hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-21 06:55:31 +02:00
Code Issues Packages Projects Releases Wiki Activity
83,723 Commits 1,741 Branches 165 Tags
f3d51e01513c643cefa4e5e9c6c8e291dfd8d98a
Commit Graph

83723 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
751d62aefb Rust: Add the metric to rust/diagnostic/database-quality (with a very low threshold for the time being). 2025-10-21 13:29:46 +01:00
Geoffrey White
a4aa397ea0 Merge pull request #20634 from geoffw0/mysql2 
Rust: Model mysql and mysql_async sources
 2025-10-21 13:23:03 +01:00
Michael Nebel
def522d122 C#: Make sure that the file exists before attempting to get version info. 2025-10-21 13:12:21 +02:00
Michael Nebel
af5622a60e C#: Address review comments. 2025-10-21 13:03:53 +02:00
Geoffrey White
d691c3215f Rust: Add expressions with unknown type metric (expected by DCA). 2025-10-21 12:00:25 +01:00
Anders Schack-Mulligen
414e5ecbce Merge pull request #20646 from aschackmull/ssa/ssa-sig 
SSA: Add a shared signature for SSA and a module to implement it.
 2025-10-21 12:14:08 +02:00
Paolo Tranquilli
316225bb88 Csharp: rename predicate 2025-10-21 11:47:54 +02:00
Paolo Tranquilli
6f8b1f6f4c Csharp: address review 2025-10-21 11:43:58 +02:00
Michael Nebel
6bc15bcedc C#: Add change-note. 2025-10-21 11:42:19 +02:00
Michael Nebel
e560ac197f C#: Tracer support for invoking csc directly. 2025-10-21 11:16:55 +02:00
Paolo Tranquilli
c728503517 Merge branch 'main' into redsun82/csharp-fix-xframe-options-in-location 2025-10-21 11:15:46 +02:00
Anders Schack-Mulligen
242f12d4be SSA: Remove variable capture reference from shared class. 2025-10-21 10:52:49 +02:00
Simon Friis Vindum
0badcfd663 C++: Address review comments 2025-10-21 09:47:58 +02:00
REDMOND\brodes
22c0f9fa91 Crypto: Adding a proof of concept bad mac ordering predicate that takes in an ArtifactNode to be used for graph generation to intercept nodes with known mac ordering issues, in order to format the node and output error messages in the graph. 2025-10-20 16:24:31 -04:00
REDMOND\brodes
eff94ef91f Crypto: To allow for graph generation to have properties informed by assessments, altering a few queries weak/vuln/bad crypto to have qll files that can be accessed for other purposes, like graph generation. Also altering weak symmetric cipher to look for non-aes algorithms to be more comprehensive. 2025-10-20 15:51:07 -04:00
REDMOND\brodes
cc436e897d Merge branch 'santander-java-crypto-check' of https://github.com/bdrodes/codeql into santander-java-crypto-check 2025-10-20 15:24:40 -04:00
REDMOND\brodes
354effe829 Crypto: Missing hash algorithms for HMAC operations in jca. 2025-10-20 15:24:18 -04:00
Taus
9efa20dfc7 Merge pull request #20654 from github/tausbn/add-query-history-patcher 
Misc: Add script for patching the query history
 2025-10-20 17:46:39 +02:00
Florin Coada
2c31090cf6 Update codeql-cli-2.23.3.rst 2025-10-20 14:20:17 +01:00
Florin Coada
aeee30b0c6 Add changelog entry for CodeQL CLI version 2.23.3 2025-10-20 14:17:40 +01:00
Geoffrey White
e4e7b1c528 Merge branch 'main' into mysql2 2025-10-20 14:06:48 +01:00
Anders Schack-Mulligen
be626bf0ce SSA: Address some review comments. 2025-10-20 14:02:56 +02:00
Geoffrey White
1047c3e014 Merge pull request #20652 from geoffw0/gen1 
Rust: Generalize some models
 2025-10-20 12:37:53 +01:00
Asger F
d7cf5ef645 Merge pull request #20647 from asgerf/js/type-resolution-cache 
JS: Avoid magic and improve a join in type resolution
 2025-10-20 11:50:23 +02:00
Geoffrey White
7b32cd4868 Merge pull request #20649 from geoffw0/mv1 
Rust: Move rust/weak-sensitive-data-hashing
 2025-10-20 10:17:40 +01:00
Tom Hvitved
85abcddd0e Merge pull request #20614 from hvitved/dataflow/debug-predicates 
Data flow: Add various debug predicates
 2025-10-20 11:01:41 +02:00
Michael B. Gale
4441303623 Merge pull request #20625 from github/mbg/csharp/proxy-log-messages 2025-10-20 10:00:58 +01:00
Tom Hvitved
f71cfac40a Data flow: Add various debug predicates 2025-10-20 09:59:40 +02:00
Ben Rodes
2b683c210f Merge branch 'main' into santander-java-crypto-check 2025-10-18 17:56:43 -04:00
REDMOND\brodes
c01c060476 Crypto: more ID renaming to include "examples", fix singleton issues with ql-for-ql, use formatted test for WeakAsymmetricKeyGenSize (add post processing in the qlref), misc expected files updated (test passed locally but on rerun vscode reports failures, known bug with vscode unit tests). 2025-10-17 14:13:53 -04:00
REDMOND\brodes
540daa6df2 Crypto: weak symmetric cipher tests. 2025-10-17 13:40:15 -04:00
REDMOND\brodes
b06e05362b Crypto: altering all query IDs in examples to have "examples" in the ID, to make clear the query is not intended for production. 2025-10-17 13:39:50 -04:00
REDMOND\brodes
1b205d8673 Removing WeakRSA, this is redundant with weak asymmetric key size. 2025-10-17 13:39:05 -04:00
REDMOND\brodes
b4ecb91c83 Crypto: Add missing cipher algorithms to JCA. Update node tests to account for missing cipher algorithms. 2025-10-17 13:38:47 -04:00
REDMOND\brodes
f480d90a68 Crypto: Add missing block mode JCA Models, add block mode unit tests 2025-10-17 13:13:14 -04:00
REDMOND\brodes
e12734162f Crypto: WeakKDFKeySize tests. 2025-10-17 12:32:24 -04:00
REDMOND\brodes
628bab92fc Crypto: Modify BadMacOrderMacOnEncryptPlaintext to be a path query that traces through any intermediate encrypt or mac to the final encrypt or mac. 2025-10-17 12:06:34 -04:00
REDMOND\brodes
ff7840dc9f Crypto: removing precision tags on experimental queries. 2025-10-17 10:52:32 -04:00
Paolo Tranquilli
4b04b49ca9 Merge branch 'main' into redsun82/rust-file-semantics-predicates 2025-10-17 15:10:55 +02:00
Paolo Tranquilli
6a6015e0eb Rust: accept test changes 2025-10-17 15:10:49 +02:00
Owen Mansel-Chan
66f95bcbcd Merge pull request #20603 from owen-mc/update-broken-algo-qhelp 
Many languages: Update broken algo qhelp
 2025-10-17 12:30:43 +01:00
Paolo Tranquilli
0c719af33c Csharp: add change note 2025-10-17 12:05:52 +02:00
Paolo Tranquilli
c3fd06c8a4 Csharp: fix cs/web/missing-x-frame-options to also consider location elements 
As explained in

https://learn.microsoft.com/en-us/previous-versions/aspnet/ms178692(v=vs.100),

it is possible to add `system.webServer` elements nested inside
`location` elements in `Web.config`.
 2025-10-17 11:27:31 +02:00
Simon Friis Vindum
979b05cc1a C++: Apply suggested fixes from review 2025-10-17 09:50:36 +02:00
REDMOND\brodes
ef6f0222f2 Crypto: Addressing FPs in BadMacOrderMacOnEncryptPlaintext 2025-10-16 16:11:42 -04:00
REDMOND\brodes
5923e5cbb0 Crypto: Bad expected files in last push. 2025-10-16 15:45:27 -04:00
REDMOND\brodes
700f34e53a Crypto: Bad Mac use tests, and fix for BadMacOrderMacOnEncryptPlaintext (barriers were blocking flow through an encrypt to a subsequent mac on the same plaintext) 2025-10-16 15:44:57 -04:00
REDMOND\brodes
b9b0037e07 Crypto: Comment todo for observed missing modeled case. Tests for weak and unknown KDF iteration count. 2025-10-16 14:07:45 -04:00
Paolo Tranquilli
4aef1ba9d1 Rust: clean up 2025-10-16 17:20:41 +02:00
REDMOND\brodes
3f36b09b3c Crypto: Rename tests for weak asymmetric key gen size. 2025-10-16 11:18:36 -04:00