hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-19 11:51:08 +02:00
Code Issues Packages Projects Releases Wiki Activity
87,924 Commits 1,782 Branches 169 Tags
d72372c246b462ceaa5f85dcc2ffd72203501ead
Commit Graph

87924 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Sotiris Dragonas
d72372c246 Fix system prompt injection description and title 
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
 2026-06-16 11:57:37 +03:00
Sotiris Dragonas
7c11f19445 Merge branch 'main' into bazookamusic/cwe-1427 2026-06-15 10:15:16 +02:00
Sotiris Dragonas
7ae03377cd Add new MaD kinds 2026-06-15 11:14:25 +03:00
Anders Schack-Mulligen
6934aa0e39 Merge pull request #21980 from aschackmull/cfg/unless-until 
Cfg: Add support for unless and until statements
 2026-06-15 09:58:03 +02:00
Owen Mansel-Chan
359e272577 Merge pull request #21979 from owen-mc/code-owners-rasmuswl 
Remove @RasmusWL from CODEOWNERS
 2026-06-14 23:50:05 +01:00
Owen Mansel-Chan
daefaff969 Merge pull request #21975 from github/dependabot/go_modules/go/extractor/extractor-dependencies-563a210b6d 
Bump golang.org/x/tools from 0.45.0 to 0.46.0 in /go/extractor in the extractor-dependencies group
 2026-06-12 22:04:57 +01:00
Owen Mansel-Chan
b9670ef831 Merge pull request #21966 from owen-mc/java/convert-to-inline-expectation-tests 
Java: convert all qlref tests to inline expectation tests using postprocessing
 2026-06-12 21:48:49 +01:00
Anders Schack-Mulligen
ff61344afa Cfg: Add support for until-statements. 2026-06-12 13:55:05 +02:00
Anders Schack-Mulligen
fe8c029ac7 Cfg: Add support for unless-statements. 2026-06-12 13:50:41 +02:00
Anders Schack-Mulligen
912dc9c0bd Merge pull request #21955 from aschackmull/cfg/try-body-index 
Cfg: Fold getTryInit into indexed getBody.
 2026-06-12 11:36:25 +02:00
Owen Mansel-Chan
eea406f622 Remove @RasmusWL from CODEOWNERS 
He hasn't worked on CodeQL for a few years now. He
told me that he doesn't remember how these scripts
work.
 2026-06-12 10:33:37 +02:00
Owen Mansel-Chan
de7afcaec3 Merge pull request #21976 from JarLob/patch-1 
Update regex for GitHub hosted runner matching
 2026-06-12 09:09:40 +01:00
Anders Schack-Mulligen
f3ec7087e3 Cfg: Fix type. 2026-06-12 10:02:48 +02:00
Jaroslav Lobačevski
bea5522473 rename change note 2026-06-12 07:52:34 +00:00
Jaroslav Lobačevski
eedef515f7 Updated regex. Added test and change note. 2026-06-12 07:50:02 +00:00
Jaroslav Lobačevski
9078b511c6 Update regex for GitHub hosted runner matching 
Fixes false positives (of critical severity). New label naming conventions were introduced since the query was initially written.
 2026-06-12 09:37:18 +03:00
dependabot[bot]
1ac079d066 Bump golang.org/x/tools 
Bumps the extractor-dependencies group in /go/extractor with 1 update: [golang.org/x/tools](https://github.com/golang/tools).


Updates `golang.org/x/tools` from 0.45.0 to 0.46.0
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.45.0...v0.46.0)

---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-version: 0.46.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-06-12 03:03:31 +00:00
Owen Mansel-Chan
29b0c286a7 Fix 3 more tests 2026-06-11 23:40:14 +02:00
Asger F
ad18659373 Merge pull request #21796 from mattcosta7/patch-1 
Add UseMemoDirective and UseNoMemoDirective classes
 2026-06-11 23:01:29 +02:00
Owen Mansel-Chan
a4bf2b8f58 Fix 3 tests 2026-06-11 22:59:39 +02:00
Owen Mansel-Chan
a375e186ed Third pass 2026-06-11 21:53:22 +02:00
Matthew Costabile
923fe2dcb9 Merge branch 'main' into patch-1 2026-06-11 15:19:58 -04:00
Jeroen Ketema
642259cd51 Merge pull request #21968 from jketema/jketema/namequalifiers 
C++: Fix `NameQualifyingElement` db inconsistency
 2026-06-11 15:11:51 +02:00
Owen Mansel-Chan
0d984588f9 Merge pull request #21965 from owen-mc/go/convert-to-inline-expectation-tests 
Go: convert all qlref tests to inline expectation tests using postprocessing
 2026-06-11 13:27:06 +01:00
Sotiris Dragonas
17dbf03c6d Merge branch 'main' into bazookamusic/cwe-1427 2026-06-11 12:05:57 +02:00
BazookaMusic
ef5678708c Update not_included_in_qls.expected for promoted prompt injection queries 
UserPromptInjection moved from experimental to stable (precision low, so not in any well-known suite); the old experimental path no longer exists.
 2026-06-11 12:01:56 +02:00
BazookaMusic
7bd5abf809 Refine SystemPromptInjection alert message and move test to stable 
Update the alert message to "This system prompt depends on a $@." matching the SQL injection query style, and move the test out of experimental into Security/CWE-1427 to mirror the stable query location.
 2026-06-11 11:51:25 +02:00
BazookaMusic
e612db2ec9 Promote user prompt injection query to stable security 
Move UserPromptInjection out of experimental into stable JavaScript security locations.

Set js/user-prompt-injection precision to low and remove experimental tagging.

Move supporting dataflow libraries, qhelp/examples, and tests to stable paths and update references.
 2026-06-11 11:28:14 +02:00
Owen Mansel-Chan
b4a9689341 Convert .qlref test to inline expectations 2026-06-11 07:15:54 +02:00
Owen Mansel-Chan
6a8e20a0c8 Fix pre-existing whitespace issues in go test files 2026-06-11 07:15:09 +02:00
Owen Mansel-Chan
4c411bbcb5 Convert hand-rolled inline expectations test 2026-06-11 07:13:48 +02:00
Asger F
b60bf8c79f Merge pull request #21950 from tonghuaroot/experimental-ssrf-ipv6-transition-js 
Add experimental query: SSRF host guard missing IPv6-transition unwrap (CWE-918/CWE-1389)
 2026-06-10 21:42:54 +02:00
Jeroen Ketema
ef00aa2567 C++: Add upgrade and downgrade scripts 2026-06-10 14:38:15 +02:00
Jeroen Ketema
6d0968744b C++: Fix NameQualifyingElement db inconsistency 2026-06-10 14:35:36 +02:00
Jeroen Ketema
98f147556a C++: Add namequalifier test with inconsistency 
While where the remove the file restriction in QL.
 2026-06-10 14:27:56 +02:00
Owen Mansel-Chan
3693185b6b Second pass 2026-06-10 09:14:47 +02:00
Owen Mansel-Chan
1c1d26453d First pass converting qlref tests to inline expectation with postprocess 2026-06-10 07:46:42 +02:00
tonghuaroot (童话)
4c1a0058bf Add SsrfIpv6TransitionIncompleteGuard.ql to not_included_in_qls.expected 
Fix the JS integration test failure flagged in review by listing the new
experimental CWE-918 query in the expected not-included-in-qls suite, in
sorted order.
 2026-06-10 08:42:42 +08:00
Tom Hvitved
f5919875b7 Merge pull request #21941 from hvitved/python/content-approx 
Python: Implement `ContentApprox`
 2026-06-09 15:46:04 +02:00
Owen Mansel-Chan
8d456df26f Merge pull request #21960 from github/dependabot/go_modules/go/extractor/extractor-dependencies-28a04969f3 
Bump golang.org/x/mod from 0.36.0 to 0.37.0 in /go/extractor in the extractor-dependencies group
 2026-06-09 05:30:45 +01:00
dependabot[bot]
72fcf27d1a Bump golang.org/x/mod 
Bumps the extractor-dependencies group in /go/extractor with 1 update: [golang.org/x/mod](https://github.com/golang/mod).


Updates `golang.org/x/mod` from 0.36.0 to 0.37.0
- [Commits](https://github.com/golang/mod/compare/v0.36.0...v0.37.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-version: 0.37.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-06-09 03:03:37 +00:00
yoff
0cea01c22f Merge pull request #21926 from github/yoff/python-simplify-decorator-predicates 
Python: simplify decorator-detection predicates to pure AST match
 2026-06-08 22:04:33 +02:00
Anders Schack-Mulligen
a473565256 Merge pull request #21954 from aschackmull/cfg/consistency-child-idx 
Cfg: Add consistency check for relevant child indices.
 2026-06-08 14:44:20 +02:00
Anders Schack-Mulligen
01173bf383 Cfg: Fold getTryInit into indexed getBody. 2026-06-08 14:03:12 +02:00
BazookaMusic
d0ffde8c45 Em-dash - of course :D 2026-06-08 14:03:12 +02:00
BazookaMusic
b6c951e90c Remove redundant file 2026-06-08 13:47:44 +02:00
Anders Schack-Mulligen
c47135a40b Cfg: Add consistency check for relevant child indices. 2026-06-08 13:40:33 +02:00
BazookaMusic
2cb0851900 1. Rename AgentSDK -> AgentSdk 
2. Remove redundant constant comparison barriers. This is already happening by default by the taint tracking library.
 2026-06-08 12:55:52 +02:00
Owen Mansel-Chan
3cbc8f0262 Merge pull request #21951 from github/workflow/go-version-update 
Go: Update to 1.26.4
 2026-06-08 11:47:47 +01:00
BazookaMusic
e370af6444 QLDoc + include the queries in the correct expected files per query suite 2026-06-08 12:38:28 +02:00