hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-11 18:14:01 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,816 Commits 1,740 Branches 164 Tags
dfa8d72dd377b30f6b0dcfb1e9cf8a7db94d8eaf
Commit Graph

86816 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Anders Schack-Mulligen
dfa8d72dd3 Merge pull request #21685 from aschackmull/csharp/unbind-new 
C#: Replace old-style unbind with pragmas.
 2026-04-10 13:55:01 +02:00
Geoffrey White
bcdbf141bc Merge pull request #21671 from geoffw0/neutralperf 
Rust: Fix performance issue with additionalExternalFile
 2026-04-10 12:08:27 +01:00
Paolo Tranquilli
7de8ce961c Merge pull request #21677 from github/dependabot/bazel/gazelle-0.50.0 
Bump gazelle from 0.47.0 to 0.50.0
 2026-04-10 10:07:25 +02:00
Michael Nebel
66278fcd10 Merge pull request #21690 from samchang-msft/update-net10-support 
Support added in Jan 2026
 2026-04-10 08:40:29 +02:00
Sam Chang
7883fab44f Qualify the limited support for .NET 10 and C# 14 2026-04-09 12:06:54 -07:00
Sam Chang
38440d96b8 Support added in Jan 2026 2026-04-09 10:48:08 -07:00
Anders Schack-Mulligen
cf4ab1d106 C#: Replace old-style unbind with pragmas. 2026-04-09 15:57:19 +02:00
Tom Hvitved
33cc887be0 Merge pull request #21592 from hvitved/dataflow/source-call-context-type-flow 
Data flow: Add hook for preventing lambda dispatch in source call contexts
 2026-04-09 13:44:42 +02:00
Geoffrey White
e72c116664 Rust: Proposed improved solution. 2026-04-09 11:18:25 +01:00
Tom Hvitved
d704b753c8 Fix CP in typeFlowParamType 
Forgot to link `p` with `c` using `nodeEnclosingCallable(p, c)`.
 2026-04-09 09:19:55 +02:00
dependabot[bot]
7833a0a2e8 Bump gazelle from 0.47.0 to 0.50.0 
Bumps [gazelle](https://github.com/bazel-contrib/bazel-gazelle) from 0.47.0 to 0.50.0.
- [Release notes](https://github.com/bazel-contrib/bazel-gazelle/releases)
- [Commits](https://github.com/bazel-contrib/bazel-gazelle/compare/v0.47.0...v0.50.0)

---
updated-dependencies:
- dependency-name: gazelle
  dependency-version: 0.50.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-09 03:08:02 +00:00
Geoffrey White
95681bfad4 Rust: Fix performance issue with File.fromSource. 2026-04-08 15:04:03 +01:00
Kristen Newbury
fb0ee5b987 Merge pull request #21640 from knewbury01/knewbury01/adjust-actions-queries-alerts 
Adjust alert messages CWE-829/ArtifactPoisoning[Critical|Medium]
 2026-04-08 09:44:00 -04:00
Kristen Newbury
7b7411f7df Change alert location CWE-829/ArtifactPoisoning queries 2026-04-08 08:57:45 -04:00
Taus
16683aee0e Merge pull request #21590 from github/tausbn/python-improve-bind-all-interfaces-query 
Python: Improve "bind all interfaces" query
 2026-04-07 17:59:48 +02:00
Jeroen Ketema
e7d3eedc80 Merge pull request #21661 from jketema/autoconf 
C++: Add heuristic for GNU autoconf config files
 2026-04-07 15:38:06 +02:00
Taus
4cb238f1af Merge pull request #21598 from github/tausbn/python-port-should-use-with 
Python: Port ShouldUseWithStatement.ql
 2026-04-07 14:16:41 +02:00
Mathias Vorreiter Pedersen
5e145aa27d Merge pull request #21631 from MathiasVP/expose-fwd-stage-1 
Dataflow: Expose stage 1's `fwdFlow`
 2026-04-07 11:29:56 +01:00
Mathias Vorreiter Pedersen
e06294bcb4 Shared: Respond to review comments. 2026-04-07 11:11:04 +01:00
Idriss Riouak
39f92e992a Merge pull request #21494 from github/idrissrio/java/jdk26 
Java: Accept new test results after JDK 26 extractor upgrade
 2026-04-07 12:03:36 +02:00
Tom Hvitved
0d4524f8f3 Address review comments 2026-04-07 11:40:10 +02:00
Tom Hvitved
1e1a8732a3 Data flow: Add hook for preventing lambda dispatch in source call contexts 2026-04-07 11:40:08 +02:00
Tom Hvitved
eb64fcd208 C#: Add test that shows unintended flow summary generation 2026-04-07 11:40:07 +02:00
Jeroen Ketema
04cfd37f53 C++: Fix comments in tests 2026-04-07 10:52:12 +02:00
Jeroen Ketema
b19c648965 C++: Add heuristic for GNU autoconf config files 2026-04-07 10:43:15 +02:00
Michael Nebel
e259ebe258 Merge pull request #21627 from michaelnebel/csharp/cleanup 
C#: Deprecate get[L|R]Value predicates.
 2026-04-07 10:23:59 +02:00
idrissrio
6f199b90ba Java: Accept new test results for JDK 26 
Accept new ByteOrder.getEntries, List.ofLazy, and Map.ofLazy entries
in kotlin2 test expected files.
 2026-04-07 09:28:25 +02:00
idrissrio
3ccbd8032c Java: Accept new test results for JDK 26 
JDK 26 added ofLazy methods to List, Map, and Set collections.
Update expected test output to include these new methods.
 2026-04-07 09:28:23 +02:00
idrissrio
5a6eb79470 Java: Pin CWE-676 test to --release 25 
Thread.stop() was removed in JDK 26. Pin the test to --release 25.
 2026-04-07 09:28:22 +02:00
idrissrio
74b0e8c19a Java: Accept new test results after JDK 26 extractor upgrade 2026-04-07 09:28:20 +02:00
Tom Hvitved
7d184d0c7f Merge pull request #21206 from hvitved/rust/type-inference-closure-param-context-typed 
Rust: Infer argument types based on trait bounds on parameters
 2026-04-07 09:17:30 +02:00
Mario Campos
fb8b5699f2 Merge pull request #21639 from github/mario-campos/test-go-registries 
Add tests for multiple Git sources and GoProxy servers in registry config parsing
 2026-04-02 11:12:51 -05:00
Kristen Newbury
41714656ec Adjust alert messages actions CWE-829 2026-04-02 11:58:58 -04:00
Kristen Newbury
e69e30aa84 Adjust alert messages CWE-829/ArtifactPoisoning[Critical|Medium] 2026-04-02 11:32:37 -04:00
Mario Campos
fb871cdfb8 Add tests for multiple Git sources and GoProxy servers in registry config parsing 2026-04-02 10:12:48 -05:00
Paolo Tranquilli
cedacc91db Merge pull request #21583 from github/redsun82/update-kotlin-2.3.20 
Kotlin: update to 2.3.20
 2026-04-02 15:58:22 +02:00
Mathias Vorreiter Pedersen
4d8b782695 Shared: Also expose dataflow stage 1's forward flow predicate. 2026-04-02 10:56:09 +01:00
Paolo Tranquilli
88a893efca Kotlin: update supported versions in documentation 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-02 08:34:22 +02:00
Paolo Tranquilli
2d76b41293 Merge pull request #21628 from github/redsun82/vendor-picosha2 
Vendor `PicoSHA2` into LFS
 2026-04-01 15:24:41 +02:00
Paolo Tranquilli
9a1156dd62 Vendor PicoSHA2 into LFS 
The upstream repo (`okdshin/PicoSHA2`) is a personal GitHub account,
at risk of suspension — the same scenario that hit `rules_antlr`.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-01 14:31:01 +02:00
Michael Nebel
6d5aff4822 C#: Add change-note. 2026-04-01 13:17:52 +02:00
Michael Nebel
9c095bc580 C#: Deprecate get[L|R]Value predicates. 2026-04-01 12:50:37 +02:00
Mathias Vorreiter Pedersen
43d002e6b5 Merge pull request #21619 from MathiasVP/more-http-remote-flow-sources 
C++: Add flow sources from Windows' `http.h`
 2026-03-31 15:44:39 +01:00
Mathias Vorreiter Pedersen
16a7e39e95 C++: Fix pointer indirection. Currently, this does not have any effect because of a conflation bug in taint-tracking. 2026-03-31 15:26:15 +01:00
Jeroen Ketema
17ab87d1fc Merge pull request #21618 from jketema/meson-silence 
C++: Add heuristics for meson configuration files
 2026-03-31 15:24:22 +02:00
Mathias Vorreiter Pedersen
dc8dc61196 C++: Fix type name. 2026-03-31 13:54:30 +01:00
Mathias Vorreiter Pedersen
ab34bd232e C++: Add change note. 2026-03-31 11:30:43 +01:00
Mathias Vorreiter Pedersen
9e97e0433e C++: Accept test changes. 2026-03-31 11:30:41 +01:00
Mathias Vorreiter Pedersen
102221d0aa C++: Add lots of taint inheriting content related to '_HTTP_REQUEST'. 2026-03-31 11:30:39 +01:00
Mathias Vorreiter Pedersen
c6d1ec5f64 C++: Add examples that need taint inheriting content. 2026-03-31 11:30:37 +01:00