hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-19 11:51:08 +02:00
Code Issues Packages Projects Releases Wiki Activity
87,984 Commits 1,782 Branches 169 Tags
e10743bd08b0192931bbbba51bd85ee26e709ca4
Commit Graph

87984 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Anders Fugmann
e10743bd08 Kotlin: add extractor support for 2.4.0 
Add the Kotlin 2.4.0 compiler plugin variant (component registrar,
IR compatibility shims, and version-specific utilities), bundle the
2.4.0 compiler dependencies, and update the build wiring, supported
version metadata and the too-new diagnostic bound.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-06-16 16:24:42 +02:00
Owen Mansel-Chan
4d70c5f87e Merge pull request #21973 from github/copilot/convert-qlref-tests 
Swift: Convert .qlref security query tests to inline expectation tests
 2026-06-16 14:34:34 +01:00
Jeroen Ketema
4bfc2fd791 Potential fix for pull request finding 
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
 2026-06-16 14:53:48 +02:00
Jeroen Ketema
7ef19112e4 Potential fix for pull request finding 
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
 2026-06-16 14:53:18 +02:00
Jeroen Ketema
c5dc05483b Merge pull request #21990 from jketema/jketema/telemetry-prep 
Java: Use fixture for filtering diagnostics
 2026-06-16 13:53:33 +02:00
Owen Mansel-Chan
7f3181b145 Merge pull request #21972 from github/copilot/qlref-conversion-instructions 
Ruby: Convert CodeQL .qlref tests to inline expectations
 2026-06-16 12:31:17 +01:00
Michael Nebel
e94d279234 Merge pull request #21984 from forks-felickz/felickz/razor-page-handler-sources 
C#: Add Razor Page handler method parameters as remote flow sources
 2026-06-16 13:15:51 +02:00
Owen Mansel-Chan
48aefff964 Add SPURIOUS and MISSING to some comments 2026-06-16 10:40:39 +01:00
Owen Mansel-Chan
c5e020c68c Work around problem with comments in heredocs 2026-06-16 10:40:37 +01:00
Tom Hvitved
ae57ca7e65 Merge pull request #21907 from hvitved/ruby/implicit-local-fix 
Ruby: Fix bug in `implicitAssignmentNode`
 2026-06-16 09:41:12 +02:00
Tom Hvitved
d287f0cf0b Merge pull request #21987 from hvitved/type-flow-ranking 
Java: Fix performance issue in type flow library
 2026-06-16 09:39:30 +02:00
Tom Hvitved
f143dad1b2 Apply suggestions from code review 
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
 2026-06-16 08:57:37 +02:00
Michael Nebel
01454d76c2 Merge pull request #21881 from michaelnebel/csharp/propertycalls 
C#: Property- and Indexer call targets for partial overrides.
 2026-06-16 08:46:33 +02:00
Michael Nebel
859ad1d8d0 Merge pull request #21877 from michaelnebel/csharp/spanaccessrange 
C#: Extract `.Slice` method call when using a span in conjunction with a range.
 2026-06-16 08:42:57 +02:00
Owen Mansel-Chan
b10abb63d9 Add SPURIOUS and MISSING to some comments 2026-06-16 00:28:40 +01:00
copilot-swe-agent[bot]
44e23638a4 Convert Swift .qlref tests to inline expectation tests 2026-06-16 00:08:39 +01:00
Owen Mansel-Chan
5e606b7bef Don't use inline expectations when alerts in erb files 2026-06-15 23:03:50 +01:00
copilot-swe-agent[bot]
84e7c2de6c Convert Ruby qlref tests to inline expectations 2026-06-15 23:03:46 +01:00
Owen Mansel-Chan
0df9aac69c Merge pull request #21988 from owen-mc/ql/convert-qlref-tests-inline-expectations 
QL: Convert qlref tests to inline expectations
 2026-06-15 21:09:44 +01:00
Owen Mansel-Chan
bc9fa6ba13 Fix bug in inline expectations test implementation 
This was stopping trailing comments, as in `// $ Alert // some comment`, from working.
 2026-06-15 21:08:08 +01:00
Chad Bentz
c08c0e9ae5 Merge branch 'main' into felickz/razor-page-handler-sources 2026-06-15 11:35:54 -04:00
Chad Bentz
4f1d6f472d Fix test comments: replace GOOD/BAD markers with flow source descriptions 
Per review feedback, GOOD/BAD markers don't apply to flow source
enumeration tests. Use descriptive comments instead.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-06-15 11:34:43 -04:00
Owen Mansel-Chan
78d95719a5 Do not convert test that is example of not using inline expectations 2026-06-15 16:18:24 +01:00
Michael Nebel
c31b594bbc C#: Address review comments. 2026-06-15 16:17:46 +02:00
Michael Nebel
66db0d42a9 C#: Address review comment. 2026-06-15 15:41:19 +02:00
Asger F
7039c4a2be Merge pull request #21981 from asgerf/yeast/comments 
Yeast/Unified: Extract comments
 2026-06-15 15:25:35 +02:00
Michael Nebel
746631d3dc Merge pull request #21989 from michaelnebel/csharp/compoundmad 
C#: Add models as data tests for compound assignment operators.
 2026-06-15 14:57:04 +02:00
Jeroen Ketema
b9b15af308 Java: Use fixture for filtering diagnostics 2026-06-15 14:51:52 +02:00
Michael Nebel
175c4f1b0d C#: Add models as data tests for compound assignment operators. 2026-06-15 13:26:39 +02:00
Michael Nebel
ab4f170780 Merge pull request #21909 from michaelnebel/csharp/refactoroperations 
C#: Refactor- and rename operation expressions.
 2026-06-15 12:35:39 +02:00
Owen Mansel-Chan
4ad3a44aab QL: Convert qlref tests to inline expectations 2026-06-15 11:15:16 +01:00
Tom Hvitved
686e98c6ff Update java/ql/lib/semmle/code/java/dataflow/TypeFlow.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2026-06-15 11:37:14 +02:00
Owen Mansel-Chan
14c72def96 Merge pull request #21983 from owen-mc/java/convert-to-inline-expectation-tests 
Java: Improve inline expectations test comments
 2026-06-15 10:31:56 +01:00
Michael Nebel
d0841d2283 C#: Address review comments. 2026-06-15 11:04:59 +02:00
Tom Hvitved
568de02e98 Update shared/typeflow/codeql/typeflow/UniversalFlow.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2026-06-15 10:58:48 +02:00
Tom Hvitved
651770b412 Java: Fix performance issue in type flow library 2026-06-15 10:35:16 +02:00
Anders Schack-Mulligen
6934aa0e39 Merge pull request #21980 from aschackmull/cfg/unless-until 
Cfg: Add support for unless and until statements
 2026-06-15 09:58:03 +02:00
Owen Mansel-Chan
359e272577 Merge pull request #21979 from owen-mc/code-owners-rasmuswl 
Remove @RasmusWL from CODEOWNERS
 2026-06-14 23:50:05 +01:00
Chad Bentz
23567eba3d C#: Add change note for Razor Page handler flow sources 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-06-12 19:53:00 -04:00
Chad Bentz
ce9e61dbfd C#: Add Razor Page handler method parameters as remote flow sources 
ASP.NET Core Razor Page handler method parameters (OnGet, OnPost, etc.)
were not modeled as remote flow sources, causing security queries like
SQL injection to miss vulnerabilities in PageModel subclasses.

This adds AspNetCorePageHandlerMethodParameter, analogous to the existing
AspNetCoreActionMethodParameter for MVC controllers, using the existing
PageModelClass.getAHandlerMethod() from Razor.qll.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-06-12 19:50:12 -04:00
Owen Mansel-Chan
daefaff969 Merge pull request #21975 from github/dependabot/go_modules/go/extractor/extractor-dependencies-563a210b6d 
Bump golang.org/x/tools from 0.45.0 to 0.46.0 in /go/extractor in the extractor-dependencies group
 2026-06-12 22:04:57 +01:00
Owen Mansel-Chan
4bc083fd7f Remove confusing comments 2026-06-12 21:51:52 +01:00
Owen Mansel-Chan
89c1d66f90 Add SPURIOUS and MISSING alerts based on existing comments 2026-06-12 21:51:50 +01:00
Owen Mansel-Chan
b9670ef831 Merge pull request #21966 from owen-mc/java/convert-to-inline-expectation-tests 
Java: convert all qlref tests to inline expectation tests using postprocessing
 2026-06-12 21:48:49 +01:00
Asger F
6000c18c24 Unified: also QLDoc for unified.qll 2026-06-12 16:48:25 +02:00
Asger F
e81a3bcbc3 Unified: Add QLDoc 2026-06-12 16:47:06 +02:00
Asger F
7d6d5bfb4a Unified: add test for comments 2026-06-12 16:36:33 +02:00
Asger F
f83adb55ce Unified: regenerate AST 2026-06-12 16:33:51 +02:00
Asger F
5608369abe Extract trivia tokens from original parse tree 2026-06-12 16:32:57 +02:00
Michael Nebel
346d140c87 C#: Add change-note. 2026-06-12 15:33:49 +02:00