hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-14 11:19:27 +02:00
Code Issues Packages Projects Releases Wiki Activity
87,084 Commits 1,759 Branches 167 Tags
eee5b067b30934a8fcd50127e4fa5102887dae63
Commit Graph

87084 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
eee5b067b3 Merge pull request #21743 from hvitved/cfg/body-parts 
C#: Move handling of callables into shared control flow library
 2026-04-23 14:10:46 +02:00
Owen Mansel-Chan
bf960b8c76 Merge pull request #21652 from MarkLee131/fix/path-injection-torealpath 
Java: recognize Path.toRealPath() as path normalization sanitizer
 2026-04-23 11:18:23 +01:00
Owen Mansel-Chan
9f19791d8c Merge branch 'main' into fix/path-injection-torealpath 2026-04-23 10:40:47 +01:00
Tom Hvitved
1a84b2b555 CFG: Use dense ranking 2026-04-23 11:22:38 +02:00
Tom Hvitved
71fa2166ee Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2026-04-22 17:06:31 +02:00
Owen Mansel-Chan
d6abd4c72d Merge pull request #21745 from owen-mc/go/refactor-encryption-operation 
Go: refactor `EncryptionOperation`
 2026-04-22 15:46:49 +01:00
Owen Mansel-Chan
57eaed4dcc Refactor: remove fields from EncryptionOperation 
Co-authored-by: Copilot <copilot@github.com>
 2026-04-22 13:37:35 +01:00
Tom Hvitved
6ebf4ee394 Java: Adapt to changes in CFG library 2026-04-22 14:11:58 +02:00
Tom Hvitved
39cd86a48e C#: Move handling of callables into shared control flow library 2026-04-22 14:11:57 +02:00
Michael Nebel
bca51a986c Merge pull request #21612 from michaelnebel/csharp/legacyasptaintedmember 
C#: Taint members of types in ASP.NET user context.
 2026-04-22 09:28:27 +02:00
Owen Mansel-Chan
62f15d0166 Merge pull request #21742 from owen-mc/docs/fixes 
Docs: several minor fixes
 2026-04-21 17:40:11 +01:00
Owen Mansel-Chan
b47afafe8e Fix duplicated quotation mark 2026-04-21 14:53:11 +01:00
Owen Mansel-Chan
3a13f77058 Fix typo "passd" -> "passed" 2026-04-21 14:52:48 +01:00
Owen Mansel-Chan
424b7decb1 Fix wrong parameter name 2026-04-21 14:52:22 +01:00
Owen Mansel-Chan
91f9f23138 Fix wrong function name 2026-04-21 14:52:10 +01:00
Anders Schack-Mulligen
f912731cd4 Merge pull request #21565 from aschackmull/csharp/cfg2 
C#: Replace CFG with the shared implementation
 2026-04-21 15:50:38 +02:00
Owen Mansel-Chan
6efb21314a Merge pull request #21523 from owen-mc/docs/mad/barriers 
Document models-as-data barriers and barrier guards and add change notes
 2026-04-21 13:49:19 +01:00
Owen Mansel-Chan
c91b5b3c2e Merge pull request #21650 from MarkLee131/fix/sensitive-log-fp-regex 
Java: reduce false positives in sensitive-log
 2026-04-21 13:48:32 +01:00
Michael Nebel
8b93ce2747 C#: Add ASP.NET test case for a collection type. 2026-04-21 14:27:06 +02:00
Michael Nebel
2d6197fd7d C#: Generalize ASP.NET taint members to collection types. 2026-04-21 14:27:03 +02:00
Michael Nebel
f826262f1d C#: Re-factor CollectionType into an abstract class and introduce getElementType predicate. 2026-04-21 14:26:59 +02:00
Michael Nebel
1055084305 C#: Address review comments. 2026-04-21 13:40:07 +02:00
Michael Nebel
dc0e7d4988 C#: Add change-note. 2026-04-21 13:40:04 +02:00
Michael Nebel
8060d2ff24 C#: Streamline the implementation for ASP.NET Core tainted members. 2026-04-21 13:40:02 +02:00
Michael Nebel
921d93e427 C#: Add an ASP.NET flow source example when using the WebMethod attribute. 2026-04-21 13:39:59 +02:00
Michael Nebel
dba1b7539f C#: Taint members of types used in ASP.NET remote flow source context. 2026-04-21 13:39:56 +02:00
Michael Nebel
77da545ab4 C#: Reclassify some sources as AspNetRemoteFlowSource. 2026-04-21 13:39:54 +02:00
Michael Nebel
0062eb1209 C#: Update remote flow sources test to also report tainted members. 2026-04-21 13:39:51 +02:00
Anders Schack-Mulligen
67c0515d3c Cfg: Undo consistency check change. 2026-04-21 13:10:03 +02:00
Michael B. Gale
58e9bad0a0 Merge pull request #21737 from github/post-release-prep/codeql-cli-2.25.3 
Post-release preparation for codeql-cli-2.25.3
 2026-04-21 11:48:30 +02:00
Anders Schack-Mulligen
a2a4e8288e C#: Deprecate ControlFlowElement.getAControlFlowNode and remove some splitting quantification. 2026-04-21 11:14:05 +02:00
Anders Schack-Mulligen
9de02b7ae6 Cfg: Use consistent casing in additional node tags. 2026-04-21 10:56:10 +02:00
Jeroen Ketema
7f2a13bc7a Merge pull request #21728 from jketema/jketema/swift-6.3.1 
Swift: Update to Swift 6.3.1
 2026-04-20 19:33:08 +02:00
Jeroen Ketema
abd08440a1 Swift: Update to Swift 6.3.1 2026-04-20 16:30:29 +02:00
Jeroen Ketema
d5ded932d3 Merge pull request #21723 from jketema/swift-fixed-array 
Swift: Expose the generic arguments of `BuiltinFixedArrayType`s
 2026-04-20 16:17:41 +02:00
Taus
b108e173a5 Merge pull request #21695 from github/tausbn/python-add-support-for-pep-798 
Python: Add support for PEP-798
 2026-04-20 15:01:01 +02:00
Anders Schack-Mulligen
b6f50f5992 C#: Simplify. 2026-04-20 14:43:28 +02:00
Anders Schack-Mulligen
3ceb96a45f C#: Eliminate Completion.qll. 2026-04-20 14:43:28 +02:00
Anders Schack-Mulligen
e928c224ae C#/Cfg: Some simple review fixes. 2026-04-20 14:43:27 +02:00
github-actions[bot]
a0bab539bb Post-release preparation for codeql-cli-2.25.3 2026-04-20 12:40:34 +00:00
Owen Mansel-Chan
9f310c20f3 Merge pull request #21734 from owen-mc/java/fix-partial-path-traversal 
Java: fix bug in partial path traversal
 2026-04-20 11:52:55 +01:00
Michael B. Gale
a73f7cb79d Merge pull request #21736 from github/release-prep/2.25.3 
Release preparation for version 2.25.3
 2026-04-20 12:29:07 +02:00
Michael B. Gale
abf374433b Merge changelog entries for cpp/implicit-function-declaration 2026-04-20 12:24:05 +02:00
Michael B. Gale
34b5dcfd5f Improve wording of actions note 2026-04-20 11:40:32 +02:00
github-actions[bot]
c861d99802 Release preparation for version 2.25.3 2026-04-20 09:27:23 +00:00
MarkLee131
92d205d1a8 Use set literal for getCommonSensitiveInfoFPRegex 
Replace the five-way result = ... or result = ... disjunction with a
single equality on a set literal. Addresses the CodeQL style alert
"Use a set literal in place of or" reported by the self-scan on this
PR. Pure refactor, no semantic change.
 2026-04-19 23:29:07 -04:00
Owen Mansel-Chan
c6f641eac4 Add change note 
Co-authored-by: Copilot <copilot@github.com>
 2026-04-19 07:18:48 +01:00
Owen Mansel-Chan
6d4a3974ce Fix bug so += File.separator is recognized 2026-04-19 07:18:42 +01:00
Owen Mansel-Chan
6099c5d034 Add SPURIOUS test for += File.separator 2026-04-19 07:18:00 +01:00
Owen Mansel-Chan
63d20a54d4 Use inline expectations with second test 
Co-authored-by: Copilot <copilot@github.com>
 2026-04-19 07:17:05 +01:00