hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,275 Commits 1,671 Branches 157 Tags
eb7fe715571c21191d36a3cfb1aae42cc2e47d9b
Commit Graph

3022 Commits

Author SHA1 Message Date
Joe Farebrother
eb7fe71557 Fix namespace instances and update tests 2025-11-26 10:51:16 +00:00
Joe Farebrother
83eadbad60 Add namespace models 2025-11-25 16:56:36 +00:00
Joe Farebrother
b0be8184ac Add taint test 2025-11-24 16:54:21 +00:00
Joe Farebrother
a83c70f99d Add tests 2025-11-24 11:03:16 +00:00
Joe Farebrother
ba06990290 Add socketio models 2025-11-20 10:47:41 +00:00
Asger F
613895e0c0 Merge pull request #20424 from asgerf/js/overlay-manual-v4 
JS: Add overlay annotations
 2025-11-20 11:10:46 +01:00
github-actions[bot]
5ee45af3aa Post-release preparation for codeql-cli-2.23.6 2025-11-18 09:53:12 +00:00
github-actions[bot]
18fa6799ce Release preparation for version 2.23.6 2025-11-17 16:38:07 +00:00
Asger F
ecfa94600f Sync ApiGraphModels.qll 2025-11-13 09:46:23 +01:00
Asger F
16e7dc1b8a Sync ApiGraphModelsExtensions.qll 2025-11-13 09:46:21 +01:00
Michael B. Gale
046db0419f Merge pull request #20758 from github/post-release-prep/codeql-cli-2.23.4 
Post-release preparation for codeql-cli-2.23.4
 2025-11-05 10:45:51 +00:00
github-actions[bot]
4014df9a6e Post-release preparation for codeql-cli-2.23.4 2025-11-04 17:57:52 +00:00
github-actions[bot]
64fcdd1f2f Release preparation for version 2.23.4 2025-11-03 14:52:23 +00:00
Taus
e702d3bfc8 Python: Add change note 
I wasn't entirely sure if this should be classified as `deprecated` or
`breaking`, but seeing as these changes technically _could_ break
existing queries (requiring a small rewrite), I opted for the latter.
 2025-10-30 15:16:51 +00:00
Taus
820d8e76c4 Python: Remove points-to from Module 2025-10-30 13:59:30 +00:00
Taus
b93ce98612 Python: Remove points-to from Expr 2025-10-30 13:58:59 +00:00
Taus
b434ce460e Python: Get rid of getLiteralValue 
This had only two uses in our libraries, so I simply inlined the
predicate body in both places.
 2025-10-30 13:30:04 +00:00
Taus
fef08afff9 Python: Remove points-to to from ControlFlowNode 
Moves the existing points-to predicates to the newly added class
`ControlFlowNodeWithPointsTo` which resides in the `LegacyPointsTo`
module.

(Existing code that uses these predicates should import this module, and
references to `ControlFlowNode` should be changed to
`ControlFlowNodeWithPointsTo`.)

Also updates all existing points-to based code to do just this.
 2025-10-30 13:30:04 +00:00
Nora Dimitrijević
37fff48dcd Python/ServerSideRequestForgeryQuery 
python/ql/src/Security/CWE-918/PartialServerSideRequestForgery.ql
 2025-10-28 09:40:24 +01:00
Nora Dimitrijević
baccdcc07f Python/PolynomialReDoSQuery 
python/ql/src/Security/CWE-730/PolynomialReDoS.ql
 2025-10-28 09:40:21 +01:00
Joe Farebrother
8c277bd1d9 Merge pull request #20494 from joefarebrother/python-insecure-cookie-split 
Python: Split Insecure Cookie query into multiple queries
 2025-10-24 11:10:20 +01:00
Nora Dimitrijević
e120e5c3ba Merge pull request #20337 from d10c/d10c/python-overlay-compilation-plus-extractor 
Python: enable overlay compilation + extractor overlay support
 2025-10-16 14:49:01 +02:00
github-actions[bot]
6dd07790ac Post-release preparation for codeql-cli-2.23.3 2025-10-14 11:16:33 +00:00
github-actions[bot]
33542f7d40 Release preparation for version 2.23.3 2025-10-14 09:30:24 +00:00
Taus
c4b27d5f28 Python: Fix ImportError in imp.py under Python 3.14 
It seems `_ERR_MSG` was silently removed in Python 3.14, leading to an
`ImportError` when running the extractor.

To fix this, we explicitly set `_ERR_MSG` when the existing import fails
(using `_ERR_MSG_PREFIX` which is available in Python 3.14+, along with
the bits that make up the difference between this and `_ERR_MSG`).
 2025-10-13 13:50:43 +00:00
Nora Dimitrijević
ece121070b Add change note. 2025-10-06 12:31:21 +02:00
Nora Dimitrijević
20d4e429ca Add consistency query (exactly one path for every entity) 2025-10-06 11:47:56 +02:00
Nora Dimitrijević
7174d4c8ba Overlay.qll: discard predicates 
for dbscheme elements with direct or indirect location links in dbscheme.

- Unify discardable entities under one Discardable superclass.
- Two discard predicates depending on TRAP ID type.
- Future-proof the XML and Yaml discard predicates for when their
  extractors become incremental.
 2025-10-06 11:47:51 +02:00
Nora Dimitrijević
1a9683f986 Add @top database type 2025-10-06 11:47:14 +02:00
Nora Dimitrijević
1574b5fd91 Add synthetic data to dbscheme.stats for databaseMetadata/overlayChangedFiles 2025-10-06 11:37:00 +02:00
Nora Dimitrijević
1c3a7f2b1e Add database upgrade/downgrade scripts 2025-10-06 11:36:58 +02:00
Nora Dimitrijević
a88d3397cd Add overlay builtins to python dbscheme 2025-10-06 11:36:56 +02:00
Nora Dimitrijević
dac50fa0c1 Enable overlay compilation in lib/qlpack.yml 2025-10-06 11:36:51 +02:00
github-actions[bot]
a7a4e43991 Post-release preparation for codeql-cli-2.23.2 2025-09-29 15:10:19 +00:00
github-actions[bot]
d2130a589b Release preparation for version 2.23.2 2025-09-29 10:28:45 +00:00
Taus
e592fd60ff Merge pull request #20495 from github/tausbn/python-fix-unmatchable-dollar-in-lookahead 
Python: Fix false positive for unmatchable dollar/caret
 2025-09-25 15:27:32 +02:00
Joe Farebrother
2cffb21604 Update and fix tests 2025-09-23 15:41:09 +01:00
Joe Farebrother
d28e8004fd Add sensitive data heuristic 2025-09-23 10:08:08 +01:00
Simon Friis Vindum
7d6e2060e5 Adapt all languages to changes in shared library 2025-09-22 14:18:58 +02:00
Joe Farebrother
463f79bed2 Merge pull request #20263 from joefarebrother/python-qual-exceptions 
Python: Modernize the Unreachable Except Block query
 2025-09-22 09:42:09 +01:00
Taus
95a84ad655 Python: Fix false positive for unmatchable dollar/caret 
Our previous modelling did not account for the fact that a lookahead can
potentially extend all the way to the end of the input (and similarly,
that a lookbehind can extend all the way to the beginning).

To fix this, I extended `firstPart` and `lastPart` to handle lookbehinds
and lookaheads correctly, and added some test cases (all of which yield
no new results).

Fixes #20429.
 2025-09-19 15:06:46 +00:00
Ian Lynagh
c653d939d9 Merge pull request #20451 from github/post-release-prep/codeql-cli-2.23.1 
Post-release preparation for codeql-cli-2.23.1
 2025-09-17 13:00:14 +01:00
github-actions[bot]
4e8343664f Post-release preparation for codeql-cli-2.23.1 2025-09-17 10:13:40 +00:00
Taus
8fd62252fd Python: Fix bad join in globalVariableNestedFieldJumpStep 2025-09-16 18:12:29 +02:00
Napalys Klicius
431fc8880e Python: Add change note 2025-09-16 18:08:53 +02:00
Napalys Klicius
e82fe9d919 Python: Updated doc string and removed redundant predicate. 2025-09-16 18:08:53 +02:00
Taus
e228aac61f Python: Use AttrWrite.writes 
Also applies @napalys' fix to the base case.
 2025-09-16 18:08:53 +02:00
Taus
6f9e06c59e Python: Add AttrWrite.writes and AttrRead.reads 
The latter of these is identical to `AttrRef.accesses`, but makes the
API a bit more intuitive.
 2025-09-16 18:08:53 +02:00
Napalys Klicius
8393ccf39d Python: Update globalVariableAttrPathAtDepth base case 2025-09-16 18:08:53 +02:00
Taus
6133f01c81 Python: Rewrite access path computation 2025-09-16 18:08:53 +02:00