hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-01 13:23:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,859 Commits 1,697 Branches 161 Tags
e592fd60ffff03b248427ce96e93ecab40e6c6bf
Commit Graph

82859 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Taus
e592fd60ff Merge pull request #20495 from github/tausbn/python-fix-unmatchable-dollar-in-lookahead 
Python: Fix false positive for unmatchable dollar/caret
 2025-09-25 15:27:32 +02:00
Florin Coada
2db5f0def5 Merge pull request #20510 from github/coadaflorin-patch-1 
Fix escape character in changelog for Go query
 2025-09-24 16:18:05 +01:00
Michael B. Gale
fd6f9cd2d5 Merge pull request #20368 from github/mbg/go/support-git-source 
Go: Support `git_source`
 2025-09-24 16:14:56 +01:00
Florin Coada
86fe68bb61 Fix formatting in changelog for Go path injection query 
2 people + 2 models managed to tackle this insurmountable task.
 2025-09-24 16:12:17 +01:00
Florin Coada
6c488e6e71 Fix formatting in codeql-cli-2.23.1.rst 2025-09-24 16:01:38 +01:00
Florin Coada
f3ef6ef3c9 Fix formatting issue in changelog for Go query 2025-09-24 16:00:40 +01:00
Florin Coada
8ad6952dda Fix escape character in changelog for Go query 2025-09-24 15:58:09 +01:00
Michael B. Gale
8c8499229d Configure git to use the certificate, if needed 2025-09-24 15:52:04 +01:00
Michael B. Gale
bc38b79c9a Convert URLs to expected format 2025-09-24 15:52:04 +01:00
Michael B. Gale
4ef8ff9a0f Append * to git_source URL if not present 
Since `GOPRIVATE` / `GONOPROXY` expect a glob pattern
 2025-09-24 15:52:03 +01:00
Michael B. Gale
a8fa1a76c4 Use git_source configurations for GOPRIVATE 2025-09-24 15:52:02 +01:00
Michael B. Gale
895399ff05 Rename proxy_configs to goproxy_servers and only store URLs 2025-09-24 15:52:01 +01:00
Michael B. Gale
23a04613c0 Set lower-case variants of HTTP_PROXY and HTTPS_PROXY 2025-09-24 15:52:00 +01:00
Michael B. Gale
711d49770f Improve logging to include proxy vars 2025-09-24 15:51:59 +01:00
Florin Coada
e78d0571f4 Merge pull request #20508 from github/changedocs/2.23.1 
Add changelog entry for CodeQL 2.23.1 release
 2025-09-24 15:35:18 +01:00
Florin Coada
6e0ce9a885 Add changelog entry for CodeQL 2.23.1 release 2025-09-24 13:30:11 +01:00
Tom Hvitved
92cced201e Merge pull request #20496 from hvitved/rust/path-resolution-use-visibility 
Rust: Visibility check for qualified path resolution
 2025-09-24 10:19:22 +02:00
Simon Friis Vindum
26aa938acc Merge pull request #20452 from paldepind/rust/mad-source-parameter 
Rust, shared: Support `Parameter` in source MaD models
 2025-09-24 09:37:25 +02:00
Asger F
2e8091f0fb Merge pull request #20419 from asgerf/js/express-json-send 
JS: Model Express json and jsonp methods
 2025-09-24 09:25:32 +02:00
Tom Hvitved
1183e50435 Update rust/ql/lib/change-notes/2025-09-19-parameter-mad.md 2025-09-22 19:45:34 +02:00
Geoffrey White
5ad332e37f Merge pull request #20432 from github/copilot/fix-f50317f8-0a91-4bb4-a01b-353dcf0f6f3f 
Rust: Implement new query for non-HTTPS URLs (CWE-319)
 2025-09-22 18:03:52 +01:00
Simon Friis Vindum
45b84ffb31 Rust: Ensure singleton 2025-09-22 14:23:50 +02:00
Simon Friis Vindum
4244a6569c Rust: Add change note 2025-09-22 14:19:01 +02:00
Simon Friis Vindum
a4c61f6945 Rust: Accept test changes 2025-09-22 14:18:59 +02:00
Simon Friis Vindum
7d6e2060e5 Adapt all languages to changes in shared library 2025-09-22 14:18:58 +02:00
Simon Friis Vindum
265e8b3623 Shared: Pass SummaryComponentStack to isSource and getSourceType 2025-09-22 14:18:54 +02:00
Simon Friis Vindum
014c27ee8a Rust: Discard sources with spaces in inline flow tests 2025-09-22 14:13:39 +02:00
Simon Friis Vindum
05a58323c1 Rust: Add Warp test to request forgery query tests 2025-09-22 14:13:38 +02:00
Simon Friis Vindum
cd807533f2 Rust: Add tests for parameter in source model 2025-09-22 14:13:37 +02:00
Joe Farebrother
463f79bed2 Merge pull request #20263 from joefarebrother/python-qual-exceptions 
Python: Modernize the Unreachable Except Block query
 2025-09-22 09:42:09 +01:00
Tom Hvitved
be260befd4 Merge pull request #20497 from hvitved/rust/missing-model 
Rust: Add missing model
 2025-09-22 10:30:25 +02:00
Napalys Klicius
a0ea0c9e47 Merge pull request #20492 from Napalys/js/graph-ql-obj-type 
JS: mark `GraphQLObjectType` resolvers args as remote sources
 2025-09-22 09:59:20 +02:00
Tom Hvitved
78641b4dde Rust: Reduce size of unqualifiedPathLookup 2025-09-22 09:46:28 +02:00
Tom Hvitved
b5b6f06005 Rust: Fix bad join 
```
Evaluated relational algebra for predicate _PathResolution::CrateItemNode.getName/0#dispred#91b4dd6b_PathResolution::SourceFileItemNode#bd8f490__#antijoin_rhs@e84aee8k with tuple counts:
        35406180  ~0%    {3} r1 = JOIN PathResolution::SourceFileItemNode#bd8f4905 WITH `PathResolution::CrateItemNode.getName/0#dispred#91b4dd6b` CARTESIAN PRODUCT OUTPUT Lhs.0, Rhs.1, Rhs.0
            8455  ~2%    {4}    | JOIN WITH `PathResolution::declaresDirectly/3#7d0350fb_021#join_rhs` ON FIRST 2 OUTPUT Rhs.2, Lhs.0, Lhs.2, Lhs.1
            3259  ~0%    {3}    | JOIN WITH num#PathResolution::TTypeNamespace#4897e416 ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Lhs.3
                         return r1
```
 2025-09-22 09:38:43 +02:00
Tom Hvitved
b2cc01c490 Rust: Visibility check for qualified path resolution 2025-09-22 09:38:30 +02:00
Kasper Svendsen
97d62950a8 Merge pull request #20484 from kaspersv/kaspersv/future-proof-java-discarding 
Overlay: Future-proof Java config & XML discard predicates
 2025-09-22 08:16:44 +02:00
Tom Hvitved
8d5d219c0f Rust: Update expected test output 2025-09-21 15:36:22 +02:00
Tom Hvitved
223ab5e60c Rust: Add missing model 2025-09-21 15:28:50 +02:00
Tom Hvitved
bdeeb3217e Rust: Add path resolution tests 2025-09-20 09:30:55 +02:00
Tom Hvitved
fdb0c6ebb5 Merge pull request #20454 from paldepind/rust/path-resolution-attribute-expansion 
Rust: Account for attribute expansions in path resolution
 2025-09-20 09:21:00 +02:00
Geoffrey White
c26a07bb10 Apply suggestions from code review 
Co-authored-by: Simon Friis Vindum <simonfv@gmail.com>
 2025-09-19 16:49:54 +01:00
Taus
b9f073e596 Python: Update test output 2025-09-19 15:39:12 +00:00
Geoffrey White
523ec9d633 Merge pull request #20439 from geoffw0/assignment 
Rust: Add a couple of simple data flow test cases
 2025-09-19 16:27:14 +01:00
Taus
95a84ad655 Python: Fix false positive for unmatchable dollar/caret 
Our previous modelling did not account for the fact that a lookahead can
potentially extend all the way to the end of the input (and similarly,
that a lookbehind can extend all the way to the beginning).

To fix this, I extended `firstPart` and `lastPart` to handle lookbehinds
and lookaheads correctly, and added some test cases (all of which yield
no new results).

Fixes #20429.
 2025-09-19 15:06:46 +00:00
Alexander Eyers-Taylor
c1c0828082 Merge pull request #20378 from github/alexet/java-regex-local 
Jave: Use force local to make parsing local after global regex finding.
 2025-09-19 13:48:43 +01:00
Alexander Eyers-Taylor
27e2c4d580 Merge pull request #20459 from github/alexet/caller_tc 
Java: Make a TC overlay caller.
 2025-09-19 13:48:34 +01:00
Napalys Klicius
3a6a537986 JS: Add change note 2025-09-19 14:47:58 +02:00
Napalys Klicius
6cfc950159 JS: Model GraphQLObjectType resolve params as sources 2025-09-19 14:39:36 +02:00
Simon Friis Vindum
afb6d30762 Rust: Fix typo in superseded 2025-09-19 14:27:14 +02:00
Simon Friis Vindum
72103adacc Rust: Fix spurious path resolution 
The annotated impl block was filtered away, but it's children where not. This caused the associated type `Foo` to appear as if it was an item in the scope outside of the impl block.
 2025-09-19 14:25:11 +02:00