6f845ee17 Bazel: do not force lld and fix platforms warning 
This was meant to avoid using `gold`, but `lld` might not be installed.
Having `gold` installed results in the following warning:
```
warning: the gold linker is deprecated and has known bugs with Rust
  |
  = help: consider using LLD or ld from GNU binutils instead
```

* if a user sees this warning, they can provide the `lld` or whatever
  linker they prefer themselves, or make sure to uninstall `gold`
* in any case, this is not what we use for releasing (where we are sure
  we don't use `gold`).
 2025-08-19 15:56:16 +02:00
Geoffrey White
963e028645 Merge pull request #20238 from geoffw0/scinit 
Rust: Update StreamCipherInit to use getCanonicalPath.
 2025-08-19 13:18:10 +01:00
Mathias Vorreiter Pedersen
ea8d766ae8 Merge pull request #20242 from MathiasVP/fprintf-partial-flow 
C++: Mark the write to `fprintf`'s 0'th argument as partial
 2025-08-19 13:43:22 +02:00
Geoffrey White
401315c4f5 Update rust/ql/lib/codeql/rust/frameworks/rustcrypto/RustCrypto.qll 
Co-authored-by: Tom Hvitved <hvitved@github.com>
 2025-08-19 09:22:53 +01:00
Tom Hvitved
4684ac1ed9 Merge pull request #20191 from hvitved/rust/path-resolution-successor-kind 
Rust: Distinguish internal/external items in path resolution
 2025-08-19 10:20:05 +02:00
Anders Schack-Mulligen
a8f394fedb Merge pull request #20237 from aschackmull/guards/nullguard-caching 
Guards: Cache nullGuard predicate.
 2025-08-19 09:51:31 +02:00
Geoffrey White
9f04de859f Rust: Update test results following merge. 2025-08-19 08:50:23 +01:00
Geoffrey White
ab49c33915 Merge branch 'main' into scinit 2025-08-19 08:50:12 +01:00
Tom Hvitved
e6150e2079 Merge pull request #20243 from hvitved/rust/canonical-path-transitive-deps 
Rust: Take transitive dependencies into account when computing canonical paths
 2025-08-19 09:46:53 +02:00
Tom Hvitved
60b2cf6638 Rust: Take transitive dependencies into account when computing canonical paths 2025-08-18 22:02:44 +02:00
Tom Hvitved
5a69845485 Rust: Elaborate QL doc 2025-08-18 21:31:37 +02:00
Geoffrey White
bf33d1b870 Rust: Make a couple of new imports private. 2025-08-18 18:51:33 +01:00
Geoffrey White
fdec780921 Rust: Accept consistency .expected changes. 2025-08-18 18:42:06 +01:00
Geoffrey White
402e901811 Merge branch 'main' into scinit 2025-08-18 18:35:03 +01:00
Mathias Vorreiter Pedersen
af00e46fc8 C++: Mark fprintf and friends as a partial write of the stream argument. 2025-08-18 18:15:14 +02:00
Mathias Vorreiter Pedersen
6a57da79de C++: Add a test with missing flow. 2025-08-18 18:12:52 +02:00
Mathias Vorreiter Pedersen
4551875e2e C++: Drive-by improvement: Use 'partialFlowFunc' since it is in scope anyway. 2025-08-18 18:10:35 +02:00
Tom Hvitved
f1ca0ecc3c Merge pull request #20233 from hvitved/rust/remove-tc 
Rust: Remove TC from `ImplTraitTypeRepr.isInReturnPos`
 2025-08-18 14:46:26 +02:00
Ian Lynagh
fd020b52e4 Merge pull request #20232 from igfoo/igfoo/SloppyGlobal 
C++: SloppyGlobal: Don't alert on template instantiations, only the template
 2025-08-18 11:39:30 +01:00
Tom Hvitved
299ccb68f5 Merge pull request #20230 from hvitved/cfg/standard-tree-skip-non-tree-children 
Shared: Skip non-CFG children in `StandardTree`
 2025-08-18 12:13:31 +02:00
Geoffrey White
4eea4431b5 Merge pull request #20222 from geoffw0/pathbuf 
Rust: Add a type inference test case resembling PathBuf.canonicalize.
 2025-08-18 11:06:41 +01:00
Anders Schack-Mulligen
877d397eb9 Merge pull request #20228 from 5idg5/java/data-extensions-change 
Add data extensions for remote tainted sources
 2025-08-18 11:26:38 +02:00
Geoffrey White
a9650e02ca Rust: Add a slightly simpler / more explicit test case. 2025-08-18 10:20:30 +01:00
Anders Schack-Mulligen
e17382d179 Guards: Cache nullGuard predicate. 2025-08-18 11:09:11 +02:00
Nora Dimitrijević
f1b55641e1 Merge pull request #20073 from d10c/d10c/diff-informed-phase-3-cpp 
C++: Diff-informed queries: phase 3 (non-trivial locations)
 2025-08-18 09:41:38 +02:00
Nora Dimitrijević
4199859eaa Merge pull request #20079 from d10c/d10c/diff-informed-phase-3-python 
Python: Diff-informed queries: phase 3 (non-trivial locations)
 2025-08-18 09:33:57 +02:00
Napalys Klicius
b19d1e0f57 Merge pull request #20151 from Napalys/js/command-line-libs 
JS: Enhance command injection detection for CLI argument parsing libraries
 2025-08-18 09:32:29 +02:00
Napalys Klicius
b2346183d6 Merge pull request #20148 from Napalys/js/reg-exp-env-variable-threat-model 
JS: Exclude environment variables from `js/regex-injection` query by default
 2025-08-18 09:32:15 +02:00
Sid Gawri
d84e5319c3 changenote 2025-08-15 15:59:05 -04:00
Sid Gawri
e697e89171 Merge branch 'main' of https://github.com/5idg5/codeql into java/data-extensions-change 2025-08-15 15:50:12 -04:00
Nora Dimitrijević
bb9daa00c3 Merge pull request #20072 from d10c/d10c/diff-informed-phase-3-actions 
Actions: Diff-informed queries: phase 3 (non-trivial locations)
 2025-08-15 14:05:44 +02:00
Jeroen Ketema
84119baa50 Merge pull request #20223 from jketema/go-1.25-doc 
Go: Mention Go 1.25 as supported
 2025-08-15 13:47:40 +02:00
Ian Lynagh
0870cc370b C++: Add a changenote for the change to cpp/short-global-name 2025-08-15 12:09:37 +01:00
Ian Lynagh
3157fcdf79 C++: Add some BAD annotations to SloppyGlobal test 2025-08-15 12:07:09 +01:00
Tom Hvitved
1af6ddd8e3 Rust: Remove TC from ImplTraitTypeRepr.isInReturnPos 2025-08-15 12:45:13 +02:00
Ian Lynagh
bfd4c41ed9 C++: SloppyGlobal: Accept test changes 
We no longer alert on template instantiations, just the template.
 2025-08-15 11:24:19 +01:00
Nora Dimitrijević
0512940c0c Merge pull request #20075 from d10c/d10c/diff-informed-phase-3-go 
Go: Diff-informed queries: phase 3 (non-trivial locations)
 2025-08-15 12:23:53 +02:00
Ian Lynagh
4b786061d6 C++: SloppyGlobal: Don't alert on template instantiations, only the template 2025-08-15 11:23:48 +01:00
Ian Lynagh
0b68c1c974 C++: Add some more tests for SloppyGlobal 2025-08-15 11:20:31 +01:00
Nora Dimitrijević
8000e7c442 Merge pull request #20074 from d10c/d10c/diff-informed-phase-3-csharp 
C#: Diff-informed queries: phase 3 (non-trivial locations)
 2025-08-15 12:07:47 +02:00
Nora Dimitrijević
89788206d1 [DIFF-INFORMED] C++: TypeConfusion 2025-08-15 12:01:30 +02:00
Nora Dimitrijević
5b9e37cd8f [DIFF-INFORMED] C++: TaintedCondition 2025-08-15 12:01:28 +02:00
Nora Dimitrijević
0c636dd400 [DIFF-INFORMED] C++: UnsafeDaclSecurityDescriptor 2025-08-15 12:01:25 +02:00
Nora Dimitrijević
194d9a9f44 [DIFF-INFORMED] C++: UnsafeCreateProcessCall 2025-08-15 12:01:23 +02:00
Nora Dimitrijević
39b430aa7e [DIFF-INFORMED] C++: IteratorToExpiredContainer 2025-08-15 12:01:21 +02:00
Nora Dimitrijević
ec85e55069 [DIFF-INFORMED] C++: InsufficientKeySize 2025-08-15 12:01:19 +02:00
Nora Dimitrijević
c0c96eaf5b [DIFF-INFORMED] C++: UseOfHttp 2025-08-15 12:01:17 +02:00
Nora Dimitrijević
8560868e95 [DIFF-INFORMED] C++: CleartextSqliteDatabase 2025-08-15 12:01:15 +02:00
Nora Dimitrijević
05df2f2216 [DIFF-INFORMED] C++: CWE-311/Cleartext… 2025-08-15 12:01:13 +02:00
Nora Dimitrijević
21914030e8 [DIFF-INFORMED] C++: SSLResultConflation (has secondary config but passes test) 2025-08-15 12:01:11 +02:00