codeql

mirror of https://github.com/github/codeql.git synced 2026-04-30 03:05:15 +02:00

Author	SHA1	Message	Date
Owen Mansel-Chan	d2033ca1d5	Add change note	2025-11-19 14:36:26 +00:00
Owen Mansel-Chan	52d7e2dd18	Add query for hashing sensitive data with weak hashing algorithm	2025-11-19 14:36:26 +00:00
Owen Mansel-Chan	713e19f6f1	Make non-path query for encryption only	2025-11-19 14:36:26 +00:00
Owen Mansel-Chan	34b2e3e2bf	Copy the structure of the Javascript query	2025-11-19 14:36:26 +00:00
Owen Mansel-Chan	5c403d374e	Move crypto qll files from query pack to library pack	2025-11-19 14:36:26 +00:00
Owen Mansel-Chan	92a3bccfd6	Align metadata with related queries	2025-11-19 14:36:26 +00:00
Owen Mansel-Chan	188b25f11f	Remove `experimental` tag from query metadata	2025-11-19 14:36:26 +00:00
Owen Mansel-Chan	2c20d3ffeb	Move weak crypto algorithm query out of experimental	2025-11-19 14:36:26 +00:00
github-actions[bot]	5ee45af3aa	Post-release preparation for codeql-cli-2.23.6	2025-11-18 09:53:12 +00:00
github-actions[bot]	18fa6799ce	Release preparation for version 2.23.6	2025-11-17 16:38:07 +00:00
github-actions[bot]	4014df9a6e	Post-release preparation for codeql-cli-2.23.4	2025-11-04 17:57:52 +00:00
github-actions[bot]	64fcdd1f2f	Release preparation for version 2.23.4	2025-11-03 14:52:23 +00:00
Nora Dimitrijević	0f0bd0f455	Go/SSRF go/ql/src/experimental/CWE-918/SSRF.ql	2025-10-28 09:42:09 +01:00
Nora Dimitrijević	d41268fc84	Go/UnhandledCloseWritableHandle	2025-10-28 09:42:06 +01:00
Nora Dimitrijević	59a8e9b78c	Go/InsufficientKeySize	2025-10-28 09:39:27 +01:00
Nora Dimitrijević	7722f31cb8	Go/DivideByZero	2025-10-28 09:39:24 +01:00
github-actions[bot]	6dd07790ac	Post-release preparation for codeql-cli-2.23.3	2025-10-14 11:16:33 +00:00
github-actions[bot]	33542f7d40	Release preparation for version 2.23.3	2025-10-14 09:30:24 +00:00
Owen Mansel-Chan	d8891e34d1	Small improvement to `go/unhandled-writable-file-close`	2025-10-02 15:15:51 +01:00
Owen Mansel-Chan	7fdda87b06	Fix `go/impossible-interface-nil-check` for separate post-update nodes When tracing back from nil checks on interfaces, ignore post-update nodes. There will always be a corresponding pre-update node that contains the information we want.	2025-10-02 12:34:58 +01:00
Owen Mansel-Chan	f0f5fc7eac	Improve SSRF additional flow step	2025-10-01 16:18:00 +01:00
Owen Mansel-Chan	2ffb638b7e	Delete `WriteNode.writesFieldOnSsaWithFields` This can be easily expressed in terms of `WriteNode.writesFieldPreUpdate`.	2025-10-01 16:13:27 +01:00
Owen Mansel-Chan	489b8431ea	Add and use `WriteNode.writesFieldPreUpdate`	2025-10-01 16:13:25 +01:00
Owen Mansel-Chan	748c53a791	Refactor: Create `writesFieldOnSsaWithFields`	2025-10-01 16:12:56 +01:00
Owen Mansel-Chan	cf6cfe2a1e	Non-initializing writes should target post-update nodes	2025-10-01 16:12:54 +01:00
Owen Mansel-Chan	9068315f03	Fix IncorrectIntegerConversion for use-use flow We were assuming that `sink` only had one successor, the TypeCastNode, but it can now have an adjacent use as well.	2025-10-01 16:12:19 +01:00
Owen Mansel-Chan	16a11b48ad	Switch to use-use dataflow. This will make post-update nodes easy to implement. Queries / tests that required changes: * The CleartextLogging and MissingErrorCheck queries are updated because they assumed def-use flow * The CommandInjection query works around the shortcomings of use-use flow by essentially reintroducing def-use flow when it applies a sanitizer * The OpenUrlRedirect query currently just accepts its fate; the tests are updated to avoid excess sanitization while the query comments on the problem. We should choose this approach or the CommandInjection one.	2025-10-01 16:12:07 +01:00
github-actions[bot]	a7a4e43991	Post-release preparation for codeql-cli-2.23.2	2025-09-29 15:10:19 +00:00
github-actions[bot]	d2130a589b	Release preparation for version 2.23.2	2025-09-29 10:28:45 +00:00
Owen Mansel-Chan	18a1075e70	Merge pull request #20523 from smowton/smowton/fix/mistyped-exp-fp Go: mistyped-exponentiation: notice constants with likely-bitmask values	2025-09-26 16:02:30 +01:00
Owen Mansel-Chan	f5f61193a0	Delete change note	2025-09-26 15:33:26 +01:00
Chris Smowton	9e7a5214f3	Change note	2025-09-25 15:40:26 +01:00
Chris Smowton	e9cccb46c0	Go: mistyped-exponentiation: notice constants with likely-bitmask values	2025-09-25 15:19:40 +01:00
github-actions[bot]	4e8343664f	Post-release preparation for codeql-cli-2.23.1	2025-09-17 10:13:40 +00:00
github-actions[bot]	02a1b1efcb	Release preparation for version 2.23.1	2025-09-16 14:14:42 +00:00
Arthur Baars	5d3ec35e29	Remove non-breaking spaces from code	2025-09-05 09:41:15 +02:00
github-actions[bot]	e8a2600a0c	Post-release preparation for codeql-cli-2.23.0	2025-09-02 11:46:23 +00:00
github-actions[bot]	0bfa93828b	Release preparation for version 2.23.0	2025-09-02 11:09:32 +00:00
Michael Nebel	55e5281429	Go: Fix a couple more spelling errors.	2025-09-02 10:47:36 +02:00
Michael Nebel	d0323a6425	Fix one more violation.	2025-09-02 09:42:05 +02:00
Michael Nebel	ea664e08d1	Go: Fix some Ql4Ql violations.	2025-09-01 15:00:34 +02:00
github-actions[bot]	42e3d31c49	Post-release preparation for codeql-cli-2.22.4	2025-08-18 14:42:42 +00:00
github-actions[bot]	90d29994c8	Release preparation for version 2.22.4	2025-08-18 14:06:09 +00:00
Nora Dimitrijević	0512940c0c	Merge pull request #20075 from d10c/d10c/diff-informed-phase-3-go Go: Diff-informed queries: phase 3 (non-trivial locations)	2025-08-15 12:23:53 +02:00
github-actions[bot]	fb4b0aac53	Post-release preparation for codeql-cli-2.22.3	2025-08-04 17:18:08 +00:00
github-actions[bot]	fd82aeb1f8	Release preparation for version 2.22.3	2025-08-04 15:47:57 +00:00
github-actions[bot]	37cc78255a	Post-release preparation for codeql-cli-2.22.2	2025-07-22 14:22:20 +00:00
Nick Rolfe	43d14c28c2	Tweak changenotes	2025-07-22 15:06:09 +01:00
github-actions[bot]	997547b8ef	Release preparation for version 2.22.2	2025-07-22 14:04:14 +00:00
Nick Rolfe	825c813095	Revert "Release preparation for version 2.22.2"	2025-07-22 14:33:45 +01:00

1 2 3 4 5 ...

811 Commits