hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-06 05:57:07 +02:00
Code Issues Packages Projects Releases Wiki Activity
87,793 Commits 1,777 Branches 169 Tags
e21bc4da05264fda59e3fc13f5ba4c4f2dbe8ac8
Commit Graph

14466 Commits

Author SHA1 Message Date
Anders Fugmann
e21bc4da05 Kotlin 2.4.0: Fix plugin service file to be version-conditional 
The CompilerPluginRegistrar service file must only be included in the
2.4.0 jar. Older Kotlin versions (2.3.x and below) read this service
file and try to cast the class to CompilerPluginRegistrar, but the
older version extractor only implements ComponentRegistrar, causing a
ClassCastException at runtime.

For 2.4.0, the registrar implements both ComponentRegistrar (no-op, as
extensionArea was removed) and CompilerPluginRegistrar (actual
registration via ExtensionStorage).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-06-04 16:54:50 +02:00
Anders Fugmann
4a2f244ffa Kotlin: Add 2.4.0 API compatibility layer and plugin registration 
- Add version-specific compatibility wrappers (v_2_4_0/IrCompat.kt) for
  removed APIs: valueParameters, extensionReceiverParameter, extensionReceiver,
  getValueArgument, putValueArgument, valueArgumentsCount, typeArgumentsCount,
  getTypeArgument, addAnnotations, setAnnotations, setDispatchReceiverParameter
- Add pre-2.4.0 pass-through implementations (v_1_8_0/IrCompat.kt)
- Migrate plugin registration from ComponentRegistrar to CompilerPluginRegistrar
  for 2.4.0 (v_2_4_0/Kotlin2ComponentRegistrar.kt)
- Add META-INF service file for CompilerPluginRegistrar
- Update all extractor source files to use codeQl* compat functions
- All versions (1.8.0 through 2.4.0) build successfully

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-06-04 15:25:35 +02:00
Anders Fugmann
ed9e160e89 Kotlin: Add 2.4.0 compiler jars and register version 
Download kotlin-compiler-2.4.0.jar, kotlin-compiler-embeddable-2.4.0.jar,
and kotlin-stdlib-2.4.0.jar from Maven Central. Add 2.4.0 to the VERSIONS
list and update MODULE.bazel via bazel mod tidy.

The extractor does not yet compile against 2.4.0 due to removed APIs
(valueParameters, extensionReceiverParameter, getValueArgument, etc.).
Version-specific compatibility shims are needed.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-06-04 15:02:27 +02:00
Anders Fugmann
ed996ae48b Kotlin: Add support for Kotlin 2.4.0 
Raise the acceptable version limit to 2.4.10 and update documentation
to reflect Kotlin 2.4.x support.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-06-04 12:58:52 +02:00
Owen Mansel-Chan
52f2a5825a Merge pull request #21804 from github/copilot/add-tests-for-models 
Java: Update CWE-918 model coverage for Apache HttpClient `execute` sinks
 2026-06-03 12:55:56 +01:00
github-actions[bot]
cfb18c2477 Post-release preparation for codeql-cli-2.25.6 2026-05-29 12:04:35 +00:00
github-actions[bot]
8b6f969cdb Release preparation for version 2.25.6 2026-05-29 11:27:54 +00:00
Henry Mercer
9bc0c1b1ab Revert "Release preparation for version 2.25.6" 2026-05-29 12:13:50 +01:00
Owen Mansel-Chan
d95d99848c Build RequestBuilder more realistically 2026-05-28 11:05:40 +01:00
Owen Mansel-Chan
8937e22735 Add summary models for org.apache.http.client.methods.RequestBuilder 
Generated by GPT 5.3-codex, verified by me.
 2026-05-28 10:56:37 +01:00
Owen Mansel-Chan
37589dd8a0 Improve how org.apache.http.client.HttpClient is created in test 2026-05-28 10:30:43 +01:00
Owen Mansel-Chan
a159dc1c66 Change variable name in test 2026-05-28 10:28:14 +01:00
github-actions[bot]
44a914e40f Release preparation for version 2.25.6 2026-05-25 10:23:26 +00:00
Óscar San José
996e79131e Merge branch 'main' into post-release-prep/codeql-cli-2.25.5 2026-05-22 16:32:30 +02:00
Óscar San José
c25398ea0c Merge pull request #21868 from github/copilot/bump-jackson-core-to-2150 
Bump jackson-core to 2.18.6 in ferstl-depgraph-dependencies (CVE-2025-52999)
 2026-05-21 16:18:15 +02:00
Owen Mansel-Chan
2070dafeb2 Java: add ForStmt wrapper class 2026-05-21 13:41:29 +01:00
copilot-swe-agent[bot]
0f3c9ab483 Fix remaining macOS bash 3.2 portability issues in update script (step 5) 2026-05-21 12:07:45 +00:00
copilot-swe-agent[bot]
8170c207bd Fix macOS bash 3.2 heredoc-in-$() portability issue in update script 2026-05-21 09:57:10 +00:00
copilot-swe-agent[bot]
38a2101e11 update-ferstl-depgraph-dependencies.sh: address review feedback 
- Use BUILD_REPO/DIST_REPO split so zip contains only runtime deps
  (build-lifecycle plugins, test jars, etc. stay in throwaway BUILD_REPO)
- Minimal inline stub pom.xml (no deps) instead of archetype:generate
  to avoid polluting DIST_REPO with stub project's own dependencies
- Replace grep -oP (PCRE, unavailable on macOS BSD grep) with Python re
- Use version-aware Python version_key() for max POM version selection
  (lexicographic sort fails for e.g. 2.18.10 vs 2.18.6; release > snapshot)
- Write zip to caller's working directory; keep cleanup trap active;
  remove `trap - EXIT` which was leaving WORK_DIR behind
 2026-05-21 09:41:57 +00:00
github-actions[bot]
fb04cd2212 Add changed framework coverage reports 2026-05-21 00:54:55 +00:00
Óscar San José
b9bf81e463 Merge branch 'main' into copilot/bump-jackson-core-to-2150 2026-05-20 13:09:04 +02:00
Jack Nørskov Jørgensen
aa136a3282 Add change note entry 2026-05-19 16:09:05 +02:00
Óscar San José
8b799f84ed Do not remove zip file if the process succeeds 2026-05-19 14:30:50 +02:00
copilot-swe-agent[bot]
b1615312b8 Bump jackson-core to 2.18.6 in ferstl-depgraph-dependencies (CVE-2025-52999) 
- Update 3 maven-fetches.expected files: jackson 2.14.1→2.18.6,
  jackson-parent 2.14→2.18.4, oss-parent 48→69,
  plugin version 4.0.3-CodeQL→4.0.3-CodeQL-2
- Update 2 diagnostics.expected files: plugin version reference
  4.0.3-CodeQL→4.0.3-CodeQL-2
- Add update-ferstl-depgraph-dependencies.sh auto-update script
 2026-05-19 11:52:46 +00:00
Jack Nørskov Jørgensen
3119ef6c1a Add MaDs for Apache Avro 2026-05-19 09:27:32 +02:00
github-actions[bot]
9f64000962 Post-release preparation for codeql-cli-2.25.5 2026-05-18 15:20:31 +00:00
github-actions[bot]
e38616a2ef Release preparation for version 2.25.5 2026-05-18 12:05:32 +00:00
github-actions[bot]
b0e23a73d2 Add changed framework coverage reports 2026-05-13 00:50:12 +00:00
Owen Mansel-Chan
0b808e1170 Merge pull request #21807 from owen-mc/java/improve-qhelp-unsafe-deserialization 
Shared: improve qhelp for unsafe deserialization queries
 2026-05-12 22:22:49 +01:00
Owen Mansel-Chan
ec8ff6ff68 Use all path injection sinks when generating docs 2026-05-11 09:56:02 +01:00
Owen Mansel-Chan
a5ef036465 Note that common standard library types can be vulnerable to gadget-chain attacks 2026-05-08 14:18:54 +01:00
Owen Mansel-Chan
36554d160c Merge pull request #21741 from MarkLee131/fix/path-injection-read-subkind 
Fix/path injection read subkind
 2026-05-08 12:38:16 +01:00
Anders Schack-Mulligen
81e1ab7aab Merge pull request #21808 from aschackmull/cfg/switch-pattern-eval 
Cfg: Rework CFG for switch case patterns.
 2026-05-08 12:48:44 +02:00
MarkLee131
26af52897d Merge branch 'main' into fix/path-injection-read-subkind 2026-05-07 23:48:42 +08:00
Owen Mansel-Chan
f9240e7058 Fix QL formatting 2026-05-07 15:57:33 +01:00
Anders Schack-Mulligen
6b6df374fa C#/Java: Accept test changes. 2026-05-07 15:07:31 +02:00
Anders Schack-Mulligen
072166ba88 C#/Java: Adjust Guards instantiations. 2026-05-07 13:46:52 +02:00
Anders Schack-Mulligen
48785a0a76 Cfg: Rework CFG for switch case patterns. 2026-05-07 13:07:07 +02:00
Owen Mansel-Chan
33035dbfc8 Fix yaml formatting 2026-05-07 11:06:43 +01:00
Owen Mansel-Chan
f2ea3b98d8 Do not make such a strong security claim 
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
 2026-05-07 10:58:35 +01:00
Owen Mansel-Chan
427b73ec9d Clarify that deserialization that follows a schema is safe 2026-05-07 10:51:20 +01:00
Owen Mansel-Chan
7aa3fd859a Remove double spaces from qhelp 2026-05-07 10:42:50 +01:00
Owen Mansel-Chan
dc864762c3 Add change note 2026-05-07 10:23:50 +01:00
Owen Mansel-Chan
dd35bc0722 Update test output 2026-05-07 10:17:47 +01:00
copilot-swe-agent[bot]
043ec857ab Replace fluent SSRF changes with Apache HttpClient execute model tests 
Agent-Logs-Url: https://github.com/github/codeql/sessions/3db201db-a1b5-4353-a94a-14a8d156dd3b

Co-authored-by: owen-mc <62447351+owen-mc@users.noreply.github.com>
 2026-05-06 20:31:34 +00:00
copilot-swe-agent[bot]
f5b17b0b48 Add SSRF tests and stubs for Apache Http fluent Request models 
Agent-Logs-Url: https://github.com/github/codeql/sessions/bd4fa112-dbc3-47e8-9cef-9b1b13c7e549

Co-authored-by: owen-mc <62447351+owen-mc@users.noreply.github.com>
 2026-05-06 16:08:02 +00:00
github-actions[bot]
7610277199 Post-release preparation for codeql-cli-2.25.4 2026-05-05 10:10:06 +00:00
github-actions[bot]
88e1d86c27 Release preparation for version 2.25.4 2026-05-05 09:34:30 +00:00
MarkLee131
467394123c Merge branch 'main' into fix/path-injection-read-subkind 2026-05-04 18:56:12 +08:00
Anders Schack-Mulligen
f663eccf66 Merge pull request #21781 from aschackmull/java/rm-deprecated 
Java: Delete old deprecated code.
 2026-05-04 11:35:09 +02:00